interactive brokers business continuity plan

• Quarterly Earnings
• Monthly Metrics
• Annual Report & Proxy
• Presentations & Events
• Press Releases
• SEC Filings
• Founder's Letter
• Corporate Governance
• Executive Profiles
• Sustainability Report
• Transfer Agent
• Contact IBKR Investor Relations

Client Protection - Strength and Security

STRENGTH AND SECURITY

Client Protection

Client protection at interactive brokers llc versus industry standards.

Interactive Brokers LLC (IBKR) takes a proactive approach to client protection. IBKR determines the amount of cash and securities owed to clients daily and segregates funds for the exclusive benefit of clients, along with a large buffer. IBKR was the first broker-dealer approved by FINRA to calculate its client reserve obligation (under Rule 15c3-3) on a daily basis, while the industry standard is to perform this calculation on a weekly or monthly basis.

IBKR's enhanced client protection reduces the risk of clients not receiving a full refund in the event of the firm’s liquidation. At nearly all other broker-dealers, the amount owed to clients is determined weekly or monthly. This poses a risk to clients' funds deposited in the interim, since those firms generally will only protect what was on deposit as of the last time a computation was performed. IBKR determines what is owed to clients and sets aside funds to cover our obligations every business day. In the highly unlikely event of our dissolution, trustees would more easily be able to determine what is owed to each client. At other broker-dealers, trustees would have to re-create the past week of activity which, as evidenced by the Lehman bankruptcy, would substantially delay the remittance of assets.

IBKR applies real-time risk margin requirements to client accounts, whereas most the rest of the industry applies end-of-day risk margin. If a client is deemed to have insufficient assets to cover the risk of their open positions, IBKR typically will perform real-time liquidations of their positions to return the account to margin compliance. Other broker-dealers often permit clients to carry this risk over multiple days.

IBKR's real-time risk margin requirement and protective liquidations greatly minimize our clients’ exposure to losses attributable to other clients’ trading, and the risk that client losses pose to IBKR. The practice of other broker-dealers to calculate risk of the end of the day increases the likelihood that volatile market conditions could expose their clients to risk compared to IBKR clients in similar market conditions. Firms that do not impose real-time liquidations, and allow clients to promise to bring in funds at a future date to cover the risk, expose clients to the credit risk of other clients.

Another major benefit of doing business with IBKR is that it does not carry any proprietary inventory. IBKR solely acts as a facilitator for client trading and does not make any directional bets. Two of the most significant broker-dealer bankruptcies of the past decade (Lehman Brothers and MF Global) were caused by the risk generated from proprietary holdings.

Since IBKR does not make proprietary bets, the risk of IBKR going bankrupt and client funds being tied up in a liquidation is significantly less than other broker-dealers that which take proprietary positions. Additionally, IBKR’s clients do not have to worry about their broker making proprietary bets against them.

All broker-dealers are permitted to loan client securities (called "rehypothecation") if a client borrows on margin. When IBKR engages in rehypothecation of client securities, it sets aside 103% of the market value of client securities rehypothecated, on daily basis. Most other broker dealers set aside this money only once a week.

By setting aside client funds daily, IBKR ensures that there is segregated cash in excess of the market value of securities rehypothecated to make clients whole. For other broker-dealers that only perform this calculation weekly, client funds and assets are subjected to an increased risk that the firm has not protected its clients for the intraweek use of client assets, which could result in losses to clients.

Similarly, unlike other broker-dealers, IBKR segregates cash daily to cover securities owed to clients that temporarily are not in a good control location 1 . This is a common occurrence in the industry, known as a "segregation deficit". Other broker-dealers may allow these deficits to persist for several days before taking required action.

IBKR reduces clients’ risk by ensuring that the market value of all securities not designated in a good control location are properly segregated in cash on a daily basis. This allows IBKR clients to retain a high level of confidence that it will properly segregate all of their assets. Many other broker dealers will carry the deficit for several days without taking any additional steps to protect clients.

Finally, IBKR is not affiliated with a bank, which is unlike most comparably capitalized broker-dealers. Not being affiliated with a bank provides IBKR , with a more stable platform for our clients should a marketwide crisis arise.

Broker-dealers affiliated with banks are subject to further supervision by banking regulators, which results in additional uncertainty as to who has rights to the assets in the event of a bankruptcy. Since IBKR is not a bank, we believe clients' assets would be returned in a more timely fashion than for bank- owned broker-dealers. Moreover, in a financial crises scenario, IBKR’s financial resources would be dedicated solely to ensuring the continued smooth operations of the broker-dealer. Bank-affiliated broker-dealers, on the other hand, are capitalized by their bank affiliate, and are generally set-up as a subsidiary of a bank holding company affiliate. Unlike IBKR these bank-affiliated broker-dealers are not independent, self-capitalized entities adding a layer of additional risk for their clients. In a financial crisis those broker-dealers are competing with their banking affiliates for capital and liquidity. This could result in the capital being pulled out of the broker-dealer and funds being deployed at the affiliated banking entity to the detriment of brokerage clients.

