Building a Business Contingency Plan (BCP) often becomes an overwhelming task combined with a touch of stress an uncertainty. Where to start? What is the end state? How do you move forward? Here you have a simple and straight-forward way of how to start and get the BCP done!
Your Business Contingency Plan shall support you Crisis Management Process – so let’s have a look at the process first. Afterwards, we will see how we can build a plan supporting the process! Crisis management software can be implemented in all stages of the crisis management process, but the individuals involved must also understand the following principles.
A generic contingency process is usually divided into three distinct steps as of below:
The response or the size of the Incident domain is a vital element. This is due to the simple fact that this corresponds directly to the sum of all your losses – such as loss of life, material, financial, reputational, stock value etc. In other words; the longer the incident lasts and / or the higher the Incident’s potential becomes – the more expensive this Incident will be for you!
So, the overall objective of your contingency process is to minimize the Incident Domain area and as such minimize your consequence of the incident in terms of direct and indirect losses.
From the above picture we can see that the available means of reducing the Incident Domain space boils down to only two parameters:
Now, let’s have a look at the various phases of the contingency process.
The Prepare phase is the “planning, training and exercise” phase and is all about preparing you and your organization for critical incidents that may happened and affect your organization.
A central purpose of this phase is to establish, train and maintain your Emergency Response Organization (ERO) and equip them with needed tools such as strategies, scenarios, tasks, checklists, templates etc. – to be used in case of an incident. In other words, build a crisis management process that is linked to your crisis management activities.
It will also be helpful to brainstorm the types of crises your organization may face. From cyber security incidents to on-site physical accidents, each unique type of crisis will require a slightly different response. Preparation for these nuances is key.
The Response phase comprises of two sequential steps:
An effective response phase is recognized via a rapid and unambiguous escalation (to the correct individuals) as well as an effective handling of the incident as such.
The initial handling should preferably be based on the pre-defined tasks and checklists defined in the Prepared phase.
The Post Activity phase shall cater for all and any post activities that has occurred as a consequence of the incident and has as its outmost goal to secure a smooth transition to normal operation and reduce any long-term effects of the incident.
Best practices indicated that a efficient Crisis Management Process is implemented via:
However, to achieve the above it is instrumental that the Prepare phase has been conducted properly covering both planning, training and exercises.