Practical, Cost Effective and award-winning

Business Continuity, Crisis Management & Information Security Solutions


0800 035 1231 (Mon to Fri 9am – 5pm)

Suite 3, The Cotton Mill, Torr Vale Mills, New Mills, Derbyshire, SK22 4HS, UK

Business Continuity Planning

What, Why is Business Continuity PlanningOnce a strategy has been agreed, work can start on the detailed Business Continuity plan. This will take into account risk evaluation and impact analysis. (To see how prepared your business is see our try our business continuity healthcheck)

Incident Response Structure

The first stage in Business Continuity planning is defining an appropriate incident response structure: that is the team, or teams, who are responsible for coordinating the organisation’s response to a disruption. Smaller organisations may only need a single Incident Management Team (IMT) but many larger organisations apply the Emergency Services model of having a hierarchy of teams as follows:

  • Gold / Strategic
  • Silver / Tactical
  • Bronze / Operational

Whatever structure is decided upon, roles and responsibilities must be clearly documented. Further information on the composition of Incident Management Teams is available in our Downloads section.

Plan Invocation

The value of Business Continuity planning will only be realised if the appropriate plans are invoked in a timely fashion. It is therefore essential to provide clear guidance, including:

  • Who is authorised to invoke specific plans;
  • What the triggers are for invoking; and
  • How the invocation is effected.

There should also be a clear method of standing down teams once the incident is over.

Incident Management Plan

Developing a robust Incident Management Plan is a vital part of the overall Business Continuity planning process. Typically the Incident Management phase will last for a few days after a disruption but, for example in a ‘flu pandemic, it could continue for several weeks. The core of the Incident Management Plan is a series of checklists and aides-memoire to assist with decision-making in the early stages of an incident; these should include guidance on:

  • Safety and welfare of staff and visitors;
  • Locations where Incident Management teams and other critical staff can work from;
  • Manual workarounds to mitigate the effect of loss of IT services; and
  • Communicating with stakeholders and the media.

Business Recovery Plan(s)

The final stage of Business Continuity planning concerns the compilation of the detailed plans for the restoration of different areas of the organisation and resumption of business as usual. The plans should give details of the recovery priorities, resources required, locations to be used and the people involved in managing the recovery. It should be borne in mind that business recovery may take a considerable period of time – possibly many months in the case of a serious disruption.

Once again, it is important to stress that Business Continuity planning must be supported by appropriate training and exercising. We operate in compliance with ISO 22301: Societal Security – Business Continuity Management System

Follow the link to read details of a recent Business Continuity planning project with an SME client.

See the following links for information on how we can help with business continuity management and business continuity for small businesses.

What, Why blocks of Business Continuity Planning

Get In Touch

We are always happy to answer any questions you may have, please either contact us by telephone, or by filling in the form below.

Please ensure that you do not divulge any sensitive data as this webpage is not secure.

I used Cambridge Risk Solutions to develop a Business Continuity Plan for Bio-Rad in the UK. I would highly recommend Cambridge Risk Solutions.

more testimonials

  • Business Continuity Planning

    Effective planning that takes into account risk evaluation and business impact analysis, supported by clear and concise crisis management. We work with you to develop user-friendly plans.

  • Business Impact Analysis

    The Business Impact Analysis (BIA) is one of the most important, and least well understood, stages of the Business Continuity Management Lifecycle; we can assist with your BIA.

  • Training and Exercising

    No Business Continuity Management programme is effective without a significant element of training. Moreover, ongoing Crisis Management training and exercising is key. We can provide objective training and exercising.

  • Risk Evaluation and Control

    Risk evaluation and treatment provide a process to identify, prioritise and managing your risks. Cambridge Risk Solutions can assist with risk management for business operational and information security risks.

  • Statement of Applicability

    Which controls do you need to have in place? How do you link your risk assessment process into your SoA? How do you ensure that you have effective controls in place? We can assist with your SoA.

  • Integrated Management Systems

    Management Systems assist with your on-going management, maintenance and continual improvement. We work with you to develop a fully integrated management system, enabling certification to ISO 22301 and ISO 27001.