Indeed, during the height of the financial crisis, while clients were removing funds and equity from these bank- affiliated broker-dealers, those clients were depositing their assets with IBKR as a safe haven. As a result of IBKR's strong financial position, client equity and client cash increased by 77% and 65% respectively from November 2008-November 2009.

• Good Control Location - A depository/custodian that has been approved by the Securities and Exchange Commission (SEC) to hold client assets.

• Search Search Please fill out this field.
• Business Continuity Plan Basics
• Understanding BCPs
• Benefits of BCPs
• How to Create a BCP
• BCP & Impact Analysis
• BCP vs. Disaster Recovery Plan

Frequently Asked Questions

• Business Continuity Plan FAQs

The Bottom Line

What is a business continuity plan (bcp), and how does it work.

Investopedia / Ryan Oakley

What Is a Business Continuity Plan (BCP)? 

A business continuity plan (BCP) is a system of prevention and recovery from potential threats to a company. The plan ensures that personnel and assets are protected and are able to function quickly in the event of a disaster.

Key Takeaways

• Business continuity plans (BCPs) are prevention and recovery systems for potential threats, such as natural disasters or cyber-attacks.
• BCP is designed to protect personnel and assets and make sure they can function quickly when disaster strikes.
• BCPs should be tested to ensure there are no weaknesses, which can be identified and corrected.

Understanding Business Continuity Plans (BCPs)

BCP involves defining any and all risks that can affect the company's operations, making it an important part of the organization's risk management strategy. Risks may include natural disasters—fire, flood, or weather-related events—and cyber-attacks . Once the risks are identified, the plan should also include:

• Determining how those risks will affect operations
• Implementing safeguards and procedures to mitigate the risks
• Testing procedures to ensure they work
• Reviewing the process to make sure that it is up to date

BCPs are an important part of any business. Threats and disruptions mean a loss of revenue and higher costs, which leads to a drop in profitability. And businesses can't rely on insurance alone because it doesn't cover all the costs and the customers who move to the competition. It is generally conceived in advance and involves input from key stakeholders and personnel.

Business impact analysis, recovery, organization, and training are all steps corporations need to follow when creating a Business Continuity Plan.

Benefits of a Business Continuity Plan

Businesses are prone to a host of disasters that vary in degree from minor to catastrophic. Business continuity planning is typically meant to help a company continue operating in the event of major disasters such as fires. BCPs are different from a disaster recovery plan, which focuses on the recovery of a company's information technology system after a crisis.

Consider a finance company based in a major city. It may put a BCP in place by taking steps including backing up its computer and client files offsite. If something were to happen to the company's corporate office, its satellite offices would still have access to important information.

An important point to note is that BCP may not be as effective if a large portion of the population is affected, as in the case of a disease outbreak. Nonetheless, BCPs can improve risk management—preventing disruptions from spreading. They can also help mitigate downtime of networks or technology, saving the company money.

How To Create a Business Continuity Plan

There are several steps many companies must follow to develop a solid BCP. They include:

• Business Impact Analysis : Here, the business will identify functions and related resources that are time-sensitive. (More on this below.)
• Recovery : In this portion, the business must identify and implement steps to recover critical business functions.
• Organization : A continuity team must be created. This team will devise a plan to manage the disruption.
• Training : The continuity team must be trained and tested. Members of the team should also complete exercises that go over the plan and strategies.

Companies may also find it useful to come up with a checklist that includes key details such as emergency contact information, a list of resources the continuity team may need, where backup data and other required information are housed or stored, and other important personnel.

Along with testing the continuity team, the company should also test the BCP itself. It should be tested several times to ensure it can be applied to many different risk scenarios . This will help identify any weaknesses in the plan which can then be corrected.

In order for a business continuity plan to be successful, all employees—even those who aren't on the continuity team—must be aware of the plan.

Business Continuity Impact Analysis

An important part of developing a BCP is a business continuity impact analysis. It identifies the effects of disruption of business functions and processes. It also uses the information to make decisions about recovery priorities and strategies.

FEMA provides an operational and financial impact worksheet to help run a business continuity analysis. The worksheet should be completed by business function and process managers who are well acquainted with the business. These worksheets will summarize the following:

• The impacts—both financial and operational—that stem from the loss of individual business functions and process
• Identifying when the loss of a function or process would result in the identified business impacts

Completing the analysis can help companies identify and prioritize the processes that have the most impact on the business's financial and operational functions. The point at which they must be recovered is generally known as the “recovery time objective.”

