Skip to navigationSkip to content

Your County - Putting Kent First

Kent 4 star Council

Contacts

Business Continuity
Kent County Council
Invicta House
County Hall
Maidstone
Kent ME14 1XX

Telephone icon01622 696869/ 694806
fax: 01622 694805

Email icon business.continuity @kent.gov.uk

The five stages

Stage 1 - Understanding your business

Business impact and risk assessment tools are used to identify the critical deliverables and enablers in your business, evaluating recovery priorities and assessing the risks which could lead to business interruption and/or damage to your organisation's reputation. This should lead to five basic questions:

  • What are the key business objectives of the organisation/business/service?
  • What are the outputs/deliverables i.e. products/services of the business objectives?
  • When are the business objectives to be achieved?
  • Who is involved (both internally and externally) in the achievement of the business objectives?
  • How are the business objectives to be achieved?

Stage 2 - Continuity strategies

Determining the selection of alternative strategies available to mitigate loss, assessing the relative merit of these against the business environment and their likely effectiveness in maintaining the organisations critical functions.

For example:

  • Which outputs and /or processes are most critical to the overall aims of the business/service, and in what priority order (timescales (24hrs/3 days/7 days) they must be recovered?
  • What is deemed to be the minimum level of those outputs/processes that must be maintained during a disruption?
  • If you have subordinate groups/branches within your organisation, business or service stipulate, whether they need to issue their own BCM strategy document and plan

Stage 3 - Developing the response

Improving the risk profile through improvements to operational procedures and practices. Implementing alternative business strategies, using risks financing measures (including insurance) and building Business Continuity Plans i.e.

Recovery Plan:

  • If you own/lease/rent the premises/accommodation and it is badly damaged/destroyed where will you recover to?
  • What criteria determine a disaster, and who is empowered to make the decision to invoke the recovery plan.
  • Details of any Plan phases/timescales.
  • The management structure for affecting an efficient recovery from a disaster, including roles and responsibilities.
  • Some form of contingency planning for critical IT, communications and other systems should already exist.

Stage 4 - Establishing the continuity culture

Introduction of the BCM process by education and awareness of all stakeholders, including employees, customers, suppliers and shareholders:

  • If your staff do not know what is planned then the plan will probably fail.
  • If your staff do not understand the general principles of Business Continuity, then opportunities to improve organisational resilience will be missed when they arise during normal day to day operations.
  • In the aftermath of a disruption there will be a great deal of confusion. A well thought out plan should prevent that confusion from overwhelming staff and those tasked with leading the recovery.

Stage 5 - Exercising, maintenance and audit

Ongoing plan exercising/testing audit and change management of the Business Continuity Plan and its processes. All those who are members of the recovery team - including alternates - will need practical training to familiarise themselves with the plan and their role in it. This is best done through exercises and the most commonly used include:

  • Tabletop exercises.
  • Real time tests of contingencies covering IT/comms and other systems.
  • Major 'disruption to business' simulation exercises.
  • "No notice " live simulation exercises.

It is important that plans are kept up to date and keep pace with organisational changes as and when they occur. As a minimum plans should be reviewed and updated annually.

Copyright Kent County Council 2009