Continuity Planning & Management

Continuity planning

Continuity planning is about having a plan for how to maintain acceptable continuity in an organization's processes in the event of disruptions.

It could be disruptions in IT systems or interruptions in internet communication or electricity supply. But there can also be disruptions in the business due to staff not coming to work or premises being destroyed. Continuity planning must include handling all types of events that may disrupt the continuity of the work processes.

Continuity management

Sometimes the term continuity management is used, which is roughly the same as continuity planning, but with a slightly broader meaning. It is not only about planning and preparing for interruptions and disruptions, but also about the recurring work of planning, implementing routines, practicing and testing to learn and implement improvements. Continuity management is a job that never ends. The basis of continuity management is to acquire a system that is as robust as possible, so that disruptions are as few as possible and do not cause unnecessarily large damages, which are difficult and costly to repair.

Continuity management in four steps

Step 1 is to analyze your processes:

How do they look? What happens in the event of a disruption to the processes? What can we easily replace in the event of a loss? Which manual processes can we temporarily return to? Is the "old" handling still in the staff's collective memory? How long can we get by with alternative methods? With the analysis as a basis, the identified weaknesses are addressed. It create a new security basis for its processes. A robust basic security is the best thing to build continuity management on.

Step 2 is to implement the continuity plan:

Introduce routines for alternative solutions in the event of disruptions to the processes. Distribute responsibility in a crisis. Everyone must know their task. This requires information and training of the staff. Try alternative routines.

Step 3 is to follow up the disturbances that still occur:

How did the plan work in the event of an incident? Analyze and document what happened and which measures were most effective.

Step 4 is to improve the continuity plan:

Make a new analysis of the organization's processes. Change the routines and technical solutions that did not measure up during the incident. Redo the continuity plan and adapt it to the new experiences.

The continuity plan must be constantly updated with new conditions as a basis. Continuity management is a cyclical recurring process.

A continuity plan must contain all the information needed for staff to know what to do in the event of a disruption in an important activity or resource. The aim is to be able to maintain operations at an acceptable level during the disruption and to be able to restore normal processes as soon as possible.

The continuity plan must be:

  • Clear and easy to understand

  • Available to all concerned personnel

  • Practiced by concerned personnel

Some parts to be described in the continuity plan: 

  • Backup routines

  • Recovery routines

  • Return routines

  • Necessary contact details

Do you need help with your cyber security? Learn more about our cyber security reviews!