Operational resilience
      Back to home
      2. General
      3. Operational resilience

      What is a Business Continuity Plan?

      A BCP outlines how your company will continue operating and who to contact during an unplanned disruption to service.

      A BCP outlines the processes in place to effectively contain, respond, recover, resume, and restore normal “business as usual” operations following disruption. The disruption could affect one or many of the Company’s key resources, including offices, computer systems, application, services, solutions, or individuals becomes unavailable.

      The disruption could be caused by any number of reasons, including poor weather, flooding, power/internet outage, equipment failure, illness, equipment failure or other reason.

      Being prepared enables you to minimise the probability and impact of business interruptions by integrating safeguards into your business operations.

      How does BCP differ from Disaster Recovery?

      Disaster Recovery (DR) is focused specifically on the process, policies and procedures taken to recover our technology infrastructure after a disruption.

      Risk Analysis

      Potential threats to the critical processes include the following: poor weather, flooding, power/internet outage, equipment failure, a pandemic, cyber attack, office fire, or data centre fire.

      Business Impact Analysis (BIA)

      The BIA process is covered in this article

      BCP Team

      Whilst all Staff should be aware of the role they play in identifying and responding to incidents, there should be a formal BCP team who oversee business continuity planning and in the event of a disruption, are responsible for invoking BCP and incident management and response.

      Incident management

      The BCP outlines the actions that need to be taken for initial assessment, invoking BCP, communications, overseeing any alternative working arrangements and managing the incident.

      BCP contacts

      It is important to include a comprehensive and up to date list of contacts that may need to be informed if BCP is invoked. Having this information in one place ensures that everyone has access to the relevant contact details and time is not wasted trying to find this information when time is critical.

      The list of contacts should include:

      • Insurance companies
      • Key stakeholders
      • Key suppliers - this could include hosting providers and office space. 
      • Commercial partners - are any key processes outsourced?
      • Regulatory bodies including the ICO for a data breach