Preparing for emergencies
Last Updated: 28 February, 2007
A Business Continuity Plan cannot be considered reliable until it is exercised and has proved to be workable, especially since false confidence may be placed in its integrity. Exercising [External website] should involve: validating plans; rehearsing key staff; and testing systems which are relied upon to deliver resilience (e.g. uninterrupted power supply). The frequency of exercises will depend on the organisation, but should take into account the rate of change (to the organisation or risk profile), and outcomes of previous exercises (in particular if weaknesses have been identified and changes made).
Organisations should not only put Business Continuity Plans in place, but should ensure they are reviewed regularly and kept up to date. Particular attention may need to be paid to: staff changes; changes in the organisation's functions or services; changes to the organisational structure; details of suppliers or contractors; changes to risk assessments [External website]; and business objectives/processes.