All businesses are at a risk of facing challenges that could impact their normal operations. To mitigate such risks, a company needs a set of measures they would adopt in the unforeseen future. The said measures are what we call a Business Continuity Plan.
The main objective of a BCP is to ensure the
safety of every person and to ensure normal business operations are not
interrupted. When setting a BCP, there should be appointed members who would
lead the rest of the team in case of an emergency.
A good BCP should be able to cater for:
- ü Staff
members
- ü Customers/vendors/third
parties
- ü Organization
processes
- ü Technology
- ü Important
documents(both soft and hard copies)
- ü The
business premise/building
- ü Special
equipment
Incident
identification and escalation procedure
Each staff member should be able to identify any
threat that would interrupt normal operations and know the proper channels to
escalate. This is why it is important to have team leads who are equipped with
necessary skills and tools. Staff members are encouraged to swiftly adopt the
BCP put in place and not to panic in the course of a disaster.
Event
of a disaster
Disaster might strike during office hours or out
of office hours. Regardless, this should not find any team player unprepared.
If an incident that does not compromise your safety happens during office
hours, carry any portable items with you as you head towards the emergency
exit. Easy to carry items should include your mobile phones, laptops, iPad and
personal essentials. If time allows,
safely put away sensitive documents that could easily be compromised.
Each staff member should assemble in the selected
areas for a head count. Await any instructions from the emergency team for the
next course of action as outlined in the company’s BCP. Assembly points should
be easily accessible and are normally located right next to the building for
easy evacuation. A secondary location for assembly needs to be in place in case
of a major incident like an attack where all members can be accounted for.
Should an incident happen outside office hours,
the outlined call tree should be adopted. This will ensure each staff member is
made aware of the said incident.
Recovery
strategies
After critical assessment of an incident, the
emergency team have identified the nature and impact of the incident and
recovery measures.
A good recovery plan should cover important
grounds like:
·
Major decisions by the security team
to be communicated to the Business Continuity Champions.
·
Emergency location in case the
original location has been compromised. The emergency location needs to be
already equipped with all the necessary working tools to ensure business runs
smoothly amid crisis.
·
Contacts of the Business Continuity
Champions and their alternates. A Business Continuity Head should contact a
Business Continuity Champion to give updates on the impacts of a crisis and
achievements attained on elimination of a crisis.
·
Operations continuity at the emergency
location.
·
Timelines on resolution.
·
Possible resumption of normal
activities/original location
Basic
checks at the recovery site
o
Check all the processes of operations
are working as required. This should be done by the assigned leads and escalate
any incidents that may seem abnormal.
o
Update staff members. The team leaders
should make sure all the staff members are familiar on the steps to take when
reporting in and out of the recovery locations to minimize compromise.
o
The ICT team should ensure the IT
infrastructure is working perfectly at the emergency location and make sure all
the original data is inaccessible by outsiders.
General
public information
The general public should be informed in case of
an emergency through relevant communication channels. The crisis management
team should be prepared to handle and present answers to questions relayed by
the media.
Should a staff member be approached by the media
for any information, they should direct them to the Crisis Management Team for
proper handling.
Continuity
of operations
A decision has to be made on whether it is safe to
return to the original location if the threat has been eliminated. This should
be communicated to all staff members by the company head or their alternate.
When leaving the emergency location:
- ² Notify
all staff members.
- ² Notify
your customers on resumption to the original location.
- ² Arrange
for working equipment to be carefully moved.
- ² Shred
all unwanted documents for safety.
- ² Erase
any information on the writing boards/pads.
- ² Archive
all documents containing information.
- ² Ensure
all utilities are functioning properly.
- ² Ensure
all required applications are working with no hitch.
- ² Perform
validation tests to ensure all the systems are in order.
A call tree is very important when conducting a headcount for all staff members. To ensure there are no surprises during an emergency:
Ø The
team leads should circulate all staff phone numbers within the department. This
will ensure everyone can easily be contacted in case of a crisis.
Ø Contact
details should be up to date. It is the responsibility of each staff member to
ensure their contact details are updated and should notify the BCP champions in
case of changes.
Ø Each
staff member should provide contacts of their next of kin in case we are unable
to trace them in the event of an emergency.
Ø A call tree should be activated by the team lead and flow all the way to the team members. The final call should come back to them and if that does not happen it is possible there are some people not accounted for.
Conclusion
Other than the phone numbers of each staff member, a
good Business Continuity plan should include emergency contacts for nearby
hospitals and police stations. In the event of an emergency, the safety of
every member is a priority. In case of immediate evacuation, staff members
should not struggle to carry their belongings as this could pose a great risk.
It is important that the BCP is circulated to all staff members for them to
internalize in the event of a crisis.