Introduction
A Business Continuity Plan (BCP) is a document outlining how an organization should keep performing when and if an unplanned issue or threat occurs. The purpose of the BCP is to contribute to the organization’s resilience to possible disruption. The disruption means an incident that can pose risks to the health of employees and customers, prevent them from fulfilling working duties, and cause operation pause (The Business Continuity Institute, 2018). In addition, the plan is aimed to provide a response to major incidents (The British Standards Institution, 2014). They are defined as threats that may cause significant damage to community health and properties (Barnes, 2001). The plan’s scope contains a range of precise actions, which may guarantee safety, minimize possible threats, and help continue the operation of the organization. This process implies specific objectives, namely discussing the BCP elements, introducing the required BCP Sections, presenting a decision-making flow chart to respond to an incident, and mentioning the Aide Memoirs.
BCP Elements
Considering the BCP’s importance, it is not surprising that it should include a few specific elements. Their presence ensures that a BCP is of high quality, meaning that an organization can use and benefit from it when an issue arises. The constituents include the purpose and scope, fundamental principles, and types of incidents, and the description of each of them will be presented below.
Purpose and Scope
It has been mentioned above that the BCP’s purpose is to improve an organization’s response to possible disruption. Thus, every BCP should explicitly state its purpose and scope, depending on what organization uses it (The Business Continuity Institute, 2018). It is necessary to include this element to ensure that the organization understands why this document is essential and when it is required to use it.
Fundamental Principles
This element is necessary to explain how a BCP can be implemented. This statement refers to fundamental principles that guarantee consistent decisions in the process of description (The Business Continuity Institute, 2018). The principles are:
- Managers and Emergency Team will participate in the process of elaborating BCP, covering all specialties of the organization’s operation and predicting all the potential disruption (The Business Continuity Institute, 2018).
- The elaborated approach will be applied for making a significant decision, which will be discussed among all the managers and Emergency Team members and presented to media and other agencies (Barnes, 2001).
- The BCP includes a recovery phase, which means a period of returning to the standard operation.
Types of Incidents
A BCP should also include all the types of incidents that can affect the specific organization. This list is of significance because it stipulates what potential threats can affect the business and what consequences can arise. The exact selection of the incidents depends on what organization is under consideration because disruption can affect customers’ health, employees’ ability to perform duties, and others (The Business Continuity Institute, 2018). The list of typical incidents is as follows:
- Epidemic – the outbreak of an infection that has not been discovered before and spreads rapidly, interfering with regular operation.
- Urgent news – news in media and social networks regarding personal and community threats.
- Cyber-attacks – a breach of a working database, which affects customers’, employees’, and organizational safety.
- Chemical and nuclear threats – an outbreak of chemical and nuclear materials that are dangerous for human health and require urgent and competent actions.
BCP Sections
A BCP should be organized in a specific way to ensure that its can easily understand it. Simultaneously, it is of significance to place separate Sections in a particular order. This condition increases the BCP effectiveness because the proper outline contributes to the fact that responsible employees will find what they are required to do within a short period of time. According to Barnes (2001), the typical structure of a BCP includes initial response, damage assessment, roles and responsibilities, “customer information, and test and maintenance procedures” (p. 121). The following information will offer a detailed description of each Section.
Initial Response
This Section explains when it is necessary to implement a BCP and what are the first steps. It is essential to apply a BCP if the following conditions are present:
- An emergency is announced by media, administrators, or business partners (The British Standards Institution, 2014).
- It is impossible to find a solution to the incident using the organization’s internal resources (The Business Continuity Institute, 2018).
- The coordination of professionals is required to provide the solution or guarantee the safety of customers and employees (The Business Continuity Institute, 2018).
- An incident implies significant risks for community health and negative consequences for the organization.
The Emergency Team is required to present an efficient plan of action in case of major incidents, which is aimed to mitigate the possible damage for people and an organization and prevent considerable negative consequences. The priority is providing safety for customers and employees of the organization (The Business Continuity Institute, 2018). The plan is typically elaborated in accordance with different levels of severity of situations. Thus, the actions included in the program should be precisely followed by other employees.
