Renfrewshire Council

How to prepare your business for an emergency

Your business could be severely affected by an emergency.

Taking the time now to consider how you would cope will better equip your response to an incident.

For example, how would you carry on your core business if your premises were affected by a fire or a flood.

The following may help your response to an emergency:

To help your response to an emergency emergency, you can:

• prepare a  business grab bag [97KB]
• create a business continuity planning leaflet [464KB]   business continuity plan

Business continuity planning

1 in 5 organisations suffer a major disruption every year.

80% of businesses affected by a major incident (that don't have business continuity planning arrangements in place) either never re-open or close within 18 months.

Business continuity planning will help you to understand and manage the risks to the everyday risks faced by your organisation. 

It will help you prepare for emergencies or disruptions, by planning different ways of working that enable you to continue to deliver key functions.

This  business continuity planning leaflet [464KB]  will help you assess your current business continuity planning arrangements. It also has ideas to improve the resilience of your business.

The Civil Contingencies Service can offer further information and advice on business continuity planning. You can email them at ccs@renfrewshire.gov.uk

Cyber security and information assurance

Companies or individuals who initiate active attacks on others may do so for a range of reasons such as to breach national security, take part in acts of terrorism, crime or industrial espionage.  

To secure against such attacks, the Centre for the Protection of National Infrastructure (CPNI) advise businesses to consider the following questions and to keep these under constant review:

• Who would want access to your information and how could they acquire it?
• How could they benefit from its use?
• Can they sell it, amend it or prevent staff or customers from accessing it?
• How damaging would loss of data be? What would be the effect on your operations?

Carelessness is the cause of many cyber failures - for example, failure to encrypt a USB stick or when staff ignore corporate procedures regarding external emails.

Here are a few steps which can be taken to ensure the safety of your information and to minimise the risks of a successful cyber-attack.

• Keep track of authorised and unauthorised devices and software
• Organise both hardware and software on laptops, work stations and servers
• Continually review vulnerability assessments
• Install defences against harmful software
• Introduce and promote training for staff
• Limit and control network ports
• Control use of desktops e.g. using strong passwords that follow known standards
• Keep detailed logs, identifying location, malicious software deployed and activity of machine affected
• Control access to facilities, information and systems on a need to know basis.
• Monitor staff accounts appropriately
• Establish data loss prevention techniques
• Embed incident response plans (protect your organisation's reputations)
• Maintain a secure network
• Reinforce staff messages around vigilance e.g. only opening emails from trusted senders and reporting breaches of security

More information

You can find more  information on preparing your business for an emergency from Ready Scotland and the Business Continuity Institute.

There is other information, guidance and resources on cyber resilience and protecting your business from the:

• National Cyber Security Centre (NCSC)
• Scottish Business Resilience Centre (SBRC)