Perhaps the most important thing about business continuity management is testing your plans, but there’s never a good time to ‘pull the plug’.
Could your annual leave provide at least one test scenario?
The objective of business continuity is the continuity of business. All Organisations have key members of staff that they rely on to operate effectively. These could be the board, senior leadership team of others who have inherent knowledge of how the company operates.
When implementing an ISO 27001 information security management system, often the highest ‘availability’ risks identified are that of losing key staff.
So in effect the summer holiday period provides a soft-test bed, to see how key processes operate safe in the knowledge that you can always disturb someone’s holiday or simply wait for them to return.
Testing and recording
Firstly, the areas of weakness should be identified through your organisation’s risk register. Both ISO 27001 and ISO 22301 (for business continuity) have a retirement to consider threats the the organisation.
This should identify processes that rely on key staff. A skills matrix is another good way to visually represent where there are potential skills gaps.
Next look for the continuity plan, process map or work instruction associated with that process or activity. If you don’t have any- there’s a good place to start.
If you do, consider which staff will be covering that work.
Monitoring
Lastly monitor how that process or work activity performs while you key member of staff is on holiday.
Use KPIs or other measures to compare business-as-usual to the summer holiday time.
For example:
Does the response time in support tickets increase?
Does the pick rate in the warehouse decrease?
Does the amount of returns increase?
Record this data and any operational actions taken to improve the workflow.
You can use this information to update your documents and plans so that next time things work even smoother.
Using the data you can also estimate a tolerable impact on performance during a continuity event.
Audit Evidence
It’s important to keep evidence of the test for yourself but also for ISO audits to demonstrate you are testing and improving your BCP.
Need more help with business continuity? Contact us today.
entry160811-122347