Business Continuity is often viewed as a necessary evil required to fulfil requirements of an insurer, a client audit or a regulatory review. Others see it as something that will show you how to prepare for and deal with an emergency should one arise.
The simple truth about Business Continuity planning is that an organisation should be able to continue its operations through a disruption or have plans to recover key services to the extent required by its stakeholders to ensure minimal damage to reputation or market position whilst satisfying legal and regulatory obligations.
No organisation can afford to be without a comprehensive, documented and fully integrated Business Continuity Management System. It must take into account the risks faced by the organisation, the impacts arising if risks are realised and it must ensure, through formal testing, that everyone in the organisation knows what is expected of them and has confidence that the plans will deliver in the event of a disruption.
All of these are common requirements however, in reality, a good Business Continuity strategy is one which actually delivers far more to your organisation, such as:-
- It actually reduces the likelihood of an emergency occurring in the first place and thus the likelihood that Business Continuity Plans (BCP) are ever needed to be invoked
- It reduces your insurance costs year on year: sometimes substantially
- It helps you to win new business as clients are now frequently demanding to see that their supplier’s (and their supply-chain) have formal & regularly tested business continuity plans in place
- It helps you to genuinely protect your business. Talk to one of our consultants to understand some of the horror stories we have seen over the years. Many of these stories are quite amazing but each was very serious for the business concerned. You may well find that you are very surprised at what a Business Continuity program may uncover from a ‘risk to your business’ perspective after following a formal ‘Risk Management’ approach.
Without previous experience, or the proper time to devote to the task of implementing formal plans aligned to (or accredited to) the latest ISO standards (ISO 22301), we often find that projects take up lots of valuable time internally and then do not really progress. It is also not uncommon for organisations during the Risk Assessment (RA) or Business Impact Analysis (BIA) stages to struggle with ensuring that the risks identified remain proportional to the likelihood of the risk arising, its impact and the cost of managing that risk.
A solid Business Continuity project is also instrumental in identifying resilience issues, often involving IT and sometimes including complex inter-country, inter-BU or project dependencies which require specialised skills to interpret and manage them. Beeches Consulting is able to bring the experience of handling all areas of this dialogue with confidence.
Wherever you stand in the Business Continuity arena, many companies do not realise that directors actually have a legal requirement to ensure a ‘duty of care’ over their business i.e. to ensure that the business is properly protected. At Beeches Consulting, we have been helping clients to implement formal plans for all kinds of organisations (simple, complex, UK, Global etc) for many years.
Beeches Consulting can assist you with all aspects of Business Continuity including:
- Training / Testing
- Review / Audit
- Implementation of ISO 22301
We can also provide Crisis Management, media training, employee communications (SMS text alerts) as well as ‘embedding services’ such as Corporate Communication and internal PR.
IT Disaster Recovery (IT DR)
Given the dependency of all businesses on information and communications systems, we are well versed with assisting organisations to ensure IT Disaster Recovery capabilities mirror the requirements identified within the Business Continuity Plans or rather, underpin these in a way that is proportional to the risk, impact and cost.
One of the common issues we find that our clients have is that the IT Department, whilst responsible for IT Disaster Recovery, is often expected to work in the dark. Business departments rarely define for the IT Department what the business Recovery Time Objectives (RTOs) and Recovery Point Objectives (RPOs) actually are.
So what happens in this scenario? The IT Department often does the only thing that it can: it works in the dark, or rather it aims to recover IT systems as soon as possible as they do not know what the actual business needs are and this is therefore the safest option. Beeches Consulting’s experience is that organisations tend to either have a ‘Rolls Royce solution’ which is costing far too much or they have insufficient plans which are never fully tested and thus it is unknown whether there is any actual recovery capability in place at all.
As part of a Business Continuity programme, or indeed as part of a standalone IT DR project, Beeches Consulting is well experienced in helping to bridge the gap between the business and IT as well as helping to implement IT DR strategies from scratch. Unlike the many technology companies trying to sell you their IT DR solutions and services, we are fully independent and therefore our consultants help you to ensure that you only buy what your business actually needs rather than what a technology company wants to sell you.
Beeches Consulting implements IT Disaster Recovery Planning in full alignment to ISO 27031. We provide consultancy covering all aspects of IT Disaster Recovery Planning, including:
- Review / Audit
- Implementation of ISO 27031
- Implementation of resilience measures