Business Continuity Plan vs. Disaster Recovery Plan

BCPs and disaster recovery plans are similar in nature, the latter focuses on technology and information technology (IT) infrastructure. BCPs are more encompassing—focusing on the entire organization, such as customer service and supply chain. 

BCPs focus on reducing overall costs or losses, while disaster recovery plans look only at technology downtimes and related costs. Disaster recovery plans tend to involve only IT personnel—which create and manage the policy. However, BCPs tend to have more personnel trained on the potential processes. 

Why Is Business Continuity Plan (BCP) Important?

Businesses are prone to a host of disasters that vary in degree from minor to catastrophic and business continuity plans (BCPs) are an important part of any business. BCP is typically meant to help a company continue operating in the event of threats and disruptions. This could result in a loss of revenue and higher costs, which leads to a drop in profitability. And businesses can't rely on insurance alone because it doesn't cover all the costs and the customers who move to the competition.

What Should a Business Continuity Plan (BCP) Include?

Business continuity plans involve identifying any and all risks that can affect the company's operations. The plan should also determine how those risks will affect operations and implement safeguards and procedures to mitigate the risks. There should also be testing procedures to ensure these safeguards and procedures work. Finally, there should be a review process to make sure that the plan is up to date.

What Is Business Continuity Impact Analysis?

An important part of developing a BCP is a business continuity impact analysis which identifies the effects of disruption of business functions and processes. It also uses the information to make decisions about recovery priorities and strategies.

FEMA provides an operational and financial impact worksheet to help run a business continuity analysis.

These worksheets summarize the impacts—both financial and operational—that stem from the loss of individual business functions and processes. They also identify when the loss of a function or process would result in the identified business impacts.

Business continuity plans (BCPs) are created to help speed up the recovery of an organization filling a threat or disaster. The plan puts in place mechanisms and functions to allow personnel and assets to minimize company downtime. BCPs cover all organizational risks should a disaster happen, such as flood or fire.  

Federal Emergency Management Agency. " Business Process Analysis and Business Impact Analysis User Guide ." Pages 15 - 17.

Ready. “ IT Disaster Recovery Plan .”

Federal Emergency Management Agency. " Business Process Analysis and Business Impact Analysis User Guide ." Pages 15-17.

• Terms of Service
• Editorial Policy
• Privacy Policy
• Your Privacy Choices

• Sample Business Continuity Plan and Business.. - Interactive Brokers

Preview of document you want to download

This page was created to preview the document's file: https://www.interactivebrokers.com..download/ib_ria_cc_business_continuity_plan.docx

Title: Sample Business Continuity Plan and Business.. - Interactive Brokers

Description: ( Greenwich Compliance ) is providing this template Business Continuity Plan as a courtesy to investment advisors trading through the Interactive Brokers ( IB )... ( Greenwich Compliance ), an Interactive Brokers Group company, offers expert registration consulting and start-up compliance services for financial advisors..

Keywords: registration, interactive, continuity, compliance, investment, consulting, greenwich, providing, financial, business, template, courtesy, advisors, services, brokers, trading, through, company

We won't redirect you to any file you don't want to download. Before proceed to the file, please, be sure this is the file you want to download.

Click the link below to proceed:

https://www.interactivebrokers.com..download/ib_ria_cc_business_continuity_plan.docx

More Related Documents

Recent docs.

• Internal medicine physician position description - Southern District..
• Community Attitudes to Biotechnology Report on Overall Perceptions..
• Draft minutes of Virtual Labs Sep 19 2012 PRSG.docx - Sakshat

More Other Documents

We may use cookies to give you the best experience. If you do nothing we'll assume that it's ok.

• Terms of use
• Privacy policy
• Copyright policy
• Back to top

Powered by ATES Online

Copyright © 2005-2024 ATES

Contact Us: tqtnls@ gmail.com

• Portal Login

OPEN ACCOUNT

• Start Application
• Finish an Application
• What You Need
• A Guide to Chosing the Right Account

