Business continuity assessment (10 minutes)
If you don’t have a business continuity plan our 10-minute assessment will help to outline issues you need to consider to enable you to prepare for an emergency that may disrupt your business.
If you do have a plan then it may help you to identify any issues that haven’t previously been considered.
Have you considered the impact of direct risks on your business? Examples could include: IT failure, equipment failure, loss of power, fire, staff absence, supply chain failure etc.
Have you considered the impact of external risks? For example theft, flood, fire from a neighbouring property, denial of access to your property.
Have you considered how you would notify your customers in case of disruption? Think about how you could use your website, social media or emails to let customers know what’s happening.
- Do you have a list of employees’ phone numbers?
- Do you have a list of key contacts and their phone numbers?
- Do you have an up to date structure chart and job descriptions for your business (including temporary and contract workers)?
- Do you have staff personal information i.e. next of kin for all staff (including temporary or contract workers)?
- Are these details held in more than one secure location (preferably one off-site)?
- Do your staff know who is in charge and how to contact them in a crisis?
- Do your staff know what to do in an incident, have you shared the plan?
- Have your staff been assigned specific roles in the event of a disruption?
- Do you have an out of hours contact procedure for staff and key contacts?
- Do you have staff with fire aid or medical training?
- Do you have alternative working arrangements e.g. work from home, second premises etc.?
- Do you have specific staff with critical skills? Do other staff know how to carry out these skills?
- Are these details held in more than one secure location? With one preferably off-site.
- Do you have a fire risk assessment?
- Do you have a floor/site plan for your building? Are the plumbing, heating and air conditioning checked on a regular basis?
- Do you carry out end of day checks after everybody has left?
- Do you ensure that all appliances are turned off?
- Do you check that all doors and windows are locked?
- Do you have a list of key contacts for building/equipment maintenance- electricity, gas, water, telephones, lift etc.
- Are you and your staff familiar with the location of mains switches and valves?
- Do you have fire safety procedures and do you have regular fire drills?
- Do you have an evacuation procedure for your building and are your staff trained and familiar with it?
- Do you have primary and secondary evacuation points? Do you have generator backups?
- Do you have an alternative location you could use during a crisis?
- Do you have someone who is accountable for assets in your business?
- Do you have controls over the movement of company equipment?
- Do you have a recent inventory of your equipment? Do you have current maintenance contracts for your equipment?
- Do you have a security system installed? Do you have a security policy?
- Do you have an entry and exit procedure policy for staff/visitors/customers/contractors?
- Are contractors fully checked (company as well as each individual)?
- Do you check references fully?
- Do you regularly check the integrity of external fences, gates and doors?
- Is ICT critical to your business?
- Do you regularly back up your information? Do you hold a copy of the backup off-site?
- Do you have ICT maintenance staff or maintenance contracts?
- Do you have and have you tested an ICT disaster recovery plan?
- Is your antivirus software up to date? Are computer errors and logs monitored?
- Are there ICT security policies and procedures in place? Are all staff aware of email and internet usage policies? Are mobile phones and devices included?
- Do you know how many platforms/servers/applications or operating systems support critical business functions?
- Is your system part of a larger network?
- Do you know how long it would take to recover ICT functions?
- Are laptops, memory sticks and mobile phones password encrypted?
- Do you copy, scan or back up your information? Do you store paper copies in fire and flood-proof lockable containers?
- Do you have copies at an off-site location?
- Is someone responsible for the upkeep of your files and accounts?
- Do you have a clear desk policy?
- Do you have the correct contact details for your suppliers and customers?
- Are these details held in more than one location, preferably one off-site?
- Do you have your key suppliers and customers business continuity plans? (They may require you to have a plan)
- Do their plans require you to reduce or increase your business in response to their crisis?
- Do you have key customers that you would need to be in constant contact with during a crisis?
- If one of your key suppliers or customers went out of business would it affect your business?
- Is your business part of a complex, is it near an industrial estate, on a flood plain etc.
- Have you considered the types of risk that might occur due to the actions/operations of other businesses located nearby? i.e. risk of pollution etc.
- Have you thought about risks associated with the environment? E.g. water, climate?
- Do you have regular contact with neighbouring businesses? E.g. local business forum
- Do you have contact details for the local businesses in your area?
- Are you aware of emergency response procedures specific to your location? (Control of Major Accident Hazard sites, shopping centre evacuation procedures etc.)
Premiums may be reduced if you can demonstrate robust business continuity plans.
- Do you have sufficient insurance to pay for disruption to business, cost of repairs, hire of temporary staff, lease of temporary accommodation and equipment?
- Do you have copies of insurance details in more than one location to enable you to contact them immediately disruption occurs?
- Can you reduce your premiums by having a plan or putting any measures in place such as flood barriers?
It is worth considering assembling a crash box to hold items needed in a crisis. It should contain enough information and equipment to start the recovery process for your business. It needs to be easily accessible and ideally replicated in an off-site location.
- Emergency crash pack
- Business recovery plan
- Fire procedure
- Fire plans and contact details for the emergency services
- Employee contact details
- Key suppliers contact details
- Contact details for key services i.e. IT, phones, power etc.
- Contact details for key customers
- Site plan
- Spare keys for buildings and vehicles
- Back up disks/ sticks etc.
- First aid kit
- Stationery including message pads, pens, pencils
- Mobile phones with credit Camera & spare batteries
- Dust masks
- Megaphone if your business covers a large site
- Tape measure
- Whiteboard and pens
This list is an example of items that may be useful depending on your business you will need to vary the contents of your crash pack.
Writing a business continuity plan
Once you’ve completed the checklist, the next stage is to write a business continuity plan. The information gathered when completing this checklist will help to identify areas to be addressed in your plan.