The resulting bang not only did my constitution no good, it meant that the computer equipment had to be repaired. Fortunately our company has a business continuity plan which was put into action and none of our clients were put to any inconvenience.
At the end of 2007 The British Standards Institute produced an new standard BS 25999-2 Business Continuity Management and its code of practice BS25999-1. This can be either a stand-alone system or as part of ISO27001 (Information Security Management Standard).
BS25999-2 sets out the requirements for BCM (business continuity management) and how any organisation can reduce or mitigate any incident which interrupts or degrades the company or its operations.
The main areas are:
- Identify what potential risks could affect the company;
- Know what equipment would be needed in the event of a loss of building/facility;
- Keep copies of staff information off-site to be able to contact key personnel if required;
- Plan who will do what and when;
- Make contingency plans for staff if buildings are unavailable;
- Keep copies of important information off-site;
- Review and train everyone in the continuity plan and IT disaster recovery routine;
- Test the plan regularly;
- Learn lessons from any tests;
- Ensure the plan is kept up to date.
Having a business continuity plan in place will not stop a disaster happening, but it certainly will ensure that its effect can be mitigated and will ensure that the company can be up and running in the shortest possible time.
It is important to note that many companies that have been subject to a major disaster and do not have a business continuity plan have gone out of business.
Be prepared. It is not only for boy scouts.