‘Failing to plan is planning to fail’. This famous quote perfectly sums up the importance of business continuity planning (BCP), says Jason Wakefield, of Todd Research Ltd.
The commercial world is fuelled by competition and risk, creating an environment in which every company is susceptible to disruption.
Continuous operations are essential for business survival, but unexpected events – including natural disasters, disease, human error and crime – can jeopardise business as usual.
It is crucial that companies are prepared, so a well-formulated, comprehensive and up-to-date contingency plan can help maintain day-to-day procedures even under the most exceptional circumstances.
Millions of new businesses launch each year, but as few as half of all organisations continue to operate after 5 years.1 While poor management, cashflow problems, or a lack of competitive advantage can lead to a company’s collapse, many decline because they are unable to recover from a single incident that abruptly devastates their business.
The global pandemic is one example of a completely unavoidable setback that left both new start-ups and successful major enterprises struggling. However, while some hazards are unpredictable, others – like terrorism and other man-made threats – could potentially be avoided through early detection, proper security measures and effective planning.
Implementing appropriate security measures is an important part of disaster prevention for many companies.
Legal requirements
The UK government recently announced details for new legislation, known as the Protect Duty, that requires organisations to be more prepared for man-made disasters. It aims to improve business survival rates while providing a sense of security for staff and surrounding communities. This legislation aligns with the important concept of business continuity planning (BCP), which refers to the systems and procedures that enable well-prepared businesses to quickly resume functions following a major disruption.
Adhering to the Protect Duty legislation and formulating an effective BCP will require companies to take a logical, structured approach to analysing potential threats and the optimal responses to various hazards, while also training staff to implement these plans.
The Protect Duty aims to ensure that organisations can respond quickly to a major incident and protect employees and the public.
Flexible framework
Approaches to business continuity are as diverse as businesses themselves, so every plan should cater to individual needs. However, the first step should always include a comprehensive survey of the organisation and its premises, followed by a detailed risk assessment documenting the potential material, financial, reputational and operational risks that the business may face.2,3 Only then can a company begin to plan preventative actions and responses.
A definition of disaster will depend on the scale and features of the organisation, but should include any incident that threatens staff, facilities or operations and requires specific measures to restore normal functions. For example, Todd Research has internal plans in place that cover every eventuality from fire and flood to hacking and even anthrax postal attacks. Although it is impossible to predict every possible occurrence, a BCP should cover a wide range of possible actions for various scenarios. The key characteristic is flexibility; it provides a basic framework that lays out the response to any crisis, whether foreseeable or completely unexpected.
Preparation and detection are key
No matter how comprehensive, the only truly beneficial BCPs are those that have been communicated across the company and tested regularly. Businesses can implement continuity training independently, or rely on external security professionals to help formulate risk assessments, implement security and safety strategies, and practise procedures.
Alongside disaster management training, staff should also be regularly updated on security procedures, and other preventative measures to avoid disruption from day to day. Many organisations, especially those in high-profile buildings or participating in major events, have a duty of care to the public to carry out preventative security checks – looking for weapons, explosives and other prohibited items – as a deterrent to potential criminals.
However, to keep up with changing threats of violence and terrorism, security procedures and technologies are constantly evolving, so training should also be continuously updated. Training can be carried out practically or theoretically, but all personnel should be equipped to handle potential emergencies.
Staff training ensures that everyone is aware of security protocol and procedures in the event of an emergency.
Ongoing safety and success
Any potential incident – whether a security breach, pandemic, or natural disaster – can threaten the future of a business, and the safety and security of employees and customers. Preparation is key to avoid disruption, and future government legislation will require businesses to reinforce their security procedures and strengthen their disaster recovery schemes. While no amount of security measures can provide absolute protection from all potential threats and disasters, a comprehensive BCP can drastically improve a company’s defences and reduce the impact of any detrimental events on its longevity and success.