As I type this, I’m watching a conversation on Twitter. It’s two people discussing the ‘zombie clause’ that one of them put in a business continuity plan!
But the conversation raises an important point. What exactly do we plan for, and what do we not plan for?
The list of what we could plan for is endless. Fires, floods, bombs, fraud, disgruntled employees, product defects, suppliers going bust, customers changing suppliers and, yes, even zombies, are just a taste of some bad things that could go wrong. So what are the sensible boundaries for planning?
Well, we say you need actually need to take a totally different approach.
While risk assessments need to list all these things individually so those responsible for managing each risk can clearly explain whether the risk has been accepted, mitigated or needs to be planned for, we think you – as the Business Continuity planner – should take a much simpler approach.
Instead of planning for every sort of thing that could go wrong, you can probably group everything by the impact they have on your organisation instead. For example, instead of fire, flood, bomb, road closure, and so on, you could have ‘Loss of access to building X’. Instead of avian flu pandemic, key staff being poached, staff hurt in fire/accident, individuals being unable to relocate to the backup centre, and so on, you could have ‘Loss of key staff’. And so on.
So in the end, you might have a much shorter statement of what the plan has covered, grouped as your ‘loss of’ list, and it might look something like this:
“This plan has considered:
• loss of access to buildings
• loss of key staff
• loss of data
• loss of technology”
Many organisations take this approach most successfully. Does yours?
Subscribe - weekly news and a free course!