The first step is to put someone in overall charge. It could be an individual in a small business or a team in a larger organisation. There are software packages to help with BCP management, both in-house and Cloud-based. The software can assist with the process by providing guidance on the processes to be followed, a route map to completion, and making helpful suggestions. Industry pundits confidently expect AI-driven software to make an appearance over the next few years.
Remember that this is not a one-off exercise when choosing the BCP champions and that the process owner or team will be around for a while, updating the BCP to reflect changing circumstances.
The next step is in essence a Business Intelligence exercise, looking at business processes and identifying where risks could arise, followed by the creation of prevention, contingency, and recovery actions. It is useful to try to cost each to see if it makes more sense to let something happen and clear up afterwards, or pay for preventative measures for a risk that might happen very rarely.
A word about education. Part of the BCP preparation process is bringing the staff with you, a process best done through regular communication. When the BCP process is complete, it is essential to conduct some training exercises to test the BCP procedures. After all, the worst time to find out they don’t work is when there is a real crisis. Training exercises will help staff know what to do in the event of a real crisis.
A test could be a simulation exercise, or an unannounced full-scale test itself. In the Portacabin example above, staff arrived at the office one morning to find the doors locked and that they must now invoke the BCP.
That exercise was followed by a serious review of the outcome and some revisions to the BCP. One revision was to set up a regular testing schedule.