Global Consumer Insights Pulse Survey - June 2022
Achieving net zero infrastructure
Manufacturing COO Pulse Survey
Ukraine: Tax, Legal and People considerations
Digital Trust Insights Survey 2022
M&A industry trends report
The Leadership Agenda
26th Annual Global CEO Survey
strategy+business — a PwC publication
The New Equation
PwC's Global Annual Review
Committing to Net Zero by 2030
No Match Found
A holistic approach .
Can your organisation sustain operations in the midst of a serious crisis? How do you identify “mission-critical” processes? Do you have a backup strategy in the event of a massive disruption in your technology, facilities or other functions? Are your employees trained to respond during business disruptions?
Companies that take a holistic approach to business continuity management develop the ability to identify, prevent and prepare for events that may disrupt normal activities.
A fully integrated business continuity strategy helps to build an overall culture of resilience .
67% of organisations applied a business continuity plan as part of their response to the COVID-19 pandemic. Source: PwC’s Global Crisis Survey 2021
Business continuity and a culture of resilience
Business continuity means more than just making sure the lights stay on when a crisis hits. The benefits of establishing a business continuity strategy include:
- Resilience: With greater awareness of what really matters during a crisis, you can focus resources effectively.
- Employee engagement and ownership: Your people understand their roles and responsibilities in a crisis, and are invested in executing a seamless recovery .
- Strategic recovery plans: Pre-defined strategic decisions are embedded into recovery plans to guide your people toward a common goal during disruption.
- Detailed business impacts and risks identified: Potential risks and areas of concern can be mitigated in “peace time” rather than in the heat of a crisis.
- Empowered leadership: Leaders are actively enabled to monitor the state of resilience within the organisation and provide hands-on guidance and support.
- Continuous improvement: Tests, drills and simulation exercises help you understand what works and what doesn’t, enabling continued resilience and growth.
Assessing an organisation’s business continuity program
Effective business continuity programs have a common framework, core capabilities, and coordination of resources and activities to plan for and respond to events.
PwC’s Organizational Preparedness Assessment (OPA), based on leading industry practices, helps organisations identify program blind spots and provides actionable recommendations to enhance program maturity.
PwC’s business continuity planning solutions
We’ve built scalable solutions to create a bespoke solution for each of our clients:
- Business continuity program assessment and design
- Business impact analysis and interruption risk assessment
- Recovery plan creation and resilience improvement
- Business continuity program exercises, maintenance and training
- Business continuity program technology enablement and enterprise risk management integration
- Third-party resilience framework and analysis
- Crisis management program development and exercises
- Information technology disaster recovery and business continuity program alignment and analysis
PwC brings depth and experience to support your response to an enterprise-wide crisis
Our PwC crisis management teams have developed tools and processes to help you survive an unexpected event and emerge stronger.
We take a holistic view of your organisation’s business continuity needs. And as your trusted advisor, we’ll help you build resilience for the long term.
We welcome your comments
Your request / feedback has been routed to the appropriate person. Should you need to reference this in the future we have assigned it the reference number "refID" .
Thank you for your comments / suggestions.
Required fields are marked with an asterisk( * )
Please correct the errors and send your information again.
Tick this box to verify you are not a robot
By submitting your email address, you acknowledge that you have read the Privacy Statement and that you consent to our processing data in accordance with the Privacy Statement (including international transfers). If you change your mind at any time about wishing to receive the information from us, you can send us an email message using the Contact Us page.
Global Crisis & Resilience Co-Leader, PwC United States
Tel: +1 678 419 1355
Global Crisis & Resilience Co-Leader, PwC United Kingdom
Tel: +44 (0)7483 422701
© 2017 - 2023 PwC. All rights reserved. PwC refers to the PwC network and/or one or more of its member firms, each of which is a separate legal entity. Please see www.pwc.com/structure for further details.
- Legal notices
- Legal disclaimer
- Terms and conditions
An official website of the United States government
Here’s how you know
Official websites use .gov A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS A lock ( Lock A locked padlock ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
Business Continuity Plan
Business Continuity Planning Process Diagram - Text Version
When business is disrupted, it can cost money. Lost revenues plus extra expenses means reduced profits. Insurance does not cover all costs and cannot replace customers that defect to the competition. A business continuity plan to continue business is essential. Development of a business continuity plan includes four steps:
- Conduct a business impact analysis to identify time-sensitive or critical business functions and processes and the resources that support them.
- Identify, document, and implement to recover critical business functions and processes.
- Organize a business continuity team and compile a business continuity plan to manage a business disruption.
- Conduct training for the business continuity team and testing and exercises to evaluate recovery strategies and the plan.
Information technology (IT) includes many components such as networks, servers, desktop and laptop computers and wireless devices. The ability to run both office productivity and enterprise software is critical. Therefore, recovery strategies for information technology should be developed so technology can be restored in time to meet the needs of the business. Manual workarounds should be part of the IT plan so business can continue while computer systems are being restored.
Resources for Business Continuity Planning
- Standard on Disaster/Emergency Management and Business Continuity Programs - National Fire Protection Association (NFPA) 1600
- Professional Practices for Business Continuity Professionals - DRI International (non-profit business continuity education and certification body)
- Continuity Guidance Circular - Federal Emergency Management Agency
- Open for Business® Toolkit - Institute for Business & Home Safety
Business Continuity Impact Analysis
Business continuity impact analysis identifies the effects resulting from disruption of business functions and processes. It also uses information to make decisions about recovery priorities and strategies.
The Operational & Financial Impacts worksheet can be used to capture this information as discussed in Business Impact Analysis . The worksheet should be completed by business function and process managers with sufficient knowledge of the business. Once all worksheets are completed, the worksheets can be tabulated to summarize:
- the operational and financial impacts resulting from the loss of individual business functions and process
- the point in time when loss of a function or process would result in the identified business impacts
Those functions or processes with the highest potential operational and financial impacts become priorities for restoration. The point in time when a function or process must be recovered, before unacceptable consequences could occur, is often referred to as the “Recovery Time Objective.”
Resource Required to Support Recovery Strategies
Recovery of a critical or time-sensitive process requires resources. The Business Continuity Resource Requirements worksheet should be completed by business function and process managers. Completed worksheets are used to determine the resource requirements for recovery strategies.
Following an incident that disrupts business operations, resources will be needed to carry out recovery strategies and to restore normal business operations. Resources can come from within the business or be provided by third parties. Resources include:
- Office space, furniture and equipment
- Technology (computers, peripherals, communication equipment, software and data)
- Vital records (electronic and hard copy)
- Production facilities, machinery and equipment
- Inventory including raw materials, finished goods and goods in production.
- Utilities (power, natural gas, water, sewer, telephone, internet, wireless)
- Third party services
Since all resources cannot be replaced immediately following a loss, managers should estimate the resources that will be needed in the hours, days and weeks following an incident.
Conducting the Business Continuity Impact Analysis
The worksheets Operational and Financial Impacts and Business Continuity Resource Requirements should be distributed to business process managers along with instructions about the process and how the information will be used. After all managers have completed their worksheets, information should be reviewed. Gaps or inconsistencies should be identified. Meetings with individual managers should be held to clarify information and obtain missing information.
After all worksheets have been completed and validated, the priorities for restoration of business processes should be identified. Primary and dependent resource requirements should also be identified. This information will be used to develop recovery strategies.
If a facility is damaged, production machinery breaks down, a supplier fails to deliver or information technology is disrupted, business is impacted and the financial losses can begin to grow. Recovery strategies are alternate means to restore business operations to a minimum acceptable level following a business disruption and are prioritized by the recovery time objectives (RTO) developed during the business impact analysis .
Recovery strategies require resources including people, facilities, equipment, materials and information technology. An analysis of the resources required to execute recovery strategies should be conducted to identify gaps. For example, if a machine fails but other machines are readily available to make up lost production, then there is no resource gap. However, if all machines are lost due to a flood, and insufficient undamaged inventory is available to meet customer demand until production is restored, production might be made up by machines at another facility—whether owned or contracted.
Strategies may involve contracting with third parties, entering into partnership or reciprocal agreements or displacing other activities within the company. Staff with in-depth knowledge of business functions and processes are in the best position to determine what will work. Possible alternatives should be explored and presented to management for approval and to decide how much to spend.
Depending upon the size of the company and resources available, there may be many recovery strategies that can be explored.
Utilization of other owned or controlled facilities performing similar work is one option. Operations may be relocated to an alternate site - assuming both are not impacted by the same incident. This strategy also assumes that the surviving site has the resources and capacity to assume the work of the impacted site. Prioritization of production or service levels, providing additional staff and resources and other action would be needed if capacity at the second site is inadequate.
Telecommuting is a strategy employed when staff can work from home through remote connectivity. It can be used in combination with other strategies to reduce alternate site requirements. This strategy requires ensuring telecommuters have a suitable home work environment and are equipped with or have access to a computer with required applications and data, peripherals, and a secure broadband connection.
In an emergency, space at another facility can be put to use. Cafeterias, conference rooms and training rooms can be converted to office space or to other uses when needed. Equipping converted space with furnishings, equipment, power, connectivity and other resources would be required to meet the needs of workers.
Partnership or reciprocal agreements can be arranged with other businesses or organizations that can support each other in the event of a disaster. Assuming space is available, issues such as the capacity and connectivity of telecommunications and information technology, protection of privacy and intellectual property, the impacts to each other’s operation and allocating expenses must be addressed. Agreements should be negotiated in writing and documented in the business continuity plan. Periodic review of the agreement is needed to determine if there is a change in the ability of each party to support the other.
There are many vendors that support business continuity and information technology recovery strategies. External suppliers can provide a full business environment including office space and live data centers ready to be occupied. Other options include provision of technology equipped office trailers, replacement machinery and other equipment. The availability and cost of these options can be affected when a regional disaster results in competition for these resources.
There are multiple strategies for recovery of manufacturing operations. Many of these strategies include use of existing owned or leased facilities. Manufacturing strategies include:
- Shifting production from one facility to another
- Increasing manufacturing output at operational facilities
- Retooling production from one item to another
- Prioritization of production—by profit margin or customer relationship
- Maintaining higher raw materials or finished goods inventory
- Reallocating existing inventory, repurchase or buyback of inventory
- Limiting orders (e.g., maximum order size or unit quantity)
- Contracting with third parties
- Purchasing business interruption insurance
There are many factors to consider in manufacturing recovery strategies:
- Will a facility be available when needed?
- How much time will it take to shift production from one product to another?
- How much will it cost to shift production from one product to another?
- How much revenue would be lost when displacing other production?
- How much extra time will it take to receive raw materials or ship finished goods to customers? Will the extra time impact customer relationships?
- Are there any regulations that would restrict shifting production?
- What quality issues could arise if production is shifted or outsourced?
- Are there any long-term consequences associated with a strategy?
Resources for Developing Recovery Strategies
- The Telework Coalition (America’s leading nonprofit telework education and advocacy organization)
Telephones are ringing and customer service staff is busy talking with customers and keying orders into the computer system. The electronic order entry system checks available inventory, processes payments and routes orders to the distribution center for fulfillment. Suddenly the order entry system goes down. What should the customer service staff do now? If the staff is equipped with paper order forms, order processing can continue until the electronic system comes back up and no phone orders will be lost.
The order forms and procedures for using them are examples of “manual workarounds.” These workarounds are recovery strategies for use when information technology resources are not available.
Developing Manual Workarounds
Identify the steps in the automated process - creating a diagram of the process can help. Consider the following aspects of information and work flow:
Internal Interfaces (department, person, activity and resource requirements)
- External Interfaces (company, contact person, activity and resource requirements)
- Tasks (in sequential order)
- Manual intervention points
Create data collection forms to capture information and define processes for manual handling of the information collected. Establish control logs to document transactions and track their progress through the manual system.
Manual workarounds require manual labor, so you may need to reassign staff or bring in temporary assistance.
Last Updated: 05/26/2021
Return to top
Built by top industry experts to automate your compliance and lower overhead.
- Documentation Toolkits
Our toolkits supply you with all of the documents required for ISO certification.
Our course and webinar library will help you gain the knowledge that you need for your certification.
- White Papers
- Templates & Tools
- ISO in General
- Live Consultations
- Consultant Directory
- For Partners
Experienced auditors, trainers, and consultants ready to assist you.
- About Advisera
- Get Started
ISO 27001 & ISO 22301 Knowledge base
Business continuity plan: how to structure it according to iso 22301.
In my experience, companies usually find two things in their business continuity or information security management to be the most difficult: risk assessment, and business continuity planning. Here I’ll give you some tips on business continuity plans (BCP).
