What is Business Continuity?
Business continuity is the planning and preparation of a business to ensure it will operate during emergencies or disruptions. These situations may include any event that could disrupt business operations or impact services and functions, such as natural disasters, business crisis, IT failure, workplace violence, political unrest, epidemics and pandemics. Business continuity does not just ensure the business’s operational capability in the face of an emergency, but also the safety of their employees.
- Communication plans to customers and employees
- Backup technology, processes and workarounds to ensure services and products can still be provided to customers in case primary technology is not available
- Business process dependencies and the target recovery time for all processes affected
- Alternative locations in case the primary site is impacted or inaccessible
- Workforce management and employee support during an emergency event
This aims to build organisational resilience, where the business can anticipate, prepare for, respond, and adapt to change and sudden disruptions to survive and prosper.
What is a business continuity plan?
A business continuity plan (BCP) is a formal document that outlines how a business will continue to operate during a disruption. The BCP document contains contingencies for every part of the company that might be impacted, such as processes, assets, people, and the corresponding recovery plan, backup plans and key contacts.
Business Continuity Plans are regularly tested through simulations and tabletop exercises to ensure that the action items still meet the requirements, and the plans will be functional in an actual event.
What is a business impact analysis?
Business Impact Analysis (BIA) is an integral part of business continuity planning that determines the critical business activities and requirements to ensure business resilience and continuity in case of disruptions. BIA identifies the potential threats and risks of disruptions to service delivery and addresses three timeframes:
- Recovery Point Objective (RPO) – the maximum data that can be lost after a recovery from a disaster, failure before data loss will exceed what is acceptable (source)
- Recovery Time Objective (RTO) – the amount of time it takes for a business to recover from backup (source)
- Maximum Allowable Downtime (MAD) – the maximum period of downtime a business function can afford
BIA is the foundation of a good Business Continuity Plan as it gives them a clearer view of how to address and recover from disruptions. Several international standards provide guidance in creating BIAs, including the International Organization for Standardization (ISO) 22301, National Fire Protection Act 1600 and the Federal Financial Institutions Examination Council’s (FFIEC) for financial institutions.