Call our customer services team on:
0345 366 6666
Email - firstname.lastname@example.org
Although headline disasters capture the attention, businesses need to be aware that other more specific or mundane events are just as likely to threaten their organisation. For example, a recent Chartered Management Institute survey revealed that only 36% of organisations have a Business Continuity Plan that addresses disruption by extreme weather conditions as a concern yet 58% suffered disruption as a result of this during the previous year.
Disasters can and do happen and will cause healthy businesses to fail. Disasters create missed opportunities, cash flow problems and can often result in bad publicity. All this can lead to a loss of client confidence and your competitors will take advantage.
Planning makes a substantial difference to the possibility of surviving an incident. While it may seem an extra burden to prepare a plan, challenging situations place severe pressure on individuals to make decisions and take action under stressful conditions. Experience proves that it is easier to consider all the issues surrounding a potential crisis objectively beforehand.
Insurance has a vital role to play in supporting your recovery, but it makes sense to have a plan as well. This should give you the opportunity to reduce the risk of some incidents occurring and to know what immediate measures to take to minimise the initial impact.
A Business Continuity Plan doesn't need to be complicated and does not need to deal with every scenario. If your plan enables you to cope with the worst case scenario, it will also help you to deal more easily with less serious incidents.
Key Action Steps in Continuity Planning
Select your team
Developing a plan and implementing a plan are best done as team activities. Keep numbers low-two people may be enough for some small businesses. People to consider include accountants, IT and other staff with specialist knowledge. Consider a deputy for each of your team members.
Analyse the threats
The team should begin by listing all the activities of the business and then list the likely incidents that could affect these activities. This might include storm, flood, theft, fire, machinery breakdown, power failure, computer virus, telecommunications failure, strikes and problems with suppliers.
For each of the threats you have identified you should:
The most serious threat should emerge from these considerations. Remember that if you plan for the worst case scenario, your plan should also be effective in dealing with less serious incidents.
Prevention and reduction measures
Now that you have analysed the threats to the business you can take this opportunity to reduce the risk they pose by implementing practical risk reduction measures. After all, prevention is better than cure. If financial budgets are limited then you may have to implement these over a period of time. Should this be the case then you should concentrate upon mitigating those threats that are more likely to occur and with a more significant impact upon the business. Your insurer may be able to offer assistance and recommend products that offer the best value.
Incident Management Planning
You now need to plan the immediate actions that the Team will have to implement. This will include how the business will deal with issues such as:
Decide where the team will meet as your own premises may be damaged or you may be denied access to your premises, e.g. in the event of an incident at a neighbouring premises.
You should prepare contact lists with names, addresses, telephone numbers, email addresses and mobiles for the people the Team will need to contact, either to inform them of the situation or to ask for their help. This will include:
Additionally you should prepare action lists itemising the tasks and who is responsible for them, completion of which will ensure an acceptable response is delivered.
Business Recovery planning
If the worst case scenario results in a longer term interruption to your business you will need to consider alternative working practices that will allow you to continue trading with your customers during the sometimes lengthy period when the physical damage is reinstated. Measures to consider include:
A special note about computers and data
Most businesses, regardless of their size, are becoming increasingly reliant on computers and electronic data. A minor incident affecting your computer systems and data can manifest itself into a major interruption to your business if you have not properly prepared how to deal with it. You will need to consider protection against cyber-attack how to manage the aftermath as well as protection again the more visible physical threats.
Remember it is important to ensure that an up to date copy of all your data is kept offsite at all times.
You might want to consider temporary manual systems of working to allow the business to continue. If this is not possible you should consider using a specialist IT continuity provider. Depending on the company they can offer an end-to-end service from consultancy and planning to the provision of alternative IT equipment and premises.
Rehearsing and maintaining the plan
The plan does not belong on a shelf gathering dust. It is important that each member of the team has a copy of the plan, and that they keep a copy of the plan away from the business as you never know when disaster might strike.
The best thing to do is to exercise your plan to be sure that it will work if disaster strikes. You could simulate a disaster with a desktop exercise, or you could try out a simulated "mini-disaster". Change the plan accordingly from what you learn from these exercises.
It is important to keep the plan up to date. Make sure the supporting documentation is updated regularly and review the entire plan each time there a changes in organisational structure or there is a major change to the business. Make sure that all copies of the plan are up to date and destroy all out of date copies.
This document contains general information and guidance and is not and should not be relied on as specific advice. The document may not cover every risk, exposure or hazard that may arise and Aviva recommend that you obtain specific advice relevant to the circumstances. AVIVA accepts no responsibility or liability towards any person who may rely upon this document.
Was this helpful to you?