ISO 22301 business continuity plan should include Purpose, scope and users, Reference documents, Assumptions, Roles and responsibilities, Key contacts, Plan activation and deactivation, Communication, Incident response, Physical sites and transportation, Order of recovery for activities, Recovery plans for activities, Disaster recovery plan, Required resources, and Restoring and resuming activities from temporary measures.
What is a business continuity plan?
According to ISO 22301 , business continuity plan is defined as “documented procedures that guide organizations to respond, recover, resume, and restore to a pre-defined level of operation following disruption.” (clause 3.5)
This basically means that BCP focuses on developing plans/procedures, but it doesn’t include the analysis that forms the basis of such planning, nor the means of maintaining such plans – all these are required elements of business continuity management that are necessary for enabling successful contingency planning.
To read more about analysis, see Five Tips for Successful Business Impact Analysis , and to find out how to interpret the analysis, read Can business continuity strategy save your money? .
Business continuity plan example
Here’s what I found to be the optimal structure for the business continuity plan for smaller and midsize companies, and what each section should include:
Purpose, scope and users – why this plan is developed, its objectives, which parts of the organization it covers, and who should read it.
Reference documents – to which documents does this plan relate? Normally, these are Business Continuity Policy, Business Impact Analysis, Business Continuity Strategy, etc.
Assumptions – the prerequisites that need to exist in order for this plan to be effective.
Roles and responsibilities – who will be responsible for managing the disruptive incident, and who is authorized to perform certain activities in case of a disruptive incident – e.g. activation of the plans, urgent purchases, communication with media, etc.
Key contacts – contact details for persons who will participate in the execution of the business continuity plan – this is usually one of the annexes of the plan.
Plan activation and deactivation – in which cases can the plan be activated, and the method of activation; which conditions need to exist to deactivate the plan. Communication – which communication means will be used between different teams and with other interested parties during the disruptive incident. Who is in charge of communicating with each interested party, and the special rules of communication with media and government agencies.
Incident response – how to react initially to an incident in order to reduce the damage – this is very often an annex to the main plan.
Physical sites and transportation – which are the primary and alternative sites, where the assembly points are, and how to get from primary to alternative sites.
Order of recovery for activities – list of all the activities, with precise Recovery Time Objective (RTO) for each.
Recovery plans for activities – description of step-by-step actions and responsibilities for recovering manpower, facilities, infrastructure, software, information, and processes, including interdependencies and interactions with other activities and external interested parties – these are very often annexes to the main plan. To read more about them, see How to write business continuity plans?
Disaster recovery plan – this is normally a type of recovery plan that focuses on recovering the information and communication technology infrastructure. To read more about the relationship between disaster recovery and business continuity, see Disaster recovery vs business continuity .
Required resources – a list of all the employees, third-party services, facilities, infrastructure, information, equipment, etc. that are necessary to perform the recovery, and who is responsible to provide each of them.
Restoring and resuming activities from temporary measures – how to restore business activities back to business-as-usual once the disruptive incident has been resolved.
What I like about ISO 22301 is that it requires all the elements that are necessary for this plan to be useful in case of a disaster (or any other disruption in a company’s activities). However, no standard can help you unless you understand this task seriously – a properly written and comprehensive plan can save your company in tough times, while a superficially written plan will only make things worse.
Click here to see a sample Business Continuity Plan .
Writing a business continuity plan according to ISO 22301
Free webinar explains the basics about business continuity plans and how to structure them
You may unsubscribe at any time. For more information, please see our privacy notice .
- Platform overview
- Perform Inspections
- Create reports
- Capture Issues
- Assign actions
- Workplace communications
- Insights and data
- Build workflows
- Integrate your tools
- Automated Monitoring
- SafetyCulture Marketplace
- Transport & Logistics
- Facilities Management
- Incident Management
- Risk Management
- ISO 9001:2015 Quality Management
- ISO 14001:2015 Environmental Management
- ISO 45001:2018 Occupational Health & Safety Management
- Partner Program
- Help Center
- Digitize your form
- Product updates
- Getting started with SafetyCulture Platform
- Getting started with Issues
- Getting started with Heads up
- Events & Webinars
- Checklist Library
- ROI Calculator
- Checklist guides
- Topic guides
- About SafetyCulture
- Brand Partnerships
- Customer stories
Business Continuity Plan
Power through business disruptions and ascertain operational stability with a practical and effective business continuity plan
Published 15 Feb 2023
What is a Business Continuity Plan?
A business continuity plan is a practical guide developed by companies to enable continuous operations in the event of major business disruptions like natural disasters and global lockdowns. Business continuity planning usually involves analyzing the impact of disrupted business processes and determining recovery strategies with management. Business continuity plans should also be properly documented and tested through exercises for optimal effectiveness.
Business Continuity Plan | View Sample PDF
The goal of a business continuity plan is to strengthen the defense of businesses against a number of potential disruptions. It also aims to maintain critical business functions during unforeseen disasters. With a comprehensive business continuity plan, leaders can ensure that despite restrictions, there would be a reduced impact on the company, its employees, and operations.
- Why Is It Important?
With economies impaired by the COVID-19 pandemic , business continuity has increasingly become a top priority for organizations around the world. A business continuity plan (BCP) is important because it helps companies maintain essential functions amid or after emergency situations, protecting their reputation and minimizing financial losses. Moreover, it helps employers stay on top of disruptive incidents and empower workers to complete job tasks with confidence.
- Business Continuity Plan vs. Disaster Recovery Plan
The main difference between a business continuity plan and a disaster recovery plan is that the former encompasses the latter—that is, business continuity planning includes disaster recovery planning. I SO 22301:2019 is the international standard for business continuity management (BCM) systems, and it outlines how specific plans for disaster recovery, incident preparedness, and emergency response may be needed rather than just one large plan for business continuity.
- How to Write a Business Continuity Plan
Creating a business continuity plan seems to be a daunting task at first, especially for managers of operations, information technology, and human resources as they are often designated with this duty. As recommended by the International Labour Organization (ILO), listed below are general steps in developing a business continuity plan for small to medium sized enterprises (SMEs):
- Step 1: Determine the risk profile through a self-assessment using the 4Ps framework—People, Processes, Profits, and Partnerships
- Step 2: Identify key products, services, or functions
- Step 3: Establish the business continuity plan objectives
- Step 4: Evaluate the potential impact of disruptions to the business and its workers
- Step 5: List actions to protect the business
- Step 6: Organize contact lists
- Step 7: Maintain, review, and continuously update the business continuity plan
Digitize the way you Work
Empower your team with SafetyCulture to perform checks, train staff, report issues, and automate tasks with our digital platform.
When planning for business continuity, it helps to break down its elements into quickly-understood segments. Keeping the plan user-focused can also help ensure usability and promote transferability. The following is a brief ILO example of how a small business owner developed a business continuity plan to mitigate the impact of COVID-19 :
COVID-19 Risk Assessment: high-risk profile
Key Products: different types of canned sardines
- Maximize the physical and emotional safety of the owner and workers
- Resume operations as quickly as possible following disruptions
- Make sure that key products are resilient to disruptions associated with COVID-19
- Safeguard supply chain
- Ensure that the enterprise fulfils its contractual commitments with clients
Potential Impact of Disruptions:
- Workers falling sick (owner’s/suppliers’/support services’)
- Government restrictions on freedom of movement could affect the owner’s (and the suppliers’) ability to get to work
- Government restrictions on accessing the port could affect the customers’ ability to get the products to market
- Inability of government utilities to provide services (water and electricity were of chief concern)
- Drop in demand for products
4Ps Framework Action Points:
- People (lives of workers and family members) Limit the contact points to a single one in the business and set up a sanitation point to lessen the exposure there. Review the standard ways of working and adapt to physical distancing criteria . This would require new shift arrangements to be discussed with the workers. Moreover, prepare for increased absenteeism.
- Processes (business operations) Ask workers to volunteer for ensuring sanitation points are well-stocked daily, establishing a temperature checking station at entrance for all workers/suppliers/customers/visitors, daily consultation with suppliers and customers to assess their situation and any changes that have occurred, and making sure everybody is familiar with ways to stay safe at home .
- Profits (revenue generation) Work out daily operational costs (payroll, rent, supplies, etc.) and make simulations based on the financial needs if key disruptions occurred. Notice opportunities for increased sales as well. Discuss with main suppliers about the availability of alternative sources and put agreements in place to enable this.
- Partnerships (enabling environment to carry out business activities) Strike an agreement with other SME owners to share safety measures and practices for each of their businesses. Agree to a common set of procedures to keep workers safe and share the cost of getting information on how to handle workplace issues like changes to working time, possible redundancies, and other HR issues.
- Contact numbers of authorities and third parties (police, emergency services, firefighters, nearest hospitals, insurance company)
- List of workers, their positions and contact details (mobile phone and email address) as well as worker’s emergency contact details
- List of clients, suppliers, contractors and government agencies the owner worked with, including the contact person and details (mobile phone, email address, and street address)
- Communication methods to connect with workers during the COVID-19 crisis (Facebook, WhatsApp, etc.)
- Staff emergency call tree
- Review the business continuity plan every week to improve its effectiveness
- Update risk assessments, strategies for business continuity, and other procedures
- Ensure continual improvement of all the process included in the business continuity plan
Even when disruptions can force businesses to shut down, yours doesn’t have to. Aim for operational stability by developing and implementing a business continuity plan with the help of a simple tool like SafetyCulture (formerly iAuditor) . SafetyCulture is a digital platform that empowers people to work safely and efficiently through mobile checklists, actions, and reporting.
Using SafetyCulture as a business continuity software , here’s how different companies around the world reached business continuity amid COVID-19 :
Coming Out Strong as the Pandemic Unfolded
Footasylum is a sports fashion retailer in the UK with 70 stores and over 2,700 employees nationwide. Because of the emerging novel coronavirus outbreak, they knew it was inevitable for retail stores to close without an idea when they could safely reopen.
They used SafetyCulture to safely reopen stores by conducting a preliminary COVID-19 store opening check which provided incredibly quick insight on the current state of the stores and created actions for what needed to be done to control health and safety risks.
Now that stores are open, the team uses SafetyCulture to monitor daily activity through a retail COVID-19 daily requirements check , giving the management confidence that they are doing everything that is reasonably practicable to ensure the safety of their staff and customers.
“We have come out of this as a really strong team, and pride is really high,” said Jane Buck, Head of Human Resources and Health and Safety.
Acting at Lightning Speed to Protect Hundreds of Staff and Thousands of Customers
Statewide Independent Wholesalers (SIW) is a grocery wholesaler that holds and delivers goods for most of the major supermarkets in Tasmania, Australia . When COVID-19 hit, they needed to make decisions quickly due to the risk which was significantly high.
The grocer giant stayed completely focused on meeting COVID-19 hygiene and distancing requirements , as they do around 75 checks every week. Health, Safety, and Environmental Manager Courtney Newman shared, “SafetyCulture is a really valuable tool to do that. It’s made a huge difference to our data collection, and our behavior observation space, too.”
They managed to minimize 6.5 hours of admin time which was useful when they needed that time to keep themselves informed on the latest news and guidance. Courtney continued, “I took the SafetyCulture program and used it the way I wanted to. This means if any of our teams are doing anything of risk, we work with them to make sure they adhere to the guidelines.”
Navigating the Pandemic and Beyond with Safety, Consistency, and Quality
Snooze Eatery is a popular chain of restaurants with 43 locations in the US. During one of the most uncertain periods for hospitality businesses, they used SafetyCulture to build up a culture of safety, consistency, and quality.
During reopening, the team created the brand new role, ‘Safety Dancers’, who are in charge of cleaning, sanitizing, and managing the capacity of the eatery. This meant that guests could trust the safety and cleanliness standards of the restaurant, and enjoy a cup of coffee in bliss.
SafetyCulture has allowed them to reassure their employees and guests during a time where trust in public spaces is low because of the potential health and safety risks. They also don’t just implement COVID-19 protocols with SafetyCulture —it’s a safeguard for food and service quality across all their locations.
“It’s a unique tool. The inspections and templates make you go through a checklist, but it also makes you give proof in the form of photos and notes, and to take care of things on the spot. It holds you to the utmost perfect standard in every way.”
—Katie Birner, Snooze Eatery Assistant General Manager
Business Continuity Plan Templates
Get started with your business continuity plan by using pre-made industry templates you can customize and use on SafetyCulture. This free collection of BCP templates includes audit checklists to help you assess the effectiveness of your business continuity plan, keep it updated, and take action on areas for improvement.
- View Business Continuity Plan Templates
SafetyCulture Content Specialist
Jona Tarlengco is a content writer and researcher for SafetyCulture since 2018. She usually writes about safety and quality topics, contributing to the creation of well-researched articles. Her 5-year experience in one of the world’s leading business news organisations helps enrich the quality of the information in her work.
