The business continuity process is summarised below. Our service covers the complete process or any element, to whatever level of granularity you need.

When the start point is unclear, a brief risk assessment or plan audit will easily define the best options for your needs.

Click a unit below to read the full description.


Strategy development

This is really the start point of any BC project and careful attention and time needs to be paid to its development.

It is important that organisations both define the boundaries and scope of business continuity planning and additionally, in advance of any event, define outline strategies that can be implemented quickly in an incident. This improves responses and empowers staff to take decisions in line with published strategies in the event of an unforeseen type of incident.

This is also the foundation of senior level engagement and their sign off of the strategy document is an imperative.

Risk identification and assessment

This is designed to explore which are the greatest areas of risk within a company, and how they should be planned for or prevented.

The focus is on the threats to the critical activities of the organisation. Whilst Needhams uses conventional likelihood and impact analysis we also use our own bespoke methodolgies to make the risk assesssment more sophisticated and meaningful to the organisation.

This assessment will also involve looking into supply chains and Third Party suppliers, in an attempt to mitigate risk factors.

Business impact analysis (BIA)

The BIA is arguably the most important element of the BC process and very largely informs the actions required in the resultant plans.

BIAs are used to explore the critical activities and vulnerabilities of each individual unit, or sub unit, or business process, or IT applcation used in the organisation and it enables the BC manager to plan their recovery accordingly. The ideal level of granularity varies tremendously between organisations and there is no one size fits all BIA template.

For example a BIA could expose the information that after a crisis a company might be able to perform relatively well even if its reception is forced to close, but that it cannot function if its phone system crashed as it would suffer financially.

Bascially a BIA determines how much money or which services could be lost for how long and why. This then helps in allocating appropriate resources to the problem. A BIA will also expose the costs linked to recovering from a crisis such as backlog of regular work, backlog of outstanding payments etc.

Disaster recovery options and solutions

Most organisations will find that if access is denied to their normal place of work they need some modicum of alterantive work space. This can range from commercially available sites, to temporary serviced offices, to mutual aid, even possibly with ‘competitors’, or large clients with spare office space.

Needhams can work with clients to identify and procure the best and most suitable disaster recovery options and possibly in some cases alternative technological solutions.

Frequently Needhams can identify cost savings that DR site providers would not draw to your attention.

Development and or authorship of business continuity and crisis management plans

The plan is the result of the process described in the preceeding sections. Needhams sees it as important that the plan reflects the natural decision making methods of the organisation. There should be little difference between the way in which ‘normality’ and an incident is managed.

All too often we have witnessed lengthy, detailed plans being ignored in real events. Over the years, styles of plans have evolved from the weighty IT recovery tomes to ‘light’ aide memoirs with detailed annexes where they are required.

Needhams can author any form of plan that is appropriate to the organisation, its response levels and intentions. All forms of plan would be aligned to ISO 22301 requirements.

Training and awareness

Frequently many organisations are tempted to exercise their plans without giving the staff adequate training in their roles and responsibilities.

Needhams offers all clients thorough training in their plans before any exercise takes place. This gives the staff the confidence to undertake the exercises with enthusiasm rather then trepidation.

Additionally, we hold courses on business continuity throughout the year, either the A-Z course for complete beginners, or the Crisis Command Course for those who have had some prior training.  In addition we often run in-house bespoke courses for individual companies.

Also see Training

Exercises, rehearsals and testing

Once your business has adequate plans in place it is vital to test them through exercising and rehearsals, partly to make sure they work and to expose any holes in the plan, but also so that employees feel confident following the plans and comfortable with their roles in a crisis.

We recommend a progressive long term exercise schedule that builds up from simple desktop exercises to full scale simulations. These simulations can even involve the emergency services, real clients and third parties. This shows to the world that you are indeed a resilient organisation.

Please also note that we occasionally run open evenings involving an exercise which guests are invited to participate in. It is a good way of viewing the kind of exercises we could create for your business, as well as a way to hear from people whose plans we have previously authored.

Also see Exercises

Review and maintenance of plans

Plans always need to be refreshed to remain current. Needhams can assist in in rejuvanting plans and keeping the staff motivated and enthusiastic for BC issues.

If plans have not been reviewed for some time then rather than throw the baby out with the bathwater we would audit them to ISO 22301 and thereby determine in detail what improvements could be made.

Sometimes company plans are simply outdated, old fashioned or no longer relevant. We can either help to bring those plans up to date, or start from scratch on new plans.

Also see Audit and References