FOR INDIVIDUALS

• Individual, Joint or IRA
• Non-Professional Advisors

FOR INSTITUTIONS

• Institutions Home
• Registered Investment Advisors
• Proprietary Trading Groups
• Hedge Funds
• Introducing Brokers
• Family Offices
• Compliance Officers
• Small Businesses
• Employee Plan Administrator SIMPLE IRA
• Full-Service Administrator Insurance Providers
• Money Managers
• Fund Administrators
• Hedge Fund Allocators
• Commissions
• Margin Rates
• Interest Rates
• Short Sale Cost
• Research and News
• Market Data
• Stock Yield Enhancement
• Products and Exchange Search
• Order Types
• Securities Financing
• Features in Focus
• Probability Lab
• Global Outsourced Trading Desk
• Sustainable Investing
• IBKR GlobalAnalyst
• PortfolioAnalyst
• Bonds Marketplace
• Mutual Funds Marketplace
• No Transaction Fee ETFs
• Investors' Marketplace
• Short Securities Availability
• Cash Management
• Third Party Integration
• Interactive Advisors
• IBKR Campus
• Traders' Academy
• Traders' Insight
• IBKR Podcasts
• IBKR Quant Blog
• Student Trading Lab
• Traders' Glossary
• Traders' Calendar
• Strength and Security
• Information and History
• News at IBKR
• Press and Media
• Investor Relations
• Sustainability
• Regulatory Reports
• Refer a Friend
• Affiliate Programs
• Fund Your Account
• For Individuals
• For Institutions
• Institutional Sales Contacts
• Browse Our FAQs
• Tax Information

Disclosures

Forms and Disclosures

Regulatory Notices and Risk Disclosures

Please review the following disclosures carefully, as they contain important information regarding your Interactive Brokers account.

* IBKR is required to amend the Customer Agreement by adding and deleting certain provisions required by one or more of the Securities and Futures Commission ("SFC"), Hong Kong Exchanges and Clearing Limited ("HKEx"), Hong Kong Futures Exchange ("HKFE"), The Stock Exchange of Hong Kong Limited ("SEHK") or their respective clearing houses, and these amendments appear in the Hong Kong Regulations Agreement (the "HK Additional Provisions").

Warnings and Disclosures

Trading on Margin can increase your risk of loss. Prior to trading on margin, review the Disclosure of Risks of Margin Trading .

Day Trading is only for sophisticated investors with high risk tolerance. Before engaging in Day Trading read the Day Trading Risk Disclosure which discloses .the risks inherent in this strategy.

Options involve risk and are not suitable for all investors. Before investing in options, read the "Characteristics and Risks of Standardized Options." For a copy click here .

Futures are not suitable for all investors. The amount you may lose may be greater than your initial investment. Before trading futures, read the CFTC Risk Disclosure. For a copy of the disclosure, click here . For the appendix to the Risk Disclosure, click here

Security Futures are highly leveraged investments and are not suitable for all investors. Before trading these products it is important to carefully review the Standardized Risk Disclosure for Security Futures .

Structured products and fixed income products such as bonds are complex products that are more risky and are not suitable for all investors. Before trading, read the relevant prospectus/ offering documents and/or the summary information regarding the key nature, features and risks of the complex product and confirm that you understand the risks outlined in the IBHK Bond Risk Disclosure Statement .

Please click below for the Interactive Brokers Firm Specific Disclosure Document required by CFTC Rule 1.55(k). Interactive Brokers LLC Firm Specific Disclosure Document pursuant to CFTC Rule 1.55(k)

Electronic Trading And Order Routing Systems Risk Disclosure Statement

Hard copies of all of the above risk disclosure documents are available by contacting IB Customer Service .

To review Interactive Brokers' Financial Statements, click here .

Interactive Brokers Canada Inc. is a member of IIROC and CIPF.

Interactive Brokers Canada Inc. will not open accounts except in jurisdictions in which it is registered.

Privacy Notice

Interactive Brokers Group Worldwide Exchange Memberships

Disclosure Regarding Interactive Brokers Business Continuity Plan

To review all IB regulatory notices and risk disclosures click here .

IB SM , InteractiveBrokers.com ® , Interactive Analytics ® , IB Options Analytics SM , IB SmartRouting SM and IB Trader Workstation SM are service marks and/or trademarks of Interactive Brokers LLC.

Only Interactive Brokers LLC and its Affiliates and Authorized Resellers may offer services provided through IB's Trader Workstation. Such services are subject to limitations on liability and warranties. Interactive Brokers only authorizes representations made directly by it. Trading, investment or tax advice is not authorized.

Proprietary rights

The design of, and information contained within, this website are owned by Interactive Brokers Group and its affiliates and are protected by copyright, trademark, and other proprietary rights. Timber Hill and Interactive Brokers are registered service/trademarks of Timber Hill LLC and Interactive Brokers LLC, respectively. Copies of the contents may be viewed and downloaded for your own personal non-commercial use, provided that any copy contains this Copyright/Disclaimer Notice. The contents may not otherwise be used in whole or in part in any manner without the prior written consent of Interactive Brokers LLC.

The contents of this website are believed to be reliable, but the accuracy or completeness of any information contained herein is not guaranteed and members of Interactive Brokers Group shall not in any way be liable for any delay in keeping such information current. Members of Interactive Brokers Group specifically disclaim all warranties, express or implied, except for those derived from its executed Customer Agreements.

