7 tips for a reliable business continuity plan

You want everything to always run smoothly in your company? Do you want business operations to run as smoothly as possible? "Business as Usual" (BAU) is the goal? Then you should draw up a business continuity plan.

Your company consists of three basic elements, all of which should be available at all times and work together in almost boring synchronisation: Employees, Offices and Systems.

Business continuity is the ability to maintain business operations after an event that hinders or inhibits one of these basic elements, preventing normal business operations.

In order to keep your business running consistently, you need to develop a plan for how your organisation will respond to events that are disruptive to your employees, offices and systems: This is the business continuity plan.

This plan should be a dynamic document that has been created with great care, is traceable and is tested regularly. To ensure that all important points have been considered, here are seven tips for a reliable business continuity plan:

1. Define protective elements

What your company absolutely needs in order to function
Your answers to this question determine your protective elements. They determine what the focus of your plan is and give it meaning and purpose. For these elements, you need to have an alternative or solution ready in case something goes wrong.

2. Check the protection levels

The protection level refers to the level of performance to which your protection element must be restored in the event of a failure in order to ensure business continuity. For example, let's say your main office is your protection element that is no longer operational as a result of a flood. Do you need an alternative office so that your employees can resume their work, or is it enough if your employees have the option of working from home? Is a cloud backup that allows you to restore the most important files and databases sufficient to ensure the availability of your systems, or is an immediate failover to a full replication of your entire local IT structure required?

3. Identify protection requirements

Define exactly which business continuity tactics you want to use for your employees, offices and systems in order to achieve the required level of protection for your protection elements. This can also be illustrated using the example above with the head office. Let's say you need a secondary office location. In which geographical region should this location be located? Does it need to accommodate all employees or just some of them? Which internal IT systems do these employees need to be able to access? Has a contingency plan been created to ensure phones and computers are available there?

4. Failure scenarios and actions

To determine your protection requirements, you need to define when a failure occurs for each element.

Each possible failure should be outlined in a "failure scenario" along with a set of remedial actions. In the case of our example, this includes events that render the building unusable, such as a fire or flood. This failure scenario must include a range of measures that can be taken to achieve the required level of protection, such as the provision of an accessible, fully equipped secondary office. This could be as simple as calling the landlord to let them know that you are invoking your business continuity plan.

5. Roles and responsibilities

When planning the actions for an outage scenario, it is crucial to not only define the individual steps to be taken, but also the roles and responsibilities of each employee tasked with carrying them out. In this example, these could be the following roles:

• Building manager: informs the landlord that the alternative office location is to be occupied.
• IT: transports telephones and laptops for employees to the new location.
• HR: coordinates communication within the company to inform the core workforce about the situation and ensure that employees can resume work as quickly as possible.

6. Rollback

In the event of an outage, the company should ideally be able to resume business as usual. However, it is worth considering whether it makes more sense to restore minimal business operations as quickly as possible rather than waiting even longer for all functions to be available again.

In general, the business continuity model is a slimmed-down system designed to ensure operation at reduced capacity and thus guarantee a continuous corporate presence. This is usually more cost-effective than maintaining a full replica of the primary operating model on standby and failing over to that replica in the event of a failure.

7. Testing

Testing is the critical element of a business continuity plan. You need to prove that your plan is comprehensible, relevant, efficient and reliable. Business continuity plans are usually tested annually, with the system running in business continuity mode for an extended period of time. Going one step further is the "Active/Active" concept, where the BC protection requirements are actually used actively as part of the BAU, with the primary operating model running concurrently at 50% capacity. In our example, the business continuity centre may be a satellite office with sufficient capacity to accommodate some of the core staff from the main office in the event of an outage.

Final recommendation: Don't rush into anything and stay calm. However, if external circumstances require it, you should have a business continuity plan ready to fall back on.