The initial three articles of this series focused on the process of Developing Business Continuity plans. Now, we move the discussion on to how these are deployed and maintained to ensure they stay relevant to the needs of the organisation.
Many business continuity initiatives ‘wither on the vine’ because the development of the preparation and response actions are seen as the end game. Importantly, this is not the case and a management team needs to be implemented to establish ongoing responsibilities. A typical management team would consist of:
- A Steering Group – to ensure that the BCP remains relevant to the organisation’s current needs and strategy.
- A Review Team – who return to the plans periodically to ensure that they can be relied upon if activated. And lastly,
- An Invocation Team – who will collectively respond when an incident occurs, and adopt specific roles to manage the event.
A typical Business Continuity Team could be represented in the organisation chart, below. It shows representatives from each of a company’s business units that provide critical infrastructure into the company. Each member has a role to play both for the Business Continuity Plan maintenance, and for undertaking specific actions if the plans are invoked.
Example 1: A Business Management Team
This organisation is typically underpinned by a Business Continuity Policy that defines roles and responsibilities for the specific groups within the Management Team. This policy also sets out requirements for testing, training, and for general awareness of the BCP strategy throughout the company. Here is an example of a typical Business Continuity Policy.
Example 2: Business Continuity Policy
As shown, the policy covers the whole scope of the BCP, providing a management and organisation framework for maintaining it going forward. Its purpose is to communicate to those responsible for each aspect of the plan what needs to be completed, defining the roles and responsibilities, and the assurance activities that will need to be actioned.
That concludes Stage 4 of the BCP process. The next article shall focus on the last step, ‘Oversight & Assurance’, where we will be discussing reviewing, testing and change management procedures. If you have any questions concerning this article or any of the previous stages (a summery of which can be found <here>) then please contact us at Advice@Adam.co.uk.