Although Interactive Brokers believes that the information provided on these pages is accurate, it provides no warranty with respect thereto. The information may not be suitable for all persons; it should not be relied upon in connection with a particular investor's trading; and, is not intended to be, nor should be construed as, an offer, recommendation or solicitation. Interactive Brokers does not provide investment advice, and only accepts Customers who have read and understand the relevant risk disclosure documents. The information on this website is not intended for persons who reside in jurisdictions where providing such information would violate the laws or regulations of such jurisdiction.

• Customer Portal Sign In
• Support get in touch Email Service Desk

Adoption, migration, optimisation, security and management services designed to deliver business agility.

• Cloud Adoption and Migration
• Cloud Optimisation
• Cloud Management
• Cloud Security
• Interactive Anywhere

Improve your security posture with tailored strategies and front-line defence services.

• Strategy and Consulting
• Governance Risk and Compliance
• Managed Security Services
• Security Testing and Assurance
• All Services

Scalable colocation and connectivity within a hyper secure environment.

• Data Centre Solutions
• Data Centre Services
• Data Centre Locations

Disaster recovery and serviced offices in secure, premium office facilities.

• Business Continuity Locations
• Business Continuity Test
• Business Resilience

Tailored end-to-end solutions for your hardware ecosystem across the widest range of vendors.

• End of Service Support
• Storage Maintenance
• OnAlert Monitoring
• Server Maintenance
• Interactive Repair Centre
• Network Maintenance

Seamless management of your IT environment, underpinned by world-class cyber security, no matter where you are on your journey.

• Digital Workplace

Securely and effectively operate, monitor and maintain your network.

• business nbn™ Enterprise Ethernet
• business nbn™ Ethernet
• business nbn™ Satellite Service
• Wi-Fi Mapping

Enjoy the comfort of a modern working space supported by world class technology, security and resilience.​

Help your clients take control of their IT environment with Australia and New Zealand’s leading hardware maintenance provider.

• Data Migration Strategy
• IT Network Security
• Customer Stories
• Our History
• Executive Leadership Team
• Corporate Sustainability
• Available Positions

How to create a business continuity plan

Business resiliency and business continuity planning.

The discipline of business continuity planning (BCP) should be focused on business resiliency, not just on preparing for the worst-case scenario.

Business resiliency draws on effective BCP strategies to ensure that you can minimise or avoid the impact of problems and threats on your critical business functions and return to business as usual (BAU) as soon as possible.

There are always going to be factors beyond your control that might affect your business operations. If you aren’t adequately prepared, a power or communications outage, or a natural disaster such as a storm, flood or fire, can have a catastrophic impact on your organisation – including the health and safety of your employees.

A case in point is the recent severe bushfires, which had a devastating and widespread impact on communications services in NSW and Victoria. In an effort to improve network resilience, the Federal Government convened a roundtable meeting with Australia’s major telecommunications companies and industry organisations to address both the immediate response and also the longer-term initiatives needed to minimise the impact of future emergencies. “While no telecommunications network is 100 per cent impervious to damage from natural disasters, Australians naturally want to be confident our communications networks are as resilient as possible during times of emergency,” said the Commonwealth Minister for Communications, Cyber Safety and the Arts, the Hon Paul Fletcher MP via a media statement.

You need to make sure that your business continuity plan includes all the vital information you need to respond effectively to emergency situations. These high-pressure environments can be chaotic and confusing, so how do you create and maintain an effective plan to stay in control and respond effectively in the event of a disaster? Here are some key factors to take into account when you are creating or reviewing your business continuity plans and readiness.

1. Understand your business impacts and prioritise each business process or function.

A business impact analysis and risk management approach are essential first steps. Be sure about what constitutes your minimal operating base, the amount of time that’s acceptable for recovery of each key process (which will inform your recovery time objective), and that you have identified the various risks and threats to your business.

In terms of impact, you need to consider three types: financial, stakeholder and reputational damage. For example, if your customer service agents can’t answer calls or emails due to an outage in your main contact centre, how many agent seats do you need to have in your disaster recovery (DR) facility to respond to critical customer enquiries?

An insurance company might have assessed that it needs 20 contact centre seats immediately for agents to process urgent claims and payments from customers, but can wait longer to bring its outbound sales agents back online. However, that required seat figure might change depending on the nature of the incident. If it’s a wider scale natural disaster, the insurance company is likely to be fielding a lot more calls from customers. That means doubling or tripling those immediate seats.

2. A business continuity plan needs to be flexible.

Your plan needs to be a guide or codes of practice, not a step-by-step process. You can’t develop plans for every possible scenario or every permutation. You need a plan with the right balance of general and specific detail to arm your emergency management team with information and processes to be able to categorise threats and risks by business function and impact, to prioritise both the safety of your staff and the containment of any damage.