In this article
Relevant articles, employee engagement.
Employee engagement may be influenced by various factors such as workplace culture, leadership, and ...
In this guide, you will learn what journey management is, why it’s important, and the most ...
- Process Analysis
Benefits Business process analysis is consequential to a company’s growth. Whether you work as a ...
- Contingency Plan Template
- Project Execution Plan Template
- Project Plan Template
- Project Initiation Document Template
- PDSA Template
- Work Instruction
- Supply Chain Sustainability
- Data Management
- Process Management
- Task Management Software
- Corporate Social Responsibility Software
- GRC Software
- 10 Team Management Apps
- Product Management Software
An official website of the United States government
Here’s how you know
Official websites use .gov A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS A lock ( Lock A locked padlock ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
Manufacturing Extension Partnership (MEP)
Business continuity planning.
Business continuity planning enables you to create an easy-to-use, actionable business continuity planning solution to prepare for the impact of a broad range of threats including natural disasters, disease outbreaks, accidents and terrorism. In addition business continuity planning can help when you face technology-related hazards like the failure of systems, equipment or software. MEP Centers can assist you in developing a plan unique to your needs.
If your company needs to create or tweak a business continuity plan, I highly suggest reaching out to Purdue MEP!
—Doug Ellington, Director of Finance, Estes Design and Manufacturing Read the Success Story
Business Continuity Plans: Lessons Learned From Puerto Rico
How to Translate Lean Principles Into Your Office Functions
For more information or assistance with business continuity planning, please contact your local MEP Center .
If you would like someone to contact you about business continuity planning , please complete the form below.
For General Information
- MEP Headquarters [email protected] (301) 975-5020 100 Bureau Drive, M/S 4800 Gaithersburg, MD 20899-4800
- Site License
- Agile Workflow
- AWS Diagram
- Cause and Effect
- Charts and Gauges
- Decision Tree
- Business Continuity
- Chain of Command
- Emergency Documents
- Emergency Forms
- Evacuation Plan
- Fire Scene Reconstruction
- Responsibility Assignment
- Event Planning
- Family Trees
- Flyers and Certificates
- Network Design
- Organizational Chart
- Project Management
- Software Design
- Strategic Planning
- Venn Diagram
Business Continuity Planning Process Diagram
Create Business Continuity examples like this template called Business Continuity Planning Process Diagram that you can easily edit and customize in minutes.
Text in this Example:
Recovery Strategies Business Impact Analysis Plan Development Testing & Exercises Business Continuity Planning Process Diagram Develop questionnaire, Conduct workshop to Instruct business function and process managers how to complete the BIA, Receive Completed BIA questionnaire forms, Review BIA questionnaires, Conduct follow-up interviews to validate information and fill any information gaps. Identify and document resource requirements based on BIAs, Conduct gap analysis to determine gaps between recovery requirements and current capabilities, Explore recovery strategies with management approval, Implement strategies. Develop plan framework, Organize recovery teams, Develop Relocation Plans, Write business continuity and IT disaster recovery procedures, Document manual workarounds, Assemble plan; validate gain management approval. Develop testing, exercise and maintenance requirements, Conduct training for business continuity team, Conduct orientation exercises, Conduct testing and document test results, Update BCP to incorporate lessons learned from testing and exercises.
©1994-2023 SmartDraw, LLC
- Explore SmartDraw
- Privacy [UPDATED]
- Flowchart Maker
- Floor Plan Designer
- Organizational Chart Templates
Business Continuity Simplified
Smartsheet Contributor Andy Marker
December 17, 2018 (updated October 24, 2021)
Unexpected work interruptions can cripple a business and cause millions of dollars in expenses and lost business. Learn about the importance of business continuity planning and management from experts.
In this article, you’ll learn the definition of a business continuity plan and the primary goal of business continuity planning . Additionally, you’ll learn the steps involved in business continuity planning and about the business continuity lifecycle .
What Is Business Continuity Management?
In business continuity management (BCM) , a company identifies potential threats to its activities and the threat impact. The company then develops plans to respond to those threats and continue activities through any crisis.
What Is a Business Continuity Plan?
A business continuity plan (BCP) describes how a business will continue to run during and after a crisis event. The BCP details guidelines, procedures, and work instructions to aid continuity.
To learn more about writing a plan, see our how-to guide to writing a business continuity plan .
What Is Business Continuity Planning?
Business continuity planning (BCP) refers to the work a company does to create a plan and system to deal with risks. Thorough planning seeks to prevent problems and ensure business processes continue during and after a crisis.
Business continuity planning ensures that the company deals with disruptions quickly, and minimizes the impact on operations. Business continuity planning is also called business resumption planning and continuous service delivery assurance (CSDA) .
What Is the Primary Goal of Business Continuity Planning?
The main goal of business continuity planning is to support key company activities during a crisis. Planning ensures a company can run with limited resources or restricted access to buildings. Continuity planning also aims to minimize revenue or reputation losses.
A business continuity plan should outline several key things that an organization needs to do to prepare for potential disruptions to its activities, including the following:
- Recognize potential threats to a company.
- Assess potential impacts on the company’s daily activities.
- Provide a way to reduce these potential problems, and establish a structure that allows key company functions to continue throughout and after the event.
- Identify the resources the organization needs to continue operating, such as staffing, equipment, and alternative locations.
Business Continuity Planning Steps
A business continuity plan includes guidelines and procedures to guide a business through disruption. The efforts to create a plan are the same for large or small organizations. A simple plan is better than no plan.
The basic steps for writing a business continuity plan are as follows:
- Create a governance team.
- Complete your business impact analysis (BIA) and risk assessment documents.
- Document your plan. Remember to include detailed guidelines and procedures that cover key processes and facilities.
- Test and update the plan regularly.
The Business Continuity Management Lifecycle
Business continuity management includes preparing for and handling unexpected events. BCM has a six-step lifecycle. This cycle repeats during both in regular business times and crises, as you take the right steps to keep activities always running.
The BCM lifecycle includes the following points:
- Mitigate Risk: Proactively identify business continuity risks to your company, and plan how your company will respond.
- Prepare: Train staff on your business continuity plan and ensure they understand what they need to do to help the business respond.
- Respond: Ensure that your company and all employees respond appropriately to a crisis. Be prepared to adapt in the moment.
- Resolve: Ensure that the company plans how to communicate effectively with staff and that it does so appropriately during the crisis.
- Recover: Inform employees, customers, and other important people about the status of the crisis and your company’s response.
- Resume: Communicate with employees and others after the crisis ends.
What Are Business Continuity Risks or Events?
Also called business continuity events, business continuity risks are the most common events that can disrupt a company’s regular operations — these can be natural and human-made crises. Defining these risks is a vital part of business continuity planning.
Such events might include the following:
- Severe weather
- Natural disasters (tornadoes, floods, blizzards, earthquakes, fire, etc.)
- A physical security threat
- A recall of a company’s product
- Supply chain problems
- Threats to staffing and employee safety
- Accidents at an organization’s facilities
- Destruction to a company’s facilities or property
- Power disruptions
- Server crashes
- Failures in public and private services (communications, transportation, safety, etc.)
- Environmental disasters, including hazardous materials spills
- Network disruptions
- Human error/human-made hazards
- Stock market crashes
- Cyber attacks and hacker activity
Any of these triggers can result in broader problems for a company, such as danger or injury to staff and others, equipment damages, brand injury, and loss of income and net worth. Business continuity management and planning address and mitigate these contingencies.
What Is a Business Continuity Strategy?
A business continuity strategy is more often called a business continuity plan. The strategy includes the processes and structure a company uses to manage an unexpected event.
Some people consider business continuity strategy to be a step in the planning process. In the strategy phase, business continuity planners describe the overall approach a company should take to prevent, manage, and recover from a crisis.
An Overview of Business Continuity Management and Planning
There are several goals, key elements, and benefits to business continuity management and planning. The primary goals of management and planning are as follows:
- Build Company Resiliency: Doing so means that your company’s tools, buildings, and operations are resistant to — and not greatly affected by — most disruptions.
- Create a Plan for Recovery (with Contingencies that Aid in That Recovery): If a major event does cause problems, you should have a plan for how to recover quickly. That plan will include contingencies. For example, you should plan for how key operations will resume if there is a widespread power outage.
Business continuity management and planning generally cover the following areas, with differences depending on the organization and industry:
- Disaster Recovery: Disaster recovery involves recovering technology after a disruptive event. You can learn more about disaster recovery and download free templates in our comprehensive article .
- Emergency Management: Emergency management focuses on avoiding and mitigating catastrophic risks to staff and communities.
- Business Recovery: Considered part of business continuity, business recovery centers on short-term activities after a disruptive incident. The short-term is sometimes defined as less than 60 days.
- Business Resumption: This describes the longterm phase of recovery (60 or more days after an even), wherein the company returns to near-normal conditions.
- Crisis Management: Crisis management focuses on communicating with stakeholders during and after a crisis, and controlling damage during the event. To learn more, read our comprehensive guide to crisis management .
- Incident Management: Incident management is an ITIL (previously known as Information Technology Infrastructure Library) framework for reducing or eliminating downtime after an incident.
- Contingency Planning: This covers outlier risks that are unlikely to occur but which could have disastrous results.
“A well managed business continuity management program will help protect people, assets, and business processes,” says Scott Owens, founder and managing director of BluTinuity , a business continuity firm based in New Berlin, Wisconsin. “It may not be able to prevent all incidents. But it can reduce the likelihood of incidents, decrease response time, and lower the cost and impact of an incident.”
Key Elements of Business Continuity Management
All business continuity management programs should include a number of key elements, which serve to ensure that your plan is positioned for success and that you regularly update and improve it.
These important elements include the following:
- Governance: This is the structure and team your business sets up to create and monitor the program.
- Business Alignment: This section details how your company’s current business continuity management and planning processes compare to expert approaches and industry standards.
- Continuity Strategy and Recovery Strategies: Include a detailed plan that assesses risks to your organization and how you can recover, should those risks become reality.
- Plan Documentation: Provide details on the plan that everyone in your company can access. To get started, see our roundup of free business continuity plan templates .
- Tactical Implementation: This section includes details on the specific ways your company plans to recover from certain types of incidents.
- Training: In this section, detail how you will train your staff to understand the business continuity plan and their role in it.
- Testing: Include real-world simulations of a crisis event, and test how your company and its employees respond and the effectiveness of your business continuity plans.
- Maintenance: Make changes to the plan where necessary to increase its effectiveness.
- Monitoring: This section details how you will continue to compare industry standards and expert advice to how your plan is working.
To learn about formal requirements for business continuity planning and management, see our comprehensive article on the ISO 22301 standard .
The Costs of Business Continuity Management
The costs to do an appropriate job of business continuity management can be significant. However, some reports say that the cost of unforeseen downtime may be as much as $2.5 billion a year for Fortune 1000 companies.
Kurt Engemann, Ph.D., is Director of the Center for Business Continuity and Risk Management at Iona College in New York, Editor-in-Chief of the International Journal of Business Continuity and Risk Management and author of Business Continuity and Risk Management: Essentials of Organizational Resilience . In the book, he says that costs for business continuity preparation do not only include the groundwork to assess a company’s risks and plans to manage those risks. Rather, they also cover the needed backup facilities and equipment and company assets for emergency response. In addition, costs must cover resources for training employees and testing the plan.
Some experts have estimated that business continuity management and planning within only the crucial information technology aspects of companies can cost two to four percent of the information technology budget. But the costs are necessary, and worth it in the long run, according to business continuity experts.
“There is an initial outlay of a modest amount of money that will lessen the financial impact of a possible future crisis,” Engemann writes in his book. “Similar to an insurance policy, the financial benefit of BCM must be viewed from a long-term prospective.”
When an organization’s top executives complain about the costs, Owens says, “Ask them what it would cost their organization for an hour of downtime. Or eight hours. Or 24 hours. Chances are the cost — financial, operational, and to brand and reputation — of having key business functions unavailable for an extended period are significant. They will most likely find business continuity management to be worth the investment.”
Benefits of Business Continuity Management
Like Engemann, Owens points out that there are significant benefits to the investment organizations make in business continuity management, including the following:
- Mission Critical Processes: If you understand your key processes, you can plan to protect them and prioritize their recovery.
- Legal and Regulatory Compliance: Laws or regulations require companies in some industries to implement a formal business continuity management system.
- Satisfying Demands from Other Organizations: Some groups and companies may require that your company sets up BCM before they do business with you.
- Insurance Payments: To get the maximum payments from an insurance policy after an event, a company must have suitable business continuity management policies in place.
- Reputation Management: Your business’s brand will be greatly helped or hurt, depending on how an unforeseen event affects its operations.