Damage Assessment
The Section introduces a significant step that should follow the initial response. There is a need to “make an assessment of the damage and replacement needs” (Barnes, 2001). This quote denotes that the Section under consideration offers the guideline for the responsible employees and bodies on how to create a report highlighting how the incident can affect or has already impacted business processes. This information is essential because it can reveal what measures should be taken to overcome the current challenging situation.
Roles and Responsibilities
This Section is necessary because it clarifies what actions are needed and who should perform them. The division of roles and responsibilities is traced in Scheme 1. A local manager should be informed about the disruption, and a manager is supposed to transfer the news to the Emergency Team. They are responsible for deciding whether the incident requires the application of a BCP. Their decision should be spread among other employees, who should be acquainted with the plan in advance (Barnes, 2001). Thus, the Emergency Team’s responsibilities include following the plan, which guarantees a rapid return to a regular operation regime in case of disruptions (Barnes, 2001; The Business Continuity Institute, 2018). However, it is also worth admitting that employees are expected to act precisely according to the guidelines and act situationally in case of unexpected events.
Customer Information
It is also essential to prepare the information that will be distributed to customers if a disruption occurs. This step demonstrates that the clients should be notified of what issue an organization has witnessed. In this case, individuals will understand the situation and will not create additional problems for the business. That is why the given Section should include the description of what information should be distributed among the customers and how this process should be performed.
Test and Maintenance
The final Section includes versatile data, and testing details are among them. It is necessary to clarify that managers and Emergency Team are responsible for testing BCPs (The Business Continuity Institute, 2018). Briefing after the disruption among the staff should be conducted for gathering all the details about the incident and reactions to it (The Business Continuity Institute, 2018). After that, it is essential to conduct an analysis to indicate the strengths and weaknesses of the current BCP (The Business Continuity Institute, 2018). All the employees should be aware of the BCP, and their signatures, proving this fact, should be collected. Regular BCP training should be conducted among employees, and their actions should precisely match the plan (The British Standards Institution, 2014). Employees should be supplied with all the necessary equipment that can help find a solution to the incident and provide their safety.
Decision-Making Flow Chart
Scheme 2 presents the flowchart to demonstrate how a decision-making process should be performed when a disruption occurs. When news about an incident appears, it is necessary to decide whether it is reasonable to apply a BCP. If the answer is yes, a manager should inform the incident control team and work with it. The following steps are implementing a BCP and controlling the process. Once the disruption is overcome, it is necessary to test and maintain the effectiveness of the applied BCP. However, if an incident appears and the initial analysis reveals that a BCP is not required, a responsible manager does not need to interfere in the situation.
Aide Memoires
Mobilization
In case of an incident, the BCP requires mobilization of the labor force. It is essential to wait for the information from a manager and Emergency Team and act in accordance with BCP. When unexpected situations arrive, which implies a high-level responsibility, it is vital to contact managers and Emergency Team. In addition to that, employees are required to follow the order of actions and act in accordance with their roles.
Welfare
All the actions should include a response to the objective of maintaining the safety of employees and customers and minimizing the negative consequence for the organization. Actions taken by employees should not involve the risk for their and customers’ health and match the established rules. Workers should strictly follow the principle of division of roles and responsibilities in order to guarantee their safety and prevent possible injuries.
Conclusion
The Business Continuity Plan implies directions for acting in case of emergencies threatening the lives of staff members and customers and organization operation in general. The plan regulated the actions of employees, managers, and the Emergency Team, which allows preventing some negative consequences and recovering proper functioning of a company. The recommendations in the plan should be followed precisely in order to minimize the possible damages and refrain from making decisions situationally.
References
Barnes, J. C. (2001). A guide to business continuity planning. John Wiley & Sons, Ltd.
The Business Continuity Institute. (2018). Good practice guidelines 2018 edition. The Business Continuity Institute.
The British Standards Institution. (2014). Crisis management – Guidance and good practice. BSI Standards Limited.