Business Continuity & Contingency Planning

Organisations are expected to ensure that contingency arrangements are established to deal with most types of disruptive events. There are multiple disciplines involved in this process and, to the extent required by entities, each should be considered and appropriately factored into planning and resultant documentation and continuity plans.

Types of Contingency Plans

Business continuity does not stand alone in this context. It must be designed to be relevant and closely integrated with other forms of emergency and contingency plans. Disciplines and associated plans include, among others that organisations may choose to implement are detailed below.

 

Emergency Management (EM)

Focused on safety of life in the event of an imminent threat to people. Emergency management is routinely associated with safe-haven (lockdown within) or evacuation from a site/building/area.

Business Continuity Planning (BCP) and Contingency Planning

Once personnel are safe, organisations, particularly those with time critical services/functions, usually focus on how to continue delivering at least minimum levels of operation, especially when an emergency has impacted the ability to access a site/workplace. Business contingency planning arrangements often include working from alternative locations and utilising alternative equipment/systems.

Disaster Management

Disaster management tends to be used by Emergency Services organisations for community issues. This often includes an SES responses to storms, floods, earthquakes and other natural events, especially when the impacts are widespread. Disaster management is not a term that is often used by commercial entities, unless the role of such entities is to assist community-based organisations.

IT Disaster Recovery Planning (ITDRP)

Despite the reference to ‘disaster’ in this discipline, it bears little relationship with community disaster management by Emergency Services (unless it is linked to community-wide systems, such as telecommunications, utilities etc.) While IT functions within organisations may refer to network outages, hacking or other related events as a process related to disaster, it is simply IT response planning. This does not detract from its importance however, and such planning is critical to business continuity and contingency planning more generally, as systems usually underpin business functions.

Incident Management

While this term is a direct reference to how some entities label their programs, it is also an umbrella term that encompasses all disciplines. For example, the Australasian Inter-Service Incident Management System (AIIMS) contains processes designed to be applied by Emergency Services in responding to serious incidents.See Crisis Management below for further details.

Crisis Management

This discipline is usually practiced at the strategic level within an organisation, to address issues that are so serious as to warrant a coordinated, all-of-organisation response. Senior leadership is naturally involved in the process, as they are best placed and authorized to allocate resources, release media statements and achieve rapid results to response needs.Industry Risk has implemented numerous crisis plans at the request of clients, but we always suggest that they consider the term “Incident” rather than crisis. The key reason for this is to disassociate entities from the notion that they are in crisis in the first place, as opposed to be responding to a serious incident. Crisis can be a loaded term and could convey a sense that an issue is out of control, especially when the media becomes involved. The purpose of all other plans, and ‘crisis’ management, is to ensure that an organisation does not find itself in a crisis in the first place.

Industry Risk Services

Industry Risk is a specialist in all above mentioned areas and has delivered numerous high-profile business continuity planning programs and support to leading organisations. We have also assisted smaller organisations to establish sensibly scaled programs and plans, according to their budget, context and general needs.

We focus on the key areas of capability development, including:

  • organisational culture and best methods for aligning with it;
  • business impact assessments;
  • training and awareness methods;
  • communications (including internal and external liaison messaging);
  • team composition; and
  • tools and resourcing.

Contact Industry Risk today to see how Australia’s leading light in security consulting, business continuity and contingency planning can help your organisation to refine its resilience arrangements and assure operational continuity.