- Competitive Advantage: A strong business continuity plan can offer your company the advantage over peers who are not as well prepared.
- Seamless Recovery: Cloud-based technologies make data backup, remote work, and business recovery affordable and accessible. Groups and businesses of all sizes can benefit from such tools. See our article on cloud computing for business continuity to learn more.
- Time Savings: Planning prevents teams from scrambling at the last minute to cobble together a recovery effort. Strong planning helps you get back online — and back on track — faster.
Michael Herrera, CEO of MHA Consulting , a business continuity and disaster recovery firm, cites two other significant benefits:
- Keeping Customers and Avoiding Major Financial Losses: Getting operations back to normal quickly after an event means your company loses less money.
“Your customers aren’t as patient as you think they are,” Herrera explains. “They expect you to have a business continuity system and they expect you to be up and running. Their patience does run out.”
- Improving Day-to-Day Operations: Herrera says his firm’s clients often discover how business continuity planning gives them insights into the day-to-day operations of their company. “It really can help you with process improvement and getting a good understanding of what your business does every day.”
Additionally, strong business continuity planning will enable you to do the following:
- Officially declare a disaster and alert senior management.
- Assist in the development of an official public statement regarding a disaster and its effects on a business.
- Monitor your business’s progress and present the recovery status.
- Provide ongoing support and guidance to teams with pre-planned operations.
- Review critical processing, schedules, and backlogs to keep everyone up to date on status.
- Ensure businesses have both the resources and the information to deal with an unforeseen emergency.
- Reduce the risk that an emergency might pose to employees, clients, and vendors, etc.
- Provide a response for both man-made and environmental disasters.
- Improve overall business communication and response plans.
- Summarize both the operational and the financial impacts resulting from the loss of critical business functions.
- Allow businesses to plan for a loss of function that has potentially larger, more severe consequences.
See our article on the importance and benefits of business continuity planning to read more expert examples of how business continuity can bolster your company.
Key Business Continuity Management and Planning Considerations
Companies don’t have to face business continuity planning alone. There are a variety of tools and services that can help, including the following:
There are hundreds, if not thousands, of consultants and companies that can provide help with developing your business continuity plan. Below are a few things to think about in choosing one:
- How experienced are they? How long have they been around?
- What’s their reputation as a company? What do their clients say about them?
- Are they focused on a specific industry or area of business continuity, or do they have experience with a range of industries and a broad spectrum of business continuity?
- How do they think about business continuity (as a somewhat separate practice or something that needs to be ingrained within your organization)?
- How aligned is their advice with standards in your industry?
Business Continuity Software
There are also hundreds of pieces of business continuity software on the market. Here are some things to consider:
- Are you looking for software that will automate the development of plan components, or software that offers more in-depth help during the planning phase?
- What is the history of the software and the company behind it? How long has this particular software been on the market and what is the history and the reputation of the company behind it?
- Is the software being continually updated and improved?
Below are some specifics to consider as you test drive the software:
- Does it have an easy-to-use interface?
- Does it cover all aspects and components of business continuity, including business impact analysis and risk assessment ?
- Does it include sufficient storage for your company’s supporting documents?
- Does it provide secure portable access via mobile or other technologies, if a crisis interrupts your information technology systems?
- Does it provide strong data analytics?
- Is it secure and private?
Primary Things Your Organization’s Business Continuity Management System Should Accomplish
While your business continuity management system will have various elements and details, there are some primary things it should do for your organization. They correspond to the key elements listed earlier in this article.
For example, a BCM system should help do the following:
- Understand your company’s needs for business continuity and disaster preparedness. A BCM system should be able to assist company leaders in understanding the need for a business continuity management policy.
- Understand which processes should be recovered and in what order.
- Establish business continuity metrics to gauge success.
- Plan for communicating with customers, staff, and other stakeholders.
- Determine what tools, technology, and staffing are required to restore activities and support customers.
- Establish remote-work support or relocation plans for staff and activities.
- Implement ways to continually assess and manage continuity risks.
- Monitor and review how its business continuity management system is working.
- Continually improve the system.
- Respond effectively in a real-world crisis, and allow the business’s critical operations to continue and all operations to resume quickly.
Although nobody wants to think about disasters or the effort needed to prepare to meet and mitigate crises, the alternative is the potential loss of reputation, income, or the entire business. In sum, planning translates to determining your key processes, equipment, and tools, and applying basic recovery strategies.
The Importance of Senior Organizational Leaders Strongly Supporting Your Business Continuity Management and Planning
Your senior leaders must strongly support your company’s business continuity management plan for it to succeed. Such leadership is key as storms, floods, pandemics, and data breaches increase in force and frequency.
“Make sure senior management is committed to the planning, development, execution, and implementation of a business continuity/disaster recovery program,” says Paul Kirvan , a business continuity consultant and a fellow of the Business Continuity Institute with 25 years of experience in business continuity work. “Otherwise, it simply won’t happen. Such programs work best if they have top-down support and funding, as opposed to being developed from the ground up.”
Business Continuity Plan Test Types
Testing verifies the effectiveness of your plan and provides training for participants. To ensure better communication, include suppliers, vendors, and other stakeholders in exercises. If appropriate, also consider including local emergency preparedness officials.
There are four types of testing, and each requires increasing levels of planning, resources, and focus. You should try to run each type of drill regularly.
- Plan Review: Plan reviews are often the first test applied to a new plan. In this test, top management and some key BCP personnel review the relevance and completeness of a plan. Such a review can verify risk and BIA results, and help you check for gaps and inconsistencies among continuity documents.
- Tabletop or Structured Walkthrough: A tabletop test requires more preparation and time. It provides a role-playing exercise for recovery teams.
- Simulation or Walkthrough Drill: In a walkthrough drill, your continuity team physically completes the type of tasks they'd find in a crisis. They may practice evacuating a building during a fire, restoring a backup, or switching to another communication frequency.
- Functional or Live Scenario: Functional tests include a complete physical drill of continuity plans. Live tests may focus on one aspect of the plan or include the complete plan. They may include one part of the company or all team members.
Be sure to document what happened in the test so everyone involved in the exercise — and especially those who created the plan — can understand what did and didn’t go well, and can revise as necessary.
Business Continuity Management Policy Statement
A business continuity policy statement is a written document that outlines an organization’s business continuity management program. The policy statement should be communicated to all employees and should be signed and endorsed by the organization’s senior management.
See real-world examples of a business continuity policy statement .
Cultivating Awareness of Business Continuity Plans
The best business continuity system is useless if no one knows about it. Find ways to promote your plans in daily company activities, and discuss business continuity regularly in company and team meetings. Also, be sure to include the business continuity manager in cross-functional planning meetings so they can represent the business continuity perspective. Above all, exercise your plan, test your plan, and then test again.
What Is the Importance of a Business Continuity Plan?
A business continuity plan is vital to ensure that your company mitigates downtime during a crisis. Resuming activities quickly after an event also helps ensure your company’s financial health.
How to Write a Business Continuity Plan
It is crucial that your company set up a group of people to help create your business continuity plan. The group should include senior leadership, experts, and staff. A simple, practical plan is the best plan. At a minimum, include continuity team roles and duties, and team member contact information. You should also add guidelines and checklists for dealing with unforeseen events.
Daily business functions rely on many resources — human, utilities, machines, and even paper, pens, and pencils. Business recovery after a disruptive event is no different. See our in-depth article on writing a business continuity plan for a complete list of resource types you may want to include in a plan.
You can ask certain questions as you form your strategy, and a business continuity plan usually includes common resources and elements. See our article on how to write a business continuity plan to learn more.
Business Continuity Plan Template
This template can help you document and track business operations in the event of a disruption/disaster to maintain critical processes. The plan includes space to record business function recovery priorities, recovery plans, and alternate site locations. Plan efficiently for disruption and minimize downtime, so your business maintains optimal efficiency.
Download Business Continuity Plan Template
Word | PowerPoint | PDF
You’ll find other most useful free, downloadable business continuity plan (BCP) templates, in Microsoft Word, PowerPoint, and PDF formats in this article .
What Is a Business Impact Analysis and Why Is It an Important Part of a Business Continuity Plan?
A business impact analysis (BIA) is one of the most important parts of business continuity planning. The analysis considers how an unforeseen disruption could affect a company. BIA results also suggest how a business can recover from a crisis.
The business impact analysis will include details on the following:
- Recovery time objectives that outline the organization’s goals relating to how quickly various services and processes will resume after an event
- Financial impact of an incident
- Impact on customers
- Other possible impacts of an incident
- How the organization will prioritize recovery steps
- How the organization will prioritize critical services or products
- Identification of potential revenue loss
- Identification of additional expenses the organization will incur because of the event
- Identification of insurance an organization has or needs to have
- Identification of an organization’s dependencies on other agencies, companies, and providers
See our business impact analysis toolkit to find guidelines and templates to get started.
Risk Mitigation for Business Continuity
Risk assessment is one of the first steps in preparing your business continuity plan.
Risk management includes identifying and ranking risks, and risk control includes identifying policies and procedures to avoid and contain risks.
To learn more about risk management , read our comprehensive guide.
The Importance of Periodically Testing an Organization’s Business Continuity Plan
Even the best business continuity plans are useless if you do not continually test them in real-world mockups. Testing helps you continuously improve procedures, and also keeps plans synched with current business context.
Robert Sollars, a security trainer and consultant from Mesa, Arizona, says, “You must exercise your plan and train your employees in it. This can be costly and unwieldy at times, but it is an absolute must. I liken this to buying a Lamborghini and letting it sit in the garage, never starting it up, never driving it, never doing anything but admiring it. Your plan must be taken out and test driven at least two to three times per year. If you don’t test it, then when the real thing pops you will realize what the books, consultants, and experts have told you is useless for your organization. Testing it allows you to figure out the bugs and tweak the necessary items to make it more efficient and effective.”
Owens adds, “If you haven’t tested your plans, you aren’t ready for a disaster.”
You can do some testing through simpler table top exercises — for example, by talking through hypothetical incidents with your team. But Owens and other business continuity experts say organizations should also periodically do exercises that more closely mimic a real-world event.
“Organizations need to move … to progressively more complex scenarios, involving cross-functional teams and interdependent systems and processes,” he writes in a blog post about business continuity. “This is the only way that a company can get outside its comfort zone to truly understand if what they have designed will really work. My preference is to involve role-playing, actors, and include participation from vendors, business partners, and local law enforcement when appropriate. This will almost always result in lessons learned and opportunities to improve the plan, which is another great outcome.”
The most important result from testing your plan is an understanding of where theoretical solutions won’t work in real events. This understanding will then allow your organization to amend the plan to be more effective.
What Is a Business Continuity Plan Governance Committee?
Many companies set up a business continuity plan governance committee, which consists of staff members and senior leaders (their continuity efforts is vital). Governance tasks include writing the business continuity plan and supervising ongoing plan maintenance.
The committee is often responsible for the following duties:
- Approving the governance structure of the committee
- Clarifying the roles of committee members and others working on the plan
- Overseeing the creation of working groups to develop and implement the plan
- Providing overall direction and communicate important information to employees
- Approving the continuity plan and essential specifics within it
- Setting priorities within the plan
The committee often includes the following members:
- A senior leader from the business, often the sponsor
- A business continuity manager and assistant manager
- The company employee, or outside consultant, who will serve as overall coordinator of the business continuity plan
- The company’s security officer
- The company’s chief information officer, or information technology leader
- Representatives from the company’s business department, to help with the business impact analysis
- An administrative representative
How to Cultivate Resilience in Your Organization
A resilient organization has the tools and abilities to survive a disruptive event, and also regularly looks for new threats and adapts to changes in the organizational and industry landscape. Resilience experts recognize two types of resilience: reactive resilience uses a company’s existing processes to meet and overcome a crisis; proactive resilience anticipates disruptions and considers methods to prevent problems.
Real World Example: Lessons Learned About Business Continuity from the Terrorist Attacks of Sept. 11, 2001
Organizational leaders and business continuity experts learned a lot from the terrorist attacks of September 11, 2001. Worst of all, the attacks killed thousands of people. But they also severely disrupted communications, financial transactions, and some commerce in New York City and throughout the world.
The following are among the lessons learned:
- Business continuity plans must be tested frequently, and updated where needed.
- The plans must assume a wide range of threats.
- The plans must take into account how much companies, agencies, and other entities depend on each other.
- Key people from any organization must be available and reachable when an incident happens.
- The ability to communicate, especially through landline phones, cell phones, and the internet, is vital.
- Sites that organizations use for backup of their digital information should be located at a distance from their primary information technology site.
- Employee support and counseling may be important during and after a crisis.
- An organization should store copies of its business continuity plan at a location apart from its primary location.
