Risk management and business continuity planning

It's essential to plan thoroughly to protect yourself from the impact of potential crises - from fire, flood or theft to IT system failure, restricted access to premises or illness of key staff.

As part of the planning process you should:

• identify potential crises that might affect you
• determine how you intend to minimise the risks of these crises occurring
• set out how you'll react if a crisis occurs in a business continuity plan
• test the plan regularly

For example, if you're reliant on computer information, you should put a back-up system in place so you have a copy of key data in the event of a system failure.

Depending on your business' specific circumstances, there are many possible events that might constitute a crisis. Get advice and information for you and your staff to help safeguard your business.

As part of your continuity planning, you need to analyse the probability and consequences of any and all crises that could affect your business. This involves assessing the likelihood of a particular crisis occurring (and its potential frequency) as well as determining its possible impact on your operations.

As part of this analysis, identify which business functions are essential to your day-to-day business operations. You're likely to conclude that certain roles within the business - while necessary in normal circumstances - aren't absolutely critical in a disaster scenario.

You should draw up a business continuity plan setting out in writing how you will cope if a crisis does occur.

It should detail:

• the key business functions you need to get operating as quickly as possible and the resources you'll need to do so
• the roles of individuals in the emergency

Making the most of the first hour after an emergency occurs is essential in minimising the impact. As a result, your plan needs to explain the immediate actions to be taken:

• consider whether you'll need to give staff specific training to enable them to fulfil their responsibilities in an emergency situation and ensure all employees are aware of what they have to do
• arrange the plan in the form of checklists to make sure that key steps are followed - Get advice and information for you and your staff to help safeguard your business.
• include contact details for those you're likely to have to notify in an emergency such as the emergency services, insurers, the local council, customers, suppliers, utility companies and neighbouring businesses
• include details of service-providers such as glaziers, locksmiths, plumbers, electricians, and IT specialists
• include maps of your premises' layout to help emergency services, showing fire escapes, sprinklers and other safety equipment
• set out how you'll deal with possible media interest in an incident - find out how to protect your reputation during a crisis
• make sure hard copies of your business continuity plan are lodged at your home and with your bank and at the homes of other key members of staff.

Test your business continuity plan

Once your plan is in place, you'll need to test how well it's likely to perform in the event of an emergency.

Think about the things that would cause most disruption and that are most likely to happen to your business. Then make sure that your plan covers each of the risks.

Keep your plan updated

Remember to update your plan regularly to take into account your business' changing circumstances.

If you move into new premises, for example, you could face an entirely new set of risks. You'd need to draw up new maps for the emergency services and amend any contact numbers necessary.

You should test your plan regularly, even if your business hasn't undergone significant changes.

Business Gateway can offer you advice on other areas of managing a business. Contact us on 0300 013 4753.

You should draw up a business continuity plan setting out in writing how you will cope if a crisis does occur.

Think about the things that would cause most disruption and that are most likely to happen to your business. Then make sure that your plan covers each of the risks.

It should detail:

• the key business functions you need to get operating as quickly as possible and the resources you'll need to do so

• the roles of individuals in the emergency

Making the most of the first hour after an emergency occurs is essential in minimising the impact. As a result, your plan needs to explain the immediate actions to be taken:

• how call trees will be used to contact all staff

• consider whether you'll need to give staff specific training to enable them to fulfill their responsibilities in an emergency situation and ensure all employees are aware of what they have to do

• arrange the plan in the form of checklists to make sure that key steps are followed - Get advice and information for you and your staff to help safeguard your business.

• include contact details for those you're likely to have to notify in an emergency such as the emergency services, insurers, the local council, staff, customers, suppliers, utility companies and neighbouring businesses

• include details of service-providers such as glaziers, locksmiths, plumbers, electricians, and IT specialists

• include maps of your premises' layout to help emergency services, showing fire escapes, sprinklers and other safety equipment

• set out how you'll deal with possible media interest in an incident to protect your reputation during a crisis

• make sure hard copies of your business continuity plan are lodged at your home and with your bank and at the homes of other key members of staff.

Test your business continuity plan

Once your plan is in place, you'll need to test how well it's likely to perform in the event of an emergency.

You should test your plan regularly (at least annually), even if your business hasn't undergone significant changes.

This is likely to involve testing your chain of communication across the business, using your planned “call trees” and actually ensuring your teams can work remotely at short notice or can adapt to a loss of internet connection for example, as opposed to just talking about it. An important task is carrying out a debrief after the test so your plan can be updated with any learnings.

Keep your plan updated

Remember to update your plan regularly to take into account your business' changing circumstances.

If you move into new premises, for example, you could face an entirely new set of risks. You'd need to draw up new maps for the emergency services and amend any contact numbers necessary.

Business Gateway can offer you advice on other areas of managing a business. Find your local office and contact us below.