The Business Continuity Institute held their international Business Continuity Awareness Week in May. This may have gone unnoticed by many in the Security, FM and Property Management industries, which echoed the message that the BCI were promoting as part of their newly launched manifesto;
Increase awareness through developing Online Resilience Tools;
Increase education through championing academic research;
Increase resilience through developing global and local alliances;
Increase collaborative approach through a series of Next Practice Groups
The process for developing a Business Continuity Plan is well established and mirrors many similar processes that organisations use daily in their Risk Management, Health & Safety processes and even in their Project Management Life Cycles and that is to:
Identify the risk to the organisation and where they may emanate from (terrorism, natural or man-made incidents)?
Identify the most important and vulnerable assets that could be impacted by these risks and what effects it may have on your organisation?
How can you reduce the risk from occurring but also how can you manage the situation when it does go wrong? (Remember - keep it simple)
Identify the procedures and resources that need to be available and established to:
a) manage the incident and
b) assist the return to 'business as usual', as quickly as possible.
Make sure everyone who needs to know the plan is told and that they understand their role in it;
Train key personnel in their role and train all your staff in what to do, where to obtain information, etc. prior to an incident occurring;
Rehearse, rehearse and rehearse again. Make these plans / actions second nature so in an actual event, people know what to do or where to find information. This includes those who have 'deputy' roles in an incident because, almost guaranteed, they'll be on-call when the real thing happens;
Test yourselves, make mistakes and learn. During drills put yourself under time pressure or add an unusual situation into the drill. All this can bring out some good learning points that can aid the development of your team & plans;
Review and assess plans, what worked and what didn't? Amend the plans if needs be and then retrain / test to make sure it works.
None of this is ground breaking and follows the principle of Plan-Do-Check-Act. However, it is surprising that so much of this, especially the training, testing and learning phases, are not undertaken thoroughly or pushed home by some organisations.
During the recent BCAW seminars on emergency planning, a number of key lessons were raised by delegates that can significantly enhance the way an organisation responds to an incident.
Have a Communications Plan:
How will you communicate to your staff about the various incidents you may have to deal with? Especially if it's a fluid situation whereby you may have a lock-down followed by a necessary evacuation.
How can you account for your staff if implementing a dispersal / 'Run-Hide-Tell' response?
What communications need to go out to your staff, customers, stakeholders if evoking your business continuity plan?
How do you advise next of kin or advise concerned people of emergency contact numbers?
If your office / building is classed as a crime scene how do you advise staff not to come to the office and when they can re-occupy? Will it be a phased reoccupation?
DO NOT bypass the Communication Plan when managing an incident