Business continuity — what is it?

For us, business continuity is the ability to continue to deliver our critical services at an acceptable predefined level following a major incident / disruptive incident.

Business continuity planning is a series of plans and guidance – and ultimately a mindset – to help us meet any unexpected and challenging situations and still deliver the critical services that are key to our stakeholders (residents/customers, colleagues, Board, regulators, Council, partners etc.).

Examples of incidents that could cause us to need to invoke our Business Continuity Plan (BCP) are always in the news. This might be:

  • Disease affecting employee levels (e.g. the Covid-19 pandemic)
  • Loss of access to critical data (e.g. ransomware demand)
  • Being unable to access offices / other key locations (e.g. due to bad weather, fire or flood)
  • Major failure of ICT systems (e.g. power loss, cyber-attack, hardware or software failure etc)
  • Loss of a key partner, supplier or contractor (e.g. repairs materials suppliers, sub-contractors, out of hours call handler etc.)


Why is it important?

  • Business continuity is important because it can help an organisation to protect its reputation, brand, and customer loyalty, by ensuring that it can deliver its products and services with minimal disruption and inconvenience.
  • Business continuity can also help an organisation to reduce its financial losses, legal liabilities, and regulatory penalties, by minimising the impact of operational downtime, data breaches, and contractual breaches.
  • Business continuity can also help an organisation to enhance its competitive advantage, innovation, and growth, by enabling it to adapt to changing market conditions, customer needs, and opportunities.


Business continuity documents

There are already arrangements in place to ensure that there is always cover in case of low levels of unexpected sickness or holidays. Business Continuity Plans are for when the issue is more impactive on the organisation. We have produced several key documents:

  • Business Impact Analysis (BIA) document and process, forms the foundation of the Business Continuity Plan (BCP). BIA reviews are carried out annually. The BIA analyses and evaluates the critical activities carried out by the organisation.
  • Business Continuity Plan (BCP) is the documented procedures that guides the organisation to respond, recover, resume and restore internal activities to a pre-defined level of operation following a business interruption. The BCP is used by the Incident Management Teams (IMTs) as a guidance document for responding to incidents which affect the organisation or could potentially affect the organisation.
  • Business Continuity Policy is the document which outlines the organisation’s commitment to Business Continuity and the support which is provided by senior management.
  • These make up the Business Continuity Management System (BCMS).


Management commitment

Our Senior Leadership Team are committed to the BCMS.

The BCMS is the overall management system that implements, operates, monitors, reviews, maintains, and improves business continuity.

We demonstrate commitment to the BCMS by:

  • ensuring the BCMS is compatible with the strategic direction of the organisation and integrating the requirements into the organisation’s business processes;
  • providing the resources to establish, implement, maintain and continually improve the BCMS;
  • maintaining an IMT who lead on incident response;
  • attending business continuity exercises and attending appropriate training sessions (e.g. media training);
  • communicating the importance of effective BCMS processes;
  • performing effective annual management reviews to ensure that the BCMS achieves its expected outcomes and stays current;
  • directing and supporting continual improvement of the BCMS; and
  • promoting business continuity within the organisation.


What have we put in place?

As an organisation, we’ve looked at what we do, where we do it, and the resources that we need to ensure it can be delivered effectively.

The BCP details how an incident is reported and escalated, how the organisation responds to incidents and encompasses recovery strategies to ensure departments can become operational following an incident. The plan is based around key areas:

  • People: If key people are unavailable, who can cover their role? Are there sufficient staff available?
  • Information and data: What data is essential to delivering services? How and where is it stored? Is it secure? Is it accessible? What hardcopy documents are important?
  • Buildings and work environment: If a key building was damaged or unavailable, what are the alternative working / housing arrangements?
  • Equipment and consumables: What non-ICT equipment and consumables might be essential (e.g. company seal for legal documentation)?
  • Information and Communications Technology (ICT) systems: If computer or telephone systems are unavailable, what are the options?
  • Transport and Logistics: What transportation is required to provide critical services?
  • Finance: Ensuring that the necessary finance / emergency finance is available, when required (e.g. credit cards).
  • Partners and Suppliers: Having arrangements in place for failure of a key supplier.

 

Example risks and mitigating actions
Risk Mitigating Action
Flu Pandemic Work from home, especially if infected; provide alcohol hand gel, face masks; revised / enhance cleaning regime, information notices, social distancing. 
Employee injury or absence Cross role training; documenting procedures; company first-aiders, temporary transfer of internal employees, use of agency staff. Suspension of non-critical activities.
Loss of data Off-site data storage and replication. Regular back-ups to a second location.
Fire at premises Regular fire drills; ability to work from home for many colleagues.
Travel disruption (strike / weather) Employee agile working / working from home.
Hardware failure Arrangements with ICT suppliers to provide replacement equipment (e.g. laptops). Access to data on back-up systems.
Head Office not available Employees can work from home or at an alternative Fairhive office location.


Who is responsible for business continuity?

The Executive Director of Operations has strategic responsibility of business continuity on behalf of the Senior Leadership Team (SLT).

The Assistant Director of People, with assistance from the Communication, Marketing & Partnership Manager, have the day-to-day responsibility for maintaining the business continuity programme, ensuring employees are aware of their roles and responsibilities and that the BCP is available, up to date and is periodically exercised.

The CEO or another member of the SLT have responsibility for invoking the BCP and will form an IMT, who are responsible for the strategic response and major decision making on behalf of the organisation.

The IMT, with support from colleagues across the organisation will manage the response to most incidents, ensuring the critical activities are maintained / recovered within the agreed Recovery Time Objectives (RTOs) and other activities are recovered at the earliest opportunity.

The Communications Team, as part of the IMT will manage internal and external communications.

Public activity

  • Social media has revolutionised communication. Information now has the potential to be spread globally within seconds. And once it is out, you can’t get it back.
  • Please make sure any information you share is lawful and accurate.

How will I find out?

When incidents happen, they are normally followed by a period of uncertainty. Information that is available can be confusing and unclear.

It can be very tempting to phone anyone and everyone to try and get more information. Unfortunately, that stops the people who need to get on with recovering operations from doing so!

All stakeholders including our residents that are impacted by any event will be notified by the most effective communication channel which could be email, text message, telephone, face-to-face or in the event a wider event impacting a number of stakeholders radio and TV. This communication would also depend on what channels are available at the time of the incident.

                      together with tenants                  disability confident leader                          HQN DLO contractor logo                          HDN logo                   ASCP logo