A good analogy is a hospital’s emergency department. Identifying business impact is the critical triage process. That determines what courses of action needs to be taken: how quickly the issue needs to be dealt with, which operational staff and specialists are required, and what equipment or facilities need to be available. From that point, a treatment (BC) plan kicks in to maintain critical functions and minimise any ongoing impact or further damage to the patient (business operations), and a longer-term strategy to restore the patient back to full health (recovery time objective – RTO). These actions might not be spelled out in the plan, because it will be up to the specialists or other third parties to determine the best approach.

3. A business continuity plan needs to be accessible.

It’s important that you have redundant digital storage locations for your plans, and hard copies available as part of your emergency kit at each of your facilities. The key members of your crisis management team aren’t always going to be available to respond. You will want to make sure your broader team, not just your key operations staff, is made aware of your BC plans and has easy access to the documentation.

4. Factor in your supply chain.

Make sure you have considered your obligations to your customers, particularly any contractual or compliance requirements, such as service level agreements (SLAs). If you are providing services to any APRA-regulated customers , they will need to conform with  Prudential Standard CPS 232 for Business Continuity Management , which also applies to third-party service providers. Your business can also be disrupted when your business partners are affected by a disaster.

You need to ensure that you have identified your critical suppliers, what might happen if their services are disrupted, who you need to contact in the event of a disaster, and their agreed responsibilities and recovery strategies. These suppliers might also be a good source of support for additional resources or replacement or repair of damaged infrastructure. For any of Interactive’s customers in the financial services and insurance industries, they need to be confident that our business continuity plans and capabilities meet APRA’s objectives and key requirements.

5. Disasters are more likely to be mundane, not catastrophic.

While you need to be prepared for the worst-case scenarios, the most likely cause of your disaster is something smaller or more specific. That might include localised flooding from a burst pipe on the floor above, an evacuation from a suspected chemical or gas leak, or simply that the toilets are out of action. If you have critical business functions that will be interrupted by these occurrences, your business continuity planning needs to kick into action. Another common source of damage is from CryptoLockers and other ransomware that might restrict users’ access to services or threaten to destroy your intellectual property or other digital assets. Your BC plans need to identify key types of cyber threats, the best ways to mitigate or prevent these risks and a process or guide on who best to deal with them.

6. Information technology (IT) should be a top priority.

Organisations typically have a heavy reliance on IT processes for business operations, so restoring these services should be given a high priority in any plan. You should also ensure that your key IT management and operational staff are represented in your crisis management team or identified in your plan. There should be redundancy built in at all potential points of failure so that critical services can be restored quickly. A regular data backup in secured data centers can help businesses to recover their data efficiently in many disaster instances such as cyber-attacks. For catastrophic failures, your organisation should be able to replicate this full operational environment, including the required IT infrastructure and services at a dedicated or shared disaster recovery site.

7. Don’t make any assumptions.

Challenge what’s normal. Plans can come unstuck for simple but unexpected reasons. In a recent example, when an organisation was forced to execute a business continuity procedure which involved key staff logging on from home, they discovered that their Citrix remote access authentication tokens were out of date. Running regular simulations of scenarios like this would have identified and resolved that issue – and potentially a range of other assumptions that might have been made. There’s now a perception that you can run your business from anywhere with a mobile phone and laptop – but can you do this for an extended period? Is it safe for your business?

In the 2011 Brisbane floods, a number of businesses assumed their staff would be able to work from home – however, a lot of workers left their laptops locked up in the office, and others had no power at home.

How can we help with your Business Continuity Plan?

During the Brisbane floods , Interactive helped a number of its clients to stay operational and restore their critical services, but other businesses in the city were severely impacted. In the wake of the disaster, the Queensland Government has  published a handy guide  that’s a great resource for anyone tasked with developing or improving their organisation’s business resiliency.

If you are starting out on your BCP journey , it might seem overwhelming at first. As a final thought, it can help if you think of BCP as a continuum. Start at a high level by sorting out your critical functions, then refine your plan and get more and more granular as you go. “Fail to plan, plan to fail” – it’s also critical to test your plan and run simulations regularly. That way, you have identified any gaps or single points of failure in your plan and you are ready if disaster strikes. You can have the best business continuity plan in the world, but if you don’t test it, it’s worthless.

Mitigate potential risk to your business with our business continuity plan template

Ready to get serious about business continuity, latest insights, business continuity plan template, what is a disaster recovery site, why is it important to have access to a comfortable disaster recovery site, why do you need a team you can count on in a disaster, form headinf.

• Cloud Services
• Cyber Security
• Data Centres
• Business Continuity
• Systems Maintenance
• Network Services
• Secure Space
• News & Insights
• 1300 669 670
• Email a Service Request
• Submit a Enquiry
• Automotive and Logistics
• Consumer Packaged Goods
• Financial Services
• IT, Data and Software
• Manufacturing
• Media and Entertainment
• Philanthropy and Volunteer
• Real Estate
• Superannuation

During the Covid-19 crisis, we are following UK Government guidance to keep our employees safe and look after our valued clients. Read our articles on support for your business.

