Business Continuity
Guidance, Plans & Templates
Useful documents, resources and further information to support your Business Continuity planning.
What is Business Continuity?
The basic principle of Business Continuity is to continue to deliver our 'priority activities' in the face of a disruption; whether that be from an ICT failure, severe weather or an infectious disease. The ISO Standard surrounding Business Continuity Management, ISO 22301:2012, defines it as:
A holistic management process that identifies potential threats and the impacts of those threats (if realised) to business operations. It provides a Framework for building organisational resilience with the capability of an effective response that safeguards the interests of key stakeholders, reputation, brand, and ‘priority activities’.
The University Executive Board (via the Policy Oversight Group) approved the Business Continuity Planning Policy in April 2023. This policy details roles and expectations of the university community in relation to Business Continuity Planning and is available via the Guidance, Plans & Templates page below.
The Risk & Resilience Team encourages you to contact them to discuss business continuity arrangements within your area. The team offers guidance in the form of meetings, workshops and presentations and can develop bespoke scenario-based exercises to focus on the issues that are pertinent to your area.
Business Continuity (BC) Planning Cycle
Robust and effective BC management encompasses all of the below stages of the BC Planning Cycle.
- The first step is to Analyse what the Priority Activities are for an area. These are the critical functions within an area that must continue and/or be recovered as quickly and as effectively as possible.
- The second step is to Design a BC Plan which outlines the aforementioned activities, what they require in order to continue, how they link in with other internal teams and external stakeholders, and what alternatives there are if these activities suffer disruption.
- The third step is to Implement the BC Plan. This involves agreeing the BC Plan with key staff members and stakeholders and actively working to embed the plan and its guidance into team culture, understanding and training.
- The fourth step is to Validate the BC plan, which is a cyclic, ongoing element. BC Plans are required to be reviewed and tested every 6-12 months, which the Risk & Resilience Team can facilitate. Key staff from the team take part in a scenario-based exercise at least every 12 months to test the BC plan 'in action' and ensure that it is up-to-date and fit for purpose.
Business Continuity Plans
Business Continuity (BC) plans are an essential element of the BC Cycle and of the University's Governance and Emergency Planning functions.
- Senior management are responsible for ensuring that a Business Continuity Plan, and other appropriate business continuity arrangements, are in place and signed off for their Department/ School/ Faculty.
- The Risk and Resilience Team are responsible for the development, maintenance and annual review of the Business Continuity Policy, Framework and Programme ensuring that it remains aligned to the University’s strategic objectives. The Risk and Resilience Team will also provide oversight during serious incidents and co-ordinate the response of the Major Incident Team for major incidents
BC Plans help areas to:
- Outline alternative arrangements and potential recovery activities to enable functions to continue to operate and restore their usual levels of service in the event of an incident
- Help inform decision making during and after incidents
- Complement the Risk ManagementLink opens in a new window and Incident ManagementLink opens in a new window processes
In formulating their BC plan, departments should consider which academic departments or central services they would depend upon to regain full functionality. This could include departments with which they share teaching or research partnerships, or central services such as ITS or Estates. It is also important to consider external stakeholders as well as key suppliers of goods and services.