Business Continuity Management

Doctors prepare to treat patients with Ebola
A large-scale outbreak of a highly infectious illness could happen at any time. (Photo: CDC Global CC BY 2.0)

By

Annette McGill

Good charity governance requires that charities identify risks to their organisations and take steps to minimise those risks and safeguard their charity.

What is business continuity management?

A commonly accepted definition of business continuity management is:

Business Continuity Management (BCM)  is an holistic management process that
a)  identifies potential impacts that threaten your charity 
b)  provides a framework for building resilience and the capability for an effective response that safeguards
   - the interests of your beneficiaries and stakeholders  
   - your charity's reputation & brand 
   - your organisation's income-generating activities.

As such BCM brings together the tasks of risk assessment, emergency response, disaster recovery and business continuity.

Why is BCM becoming more important?

• Legislation and Regulations: the Civil Contingencies Act, FSA
• Experienced events: e.g. H1N1, Y2K, 9/11, 7/7, severe weather 2011, 2012, 2013
• Supply Chain Complexity: longer supply-chains, off-shore manufacturing, outsourcing of services
• Digital technology: greater reliance on i.t. and data
• Insurance: increasing requirement for evidence of bcm by insurance companies 
• Corporate Governance: risk management requirements, trustees' concerns
• Stakeholder Concerns: protection your service-users

 

Implementing BCM in your organisation

How to start on BCM:
1. Discuss the tasks of BCM at senior level and assign responsibility
2. Assess Risks: identify your charity's critical activities and key risks related to them
3. Plan: work out how your organisation will maintain critical activities
4. Document your plans
5. Communicate: train staff and stakeholders, test your proposed responses
6. Maintain: keep your plan up-to-date


 Documentation and Communication are vital!

A great plan is no use if nobody knows about it. Keeping an up-to-date record of your business continuity plan is an important part of the process. If the worst happens, people need to know where to look for crucial information and what their next actions should be.

Your business continuity plan could be as simple as a document that is distributed to key staff in hard copy and online.

Possible Contents:

  • A copy of your detailed business continuity plan
  • Contact details for all staff, including mobile phone numbers
  • Contact details for emergency contractors - e.g. plumbers, glaziers, emergency numbers for utilities
  • Contact information for your local authority
  • Insurance details
  • Bank details


Testing
No matter how careful your analysis and planning, nothing serves to highlight core issues like running a test.

Guidance and Standards

The Government has prepared a Business Continuity Management Toolkit which you can use to get started. 
(This is a 19 page pdf document.)

The British Standards Institute has published the standard ISO 22301 for BCM. 
ISO 22301 is the international standard for business continuity management, and builds on the previous British Standard, BS 25999, and other regional standards.

The Business Continuity Institute has a selection of resources on its website. 

The London Resilience Partnership brings together over 170 organisations which have specific responsibilities for preparing for, and responding to, emergencies. Its website offers advice on protecting your organisation and planning for emergencies.

Standards Australia has published a range of standards and guides:

• HB 221-2004 – Business Continuity Management Handbook

• HB 292-2006 – A practitioner’s guide to business continuity management

• HB 293-2006 – Executive guide to business continuity management I.T.: BS ISO/IEC 17799:2005 
Code of practice for information security management