You can also help us help your fellow businesses - as well as your favourite charity - at this difficult time by recommending us to someone you feel would benefit from our insurance.

Towergate together with our parent company The Ardonagh Group are deeply saddened to hear of the death of Her Majesty the Queen. She is remembered by our colleagues and worldwide as a beacon of duty, wisdom and service.

• Local Knowledge
• Sector Expertise
• More Products and Services
• International
• Business Continuity Planning

Introduction

Businesses are exposed to disasters all the time, including IT system failures, cyber incidents, power outages, major losses, i.e. fire or flood at site, epidemics or natural disasters. These causes could cripple your business unless you have a responsive and resilient Business Continuity Plan (BCP) ready.

Business Continuity Planning is a management process that identifies in advance the potential impacts of disruption to an organisations ability to function. An up-to-date and robust BCP allows your business to continue on running everyday operations seamlessly. It makes sure that you can service your customers, continue to court your prospects, manage your partners and suppliers and ensure your employee wellbeing and productivity in a satisfactory manner, even when you’re facing technical issues.

Therefore, it’s very important to come up with a continuity plan, if you don’t already have one.

Relevant factors such as your business’ resources, location, suppliers, customers, and employees must be carefully analysed before a Business Continuity Plan can be formed. It is also crucial to test the plan and check whether it’s working or not. Without a serious stress-test, it is possible that your BCP could look great on paper, but quickly show flaws in a real-life scenario.

A Business Continuity Plan (BCP) plan should:

Proactively improve the organisation’s resilience against disruption

Provide a planned method to restore products or services

Deliver a capability to manage an incident to protect the reputation and brand of the organisation

Planning should recover all aspects of the business and involves:

Pre-planning with a view to ensuring an incident does not happen in the first place

Emergency response in the immediate aftermath of an incident

Crisis management including salvage and reinstatement of assets and or premises, relation, etc within acceptable time

Business Recovery which involves the management of provision of an acceptable level of service to customers

allowing a return to normal trading

Whilst the detailed nature of the planning process may differ between individual organisations there are several key stages

which should be completed to provide a meaningful plan:

Project Initiation and Definition

Business Impact Analysis

Threat Analysis

Determine Strategy

Develop Continuity Plan

Testing/Review

It is essential to understand that the project will involve a considerable amount of time and effort within the organisation. The exercise requires sponsorship and allocation of time and resource.

Whist input is needed from all areas of the business, it is important that responsibility for implementing and coordinating is defined and allocated to an individual. Their responsibility will be to ensure all areas of the business are represented, departments are involved in their own plans and control the overall development of the plan.

It is necessary to define what the plan is trying to achieve, determine realistic timescales and allocate responsibility.

The scope of the plan will need to be determined by the business at the start in terms of the areas to be covered, together with any not in scope.

What assumptions is the Business prepared to make?

Can you envisage a total loss of the site or do the existing precautions protect areas adequately?

What aspects are to be considered. Normally this will include hard issues such as physical damage – fire, flood, etc, but does the business need to investigate issues such as product recall?

Tolerance is also key to plan.

What interruption/disruption can the business tolerate?

This can be defined in terms of time; either because of a formal Service Level Agreement (including contractual penalties) or simply a competitive environment which will see customers migrate to competitors in the event of a prolonged interruption.

What is sustainable?

Financial tolerance may be a more relevant measurement in terms of a reduction in turnover/profit following an interruption.

The business must define what represents a crisis; this will depend upon the nature of an organisation and its circumstances. Disruption is managed on a day-to-day basis by businesses so there is a need to establish when an incident falls outside the normal coping mechanisms.

It is important not to invoke the plan too early for fairly minor issues but equally any delay in invoking the plan could undermine its effectiveness.

A crucial stage of the process, this involves looking at what is key in terms of the operation of the business, identifying critical assets and functions and determining effect of their loss. Examples may include key pieces of equipment, bottle necks, IT, access to premises, etc.

It is often useful to construct a flowchart of the business operation, noting the input from various departments and functions to highlight the effect of their loss. The process examines the loss of a function (including external sources) for whatever reason and determines the effect on the business and how quickly it could be replaced/restored.

Assume the interruption will happen at the worst possible time and the impact will be the greatest – just before peak season, holiday period, etc.

Now consider the risks to the key assets, are they protected? Hard risks are relatively easy to consider – protection against fire, flood, etc

Soft issues are hard to evaluate but risks such as product failure and associated recall functions need to be considered.

Given the potential impact on the business in the event of loss and the potential likelihood of the loss, are the existing protections adequate or can they be improved on a cost-effective basis?

