Develop plans for maintaining your critical functions
GOV015
Follow a process to plan how you will maintain your critical functions. Then document and validate your plans.
Design and implement solutions
Once you’ve identified the requirements for each critical function, you can plan how to maintain or resume these functions if they are disrupted.
Consider the range of solutions you can apply to each resource requirement, implement the preferred strategy, and address any gaps you identify.
Solutions include:
- diversifying (for example, having separate premises where the same activity occurs in parallel)
- replicating (for example, having people in another location who are trained and able to carry out a critical process, but don’t do it as ‘business as usual’)
- using standby options (for example, maintaining an alternate facility that can be made operational within the recovery timeframe)
- acquiring a resource or service after an incident
- outsourcing the function to a third party
- having insurance
- using manual workarounds
- doing nothing.
To implement solutions, you may need supporting expertise or resources, such as information technology. Consider your organisation's context. You may need to perform a cost-benefit analysis to help you decide which solutions to pursue.
Remember to apply your chosen solutions to all the resources that support business continuity — people, facilities, supplies and equipment, information, technology, and suppliers.
Document your plans and processes
Create a business continuity plan to document your organisations’ procedures for responding to a disruption of any kind.
The structure of your business continuity plans depends on your organisation.
Small organisations may have all the information in one plan.
Larger organisations may have separate plans that cover different requirements or business functions. For example, a large organisation may have an overall plan which describes the business continuity scope and response procedures, and separate plans for business units, service locations, or specific functions.
Your organisation’s plans should cover:
- processes for notification, activation, and escalation
- roles, responsibilities, and authority for invoking the plan and responding to disruptions
- leadership continuity
- structures and processes for responding to disruptions
- details of critical functions:
- requirements and timeframes
- processes for maintaining the function, including where detailed operational procedures or plans can be found
- communication procedures (internal, external)
- any links to other plans and processes within the organisation.
Plans should be simple, fit for purpose, and easy to use under the pressure of a response situation. Use templates and checklists to make plans easy to use.
Run exercises to test your plans and prepare for disruptions
Systematically train for handling disruptions by running exercises. Test, assess, practice, and improve your organisation’s plans for ensuring business continuity.
Exercises allow you to validate assumptions you made during the planning process, and identify issues or gaps in planning. Exercises also build the capability of your response teams.
Run regular exercises as part of a continuous improvement process, so that you can gradually build capacity and capability over time.
The type of exercises you choose to use will depend on your exercise objectives. Each type of exercise requires a different amount of time to prepare and facilitate, and carries a different level of risk and cost.
Exercise |
Description |
Discussion exercise |
A discussion where participants 'walk through' plans, or focus on a particular area for improvement. |
Scenario exercise |
A discussion exercise with a scenario and timeframe. Participants demonstrate their response plans as the situation unfolds. |
Simulation exercise |
An exercise with a more elaborate scenario, with information introduced as the situation unfolds, simulating a real incident. Participants rehearse their roles. |
Live exercise |
A real-time rehearsal of part or all of a response. |
Test |
Testing of technology, equipment, or procedures, resulting in a pass or fail. |