Business continuity planning

To mitigate their operational risks, today?s companies conduct risk assessments, and subsequently engage in risk management. Risk management is focused on reducing operational risks, which may result in increasing operating costs. Operational risks cannot be entirely eliminated, but can always be minimized. Such minimized operational risks are called residual risks, and it is a good idea to treat such residual risks as a priority.
How can you benefit from business continuity planning?
Business continuity planning focuses on residual risks the realization of which may threaten the execution of processes representing the basic functions of the company.
The dual goal of business continuity planning:

  • to minimize damage arising from unexpected or unpredictable events, disasters, and,
  • to restore the system after negative events as soon as possible.

The process of business continuity planning
Business continuity planning starts with defining the processes necessary for basic functions. Afterwards, based on the findings of the risk assessment, the risks associated with the basic functions and thus requiring business continuity planning are identified. Subsequently, according to the principles of process control, an emergency process structure, and later the processes themselves, are established to ensure the minimum requirements for the operation of the company are met, using reserve assets, in case of the realization of identified risks. The last step in business continuity planning is process introduction, which includes the creation of a business continuity reserve. After a business continuity plan has been designed, it must be tested to evaluate its working efficiency.

  • identifying the processes associated with basic functions

In this step of business continuity planning, the core processes of the company are identified (processes that directly serve to perform basic functions), and the properties of related support processes are defined. If the company has an ISO9001-compliant quality management system in place, this step is performed merely through consultation with our customer. Otherwise, the review of the company?s processes may require more extensive consultation and may take a lot longer.

  • identifying the risks to be managed

The risks that should be covered by the business continuity plan are identified. If the company has performed a risk assessment, the corresponding document will be used as a starting point for identification.

Otherwise, the risks to be covered will be defined on the basis of the risks managed for business continuity and the list of risks associated with the identified main processes.

  • developing processes for business continuity

In case of a disaster or a system crash with potentially serious consequences, there is usually no time and possibility to identify the necessary reserves and reserve capacities or establish a situation-specific procedure in an ad-hoc manner. Therefore, processes are developed to resolve the most common emergency situations. For each process, an emergency procedure is established, defining tasks and responsibilities, as well as reporting hierarchies. We define the resources and infrastructural conditions necessary for the functioning of processes.

  • introducing processes

The introduction of the business continuity plan devised as described above is supported through appropriate training, as well as the development of an action plan proposal, aimed to ensure the conditions and resources necessary for carrying out the plan are present