Very often when a small business is bidding for new business with a larger client it will be faced with answering a long list of compliance related questions before the SME can become an approved supplier.
Answering all these questions is usually a condition of the SME being eligible to bid for the work, even though many of the provisions covered may not be legally required. Sometimes, also, the compliance list forms part of the larger contractor’s Corporate Social Responsibility (CSR) strategy.
Much of this is about offloading responsibility and liability when something goes wrong but it is also perfectly reasonable for companies to want to preserve their own business continuity and this is, or should be, as important to the SME as to a larger company.
It is important to consider what you would do if…..
So much of business now relies on technology in one form or another that it makes sense to have a fall-back position to cover a variety of IT-related issues.
There are plenty of advisory services and example templates available to help with compiling a proper Disaster Recovery Plan (DCR) or Business Continuity Plan (BCP) but many of them are either expensive or needlessly complicated.
The origin of such plans relates to situations where there is either a loss of communication, such as emails or voice, or a loss or the corruption of critical information, such as data. The aim of such plans is to ensure there are provisions in place that minimise disruption and ensure operations can continue until a problem has been resolved or data recovered.
So, the essential elements to cover are to define all the situations that can potentially break down, define a clear set of actions for resolving them, to identify the relevant people to be contacted and who is responsible for overseeing the actions, as well as the people who will be responsible for fixing the problem, and to set a time frame within which the situation should be resolved. Contingency fall-backs for each situation are also crucial.
So, for example, if access to data is unavailable for any reason, the fall-back provisions would include a back-up file, such as an external hard drive, cloud storage, or even physical, paper records that have been kept up to date.
If there has been damage to the business’ physical premises and perhaps IT hardware, the plan should include a key person to inform clients, suppliers and employees of the alternative arrangements in place, such as employees working from home and relevant contact details. Contingencies or fall-backs for such a situation would also be having laptops available already set up for company use with the information that employees would need to be able to carry on with their work from another location.
Having business continuity or disaster recovery plans in place is not only about complying with “tick box” conditions when a SME is bidding for a contract, they are a sensible precaution that enables the SME to carry on operating whatever happens as well as providing a useful training exercise so that employees are informed and understand their roles and responsibilities in the overall structure of the business.