Risk management and business continuity planning

Business continuity planning can help you minimise the potential impact of a disaster - and ideally prevent it happening in the first place.

Guide

5 min read

1. Overview

Unplanned events can have a devastating effect on small businesses. Crises such as fire, damage to stock, illness of key staff or IT system failure could all make it difficult or even impossible to carry out your normal day-to-day activities.

At worst, you could lose important customers or even go out of business altogether.

This guide will help you to identify potential risks, make preparations for emergencies and test how your business is likely to cope in a disaster.

2. Why you need to plan for possible crises

It's essential to plan thoroughly to protect yourself from the impact of potential crises - from fire, flood or theft to IT system failure, restricted access to premises or illness of key staff.

As part of the planning process you should:

  • identify potential crises that might affect you
  • determine how you intend to minimise the risks of these crises occurring
  • set out how you'll react if a crisis occurs in a business continuity plan
  • test the plan regularly

For example, if you're reliant on computer information, you should put a back-up system in place so you have a copy of key data in the event of a system failure.

Depending on your business' specific circumstances, there are many possible events that might constitute a crisis. Get advice and information for you and your staff to help safeguard your business.

3. Assess and minimise the impact of risks on your business

You need to analyse the probability and consequences of crises that could affect your business. This involves assessing the likelihood of a particular crisis occurring - and its possible frequency as well as determining its possible impact on your operations.

This kind of analysis should help you to identify which business functions are essential to day-to-day business operations. You're likely to conclude that certain roles within the business - while necessary in normal circumstances - aren't absolutely critical in a disaster scenario.

Minimise the potential impact of crises

Once you have identified the key risks your business faces, you need to take steps to protect your business functions against them.

Premises

Good electrical and gas safety could help protect premises against fire. You should also install fire and burglar alarms.

Think what you would do in an emergency if your premises couldn't be used. For example, you might suggest an arrangement with another local business to share premises temporarily if a crisis affected either of you.

You may consider using a business continuity supplier, which can make alternative premises available at short notice, but this can be expensive.

Equipment/machinery

If you use vital pieces of equipment, you may want to cover them with maintenance plans guaranteeing a fast emergency call-out.

IT and communications

Installing anti-virus software, backing up data and ensuring the right maintenance agreements are in place can all help protect your IT systems. You might also consider paying an IT company to regularly back up your data offsite on a secure server.

Printing out copies of your customer database can be a good way of ensuring you can still contact customers if your IT system fails.

People

Try to ensure you're not dependent on a few staff for key skills by getting them to train other people.

Consider whether you could get temporary cover from a recruitment agency if illness left you without several key members of staff. Take health and safety seriously to reduce the risk of staff injuries.

Transport

Provide IT support systems to facilitate home working should the need arise.

Consider stock piling critical supplies and materials. Create a list of alternative supplies should your main supplier be unable to deliver the goods and materials you require.

Insurance

Insurance forms a central part of an effective risk-management strategy. You should ensure that you get the right insurance for your business.

4. Plan and test how you'll deal with an emergency

You should draw up a business continuity plan setting out in writing how you will cope if a crisis does occur.

It should detail:

  • the key business functions you need to get operating as quickly as possible and the resources you'll need to do so
  • the roles of individuals in the emergency

Making the most of the first hour after an emergency occurs is essential in minimising the impact. As a result, your plan needs to explain the immediate actions to be taken:

  • consider whether you'll need to give staff specific training to enable them to fulfil their responsibilities in an emergency situation and ensure all employees are aware of what they have to do
  • arrange the plan in the form of checklists to make sure that key steps are followed - Get advice and information for you and your staff to help safeguard your business.
  • include contact details for those you're likely to have to notify in an emergency such as the emergency services, insurers, the local council, customers, suppliers, utility companies and neighbouring businesses
  • include details of service-providers such as glaziers, locksmiths, plumbers, electricians, and IT specialists
  • include maps of your premises' layout to help emergency services, showing fire escapes, sprinklers and other safety equipment
  • set out how you'll deal with possible media interest in an incident - find out how to protect your reputation during a crisis
  • make sure hard copies of your business continuity plan are lodged at your home and with your bank and at the homes of other key members of staff.

Test your business continuity plan

Once your plan is in place, you'll need to test how well it's likely to perform in the event of an emergency.

Think about the things that would cause most disruption and that are most likely to happen to your business. Then make sure that your plan covers each of the risks.

Keep your plan updated

Remember to update your plan regularly to take into account your business' changing circumstances.

If you move into new premises, for example, you could face an entirely new set of risks. You'd need to draw up new maps for the emergency services and amend any contact numbers necessary.

You should test your plan regularly, even if your business hasn't undergone significant changes.

Business Gateway can offer you advice on other areas of managing a business. Contact us on 0300 013 4753.

Get the support you need right now

You can connect with us through the contact form, call us or contact your local Business Gateway office

Contact Us Find my local office

You might also be interested in

What Brexit means for Scottish businesses

Read up on how Edinburgh based Eteaket and world renowned Walkers Shortbread have been preparing for Brexit and what advice they have for other business owners. It's Brexit over a cup of tea and biscuit you could say…

10-Point Plan to secure customer data

Customer data is a precious commodity. All businesses have a duty to ensure its security and prevent it from falling into the wrong hands. Here are ten steps towards safeguarding your own.

Video for Business

Video content is the marketing tool of the moment. It is a really engaging way of showcasing your business to both existing customers and potential new ones.