Preparing your business

Get suitable insurance

Make sure you have suitable insurance cover before an emergency happens.

The Association of British Insurers (ABI) has useful information on choosing the right insurance for your business.

Risk assessment

What are the hazards and threats that could potentially disrupt your business?

Organisational risks include:

Loss of Information and communication technology (ICT)
Loss of premises (fire, data loss, power loss)
Loss of data (ICT outage or cyber security incident). Visit our cyber security pages to learn more,
Severe weather
Flooding - visit at our flooding pages for more information about preparing for flooding
Loss of staff (flu pandemic, severe weather, traffic incidents)
Loss of external dependencies (fuel, electricity, telecommunications, water, partner, supplier)

What is the likelihood that such events could happen and what would the impact be on your business?

Actions to take when the cyber threat is heightened - NCSC.GOV.UK

Create your business continuity plan with these five stages

The first step towards developing a Business Continuity Plan is a really good look at what your business does and what resources you need to do it.

1

Design

This is the part of the process where appropriate solutions are identified to ensure the continuity of the activities identified within the Business Impact Assessment. This maybe at a different pre-defined and agreed level.

2

Implementation

3

Validation

Key to the success of business continuity plans is ensuring they are tested and fit for purpose. This can be achieved by testing the plans against an identified scenario.

4

Embedding

The final stage of the BC Lifecycle is ensure the process of business continuity is embedded throughout your organisation. Do all staff know what to do, who to contact and how to undertake their part in the plan.

5

Analysis

A business impact analysis, known as a BIA, is a component of business continuity planning that helps to identify critical and non-critical systems and processes.

Business impact analysis template

Use our helpful template (Excel document format)and guide below to create a Business Impact Analysis and a Critical Requirements Analysis

This template can help your organisation identify its critical functions (and their dependencies) that must be planned for during a period of disruption.

The template is separated into 10 areas.

The below table outlines the areas and what you need to include in each section:

Activity summary

A summary of each activity that your department/organisation undertakes. Try not to go into minute detail, e.g. record 'call handling' as an activity, rather than 'answer calls', 'divert calls', 'action calls', 'log calls', etc.

MTPD

The 'Maximum Tolerable Period of Disruption': this is the duration after which there will be unacceptable consequences from the failure to perform the activity you are analysing. This could include: the inability to maintain the service's mission critical activities, unacceptable reputation consequences, legislative non-compliance, etc.

Impact on service if activity fails

A brief description of the impact on the service should this activity fail, e.g. reputational damage, failure to meet statutory requirement, financial loss etc.

People

The minimum number of staff required to perform this activity, along with the skills required to perform the role.

Equipment & vehicles

Equipment required to carry out this role, e.g. cameras. You should also include the details of any vehicles required, e.g. cars, specialist vehicles, etc.

Computers

Details of all software and hardware required to perform this activity.

Facilities

Details of all buildings, rooms, furniture, and welfare facilities that are required for this activity, e.g. Private interview room, generic office space, etc.

Internal dependencies

Details of all sections upon which this activity has a dependency, e.g. if the activity relies on finance, etc.

External dependencies

Details of all utilities, services, contractors and other suppliers, e.g. gas, internet, call out contracts, etc.

Other comments

Any other points of interest relating to this activity, e.g. key times of month/year, impending changes, or foreseeable issues.

Design your plan

Once you have understood your business and its vulnerabilities you need to look at some ways to protect yourself. Your plan could include the following:

Out of hours contact details for staff, customers and suppliers
Prepare a communications plan - who will you contact in an emergency and what will you say
Document procedures - prepare 'how-to guides' so staff can follow steps to complete each other's activities
Agreed relocation options - if you can't access your premises, where else can you go
Remote access to ICT / cloud-based technology - can you access your computer network from different locations
Secure offsite data storage - back up your computer systems and store back up tapes in fireproof cabinets in another location
Alternative suppliers - where will you get your equipment if a supplier stops trading
Download this checklist to assist you with your business continuity planning (Word document format): Be Ready business continuity checklist

Implement your plan

Once you have worked out what you need to do the next step is to do it. You will need to work out what is affordable and practical. Bear in mind that some things will be very straightforward to implement, whereas others may take longer to put in place.

Train your staff

Do all your staff know what the business continuity plan is? Do they know what actions they would take in a business continuity incident?

Validate your plans and train your staff

It is all well and good having plans, but how do you know they work? The best way to do this is to test them. This will also help to make sure that your staff understands their roles within the plans.