Business Continuity Planning

Business continuity planning is one subject that is often left to the last minute but is one of great importance.

If you wait until ‘something’ happens, it could be too late. I have seen people wading in calf deep water looking for the stopcock; others reading the instructions on a fire extinguisher in the middle of a fire.

In reality we should all know what to do in an emergency well before the emergency happens and be prepared for most eventualities.

We have read about the terrorist attack, the dirty bomb and other major catastrophes but it is often the ‘soft’ disasters which can cause irreparable damage to a company.

One such problem occurred recently; the company uses a card entry system to gain access to the building. The server housing the operating system failed and prevented anyone entering the building. It was apparent that there was no manual override; people milled around outside the building, not really knowing what to do. Eventually someone broke a window to gain entry. Of course the alarm went off and before it could be turned off the police were on site; embarrassment all round.

The company has now put a system in place to override the card system if it fails in the future.

The winter season also means that illness will increase; how many companies have prepared for a flu epidemic? Sadly very few.

Companies that have incorporated ISO27001 (Information Security Management System) will have an emergency plan in place, regularly tested and validated. This together with an IT disaster Recovery Plan will be able to deal with most eventualities. The old saying that ‘if you hope for the best but prepare for the worst’ is a good mantra to use.

Companies that have suffered major disaster, like being in the vicinity of the Buncefield fuel depot fire, and did not have any business continuity plan have disappeared without trace. Insurance cover just didn’t mitigate all the problems. Those companies that did have a plan in place, had difficulties but managed to survive.

It is a pity that, as of December 2007, there are only 363 companies in the UK certificated to ISO27001. It is a very big standard to achieve but the benefits are huge.