Business Continuity Planner Project
Introduction
In today’s rapidly changing environment, encountering risks and identifying threat areas for businesses operating in different industries is gradually becoming a norm. This development is facilitated by the emergence of the concept of Business Continuity Planning (BCP). BCP allows businesses to resume operations after a negative impact(s) brought about by unfavourable circumstances (Austin, 2017). These circumstances may range from significant disasters such as infernos and earthquakes to less threatening events such as loss of network resource and power outages, that can quickly escalate from minor emergencies to full-blown disasters (Federal Emergency Management Agency (FEMA), 2013). BCP allows businesses to protect themselves and recover from hazards.
Goals and Objectives
The primary purpose of this BCP is to reduce the impact of disasters/hazards on the overall performance of businesses, prevent loss of life, and minimize the damage of business property. This activity includes:
- Effectively reduce the number of decisions to be made in the event of a disaster
- Eliminate over-reliance on a single individual during a disaster
- Minimize trial-and-error actions during a crisis; and
- Reduce the need to formulate new crisis-related programs, procedures or systems so that all the elements required for assistance when disaster strikes are defined and safely kept (preferably away from the site) ready for use.
The primary objective of this BCP is to supply the necessary information and processes to:
- Adequately respond to a crisis in a swift manner
- Effectively notify the personnel obligated to attend to the emergency (Rock, 2017)
- Speedily gather the business recovery team
- Recover client services
- Quickly resume day-to-day operations
Don't use plagiarised sources.Get your custom essay just from $11/page
Crisis Control Unit
The responsibility of creating a Crisis Control Unit (from here referred to as CCU) lies squarely with the organizations. However, this unit mustn’t exist as part of the normal routine activities of the business. The CCU team members will deliberate and organize every event that pertains to an emergency or a potential crisis and the process of Disaster Recovery Planning, including the execution of activities aimed at preventing potential disasters.
This team will comprise of some of the top managers in the organization. Also, a senior managerial role of a Crisis Control Officer (CCO) will have to be created. The CCO will be assisted in this role by a deputy. Besides their normal day-to-day activities in the company, the CCO and his/her deputy will bear the responsibility of creating, carrying out maintenance, and testing the most suitable disaster recovery plan and preventive measures.
The CCO will also ensure that all CCU members are familiar with the BCP, including their responsibilities in it. The Crisis Control Unit members are listed below:
Title in the Organization | Disaster-Related Responsibility |
Chief Executive Officer | Offer Leadership and also in charge of group PR |
IT Director | Crisis Control Officer (CCO) |
Chief Financial Officer (CFO) | Offer Financial Support to the team |
Human Resource Director | Represent the Staff |
ACS Director | In charge of communication |
Risk Factors and Capabilities
The businesses are predisposed to an array of threats. However, the likelihood of a disaster occurring due to these threats varies. This variation is because of factors such as physical location and the surrounding environment. This means that some business may be more vulnerable to some threats than others. Similarly, some disasters have the potential to cause more damage than others. The table below describes the potential danger, the likelihood of it occurring, and the risk it poses on the businesses.
Potential Threat | Likelihood of it Occurring | Risk level | ||
Technological Threats | H | M | L | 1-3 |
Power failure | ü | 2 | ||
Computer software failure | ü | 2 | ||
Computer hardware failure | ü | 1 | ||
Company Telephone failure | ü | 1 | ||
Hacking | ü | 1 | ||
Document loss | ü | 1 | ||
Workstation failure | ü | 2 | ||
Network failure | ü | 1 | ||
Natural Elements | ||||
Earthquakes | ü | 3 | ||
Floods | ü | 3 | ||
Drought | ü | 3 | ||
Fire | ü | 1 | ||
Heavy winds | ü | 3 | ||
Lightning and thunderstorm | ü | 1 | ||
Threats from People | ||||
Business sabotage | ü | 1 | ||
Employee strike | ü | 1 | ||
Transport accidents | ü | 2 | ||
Disease outbreak | ü | 1 | ||
Individual errors | ü | 1 | ||
Terror attack | ü | 1 |
From the above data, the following areas should be assessed regularly given their risk: potential fire incidents, vulnerability to hacking, health safety, regular back up and restoration of computer software, network/telephone, and hardware elements, and the overall security of the premises.
Countermeasures to the Disaster Areas
The businesses must implement the following countermeasures:
- Establishment of an off-site recovery centre to be on standby and easily accessible
- The institution supervisors and the health and safety committee (if in place) must ensure their organization’s compliance with the Occupational Health and Safety (OHS) Act. If possible, to conduct at least one security drill each year.
- The premises must comply with the Fire Safety Regulations
- Businesses should ensure they have access to an uninterruptible power supply
- Hardware to be replaced frequently
- Perform routine software updates and data backup
- Ensure tight security in and around the organization
Disaster Monitoring and Escalation
Emergencies are required to be monitored to ensure an appropriate response. Major incidents such as the destruction of the entire building housing the organization need little decision making, and hence building should be immediately evacuated. However, incidences of a lesser magnitude such as a computer room fire should be monitored closely, and if necessary, escalated to evacuation level. The decision to upgrade the disaster should be dependent on factors such as estimates on required repair time.
Maintenance of BCP
Given that the business changes with time, it is only fair that the Business Continuity plan be adjusted to reflect the “current” status of the organization.
BCP Plan Development
The outcome of the business impact analysis conducted by the CCO complemented by the executed counter disaster strategy places the organization in a position where effective recovery plans can be designed for each specific disaster.
Testing the Viability of the Plan and Training
BCP plan testing falls under the CCO. The CCO should conduct regular testing on each practical disaster scenario. These tests should be done individually to estimate the restoration times accurately, thus enabling the fine-tuning of the plan for better results.
Additionally, owing to the gravity of the whole issue of disaster recovery, it is crucial for all the parties involved to have necessary up-to-date knowledge on the laid down recovery procedures, hence the need to conduct regular training exercises.
Disaster Declaration and Necessary action
Necessary action will be taken depending on the nature of the disaster, training received, and the time of occurrence (working hours, weekend or at night). If employees are at the premises, the first course of action is to evacuate them. After that, the CCU team members will be notified of any injuries or deaths to the workers and visitors. A disaster will be announced at the designated level, thereby activating the recovery plans.
References
Austin, N. S. (2017, September 26). Objectives of a Business Continuity Plan. Retrieved from Bizfluent: https://bizfluent.com/list-6770217-objectives-business-continuity-plan.html
Federal Emergency Management Agency (FEMA). (2013). Retrieved from Business Continuity Training Part One: What Is Business Continuity Planning?: http://www.fema.gov/medialibrary/media_records/9448
Rock, T. (2017, January 18). 9 Critical Business Continuity Plan Objectives. Retrieved from Invenioit: https://invenioit.com/continuity/business-continuity-plan-objectives/