Once a business has a detailed continuity plan in place, it can be tempting to just put it in a drawer or file it on a computer and forget about it.
That’s the worst thing you can do, though.
That plan must be tested to ensure it is robust enough for your organisation. It should be a living document which changes as your business needs change.
How often you test it depends on the risks your business faces. If there is a high risk of loss of revenue, reputational damage, or lengthy downtime, you should carry out testing more regularly and test different areas of your plan.
What are the three ways you can test your plan?
Walkthrough exercises – This is the simplest way to test your plan. Managers walk through each step and check them off, at each stage asking if the business has the right personnel and supplies to cope with disruption, if key people have copies of the plan, and whether individuals know their roles. Managers should especially test weaknesses to find areas where improvements can be made.
Desktop scenarios – This test uses scenarios relevant to a business to see how your organisation would cope with it. For example, a hotel manager could choose the scenario of a devastating fire at the premises and look at how guests and staff could be housed and supported, how future guests would be contacted and whether a sister hotel could offer them rooms, whether sufficient insurance is in place, and how quickly work could be put out to tender. A law firm could look at a loss of sensitive information to a cyber attack, what plans are in place to inform the regulator and clients who may be affected and how security experts could be called in.
Simulations – These would be workforce -wide re-enactments of your procedures, ensuring every employee can physically demonstrate the steps they need to take, from driving to a back-up location or visiting server rooms to making customer calls or communicating on social media. The large-scale nature of these simulations means they tend to be annual events on quiet business days, though micro-simulations in specific areas can be staged more regularly.
Before you carry out a test, you will need to set its objectives. This could be to find areas of improvement or to test specific systems.
Some team members should be assigned to record the performance and highlight any shortcomings you find, and you should get feedback from any staff involved.
If you’d like further advice about testing your business continuity plan, call us on 029 2070 3328 or email us on info@penarth.co.uk.
Comments