Updated: Sep 8, 2021
Building the Business Continuity Organisation
How do we ensure that our business continuity plans are deployed, maintained and stay relevant to the needs of our organisation? Many business continuity initiatives “wither on the vine” because the development of the preparation and response actions are seen as the end game. Unfortunately, this is not the case, once an organisation has gone through the process of developing a business continuity plan, consideration needs to be given to maintenance and management oversight so that the relevance of all the work performed to date does not decay. So, when plans are completed, the next stage is the implementation of a management organisation to establish responsibilities within the business continuity programme.
A typical management organisation would be:
• A business continuity steering group to ensure that business continuity capabilities remain relevant to the organisation’s requirements.
• Defining series of roles throughout the organisation who will own and periodically prove their plans to ensure that they can be relied upon if activated.
• A group of individuals who will collectively respond when an incident occurs and adopt specific roles to manage the incident.
A typical business continuity organisation structure would look like the organisation chart below. As you can see, there are representatives from each of the areas providing critical infrastructure to the organisation and from the organisation’s priority activity groups. Each member has a role to play both for business continuity plan maintenance and for undertaking specific actions if the plans are invoked.
This and other useful business continuity plan templates are available for download & unlimited use from our website.
The business continuity organisation is typically underpinned by a business continuity policy that outlines the responsibilities for each role defined. As well as roles and responsibilities for the business continuity organisation, a business continuity policy would also set out requirements for testing, training for specific BCM roles and for general awareness throughout the organisation. A typical business continuity policy would look like the example below:
The policy covers the whole scope of the business continuity plan, providing a management framework and organisation for the maintenance of the business continuity plan going forward. It’s purpose is not to dictate how things should be done but to communicate to those responsible for each aspect of the plan what needs to be done, the roles and responsibilities that have been defined to get those things done and the assurance activities that are required to ensure that the business continuity policy is being followed.