- Security perimeters around the scene of an incident may be large, which may affect employees’ access to organization facilities for long periods.
Legislation Governing Some Business Continuity Management and Planning
The United Kingdom did approved the Civil Contingencies Act in 2004, which requires businesses to have business continuity plans in place.
Some industries do have regulatory bodies that may impose business continuity requirements within those industries. For instance, the Financial Industry Regulatory Authority (FINRA) is a private self-regulatory organization overseeing the U.S. financial securities industry. FINRA established FINRA Rule 4370. This rule requires securities firms to create and maintain written business continuity plans. Utility bodies, such as North American Electric Reliability Corporation ( NERC ) and Federal Energy Regulatory Commission ( FERC ), also require continuity plans.
Guidelines, Standards, and Resources Providing Guidance on Business Continuity Management and Planning
Organizational leaders can use a number of standards set by industry and other groups to guide their business continuity planning and management programs. Below are some commonly used standards:
- ISO 22301 : Developed by the International Organization for Standardization (ISO), a standard-setting body, this group of standards sets out appropriate business continuity management practices. Learn more about how this standard can help businesses of all sizes in our guide to ISO 22301 .
- NFPA 1600 : Developed by the National Fire Protection Association, the standard is one of the most widely recognized in the U.S. on emergency preparedness and business continuity.
- National Institute of Standards and Technology SP 800-34 : Sets contingency planning standards for federal information systems in the U.S.
- SPC-2009 — Organizational Resilience : Security, Preparedness and Continuity Management Systems provides critical business and infrastructure security standards developed by the American Society for Industrial Security.
- ISO 27000 : Standards for security in information technology systems, which include standards for business continuity in information technology. Learn more about ISO 27000 and find free checklists and templates .
- DRI International : Professional Practices for Business Continuity Management
- Federal Emergency Management Agency (FEMA): Continuity Guidance Circular: Continuity Guidance for Non-Federal Entities: An 86-page formal document, the circular presents FEMA’s perspective on how businesses can prepare for disasters.
- Insurance Institute for Business & Home Safety: Open for Business Continuity Toolkit: This site offers a video, FAQ, and downloadable continuity planning tools.
What Is the Business Continuity Institute?
The Business Continuity Institute (BCI), based in the United Kingdom, is a non-profit professional organization providing education, certification, and leadership on business continuity management. The Institute has more than 8,000 members in more than 100 countries.
Improve Business Continuity Planning with Real-Time Work Management in Smartsheet
Empower your people to go above and beyond with a flexible platform designed to match the needs of your team — and adapt as those needs change.
The Smartsheet platform makes it easy to plan, capture, manage, and report on work from anywhere, helping your team be more effective and get more done. Report on key metrics and get real-time visibility into work as it happens with roll-up reports, dashboards, and automated workflows built to keep your team connected and informed.
When teams have clarity into the work getting done, there’s no telling how much more they can accomplish in the same amount of time. Try Smartsheet for free, today.
Discover why over 90% of Fortune 100 companies trust Smartsheet to get work done.
- Artificial Intelligence
- Business Operations
- Cloud Computing
- Data Center
- Data Management
- Emerging Technology
- Enterprise Applications
- IT Leadership
- Digital Transformation
- IT Strategy
- IT Management
- Diversity and Inclusion
- IT Operations
- Project Management
- Software Development
- Vendors and Providers
- United States
- Middle East
- United Kingdom
- New Zealand
- Data Analytics & AI
- Foundry Careers
- Member Preferences
- About AdChoices
- Your California Privacy Rights
- Network World
How to create an effective business continuity plan
A business continuity plan outlines procedures and instructions an organization must follow in the face of disaster, whether fire, flood or cyberattack. Here's how to create one that gives your business the best chance of surviving such an event.
We rarely get advance notice that a disaster is ready to strike. Even with some lead time, though, multiple things can go wrong; every incident is unique and unfolds in unexpected ways.
This is where a business continuity plan comes into play. To give your organization the best shot at success during a disaster, you need to put a current, tested plan in the hands of all personnel responsible for carrying out any part of that plan. The lack of a plan doesn’t just mean your organization will take longer than necessary to recover from an event or incident. You could go out of business for good.
What is business continuity?
Business continuity refers to maintaining business functions or quickly resuming them in the event of a major disruption, whether caused by a fire, flood or malicious attack by cybercriminals. A business continuity plan outlines procedures and instructions an organization must follow in the face of such disasters; it covers business processes, assets, human resources, business partners and more.
Many people think a disaster recovery plan is the same as a business continuity plan, but a disaster recovery plan focuses mainly on restoring an IT infrastructure and operations after a crisis. It’s actually just one part of a complete business continuity plan, as a business continuity plan looks at the continuity of the entire organization.
Do you have a way to get HR, manufacturing and sales and support functionally up and running so the company can continue to make money right after a disaster? For example, if the building that houses your customer service representatives is flattened by a tornado, do you know how those reps can handle customer calls? Will they work from home temporarily, or from an alternate location? The BC plan addresses these types of concerns.
Note that a business impact analysis is another part of a business continuity plan. A business impact analysis identifies the impact of a sudden loss of business functions, usually quantified in a cost. Such analysis also helps you evaluate whether you should outsource non-core activities in your business continuity plan, which can come with its own risks. The business impact analysis essentially helps you look at your entire organization’s processes and determine which are most important.
Why business continuity planning matters
Whether you operate a small business or a large corporation, you strive to remain competitive. It’s vital to retain current customers while increasing your customer base — and there’s no better test of your capability to do so than right after an adverse event.
Because restoring IT is critical for most companies, numerous disaster recovery solutions are available. You can rely on IT to implement those solutions. But what about the rest of your business functions? Your company’s future depends on your people and processes. Being able to handle any incident effectively can have a positive effect on your company’s reputation and market value, and it can increase customer confidence.
“There’s an increase in consumer and regulatory expectations for security today,” says Lorraine O’Donnell, global head of business continuity at Experian. “Organizations must understand the processes within the business and the impact of the loss of these processes over time. These losses can be financial, legal, reputational and regulatory. The risk of having an organization’s “license to operate” withdrawn by a regulator or having conditions applied (retrospectively or prospectively) can adversely affect market value and consumer confidence. Build your recovery strategy around the allowable downtime for these processes.”
Anatomy of a business continuity plan
If your organization doesn’t have a business continuity plan in place, start by assessing your business processes, determining which areas are vulnerable, and the potential losses if those processes go down for a day, a few days or a week. This is essentially a business impact analysis.
Next, develop a plan. This involves six general steps:
- Identify the scope of the plan.
- Identify key business areas.
- Identify critical functions.
- Identify dependencies between various business areas and functions.
- Determine acceptable downtime for each critical function.
- Create a plan to maintain operations.
One common business continuity planning tool is a checklist that includes supplies and equipment, the location of data backups and backup sites, where the plan is available and who should have it, and contact information for emergency responders, key personnel and backup site providers.
Remember that the disaster recovery plan is part of the business continuity plan, so developing a disaster recovery plan if you don’t already have one should be part of your process. And if you do already have a disaster recovery plan, don’t assume that all requirements have been factored in, O’Donnell warns. You need to be sure that restoration time is defined and “make sure it aligns with business expectations.”
As you create your plan, consider interviewing key personnel in organizations who have gone through a disaster successfully. People generally like to share “war stories” and the steps and techniques (or clever ideas) that saved the day. Their insights could prove incredibly valuable in helping you to craft a solid plan.
The importance of testing your business continuity plan
Testing a plan is the only way to truly know it will work, says O’Donnell. “Obviously, a real incident is a true test and the best way to understand if something works. However, a controlled testing strategy is much more comfortable and provides an opportunity to identify gaps and improve.”
You have to rigorously test a plan to know if it’s complete and will fulfill its intended purpose. In fact, O’Donnell suggests you try to break it. “Don’t go for an easy scenario; always make it credible but challenging. This is the only way to improve. Also, ensure the objectives are measurable and stretching. Doing the minimum and ‘getting away with it’ just leads to a weak plan and no confidence in a real incident.”
Many organizations test a business continuity plan two to four times a year. The schedule depends on your type of organization, the amount of turnover of key personnel and the number of business processes and IT changes that have occurred since the last round of testing.
Common tests include tabletop exercises , structured walk-throughs and simulations. Test teams are usually composed of the recovery coordinator and members from each functional unit.
A tabletop exercise usually occurs in a conference room with the team poring over the plan, looking for gaps and ensuring that all business units are represented therein.
In a structured walk-through, each team member walks through his or her components of the plan in detail to identify weaknesses. Often, the team works through the test with a specific disaster in mind. Some organizations incorporate drills and disaster role-playing into the structured walk-through. Any weaknesses should be corrected and an updated plan distributed to all pertinent staff.
It’s also a good idea to conduct a full emergency evacuation drill at least once a year. This type of test lets you determine if you need to make special arrangements to evacuate staff members who have physical limitations.
Lastly, disaster simulation testing can be quite involved and should be performed annually. For this test, create an environment that simulates an actual disaster, with all the equipment, supplies and personnel (including business partners and vendors) who would be needed. The purpose of a simulation is to determine if you can carry out critical business functions during the event.
During each phase of business continuity plan testing, include some new employees on the test team. “Fresh eyes” might detect gaps or lapses of information that experienced team members could overlook.
Review and improve your business continuity plan
Much effort goes into creating and initially testing a business continuity plan. Once that job is complete, some organizations let the plan sit while other, more critical tasks get attention. When this happens, plans go stale and are of no use when needed.
Technology evolves, and people come and go, so the plan needs to be updated, too. Bring key personnel together at least annually to review the plan and discuss any areas that must be modified.
Prior to the review, solicit feedback from staff to incorporate into the plan. Ask all departments or business units to review the plan, including branch locations or other remote units. If you’ve had the misfortune of facing a disaster and had to put the plan into action, be sure to incorporate lessons learned. Many organizations conduct a review in tandem with a table-top exercise or structured walk-through.
How to ensure business continuity plan support, awareness
One way to ensure your plan is not successful is to adopt a casual attitude toward its importance. Every business continuity plan must be supported from the top down. That means senior management must be represented when creating and updating the plan; no one can delegate that responsibility to subordinates. In addition, the plan is likely to remain fresh and viable if senior management makes it a priority by dedicating time for adequate review and testing.
Management is also key to promoting user awareness. If employees don’t know about the plan, how will they be able to react appropriately when every minute counts? Although plan distribution and training can be conducted by business unit managers or HR staff, have someone from the top kick off training and punctuate its significance. It’ll have a greater impact on all employees, giving the plan more credibility and urgency.
Ai value begins with managing the c-suite conversation, sports venues advance goals, enhance fan experience with data analytics, mulesoft, tableau uptake fuels salesforce growth spurt, macquarie government: providing australia’s federal agencies with the cloud and security solutions they need to safeguard the most sensitive data, from our editors straight to your inbox, show me more, the 10 most in-demand tech jobs for 2023 — and how to hire for them.
United Airlines gives employees the digital tools to make customers happy
Top 9 challenges IT leaders will face in 2023
PureGym’s new CIO Andy Caddy plans for international expansion
CIO Leadership Live with George Eapen, Group Chief Information Officer at Petrofac
- dtSearch® - INSTANTLY SEARCH TERABYTES of files, emails, databases, web data. 25+ search types; Win/Lin/Mac SDK; hundreds of reviews; full evaluations
- Lenovo Late Night I.T. - Emmy-nominated host Baratunde Thurston is back at it for Season 2, hanging out after hours with tech titans for an unfiltered, no-BS chat.
- The world’s largest enterprises use NETSCOUT to manage and protect their digital ecosystems. Learn how—and get unstoppable.
- Articles and tools
- Business strategy and planning
- Manage your business
- 8 steps for planning your emergency and disaster plan
Whether it's a natural disaster such as an ice storm, or a serious accident in an industrial plant, an unforeseen event can disrupt business operations at any company.
After all, in an emergency situation, your employees may not be able to come to work. Your suppliers may face a shortage of the materials you need to continue your business activities, or demand for your services may simply decline.
The key benefits of a business continuity plan
No one can predict the future; however, you can be ready with a sound business continuity plan. Getting a plan in place shows your employees, shareholders and customers that you are a proactive organization; it improves overall efficiency in your company and helps you allocate the right financial and human resources to keep your firm up and running during a serious disruption.
Here are 8 basic steps to keep in mind when putting together your plan. Click on the link in each step to find more information and useful templates from BDC's complete Business Continuity Guide .
It is a good idea to clearly assign the responsibility for emergency preparedness to a team. Select a few managers/individuals or an existing committee to take charge of the project.
It is advisable to assign one person to lead the planning process. You should also ensure that this "emergency manager" has the authority to get things done.
