When compiling a business continuity plan, the focus for most UK businesses usually is not on major natural disasters (i.e. tsunamis, earthquakes or volcano eruptions), for obvious reasons. However, depending on where a company resides in the UK, extreme weather can be just as crippling, especially when it is unexpected or under-reported.
Just in 2019 alone, the UK experienced both heatwaves and flash floods along with an expectation for a cold snowy Christmas.
The July heatwave caused a significant impact on the UK transport infrastructure with rail transport reporting risks of railway lines buckling, damaged overhead electric wires and dangerously high temperatures on trains (39.4oC was recorded on the tube in London). There were also reports of major water mains bursting due to the extreme heat leaving thousands of people without water in Bristol. These hot daytime temperatures led to evening thunderstorms across the country.
Just a week later, multiple flood warnings and alerts were issued, covering central, north-west and north-east England. The warnings followed heavy rainfall causing rail cancellations between Manchester and Stoke-on-Trent and a landslide in the Yorkshire Dales.
So how does a business plan for events out of their control?
By having a robust and tested business continuity plan, organisations can assess their risks and pre-plan in a calm environment in order to mitigate preventable issues in the face of disruption. An example of this is when it snows in the UK. Many plans are likely to include severe weather but not go in to detail about snow. The outcome of this is many companies find themselves in a situation where employees decide they are unable to get in to the office due to cancelled trains or dangerous roads, which can cause a company to suddenly have skeleton staff (or in extreme cases, no staff at all on site). The impact of this (when not properly prepared) can be crippling on many organisations if staff are unable to continue working from an alternative location (i.e. from home). By having a plan with a specific, tested scenario on snow, businesses can ensure critical staff are still able to work, regardless of location while still keeping their information secure.
Key considerations for your business continuity plan:
- Create a risk assessment of all the issues that could affect the continuity of the business. This should address a wide range of situations, from extreme weather and fire or flooding to redundancies/ mass loss of staff and cyber attacks.
- Ensure (at least) key staff have the ability to access their work remotely.
- Make sure the plan is clearly communicated to staff to ensure they know what to do in case of an event. This could be as simple as non-managerial staff to await further instruction from their manager.
sure managers understand their authority within an event, i.e. who can send
employees home? Who can purchase equipment i.e. laptops/portable toilets/
alternative office space?
- Using the ‘commander’ system of Bronze, Silver and Gold allows senior members of staff to understand their responsibility within a situation or incident to be able to make proactive informed decisions.
- Ensure there is a range of staff involved in testing the plan. In the event of an incident, critical senior staff who would usually be relied upon may not be available i.e. they could be on annual leave that day or off sick and someone else in that department may be able to ‘step up’.
- When testing the plan, ensure some of these tests are conducted off site to make them as realistic as possible. For example, if you are expecting staff to connect to the corporate network remotely via a VPN, make sure they know how to use it and are able to. A common issue arises when licences are needed and the organisation has not purchased enough in order for all staff to use at once, causing further delays while IT staff scramble to get authorisation and then purchase additional licences.
Organisations wanting to confirm their capabilities via assessment can align to the ISO/IEC 22301:2019 standard for business continuity systems. Bridewell Consulting can provide full compliance services leading to external assessment by a certification body. This route is an ideal next step for organisations which already have ISO/IEC 27001.
For advice and assistance to create a robust and informed business continuity function within your business, contact us for further information at email@example.com.
Written by Emma Spenwyn – Senior Consultant