Companies are often asked “Do you have a business continuity plan?”. But what precisely do we mean by ‘having a business continuity plan’ and is everyone answering the same question?

Having a document that has on its cover the words ‘business continuity’ or ‘disaster recovery’ is clearly not enough.  Thankfully, most organisations recognise the need for testing but very few actually test their plans on a regular basis, if at all. I would argue that having a plan and not testing it, is more risky than not having a plan at all and creates complacency and a false sense of security amongst senior executives.

Surely the right question to ask is “Will my plan get me through a crisis?” To answer this question really gets to the heart of the matter and forces you to look in more depth at the whole process of business continuity management and what your organisation has or has not done.

This is where applying RMI’s Continuity HealthCheck can  help. The HealthCheck is in effect an audit of business continuity management. It provides an assessment of the progress your organisation has made in five key areas.  Complete the questionnaire and send it to us.  We will calculate a score for each area and using illustrative graphs, show you how you are doing against standards for your type of organisation and the industry you are in.  We will also highlight the key elements that you need to work on.

So what’s involved?

The HealthCheck examines all aspects of an organisation’s preparedness and looks at sixty-nine individual elements of business continuity management. These are broken down into five areas:

Roles and responsibilities
The audit begins with a review of the organisation’s strategic approach to business continuity planning and the roles, responsibilities and experience of the management team. Issues explored include:

    • Where in the organisation does responsibility for business continuity lie?
    • To what extent has the senior management team been involved in the planning process?
    • Is the budget for business continuity appropriate for the size and type of organisation?

 Click here for a Complete List of Issues
or
[Return to top of page]

Threat identification and control
Potential incidents and events must be identified and analysed so that controls and safeguards can be developed to prevent or minimise the impact of any disruption on the organisation. The HealthCheck examines the work undertaken in this area and assesses any external issues or constraints that could influence the company’s response to certain situations. Topics assessed in this part of the audit include:

    • Identification and assessment of potential security exposures.
    • Determination of acceptable risk levels.
    • Assessment of the adequacy of back-up and restoration procedures.

 Click here for a Complete List of Issues
or
[Return to top of page]

Continuity strategy and approach
If organisations are to invest in business continuity, money must be spent wisely. Too many focus on non-critical activities that have no impact during a crisis, and fail to spend enough safeguarding those that do. Identifying critical activities requires a clear analysis of all aspects of the business to determine the impact of any breakdowns. The HealthCheck assesses how effective the organisation has been in identifying its critical activities and assesses the provisions in place to ensure their continuity. Aspects to be addressed include:

    • The basis for determining business criticality and requirements.
    • The suitability and cost-effectiveness of continuity solutions.
    • The consideration given to salvage and restoration.

 Click here for a Complete List of Issues
or
[Return to top of page]

Documented plans and procedures
Existing business continuity and crisis communications plans and procedures are examined and critiqued to identify gaps and omissions. Key issues include:

    • Notification, response and crisis control procedures.
    • Internal and external communications, including media handling.
    • Business unit and IT recovery procedures.

 Click here for a Complete List of Issues
or
[Return to top of page]

Training, rehearsals and maintenance
Finally, the audit assesses the extent to which training and awareness of business continuity are promoted throughout the organisation and the procedures used to maintain recovery facilities and written plans. Key areas explored include:

    • Plan maintenance procedures and effectiveness.
    • Training and simulation activity.
    • Plan status reporting and change control procedures.

Click here for a Complete List of Issues
or
[Return to top of page]

Continuity ManagementTo return to the services RMI provides for Continuity Management, please click the button on the right.

 
[Home] [Methodology] [RMI Services] [Continuity Management] [Continuity Software] [Project Management] [Training] [HealthCheck] [Links] [About Us] [Contact RMI]