As with other business aspects, planning for an emergency relies on the following:
- An understanding of the organizational objectives
- Solid research on the risks
- Creative alternatives to unique challenges
- Reliable decision-making process.
What are the key roles and responsibilities for your Emergency Preparedness team?
Planning and implementation.
- Develop the Business Continuity Plan (BCP)
- Establish alert levels and monitor
- Develop training and cross-training plans
- Identify key business partners such as suppliers and clients and determine if they have a BCP
- Assess potential financial impact of an emergency on the business
- Ensure adequate amount of supplies. (emergency safety equipment, such as personal protective equipment, or in the event of a pandemic, hygiene supplies like hand sanitizers, cleaning products, masks, protective barriers, etc.)
- Local site manager(s) implements the plan
- Perform trial run of the plan
Policies, procedures, organization
- Establish policies such as compensation and absences, return to work procedures, telecommuting, flexible work hours, travel restrictions
- Define chain of command for plan implementation
- Establish authorities' trigger points and when to implement BCP
- Establish emergency safety policies for the workplace. For example, in the event of a pandemic, policies that will help prevent the spread of influenza, such as promoting respiratory/ hygiene/cough etiquette, and prompt exclusion of people with influenza symptoms.
- Establish policies for employees who are directly affected by the emergency. For example, in the event of a pandemic, policies for employees who have been exposed.
- Maintain good communications and manage relations with all staff levels
- Advise senior management
- Instil importance of the BCP throughout the organization
- Liaison with local government agencies such as Health Canada and Public Safety Canada
- Prepare and disseminate timely and accurate information to all employees
- Educate staff about possible emergencies. For example, in the event of a pandemic, give information on signs and symptoms of influenza, modes of transmission, personal and family protection, and response strategies
- Evaluate using various forms of technology to maintain communications
- Help prepare training on the subject
- Local site managers implement the plan
- Setup systems to monitor employees for an emergency.
Use the Planning Team for Business Continuity in an Emergency form (DOC) to clearly identify the team members and coordinator who will create your BCP for emergencies, along with their respective contact information.
During an emergency, your business may experience a disruption in your operations due to:
- High staff absenteeism
- Unavailability of supplies and materials
- Interruptions to services like power, transportation and communications.
Objective of the business continuity planning process
Determine how your organization will maintain essential services/functions in the event of an emergency.
What are essential services
- A service when not delivered, creates an impact on the health and safety of individuals.
- A service that may lead to the failure of a business unit if activities are not performed in a specified time period.
- In some organizations, services that must be performed to satisfy regulatory requirements.
- A service where if not performed, the impact may be immediate or may occur over a certain time period.
This means that your business may be forced to modify, reduce, or even eliminate specific services/functions to cope with the impacts of the emergency. These impacts may be felt across the organization or localized to specific business units.
As you begin discussions, you may find that you have existing resources that you can use to extract information about essential services in your organization (e.g., pandemic influenza plans, Y2K plan, etc.)
How to determine and prioritize your essential services
1. complete the essential services ranking template.
This will help you create your list of essential services by department or business unit. You then need to rate the degree to which it will negatively impact the various key areas such as financial, employees, customers etc.
2. Prioritize and categorize, use the Essential Services Criticalness Factor template
For each essential service, assign a "degree of criticalness" (Priority A, B or C). Rate the impact on each service such as staff absenteeism, unavailability of critical supplies, or disruptions to essential systems.
- Priority A: Essential services/functions
- Priority B: Services that can be suspended for a short period of time (for example, services that can be suspended for one month).
- Priority C: Services that can be suspended for an extended period of time. This may require a corporate overview.
As part of your business continuity planning process, you'll need to identify the number of staff and skills required to perform and maintain the essential services/functions.
Use the Essential Services Criticalness Factor template to help you capture the information necessary to develop your plan.
Try to identify any special requirements necessary to perform the essential services/functions (for example, license to operate heavy machinery).
You may also wish to prepare a list of special tasks and skills required in emergency situations and assign them to appropriate employees, e.g. crisis management team, employee support, IT backup, defining security perimeters etc.
Additional sites with useful information:
- Public Safety Canada
- Canadian Center for Emergency Preparedness
- Canadian Red Cross
Discuss what will happen if you have to reduce, modify or eliminate essential services or functions. Document the following points:
- All the issues that are identified
- Action plans for each issue
- The responsibilities of designated people for each essential service or function.
Strategies and action plans
Use the Action Plan Template for Maintaining Essential Service (DOC) to write your plans for each essential service or function. This should include:
- A description of the service or function
- Individuals responsible for implementing the action plan
- Backup individuals
- Business impact issues
- Action plans: Include key items such as notification communication plan, staff relocation, alternate resources, suppliers, etc.
- Resource needs
Use the supplied templates to create lists of all your key contacts along with their contact information.
Being proactive in contacting important customers can go a long way in mitigating losses. Use the Action Plan Template for Key Customers (DOC) to list customers who would need and expect personal notification from you, or who would be offended or take their business elsewhere if they were not contacted.
Include the following information in your list:
- Product or service provided: A description of the product or service you provide. Use the comments main to indicate the reason that this customer should be contacted in an emergency.
- Contact person's name: For some customers, there may not be a specific person to list. As appropriate, you can list a title or department, e.g., "service representative on call" or "service department."
- Contact phone numbers: Include all possible ways to reach the customer, including fax, cellular, pager, after-hours number if different from the normal number, and toll-free numbers in addition to the normal number.
- Alternate names and numbers: Where possible, list alternatives to the primary contact person.
- 24-hour service: If your customer does not have 24-hour service, discuss with them how to contact them during off-hours. Reassure them that the information will have limited distribution, and ask for home telephone numbers if cellular or pager numbers are not sufficient.
- Comments: Include any significant information including the reason this customer should be contacted following an incident, instructions the customer would need, etc.
Suppliers and sub-contractors
Use the Action Plan Template for Critical Suppliers (DOC) to list essential information on your key suppliers. The information should be the same as that described for Key Customers, above.
Business partners and support providers
This main is for important partners who do not fall into the earlier categories, but that you would need to contact in the event of an emergency:
- Business partners (internal and external) that are neither vendors nor customers. These could include internal business units who rely on your business for information, your management, and internal business units that would support your recovery. Examples include corporate insurance, internal security, facilities, public relations and legal entities.
- Support providers include emergency-response agencies such as police, fire, utility companies, and the Canadian Red Cross (if your community uses the 911 system, that should be documented).
Use the Action Plan Template for Business partners (DOC) to list essential information about these other partners. The information should be the same as that described for Key Customers above.
Review your Business Continuity Plan to make sure that all issues have been addressed, and identify any areas in which you may need additional documentation.
The "Business Continuity Plan Checklist" (DOC) provided by Capital Health was developed to ensure that you've covered most aspects of your plan.
Impact on your business
Impact on your employees and customers, establishing policies to be implemented during an emergency.
- Allocating resources to protect your employees and customers
Communicating with employees
Coordinating with external organizations and helping your community.
- Have you identified an emergency coordinator or team and clearly defined their roles and responsibilities? Do you need to involve labour representatives?
- Have you identified the employees and critical inputs you need to maintain business operations during an emergency?
- Have you trained and prepared a backup workforce?
- Have you planned for scenarios that are likely to affect the demand for your products or services during an emergency?
- What is the potential impact of an emergency on company financials? On different product lines or production sites?
- What is the potential impact of an emergency on business-related domestic and international travel?
- Do you have access to up-to-date, reliable information on emergencies from community public health, emergency management, and other sources? Are the links to this information sustainable?
- Do you have an emergency communication plan?
- What mechanisms are in place to revise the plan periodically?
- Have you tested your plan?
- Have you forecasted and allowed for employee absences during an emergency?
- Do you have guidelines to reduce face-to-face contact in the workplace and with customers, in the event of a pandemic?
- Do you encourage and monitor annual employee flu vaccinations?
- Have you evaluated employee access to and availability of healthcare services during an emergency? Do these services need improvement?
- Have you evaluated employee access to and availability of mental health and social services during an emergency?
- Have you identified employees and key customers with special needs? Are their needs incorporated into your BCP?
- Have you established emergency policies for employee compensation and sick-leave absences?
- Have you established flexible policies regarding worksite and work hours?
- Have you established policies to prevent the influenza spread of disease at the worksite?
- Do you have policies for employees who have been exposed, are suspected to be ill, or become ill at the worksite?
- Have you established policies for restricting travel to affected geographic areas, evacuating employees working in or near an affected area when an emergency occurs, and guidance for employees returning from affected areas?
- Have you set up authorities, triggers, and procedures for activating and terminating the company's response plan, for altering business operations and for transferring business knowledge to key employees?
Allocating resources to protect your employees and customers during an emergency
- Do you provide sufficient and accessible emergency supplies?
- Do you need to enhance communications and information technology infrastructures to support employee telecommuting and remote customer access?
- Will medical consultation and advice be available for emergency response?
- Have you developed and disseminated programs and materials covering emergency fundamentals?
- Have you anticipated and planned for employee fear and anxiety, rumours and misinformation?
- Are your communications culturally and linguistically appropriate?
- Have you disseminated information to employees about your emergency preparedness and response plan?
- Have you provided information for the at-home care of ill employees and family members?
- Do you have a platform for communicating emergency status and actions to employees, vendors, suppliers, and customers inside and outside the worksite in a consistent and timely way? Have you included redundancies in the emergency contact system?
- Have you identified community sources for timely and accurate emergency information? Resources for obtaining safety equipment and counter-measures?
- Have you consulted insurers, health plans, and major local healthcare facilities to share your emergency plans and understand their capabilities and plans?
- Have you consulted federal, provincial, and local public agencies or emergency responders?
- Have you asked local or provincial public agencies or emergency responders what your business could contribute to the community?
- Do you share best practices with other businesses in your communities, chambers of commerce, and associations to improve community response efforts?
You should present a draft of the Business Continuity Plan to your emergency preparedness team for review and/or comment. Since the committee will have an understanding of the overall corporate impact of an emergency, they should review to ensure that your plan:
- Is consistent for all business units/departments.
- Addresses all critical elements .
The committee should also be in charge of monitoring the progress of the initiative .
Be proactive: put your plan to the test by performing trial runs. This will help you identify any missing aspects or weaknesses.
- 5 tips to minimize the risk of a disaster for your business
- What is strategic planning?
- Strategic planning: Realize your company's potential
- Business performance benchmarking tool
- Business continuity plan templates
- Business plan template
- Apply online for a flexible small business loan up to $100k
- Protect your cash flow with a working capital loan
- Advisory services
- Human Resources Growth
You are using an outdated browser. Please upgrade your browser or activate Google Chrome Frame to improve your experience.
Introduction to Business Continuity
Start here if you're new to business continuity.
What is Business Continuity?
Flood. Cyber attack. Supply chain failure or losing a key employee. Disruptions to your business can happen at any moment.
Business continuity is about having a plan to deal with difficult situations, so your organization can continue to function with as little disruption as possible.
Whether it’s a business, public sector organization, or charity, you need to know how you can keep going under any circumstances.
Potential incidents to consider
- Supply chain failure - You don't have access to materials, goods or services
- Utilities outage - You don't have access to electricity, water or internet
- Cyber incident - You have suffered a cyber attack and your website is down
These are just some of the many incidents an organziation needs to consider and plan for.
Make a plan
A good BC plan recognises potential threats to an organization and analyses what impact they may have on day-to-day operations.
It also provides a way to mitigate these threats, putting in place a framework which allows key functions of the business to continue even if the worst happens.
Example: Do not rely on one supplier of raw materials, what if that supplier goes out of business? If you purchase raw materials from two suppliers then you are potentially halving your risk.
The BCI has designed a short, self-paced eLearning course that will help you understand the importance of business continuity and get you starting to think about the incidents that might impact your own organization and what you can do to mitigate them. This short course takes up to 30 minutes to complete.
Business Continuity Basics course
The BCI has many other free resources available to enhance your understanding of business continuity, see a few below to start ...
View free webinar to understand the basics of business continuity.
This webinar takes you through the basic business continuity concepts and quick wins on where to start (aimed at SMEs)
What threats do organizations face?
The BCI Horizon Scan report identifies threats organziations should be aware of. Free to download.
Download the BCI Good Practice Guidelines Lite
The BCI Good Practice Guidelines (GPG) Lite gives your a brief introduction to the Business Continuity Management Lifecycle and the stages included. It will help you put a plan together and give you insight to what is included in the full edition of the GPG and the content of the CBCI Certification course
Download GPG Lite
- Disaster recovery planning and management
business continuity plan (BCP)
- Vicki-Lynn Brunskill
What is a business continuity plan (BCP)?
