Business Continuity Planning: 3-Step Process
August 8, 2013 - Kestrel Management
Every organization is at risk from potential operational disruptions–natural disasters, fire, sabotage, IT viruses, acts of violence. And when business is disrupted, the costs can be substantial. Business continuity planning helps ensure that companies have the resources and information needed to maintain service, reliability, and resiliency under adverse conditions.
Organizing these plans in sync with the Incident Command System (ICS), a nationally recognized process of leadership and management of incident response, also can be instrumental in achieving and protecting business continuity.
Effectively Managing Risks
Kestrel defines sustainability as staying in business for the long term. While companies can’t plan for everything, they can take steps to understand and effectively manage events that might compromise their supply chain, quality, security, and future as an organization.
Through business continuity planning, we help companies identify the human, property, and operational impacts of potential business threats; evaluate the potential severity of associated risks; and estimate their likelihood of occurring. By understanding their risks, companies can create strategies that proactively mitigate the most pressing business threats, take advantage of opportunities that lie ahead, and provide for a more resilient and sustainable future.
Business Continuity Development Process
Kestrel assists in developing a Business Continuity Plan by following a process that can be broken down into three fundamental steps, as outlined below:
- Threat Assessment identifies various types of catastrophic events and rates the impact of each event on humans, property, and business operations. The risk of the event is rated for severity and as it relates to the organization’s ability to detect the occurrence of the event, the lead time involved in detecting the occurrence of the event, and the overall probability of the occurrence of the event, given the related control mechanisms already in place. The calculated total risk score then provides a guide to management for prioritizing the various threats and appropriately focusing efforts to address the risk on a risk/benefit basis.
- Risk Mitigation documents the association of the prioritized crisis events with their internal management system element(s). We prioritize the events based on the results of the threat assessment. Business management system element(s) that are currently in place to mitigate the prioritized crisis events are identified.
- Business Continuity Plan explains the steps taken by the organization to address potential crisis events and to ensure business continuity. Integrating the Business Continuity Plan with the ICS further provides the means to organize leadership and management teams that would be called upon to respond to an emergency event, enabling better communications and coordination with applicable emergency response agencies (e.g., police, fire, utility), and ensuring that the efforts are well organized and managed internally.
Your ICS and Business Continuity Resource
Kestrel’s core team comprises senior consultants with extensive EHS, quality management, operational risk management, and emergency response experience. We add to that expertise an industry leader with hands-on experience developing and establishing the ICS, serving as an Incident Commander, and instructing the complete ICS training coursework.
Our team can help you develop the systems and plans you need to effectively manage your business risks–no matter the size or complexity. For more information, contact us at 608-226-0531.
Submitted by: Tom Kunes