Is Business Continuity Planning applicable for all businesses?
There are numerous threats your business can face be it I.T outage, personnel or data breach incident, terrorism, inclement weather or pandemic.
The ‘unexpected’ really can happen – Pre-2020 a global pandemic seemed an impossibility, three years on though, COVID-19 has impacted every single business worldwide. Coming out the other side now and reflecting on this time, how well did your business adapt? What could you have done better? How do you apply these lessons learnt to other threats your business may face?
A quick search will give many examples of business continuity successes and failures, businesses of all sizes are vulnerable to threats. From well documented incidents such as the NHS 2016 ‘computer virus’ infecting a network of UK hospitals for five days. This led to more than 2800 patient procedures and appointments being cancelled and patients suffering major trauma and even in child birth being turned away from the door. In this case disruption was caused by a ransomware cyberattack and the NHS organisations involved failed to Plan for business continuity by identifying and outlining its unique threats, along with protocols for prevention and recovery.
Perhaps the ultimate example of business continuity planning is demonstrated by NASA at the 7th international space conference. They are preparing for worst case scenarios by running simulations to predict the outcome of a discovery of a potentially deadly asteroid destined to hit Earth in six months. By running such simulations NASA claim ‘Each time we participate in an exercise of this nature, we learn more about who the key players are in a disaster event, and who needs to know what information, and when.”
Clearly in the case of a healthcare organisation or for NASA, disaster scenarios can be truly life-or-death situations, but for all businesses, failure to identify and prepare for threats can have far reaching consequences and ultimately may determine the survival of the company.
What is business continuity planning (BCP)?
Business continuity planning is essential for each of the ISO Standards as well as there being a separate standard for a business continuity management system. BCP is essential for each of the standards as follows:-
- ISO 9001 – Ensuring you continue to meet customer requirements and have contingencies in place to meet customer requirements in the event of a business continuity incident
- ISO 27001 – In the event of a data breach, Security Incident or some form of outage to ensure staff and clients are able to access relevant systems. There is also a section in the Annex A Controls regarding this (A.17 in 2013 version, A.5.29 and A.5.30 in 2022 version)
- ISO 14001 – In the event of a spillage or environmental emergency – emergency preparedness and response is required to be planned and tested
- ISO 45001 – In the event of a H&S Incident – emergency preparedness and response is required to be planned and tested
- ISO 22301 – Business Continuity Management System
A robust BCP will support your organisation to operate limiting the impact and losses from events as far as is reasonably practical. A good Business Continuity Plan includes the following:
- Business Continuity Objectives and Planning to achieve them
- Resources, Competence and Training in the BCMS
- Business Impact Analysis and Risk Assessment
- Business Continuity Strategies and Solutions
- Business Continuity Plans and Procedures
- Exercise Programme
- Reviewing Performance
The benefits of business continuity planning and implementing a separate management system or building into your existing management system are key to developing operational resilience, corporate governance and protection of reputation in a crisis to name a few.
Functio can help you to develop a robust Business Continuity Plan for your business to protect your business as part of an ISO project or in isolation.
To speak to a consultant and begin your business continuity planning, please contact us.