A business continuity plan (BCP) is a document that consists of the critical information an organization needs to continue operating during an unplanned event.
The BCP states the essential functions of the business, identifies which systems and processes must be sustained, and details how to maintain them. It should consider any possible business disruption.
A BCP covers risks including cyber attacks , pandemics, natural disasters and human error. The array of possible risks makes it vital for an organization to have a business continuity plan to preserve its health and reputation. A proper BCP decreases the chance of a costly power outage or IT outage.
IT administrators often create the plan. However, the executive staff participate in the process, providing knowledge of the company and oversight. They also ensure the BCP is regularly updated.
This article is part of
What is BCDR? Business continuity and disaster recovery guide
- Which also includes:
- Business resilience vs. business continuity: Key differences
- A free business continuity plan template and guide
- Preparing an annual schedule of business continuity activities
Download this entire guide for FREE now!
Importance of business continuity planning
Business continuity planning is a proactive business process that lets a company understand potential threats, vulnerabilities and weaknesses to its organization in times of crisis. The creation of a business continuity program ensures company leaders can react quickly and efficiently to business interruption .
A BCP enables a company to continue to serve customers during a crisis and minimize the likelihood of customers going to competitors. These plans decrease business downtime and outline the steps to be taken -- before, during and after an emergency -- to maintain the company's financial viability.
Elements of a business continuity plan
According to business continuity consultant Paul Kirvan, a BCP should contain the following items:
- initial data at the beginning of the plan, including important contact information;
- a revision management process that describes change management procedures;
- the purpose and scope;
- how to use the plan, including guidelines as to when the plan will be initiated;
- policy information;
- emergency response and management procedures;
- step-by-step procedures;
- checklists and flow diagrams;
- a glossary of terms used in the plan; and
- a schedule for reviewing, testing and updating the plan.
In the book Business Continuity and Disaster Recovery Planning for IT Professionals , Susan Snedaker recommends asking the following questions:
- How would the organization function if desktops, laptops, servers, email and internet access were unavailable?
- What single points of failure exist?
- What risk controls and risk management systems are in place?
- What are the critical outsourced relationships and dependencies?
- During a disruption, what workarounds are there for key business processes and internal functions, such as human resources?
- What is the minimum number of staff needed to run data center and other operations, and what functions would they need to carry out?
- What are the key skills, knowledge and expertise needed to recover?
- What critical security or operational controls are needed if computer systems are down?
Business continuity planning steps
The business continuity planning lifecycle contains these five steps:
- Information gathering and analysis, featuring business impact analysis (BIA) and risk assessment (RA);
- plan development and design;
- testing; and
- maintenance and updating.
Once the business has started the planning process, it launches the BIA and RA processes to collect important data. The BIA defines the critical functions that must continue during a crisis and the resources needed to maintain those operations. The RA details the potential internal and external risks and threats, the likelihood of them happening, and the possible damage they could cause.
The next step determines the best ways to deal with the risks and threats outlined in the BIA and RA, and how to limit damage from an event. A successful business continuity plan defines step-by-step procedures for response.
The BCP should not be overly complex and does not need to be hundreds of pages long; it should contain just the right amount of information to keep the business running. Small businesses can use a one-page plan with all the necessary details. That can be more helpful than a long plan that is difficult to use. Those details should include the following:
- minimum resources needed for business continuity;
- locations where that can take place;
- personnel needed to accomplish it; and
- potential costs.
Key implementation steps
The four steps involved in implementing a BCP are the following:
- Oversight. Decide who will oversee the plan. Ideally, a BCP committee will include business, security and IT leaders.
- Analysis. Conduct the BIA.
- Who will be affected by a business disruption?
- Who holds a hard copy of contact information for top customers and clients?
- How and when will customers, employees and management be notified?
- What are the alternative means of communication if phones go down?
- Which employees are needed for the restoration of critical business functions and how will they be reached or relocated?
- Which critical products and services should the company focus on restoring first?
- What issues must be addressed within the first 24 to 48 hours?
- Does every team and department have its own BCP? Who is in charge of each?
- What is the emergency succession plan for senior staff, including the CEO?
- Which employees will perform emergency tasks?
- Where will off-site crisis meetings take place?
- Who will interact with local emergency responders, such as firefighters and police?
- Who are the key vendors, including data backup providers?
- Initial response. This defines how the company will respond to the business interruption within the first hours. This is the period when team members are contacted and the BCP is activated.
- Relocation. During this stage, alternate facilities are activated and work-at-home policies implemented.
- Recovery. Once personnel and equipment have been relocated, the assessment of damage and monitoring of business recovery begins. The recovery strategy must consider the organization's recovery time objective , or RTO, which is the maximum time IT systems can be down after a failure, as well as its recovery point objective , or RPO, which is the maximum data loss the organization can tolerate.
- Restoration. Personnel return to the original workplace or an alternate site. The company undertakes infrastructure verification, documents the incident and reviews lessons learned.
An organization's technology, processes, staff and facilities constantly change. Therefore, regular testing, reviewing and updating of a BCP is critical. Plan testing should be undertaken using tabletop exercises, walk-throughs, practice crisis management communications and emergency enactments to test the viability of the plan and to see how employees and executives react under stress.
Regular testing and maintenance ensure the BCP is current and accurate. A simple test of a business continuity plan might involve talking through it. A complex test requires a full run-through of what will happen in the event of a business disruption.
The test can be planned in advance or it can be done spur of the moment to better simulate an unplanned event. If issues arise during testing, the plan should be corrected accordingly during the maintenance phase. Maintenance also includes a review of the critical functions outlined in the BIA and the risks described in the RA, as well as plan updating if necessary.
A business continuity plan must be continually improved; updates should not wait for a crisis. Staff members involved in the plan must get regular updates and business continuity training . An internal or external business continuity plan audit should be used to evaluate the effectiveness of the BCP and highlight areas for improvement.
For specific BCP testing steps, download the guide Business continuity and disaster recovery testing templates .
Business continuity planning software, tools and trends
There is help available to guide organizations through the business continuity planning process, from consultants to tools to full software. Which approach an organization should take depends on the complexity of the business continuity planning task, the amount of time and personnel available, and the budget. Before making a purchase, it is advisable to research both products and vendors, evaluate demos, and talk to other users.
For more complicated functions, business continuity planning software uses databases and modules for specific exercises. The U.S. Department of Homeland Security, through its Ready.gov website, offers software in its Business Continuity Planning Suite. Other business continuity software vendors include Castellan, formed from the merger of Assurance, Avalution and ClearView in 2020; CLDigital, formerly Continuity Logic; Fusion Risk Management; Quantivate; and Sungard Availability Services.
The Federal Financial Institutions Examination Council's Business Continuity Management booklet contains guidance on plan development, testing, standards and training for both financial and nonfinancial organizations.
Free download of BCP template
The role of the business continuity professional has changed and continues to evolve. As IT administrators are increasingly asked to do more with less, it is advisable for business continuity professionals to be well versed in technology, security, risk management, emergency management and strategic planning.
Business continuity planning must also take into account emerging and growing technologies, such as the cloud and virtualization , as well as new threats, such as cyber attacks like ransomware .
One resource that combines all these elements is SearchDisasterRecovery's free, downloadable business continuity plan template . It provides guidance and insight for creating a successful BCP.
Business continuity planning standards
Business continuity planning standards provide a starting point.
The International Organization for Standardization (ISO) 22301:2019 standard is regarded as the global standard for business continuity management . ISO 22301 is often complemented by other standards, such as the following:
- ISO 22313 guidance on the use of ISO 22301;
- ISO 22317 guidelines for business impact analysis;
- ISO 22318 continuity of supply chains;
- ISO 22398 exercise guidelines; and
- ISO 22399 incident preparedness and operational continuity management.
Other standards include the following:
- National Fire Protection Association 1600 emergency management and business continuity;
- National Institute of Standards and Technology SP 800-34 IT contingency planning; and
- British Standards Institution BS 25999 standard for business continuity.
Emergency management and disaster recovery plans
An emergency management plan is a document that helps to lessen the damage of a hazardous event. Proper business continuity planning includes emergency management as an important component. The appointed emergency management team takes the lead during a business disruption.
An emergency management plan, like a BCP, should be reviewed, tested and updated regularly. It should be fairly simple and provide the steps needed to get through an event. The plan also should be flexible, because situations are often fluid. Teams involved in the event of a disaster should communicate frequently during the incident.
Disaster recovery (DR) and business continuity planning are often linked, but they are different. A DR plan is reactive, as it details how an organization recovers after a business disruption. A business continuity plan is a proactive approach that describes how an organization can maintain business operations during an emergency.
Learn more about responding to unplanned emergencies in this complete guide to managing crises .
Continue Reading About business continuity plan (BCP)
- Tips for obtaining BC/DR plan and resilience funding
- How to use AI for business continuity and disaster recovery planning
- Compare and contrast business resilience vs. business continuity
- Follow these standards for business continuity and resilience
- Cloud-era disaster recovery planning: Assessing risk and business impact
Dig deeper on disaster recovery planning and management.
6 reasons a business impact analysis is important
business impact analysis (BIA)
disaster recovery plan (DRP)
A new SaaS backup specialist emerges from stealth to protect data in apps such as Trello, GitHub and GitLab, which CEO Rob ...
A growing number of enterprise Kubernetes users presents an opportunity for CloudCasa, currently a division of Catalogic, with ...
Organizations with SaaS-based applications are still relying on the providers for data protection, even though the vendors are ...
Pure Storage expanded its storage offerings with FlashBlade//E designed for the unstructured data market with an acquisition cost...
Data governance manages the availability, usability, integrity and security of data. Follow these best practices for governance ...
Vast Data Universal Storage brought out data services, including set performance, metadata cataloging, better security, container...
The Biden-Harris administration's 39-page National Cybersecurity Strategy covers multiple areas, including disrupting ransomware ...
While ransomware incidents appear to be decreasing, several high-profile organizations, including Dole, Dish Network and the U.S....
Zero-trust preparation can be difficult. Measuring how well the model provides security and business benefits after ...
Public, private, hybrid or consortium, each blockchain network has distinct pluses and minuses that largely drive its ideal uses ...
The 2023 trends that are reshaping the risk management landscape include GRC platforms, maturity frameworks, risk appetite ...
It's early days for metaverse platforms, especially those geared for the enterprise. Here's what to know and which platforms to ...
Take Control of Your Multi-Cloud Environment
73% of enterprises use two or more public clouds today. While multi-cloud accelerates digital transformation, it also introduces complexity and risk.
Vmware cross-cloud™ services enable organizations to unlock the potential of multi-cloud with enterprise security and resiliency., build & operate cloud native apps give developers the flexibility to use any app framework and tooling for a secure, consistent and fast path to production on any cloud., connect & secure apps & clouds deliver security and networking as a built-in distributed service across users, apps, devices, and workloads in any cloud., run enterprise apps anywhere run enterprise apps and platform services at scale across public and telco clouds, data centers and edge environments., automate & optimize apps & clouds operate apps and infrastructure consistently, with unified governance and visibility into performance and costs across clouds., access any app on any device empower your employees to be productive from anywhere, with secure, frictionless access to enterprise apps from any device., anywhere workspace.
Access Any App on Any Device Securely
Build and Operate Cloud Native Apps
Cloud & Edge Infrastructure
Run Enterprise Apps Anywhere
Automate and Optimize Apps and Clouds
Manage apps in a local virtualization sandbox
Security & Networking
Connect and Secure Apps and Clouds
Run VMware on any Cloud. Any Environment. Anywhere.
On public & hybrid clouds.
On Private Cloud & HCI
Anywhere Workspace Access Any App on Any Device Securely
App platform build and operate cloud native apps, cloud infrastructure run enterprise apps anywhere, cloud management automate and optimize apps and clouds, edge infrastructure enable the multi-cloud edge, networking enable connectivity for apps and clouds, security secure apps and clouds, by industry, manage your multi-cloud environment.
Multi-cloud made easy with a family of multi-cloud services designed to build, run, manage and secure any app on any cloud.
For partners, working together with partners for customer success.
See how we work with a global partner to help companies prepare for multi-cloud.
Tools & Training
Marketplace, blogs & communities.
- VMware Glossary
- Business Continuity Plan
What is a Business Continuity Plan (BCP)?
A Business Continuity Plan (BCP) is a detailed strategy and set of systems for ensuring an organization’s ability to prevent or rapidly recover from a significant disruption to its operations. The plan is essentially a playbook for how any type of organization—such as a private-sector company, a government agency or a school—will continue its day-to-day business during a disaster scenario or otherwise abnormal conditions.
