The Business Continuity Management process identifies potential threats to the University and the impact that those threats, if realised, could have upon its operation. It provides a framework for building organisational resilience, comprising a Business Continuity network, plans to respond to crises and a programme of exercises to validate them.
Why do we do it?
- We want to protect our people, our research and our reputation.
- Incidents impact on student experience and research quality. It is sound business sense.
- Business continuity reduces costly disruption and protects priority activities. We want to continually improve.
- Effective incident response requires rehearsed and flexible plans.
Why is Business Continuity Planning important?
Disruptions take many forms, including cyber-attack, fire, flooding and disease. The better prepared we are, the less damaging the impact will be on our people, our research, our reputation and our finances. Time spent in preparation is time well spent.
How do we do it?
The Business Continuity Management process should be viewed as a continuous lifecycle, always a work-in-progress and subject to regular review. The components are:
- Policy and Programme Management – establishes the University’s approach to Business Continuity and how it will be implemented.
- Embedding – considers how to integrate Business Continuity awareness and practice into routine activities and organisational culture.
- Business Impact Analysis – identifies the most critical activities and the impact of disruption over time. What is the likely impact? Where are the key risks? What are our dependencies? What resources do we rely on?
- Design – creates and selects appropriate solutions to achieve continuity in the event of a disruption.
- Implementation – develops Business Continuity Plans to meet the requirements identified during analysis and using the solutions created in the design stage. It also includes the development of a Response Structure.
- Validation – confirms that the Business Continuity programme meets the objectives set out in the policy and that the plans and procedures are effective. Exercising the plans is vital: it ensures familiarity with the plans and always generates ideas for improvement.
