A new approach
At Crisis Solutions, we recognise the importance of business continuity planning but feel the time has come for a new approach.
The traditional method of writing or updating a Business Continuity Plan (BCP) is to initiate a lengthy Business Impact Analysis (BIA) then develop a recovery and continuity strategy which evolves into a business continuity plan.
Go down this road and it means a lengthy lead time before resilience is improved.
It may sound counter-intuitive but we suggest starting with a crisis simulation even before a plan has been written or updated. This can provide effective early learning which improves continuity and resilience immediately. It will also tease out the criticalities inherent in an organisation which can then form the basis of any subsequent business continuity plan.
Thereafter a BIA will need to be completed and a BCP written, but even here we are noting a change.
A traditional business continuity plan sets out how an organisation will continue to operate in the aftermath of a crisis. It catalogues the required arrangements for a return to business-as-usual and identifies the necessary resources to do so.
Typically, these plans are generic and not tied to a particular threat or crisis but rather concentrate on impacts. However, many of our clients are now requesting what are commonly called ‘playbooks’ that do reflect individual threats. We have recently been involved in writing terrorism, cybercrime and pandemic playbooks as these threats require a very specific response.
British standards for business continuity
No matter what type of BCP an organisation requires it will need to be aligned with two important British Standards.
- ISO 22301 Business Continuity
- ISO27001 Information Security
ISO22301 gives guidance on:
- The contents of a continuity plan
- How an incident and recovery should managed
- How to maintain, review and exercise a plan
ISO27001 gives guidance on:
- Information security leadership
- How to plan an information security management system
- How to make the system operational
- How to review its performance
Both standards are internationally recognised and are aligned with each other. According to a 2015 Business Continuity Institute survey: “77% of financial institutions surveyed used ISO 22301 as a validation tool”.
At Crisis Solutions, we have business continuity experts who make sure your plans reflect these essential British Standards.