You’ve had the training, you know your subject, now it’s time to get that business continuity plan down on paper – or into your PC. However, what seems crystal clear in your head when you start may not turn out quite the same way after you’ve written it out. To help construct a plan that does justice to your vision of how things should be, start with the scope of your business continuity plan. First, make sure that your plan addresses business continuity for processes, not for isolated incidents: for example, ‘denial of access to premises’, rather than ‘fire at the main entrance’. Second, make sure your plan covers all the essential processes – and not just the ones for IT or a central factory, for example.
The style you use is important too – people may need to consult your plan in emergency situations where every minute counts. That means avoiding unnecessary complexity. What readers need to know are the essentials: what should be done, by which person, when and why. Remember also that ‘wish lists’ have no place in a business continuity plan. For example, indicating that part of the plan will be completed later, for example a list of main suppliers and services organisations, means the plan is not finished. Finish it first, then make it available.
Likewise, make sure that the plan covers reasonable possibilities without making any unjustified assumptions. It is quite possible for example that an organisation suffers both IT server crashes and denial of access at the same time. Don’t assume that incidents only happen one at a time, rather than in parallel. And once your business continuity plan is written and distributed to those who need to know, test it and update it regularly. Remember also to send out the updated version of the plan. There are few things worse than staff scrambling to execute an outdated business continuity plan whose vital information is no longer valid!