Articles

To protect your not-for-profit from unavoidable interruptions, it’s important to have an effective business continuity plan (BCP) in place. At a glance, this should serve the following purposes:

• To protect employees, volunteers and stakeholders
  
• To prevent environmental contamination
  
• To protect revenue, assets and information
  
• To prevent loss and to contain loss that occurs
  
• To protect your reputation
  

Review the following guidelines for an outline of steps that you can take to develop an effective BCP and minimise business interruptions.

1. Determine the risk

When determining the potential risks for business interruptions, consider both environmental risks and human risks. Additionally, consider which risks are preventable and which are not.

Once the risks are identified, you can begin to understand all elements involved, such as the hazard itself, the assets at risk, vulnerability to the risk and the ultimate impact of the risk. To be best prepared, rank each risk according to the likelihood of occurrence and the severity of impact.

2. Calculate the cost of interruptions

After the risks have been ranked, analyse the impact of each risk. In calculating cost containment, the following should be considered:

• Lost income or funding
  
• Increased expenses
  
• Regulatory fines or contractual penalties
  
• Potential business delays
  

3. Understand your insurance cover

The next step would be to review your insurance cover. Business interruption insurance generally comes into effect in these circumstances:

• Physical damage (e.g. fire or flood) to the premises causing suspended operations.
  
• Damage to property covered by the policy prevents employees, or stakeholders from accessing the premises.
  

Since business interruption cover can differ significantly, it is important to understand the policy terms, such as exclusions, extensions, cover limits and indemnity periods. Be sure to review your policy carefully with your specialist insurance broker to ensure bespoke cover for your unique business needs.

4. Implement steps for prevention and mitigation

There are three different approaches for controlling and containing potential hazards:

• Prevention: This method identifies preventable hazards and implements steps to avoid occurrence of the hazards.
  
• Deterrence: This method identifies potential criminal activities that create business hazards. Steps are taken to prevent the criminal activities.
  
• Mitigation: This method identifies hazards that cannot be prevented. Steps are taken to control and contain the hazards in case of an occurrence.
  

5. Create a crisis communication plan

As part of your BCP, it’s important to establish a crisis communication plan to provide employees, volunteers and stakeholders with updates and critical information. This protocol should include the following:

• A chain of command: A chain of command allows for information to be shared efficiently and ensures that all personnel receive proper information in the event of a disaster.
  
• Pre-scripted messages: Eliminate confusion by pre-scripting messages that will be shared with stakeholders and the public in the event of a disaster.
  
• A bi-directional communication network: Allow for communication to occur in multiple directions to efficiently pass information in the midst of a disaster.
  

6. Prepare an incident response plan

In addition to a crisis communication plan, your BCP should include an incident response plan to ensure your organisation is prepared to respond appropriately and efficiently to a disaster. This plan should be practised and reviewed regularly for effectiveness. Specifically, the plan should include the following elements:

IT and data recovery: Implement a data backup programme to protect and recover important information. Enforce workplace policies that assist in both preventing and mitigating the impact of a data breach. Further, consider developing a separate cyber-continuity and incident response plan with your staff to address your organisation’s unique cyber-security risks.

Contracts: Pre-arrange written contracts with other organisations and external suppliers to continue fulfilling commitments to customers.

Resources: Prepare an inventory of resources that are essential to regaining the ability to operate.

Testing and training: Run a test of the plan to ensure the plan is successful. Offer routine staff training to make sure employees/volunteers understand their responsibilities in helping execute the plan.

By taking these steps, it is possible to minimise potential business interruption risks and limit the impact of unexpected disasters. With a Business Interruption insurance policy, you can be covered for resulting costs such as relocation, increases in rent, loss of income and publicity costs. Cover for grants and donations can also be added. Speak to your charity insurance specialist about the appropriate levels of cover for your unique risks.

Access Insurance are Chartered Insurance Brokers specialising in serving charities, committees, trustee boards and not-for-profits. Their experienced advisers provide jargon-free advice and design a bespoke insurance policy to cover your unique risks.