Case Studies

This is the process we went through with one of our major customers last year to define their business continuity requirements. In this case, the client already had plans in place but knew there were deficiencies in them. We were working to a pre-agreed budget but suggested we launch the process with a scenario exercise for the managment team to focus on the issues they might face.

Client-led brief, project requirements, budget, time scale and scope

Incident Management Exercise

Commercial Initiatives wrote a bespoke and applicable exercise scenario for the management team

This was delivered to the management team, who was asked to implement its current Business Continuity measures

An analysis of the exercise indicated a need for:

a defined control centre for the incident

additional recovery space for departments, particularly after the first week of an outage

contingency planning for working without a key supplier (e.g. call centre)

off-site storage of key customer contact information required to restart the business

Business Impact Analysis & Risk Assessment

Interviews conducted with managers to confirm recovery requirements tolerable

We have found the questionnaire the best way to prepare staff for the Business Impact Analysis interviews to establish recovery requirements.

Questionnaires were sent to key managers to assess the impact of loss of key capabilities

    • Maximum tolerable period of disruption (MTPD) for major business functions

    • Minimum staff facilities and IT required for each department over 30 days

    • Who can work from home and for how long?

    • How much lost data can staff cope with (the Recovery Point Objective)

    • What hard copy documents do staff use and how would their loss would affect the business

    • Departmentís main functions

    • Critical third party suppliers and how their loss might affect business

    • Financial & non-financial affect of each department being able to operate

    • What IT system each department uses and how long they can manage without it (the Recovery Time Objective which would then drive the IT Disaster Recovery Plan)

Plan Development

An Incident Management Team is formed normally around the executive team of the organisation. Its role is to manage the business through what will be a very unsettling, often critical time for everyone, especially your customers.

The recovery plan must cover staff required to remain at work until further notice as well as those required on site.

    • Each and every department must then be covered by a Recovery Plan. Each plan would include solutions to the problems outlined such as:

    • Critical internal and third party contacts

    • Actual recovery location

    • Facility and IT requirements

    • Hard copy document storage

    • Key task list