The business needs to determine a strategy for overcoming any disruption which fits the needs and tolerances of the business.

The exercise is not a magic wand, particularly in the case of single manufacturing sites and it may not be possible to come up with a cost-effective solution which replaces production in the event of a prolonged disruption.

A valid solution may be simply to protect the assets from potential loss to the highest possible limit and reduce the risk of total loss occurring. It may then be possible to develop recovery strategies for the resulting partial loss.

There are many solutions which may fit the needs of the business including duplication, outsourcing, stockpiling, etc.

It is acceptable to stagger recovery – prioritise recovery of certain functions to support customers in the event of being unable to fully reinstate.It is important that the recovery strategy is fully approved, communicated within and embraced by the organisation and it is fit for the needs of the business.

Developing a Plan

A management team should be formed involving senior management and representation from all areas of the business. The team needs to be able to comment on and take decisions on behalf of the Organisation. It will be responsible for overseeing and managing any incident allowing the business to recover in the most effective manner.

It is important to define an escalation process for incidents, the business will manage issues during the course of normal operations, at what stage do you want to escalate these to the next level?

There is a danger in micromanaging , for example do you really need to assemble the management team for a burst pipe, but on the other hand the team will need to be aware of the incidents which may then escalate to have a significant impact on the business.

Individual department plans for recovery will be documented which fit in with the tolerances and requirements of the business.

It is essential to outline responsibility for lines of communication including staff, media, customers, emergency services, etc.

The plan should include three key areas;

Emergency response - procedures at the time of the incident to ensure adequate initial response to and control of the incident. This may already be in place and could be as simple as an emergency evacuation procedure or more detailed such as chemical spill procedures.

Crisis Management - this aspect should include an assessment of damage, look at recovery options, salvage, liaison with builders, suppliers, etc.

Business Recovery - responsible for the recovery of key processes and services within the timescales outlined in the plan.

Testing & Review

Once the plan has been developed and distributed, it is important that it’s reviewed on a regular basis, particularly in the event of a change in circumstances within or external to the business.

Plan and create a ‘doomsday’ disaster scenario that affects your business. Employees should act as though the scenario is genuine and refer to their duties in the Business Continuity Plan, going through it step by step. Monitor the time it takes to get everything under control, from contacting customers to checking business resources and temporary meeting locations. Ensure you have impartial observers / invigilators who make notes and record the effectiveness.

Evaluation and amendment

After the Business Continuity Plan is put to test, gather your employees to discuss the plan’s overall performance. Identify where it needs improvement and encourage the parts that worked best. Make changes to key personnel, responsibilities and actions where necessary, to ensure that the continuity plan is working at its best.

Communicate and diary

Communicate the importance and benefit of the BCP to all levels of the workforce. Promote the review and active participation in the BCP simulation. Use the simulation to identify competencies within your workforce that may signify additional resources during a disaster situation. Diary to repeat the process within 12 months.

Having a Business Continuity Plan is a good start, but testing it regularly and robustly is equally, if not more important. A BCP will not only help with a ‘doomsday’ event but will usually alleviate some of the day-to-day operational issues, e.g. machinery breakdown, temporary supply issues, power outages, etc. which may not require a full activation of the plan but would provide solutions to smaller scales and shorter-term challenges.

About the author

Simon Broome SIIRSM Tech IOSH has over 25 years' experience around risk management, honed through his industry background and working on operating software and management systems.  He is a Specialist Member of the International Institute of Risk and Safety Management and a Technical Member of IOSH, and also holds the NEBOSH National Certificate in Fire Safety and Risk Management.

Read risk management articles by Simon

• Health & Safety Bulletin - April 2019: HSE Intervention Enforcement Notices on the Increase 
• Health & Safety Bulletin - April 2019: Notra Dame Blaze Highlights Risk of "Hot Works"
• Health & Safety Bulletin - May 2019: Recent Spate of Fires Caused by Electrical Faults Suggests Businesses Need to Check Electrical Systems
• Information Update - Health & Safety
• Insurance Update - Claims Defensibility Review Service
• Risk Bulletin - Health & Safety Competent Person 
• Risk Alert – Why is it So Important to Have a Business Continuity Plan?  

Download the full document here

• Business Continuity Planning.pdf (612KB)

Coronavirus (Covid-19) – Update for Towergate customers

· Update as at 16 March 2020 During the COVID-19 Coronavirus crisis, we want to reassure our customers and partners that we are following UK Government guidance, and as a result our national offices are closed to both safeguard the health of our employees and our ability to look after our valued clients. Where possible, our employees are working from home and we are still fully able to support with renewals, new cover requirements and claims guidance and support. This includes giving our colleagues the ability to work from home or alternative locations, which we hope will limit the disruption and enable you to speak to us for advice and support should you need it. Read more