As a small business owner, you have to prepare yourself for a number of eventualities, from late paying customers to looming deadlines and balancing your home and work life. But have you thought about what could happen if your laptop refused to start one morning, or if something happened which meant you couldn’t work for a few months?
This type of planning and preparation is referred to as business continuity and is something businesses of all sizes should have in place. We asked the Head of Audit & Risk, Juliette Dalitz, and Lead Internal Auditor, Claire Buck, from Nominet (who lead our business continuity activity) to share their advice and expertise to help you get your own continuity plan in place.
What is business continuity and why is it important to businesses?
Business continuity is about having plans in place and setting up your business with the idea that you maintain your critical services in the event of something bad happening.
There are two schools of thought; building resilience in what you do by taking steps to prevent an incident from occurring and disaster recovery planning, where you put plans and processes in place to speed your recovery from an incident. There’s trying to prevent things going wrong and then having a plan if something does happen.
“Identify potential threats and issues, and the impact they could have were they to happen” Claire
It’s important to protect the interests of your stakeholders and your business. Insufficient planning could lead to significant losses, which could be irrecoverable. The impact from an incident could be reputational damage, financial loss, or even loss of life.
A major part of business continuity is called “business impact analysis” and it involves identifying potential threats and the impact they could have over time if they were ever to happen.
What questions do small businesses need to ask themselves to start thinking about business continuity?
Start out by doing a risk assessment and asking yourself:
- What could impact your business (list scenarios and the impact they would have)
- Who/what does your business rely on? (Identify your supply chain and consider the resources needed to operate)
- What are your contractual obligations and your customers’ expectations?
- What list of things can your business absolutely not do without? (could span from physical offices to websites)
- What isn’t essential? (could you work from other locations?)
- What are you trying to protect?
By asking yourself these questions you can start understanding and learning what is essential to keeping your business up and running.
The key is that you can demonstrate you’ve thought about these factors, and by using these as a starting point to create a plan, you can get there a bit quicker, do things more smoothly, and most importantly be prepared if something ever was to go wrong.
“What your business depends on and what your customers need may be identical” Juliette
What areas of business should a continuity plan cover?
Try and identify your single points of failure and think about what you can do to soften those blows, this could be:
- Incident plans: Do you need to plan for loss of power, no office, site storage loss, loss of a supplier or working in a different location?
- Communication plans: Identify who to communicate with if something goes wrong. There could always be a different message for suppliers vs customers.
“Make sure you have a list of emergency contacts (suppliers, customers, and staff) in a separate place to your office or on your mobile phone” Claire
- Identify single points of failure: If only one person keeps hold of the passwords or access to your website, social media, etc. no one can help you if something happens (or even whilst you are on holiday). Try and share these with a trusted party, family member, or through a password safe.
- Cross skills with partners: If you’re a bigger SME in partnerships, make sure all partners have knowledge of the different areas. This allows one key stakeholder to run all areas of business if needed in the short term.
“Document things! Get important information out of people’s heads and into something tangible” Juliette
- Create a plan: That is useful and that provides clear instructions or guidance. If possible, ask your colleagues to review it and provide feedback. Share your plan across your business keeping information security in mind.
How can SMEs create a business continuity plan?
There are templates online that SMEs can use, alongside looking at some of the authoritative websites such as the BCI or www.gov.uk. Lots of public bodies, such as councils and universities, often publish their continuity plans publicly so you can have a look at these, the language and what’s included to help you write your own.
“Do some lightweight research online, there’s lots of templates and examples out there” Juliette
There are also short training courses provided by various training companies. Or if you prefer to do some online research, the Government has lots of helpful resources, including a ‘Dummies Guide’ for small businesses which makes good reading.
What about sole traders and freelancers, do they need to have a continuity plan?
It’s important to overcome the mindset of thinking knowledge is power. It’s like having an insurance policy, you don’t wait until you need it to put it into place. You don’t have to have 150 pages of detailed plans, but you do need to start somewhere, a good place being dedicating an hour a month to think about continuity.
“Everyone needs a Plan B” Claire
Unfortunately, being lucky isn’t good enough preparation, business continuity is your business maintenance. It’s important to ask yourself those questions; what happens if your work dries up? What impact would it have if you suddenly couldn’t work anymore? There are loads of online courses around the subject which can be stopped and started whenever you can fit it in.
In many ways’ continuity is more important for sole traders and one-man bands, as the business relies solely on one person. It’s essential to think about who would look after your customers if you couldn’t.
How much should you invest in business continuity?
Business continuity should be part of your business maintenance and development. If you have something that is absolutely critical, you’ll want to protect it.
If it’s important that your computers are always online, look into the likely interruptions and what reasonable steps you can take to protect them.
“Invest in what’s affordable and sensible” Claire
Invest what time, money, and resources you can. This will be different for each individual business; it doesn’t have to cost a lot, but it does vary as everyone will have different critical areas.
Is having a continuity plan a legal requirement?
There’s no law as far as we’re aware, but it might be a contractual requirement. Whether that’s for new work you’re trying to bid for or maintaining relationships and contracts with suppliers, often you need to show your business continuity plan.
“If you want to bid for certain types of work, often you’ll need a continuity plan to be considered” Juliette
You may find the more prepared you are the more opportunities you have to take on bids or new contracts. You might even get an insurance discount as business continuity plans can help to reduce premiums.
Although it’s not a legal requirement to have a business continuity plan, a breach of regulations such as GDPR compliance and the Health and Safety at Work Act could impact your ability to operate.
How often should you test and review your plan?
Review your business continuity plan at least annually or after a change or event. Check that’s it is still up to date and fit for purpose. Make sure you test your plan, make changes, and plan again.
“Try and constantly apply the thinking of ‘checking, planning, testing, and improving’” Juliette
Some parts of your plan can be tested more regularly, and even built into your day-to-day process, for example testing phone lines and making sure your website is functioning. It’s really important that you haven’t built a continuity plan which is too complex to work.
“It’s important to set objectives. What do you want to get out of the test? What do you need to check?” Claire
Plan your tests so they disrupt the business as little as possible, such as building them into your business maintenance windows. Set objectives for what you plan to test, and afterwards review what went well and what didn’t, jot down any lessons learned so you can make improvements.
What happens if something does go wrong?
You need to determine who makes the decision that something in your plan needs to be actioned. If you are a sole trader this will be you, but if you have a small team you need to be clear on what information your business needs to help assess the impact and decide whether to invoke your business continuity plans or not.
What triggers it and where is the plan? Is there an escalation process, so different seniorities can make decisions on whether to implement parts of your plan?
“Make sure you haven’t built something so complex, no one looks at it in the heat of the moment” Juliette
When deciding whether to invoke your plan, consider service level agreements. Is there a workaround you can use while you fix the problem? Try to minimise disruption while you deal with the situation, ideally without it being noticed or your consumer facing channels being impacted.
Finally, keep calm. This is why you’ve created a continuity plan and tested it, so go back to your documentation and follow the steps.
To find out more about business continuity head to thebci.org who have plenty of resources to help introduce the subject, bitc.org.uk for advice on being a responsible business, and gov.uk to find guides and frameworks. For more on compliance for small businesses head to our ‘Keeping it legal’ hub.
The UK Domain is managed and operated by Nominet.