- UWEM Home
- Organization Chart
- Immediate Emergency Assistance
- UW's All-Hazards Disaster Plan
- Crisis Communications Plan
- UW Emergency Procedures Poster
- Fire & Building Evacuation Resources
- Studies and Special Reports
- Preparing Yourself & Your Family
- Training Offered by UWEM
- What to do in Case of an Emergency
- CERT and the University of Washington
- People That Can Help You Prepare
- Reducing Your Risk
- Disaster Grants
- Other Disaster Resources
- Business/Academic Continuity Management
- Overview
- Specific Topics
- Best Practices
- Training
- Our Balanced Scorecard
Basic Business Continuity Checklist
The following checklist contains the basic steps needed to develop a business continuity program.
- Understand your business. Understand where your primary revenue stream comes from and what processes and assets support that. These will be your critical processes and will be the core focus of your business continuity program.
- Conduct a risk assessment. Learn what threats are likely to impact your business and cause possible disruption. You will not want to have a threat-driven planning model, but rather a resource-oriented one. Still, you must understand what threats may impact you.
- Conduct a business impact analysis. Identify those critical processes and any assets/resources that support them (people, information, facilities and equipment). Next, determine what the impact to your business would be if there was an interruption of a critical process.
- Determine which protection/mitigation measures to implement. Prioritize those critical processes and consider whether they need mitigation or protective measures to support them. Decisions may be based upon such considerations as replacement cost, replacement/recovery difficulty or level of importance. Some risks to assets supporting critical processes are acceptable and need little or no mitigation (replacing a desktop PC in most cases) while other assets may justify substantial mitigation (spending $5,000 to protect a $500,000 critical asset would be a good idea).
- Develop contingency/action plans. Consider how you would respond if all of your mitigation efforts fail and a critical business process or asset is disrupted anyway. Consider having more than one alternative to assets; not just a “Plan B” but a “Plan C” as well.
- Develop a communication plan. If you cannot communicate with your employees, clients and suppliers, you cannot regain control of your business after a disaster. Develop alternative communication methods to use if the primary land-line and cell-phone networks are down. Same thing for e-mail and the Internet.
- TEST! TEST! TEST! So you’ve got a plan. No let’s see how effective it is. Put your plan to the test. Have a table-top exercise and see how well your planning helps your company. How well do your employees know the business continuity plan?
- Review, Revise, Rewrite. A business continuity plan is never done. Review it at least annually or when a major change occurs in your organization. Implement lessons learned and changes. Beware complacency. A plan is only effective if current and understood.
One final bit of wisdom from Dwight D. Eisenhower, the 34th President of the United States: “Plans are nothing; planning is everything”. The planning process is more important to understanding and protecting your business than any written plan.