Are you a retail business, tourism operator, local council, accountants’ firm, manufacturer or other medium-sized or small business?
Have you done anything to improve your readiness for the next flood, power outage, tsunami, fire or flu outbreak? Have your customers or regulators asked you yet for your Business Continuity Management (BCM) or Disaster Recovery (DR) Plan? If not – they will soon!
ISO 22301… what is it?
ISO standards are auditable requirements documents that enable organisations to achieve better control over their processes, better quality internally and improved services to their external stakeholders. ISO standards are accepted and encouraged across a wide range of industries and countries all over the world. ISO 22301 for BCM is one of the more than 18,000 ISO standards.
Apart from organisations being able to obtain the ISO 22301 certificate (after being objectively assessed by an independent institute), individuals can obtain certification by passing relevant (PECB) exams, for example by attending a Business As Usual public or in-house training program (see also www.businessasusual.net.au).
What are the benefits of ISO 22301 certification?
Being certified in the standard ensures that the following activities are conducted in accordance with global best practice:
- Identification and management of threats to your operations
- Being proactive in minimising the impact of incidents on your time-critical processes
- Continue to provide time-critical functions during times of disaster/disruption
- Minimising downtime and shortening recovery timeframes
- Achieving better (and/or cheaper) insurance arrangements – in particular business interruption insurance
- Demonstrating resilience to your current and prospective customers, regulators, suppliers and partners.Whether you need better preparedness for unavailability of your staff, suppliers, IT systems, buildings or facilities, consider actioning these tips for your organisation… no matter how big or small you are.The top 10 (low cost) tips for SMEs
- Have ‘dual supplier’ arrangements and/or manual workarounds in place.
- Make all contact details available – including internal (staff, shareholders) and external (supplier, customer, media, next-of-kin) details – and make sure they are accessible from various sources (web, pre-populated SIM cards, hard copy, USB/thumb drive).
- Know who in your business will make key decisions when an incident occurs.. and when the top manager is not immediately available. Be as efficient as possible in your crisis response, and have the courage to act ‘outside the square’ and completely change your business direction if need be.
- Be proactive in your notification of customers, the community and the press… don’t wait for them to ring up and find out your business is no longer in normal operation. Ask your suppliers, banks, leasing company, landlord and/or the Government (e.g. the tax office) for delayed payment terms, rather than them chasing you for money.
- Know which are your key time-critical functions/services/activities, and your biggest customers who bring in the largest chunk of your sales, and make plans to focus firstly on recovering activities related to those in case of a disaster, instead of wasting time on less important things.
- Make plans for your staff to work from home – or alternate locations. Use a virtual/shared office as an affordable continuity solution if need be – or set-up a reciprocal arrangement with a business that has similar requirements to yours. Ensure you’re able to divert services remotely (e.g. IT, phone, supplier deliveries etc) and make sure you always have the necessary passwords and contact details available.
- Ensure your employees are able to perform several roles in case of illness/resignation… in particular in medium sized or smaller organisations, you don’t often have multiple ‘extra staff’ for every key role.
- On the preventative side: Understand and mitigate your security weaknesses (e.g. theft of your mail server) and have proper hygiene and infection management procedures in place (e.g. in relation to a flu outbreak).
- Take out insurances relevant to your business. Apart from fire/damage, general property, glass, accidental damage, money, liability, burglary, goods in transit, tax audit, equipment breakdown and fraud/dishonesty insurance, consider ‘key person’ insurance and business interruption insurance for your small business.
- Use a smart best-practice template for your Business Continuity Plan (BCP) – it can save you weeks of preparation.Australian juice manufacturer ‘Nudie’ responded quickly in 2004 when a fire struck their factory. Immediately they moved to pre-agreed alternate premises, started production and offered product to customers again within weeks. Some staff still comment that “it was the best thing that has ever happened to us, as the media was all over our story and now everyone knows the brand… we would have never been able to pay for that type of marketing.” To add to the media interest, Nudie management even decided to manufacture special bottles for a one-day stunt whereby they offered free juice to all firemen in their city, as a thank you for trying to put out the fire when it happened.
Case studies: Who were well prepared when disaster struck?
AirAsia responded fast when one of their aircraft skidded off the runway in Kuching, Malaysia and 4 passengers were injured. Their own Group Chief Executive personally responded via social media and tweeted: “Working hard to remove aircraft. All passengers are home.” This quick response when every second counted, helped save their reputation and brand. Not every recent airline disaster was responded to this swiftly and clearly.