Examples of such disruptions include a fire, a major earthquake or other a natural disaster, a disease outbreak, a cyberattack and many other scenarios that could upend “business as usual.” When such events significantly disrupt an organization’s normal routines, it turns to its business continuity plan for instructions, processes and tools it needs to continue to operate or to quickly recover from downtime.
The Virtual Floorplan: New Rules for a New Era of Work
Hindsight is 2020 - The Pandemic Provides a Wakeup Call
Why is a business continuity plan important.
Risks can be managed, but they can’t be eliminated. Business continuity planning is critical because without it, an organization faces downtime and other problems that could damage its financial health. In major disasters, a lack of a business continuity plan could cause irreparable financial harm that might ultimately force a company to permanently close.
How to create a Business Continuity Plan?
There are many frameworks for creating an effective business continuity plan. Most of them cover three overlapping phases:
- Analysis : In this phase, you identify and evaluate the various functions of your business and its operations. Then, you determine how those different functions will be affected by a disaster. This phase usually entails prioritizing different areas or departments in terms of how important they are to your operation, so that your plan ultimately ensures the continuity of your most critical functions first. Business continuity professionals often conduct a Business Impact Analysis (BIA) at the outset of developing a new plan. A BIA estimates the consequences of different disaster scenarios in terms of lost revenue and other business-specific metrics.
- Planning : Once an initial analysis is complete, the next phase entails all facets of developing an actual plan for continuing to operate in a disaster, or rapidly recovering from a disruption to normal operations. During the planning phase, organizations:
- Develop protocols for potential needs such as a rapid relocation or shift to remote work .
- Strategize temporary staffing changes or needs.
- Implement IT disaster recovery tools to ensure continuity of critical systems.
A key part of this phase is to name a continuity or crisis management team, comprised of executives and stakeholders who will lead the plan’s implementation if necessary.
- Training and Testing : Even the most robust BCP must be put through regular testing to ensure it will work if needed. This includes educating employees on their roles and responsibilities in these scenarios, as well as conducting trials of various elements of the plan. An example would include a short-term rollout of a remote work scenario to identify issues and opportunities for optimization.
Key features of a business continuity plan
Some features of a BCP will be industry or business-specific, but there are components that are common to almost any plan:
People : A BCP will clearly define roles and responsibilities, not just for the crisis management leadership team, but also for any units responsible for implementing different pieces of the plan in a disaster scenario. Some BCPs will also define “essential personnel”—for example, people whose job requires them to report to work even in periods of heightened risk.
Technology : Almost all modern business continuity plans will also clearly outline the role that information technology will play in ensuring critical data, applications and services remain available or are quickly restored after an interruption. These include:
- Data backup and recovery tools
- Cloud computing infrastructure and services
- Remote work platforms
Service Delivery : A BCP should also describe which services are most critical and how they will continue to be delivered to customers, employees, partners, the public and other stakeholders.
Health & Safety : Finally, a strong business continuity program will include criteria and guidelines for ensuring the health and safety of all people involved—employees, customers, partners—as the plan is implemented and managed.
Business Continuity Plan checklist
Many organizations create a checklist as part of their business continuity planning. This is a list of all of the key steps in the BCP. It can be used in two ways:
- Conception : First, it can be used as part of the initial creation of the plan. In this context, the BCP checklist would describe in detail the steps necessary to develop the plan, from analysis through testing.
- Implementation : Second, a BCP checklist can be used for testing and/or actually implementing the plan. In this context, the BCP or crisis management team would use the checklist to ensure that it addresses all of the plan’s tools and processes and communicates them effectively throughout the organization.
Business Continuity and Disaster Recovery Planning
Business continuity planning and disaster recovery planning are often mentioned in similar contexts, but they are not interchangeable terms. A business continuity plan is an overarching strategy for operating in disaster scenarios or recovering from a major disruption.
A disaster recovery (DR) plan refers more specifically to the IT processes and tools you can rely on to retain or restore access to mission-critical data, applications, and services in these scenarios. A DR plan would detail, for example, how you could restore access to a revenue-generating web application in the event of a flood in the data center that powers that service.
How often should a Business Continuity Plan be reviewed?
Most experts recommend that business continuity plans be reviewed regularly and updated as needed. This helps ensure that the plan will still meet the organization’s needs in the face of evolving risks and threats.
The frequency with which you review a business continuity plan depends on many factors, including the nature of the organization, its industry and its particular risks. As a general rule of thumb, such plans should be reviewed annually or at least every other year. However, there are multiple scenarios where an organization may want to consider more frequent reviews, including:
- Significant changes to the business or its operations
- Location in a region at greater risk for natural disasters or other potentially disruptive events
- Any organization or agency that provides essential services to the public
Recommended for You
- Business Continuity
- Business Mobility
- Disaster Recovery
- Business Continuity Application
Related Solutions and Products
Remote work solutions.
Connect Your Distributed Workforce with Remote Work Solutions
Anywhere Workspace Solutions
Enable employees to work from anywhere with secure, frictionless experiences.
Assure Experience & Productivity
Support an agile, remote workforce with seamless and secure access.
- Business Plan for Investors
- Bank/SBA Business Plan
- Strategic/Operational Business Plan
- L1 Visa Business Plan
- E1 Treaty Trader Visa Business Plan
- E2 Treaty Investor Visa Business Plan
- EB-1 Business Plan
- EB-2 NIW Business Plan
- EB-5 Business Plan
- Innovator Visa Business Plan
- Start-Up Visa Business Plan
- Expansion Worker Visa Business Plan
- Manitoba MPNP Visa Business Plan
- Nova Scotia NSNP Visa Business Plan
- British Columbia BC PNP Visa Business Plan
- Self-Employed Visa Business Plan
- OINP Entrepreneur Stream Business Plan
- LMIA Owner Operator Business Plan
- ICT Work Permit Business Plan
- LMIA Mobility Program – C11 Entrepreneur Business Plan
- USMCA (ex-NAFTA) Business Plan
- Franchise Business Plan
- Landlord business plan
- Nonprofit Start-Up Business Plan
- Cannabis business plan
- Ecommerce business plan
- Online boutique business plan
- Mobile application business plan
- Daycare business plan
- Restaurant business plan
- Food delivery business plan
- Real estate business plan
- Business Continuity Plan
- Buy Side Due Diligence Services
- ICO whitepaper
- ICO consulting services
- Confidential Information Memorandum
- Private Placement Memorandum
- Feasibility study
- How it works
- Business Plan Examples
Business Plan Framework
What is a business plan framework?
A framework for business plan is a supportive outline over which the business operations and details are spread. It comprises a sequence of business plan essentials to make sure you work on each aspect of your business and no significant feature is overlooked.
As per the framework meaning in business, framework document forms the foundation for an enterprise by defining broad guidelines, goals, and strategies. From a brief ‘About Us’ page to a comprehensive cash flow analysis, the business plan framework covers it all.
Exploring the planning framework definition would reveal that it provides you with a logical way to link your strategic and financial objectives. It investigates the roadmap to utilize your capital at the maximum efficiency to achieve desired goals. It also helps you in prompt decision-making in certain circumstances such as managerial dilemmas or demands for service extension.
What are the major components of a business plan framework?
The business plan framework varies greatly as per the scope and services of a business, the basic components however remain the same. Generally, a framework for planning must include:
It explains what the business is, what it aims at, and which groups it intends to target. Simply put, this part is a very brief overview of your entire setup.
It interprets the qualification of the business owner, their skills, and their expertise in the business domain. This portion also includes a detailed summary for planning the launch. A graphical portrayal of startup costs is also included oft-times.
Products & Services
This component clearly lays down the offerings of the business. This is to help the business owner in remaining focused on only the concerned areas.
This section is developed to have a thorough insight into your target market. In a framework business plan market analysis is done after acquiring the data of the past 10 to 15 years. It helps ascertain the market size, plausible business prospects, and competition.
This segment describes how to tap into your potential to make your competitive advantages your biggest selling point. A targeting advertisement strategy is formulated as per the available resources and communication media.
This part determines your staffing needs and draws out a fair and objective criterion for recruitment.
A financial plan helps regulate your investment and direct your monetary resources to earn maximum profit.
The business continuity plan framework determines the strategy to deal with unexpected events.
If you want to read more on each of these components, you may refer to organizational frameworks’ examples available on the web. You can also ask for a business plan framework sample at OGScapital.
How do you create a business plan framework?
Many business owners find it perplexing to create a business framework template for their startup. The confusion pertains to uncertain market competition and differing views on the framework’s structure and length.
To assist you in creating your business plan framework template, a stepwise procedure is provided below:
- Study strategy models frameworks of diverse businesses to understand the basics.
- Look for the business plan framework components that are most relevant to your business.
- Decide if you want to incorporate a continuity or retirement plan as well.
- Study the business models of your competitors to understand how they have developed their business plan frameworks.
- Consult some professional business plan developers or hire the services of a professional to help you with problematic parts.
- Outsource the task of creating a financial plan if you are not an expert at developing it.
How to write your business plan framework?
To write your own conceptual framework business plan, you need to comply with the following guidelines:
- Get a customizable business plan template from a reputable firm.
- Get in contact with a legal advisor to know procedural and physical limitations. Also understand the laws for taxation, registration, labor, and insurance.
- Carry out market research, estimate your resources, and explore your customers to figure out what you can offer while capitalizing on what you have.
- Think of possible advertising strategies to grab your customers’ attention.
- Take down all the tasks that need to be done to deliver your services.
- Make a list of employees to undertake the tasks. Make sure to mention the exact number of employees against work descriptions along with expected salaries.
- Plan finances and do all other evaluations related to the business by filling in the business plan template.
- Get your plan evaluated by a business plan expert if you are developing it for the first time.
For a Perfect Business Plan Today, OGS is Just a Click Away!
Whether a business boom or not depends on how well you had planned for it. A business plan framework is going to be your first guide whenever you are faced with an unexpected situation, be it an opportunity or a risk. Therefore, it is wise to spend both time and money in getting a comprehensive and precise business plan for your startup. If you are someone who is not very adept at doing business calculations, you must hire a business consultancy firm for the task.
Here’s why OGS can be your ultimate savior in developing a business plan:
- At OGS, you can get your business plan developed by certified CFAs and MBA laureates from top business schools.
- The team at OGScapital has experience working in more than 42 industries ranging from the telecommunication sector to the agriculture one.
- At OGS, 60 business plan developers are readily available to assist you with your market, geographical location, and target audience.
- , HuffPost, Entrepreneur, and Reuters are some of the die-hard admirers of OGS business planning and teamwork.
- Clutch rated OGS at TOP4 in the recent 2020 rating.
You can contact us for any business queries you have. We also provide free sample business plans on request. To hire us for business plan development, you can fill in the form and get a quote.
OGSCapital’s team has assisted thousands of entrepreneurs with top-rate business plan development, consultancy and analysis. They’ve helped thousands of SME owners secure more than $1.5 billion in funding, and they can do the same for you.
E-mail is already registered on the site. Please use the Login form or enter another .
You entered an incorrect username or password
mentioned in the press:
Search the site:
OGScapital website is not supported for your current browser. Please use:
Business continuity means more than just making sure the lights stay on when a crisis hits. The benefits of establishing a business continuity strategy include: Resilience: With greater awareness of what really matters during a crisis, you can focus resources effectively.
Development of a business continuity plan includes four steps: Conduct a business impact analysis to identify time-sensitive or critical business functions and processes and the resources that support them. Identify, document, and implement to recover critical business functions and processes.
According to ISO 22301, business continuity plan is defined as "documented procedures that guide organizations to respond, recover, resume, and restore to a pre-defined level of operation following disruption." (clause 3.5) This basically means that BCP focuses on developing plans/procedures, but it doesn't include the analysis that forms ...
A business continuity plan is a practical guide developed by companies to enable continuous operations in the event of major business disruptions like natural disasters and global lockdowns. Business continuity planning usually involves analyzing the impact of disrupted business processes and determining recovery strategies with management.
Business continuity planning enables you to create an easy-to-use, actionable business continuity planning solution to prepare for the impact of a broad range of threats including natural disasters, disease outbreaks, accidents and terrorism. In addition business continuity planning can help when you face technology-related hazards like the ...
What Is a Crisis Management Model? A crisis management model is the conceptual framework for all aspects of preparing for, preventing, coping with, and recovering from a crisis. By viewing events through a model, crisis managers gain context and can better apply best practices.
In summary, this paper is expected to propose the conceptual framework for future researchers to investigate and provide the empirical evidence on the relationship that exist between the BCM...
Business continuity management guidelines  Business continuity plan using ISO 22301:2012 in IT solution company  A business continuity management maturity model for the UAE banking sector ...
Business Continuity Planning: An Empirical Study of Factors that Hinder Effective Disaster Preparedness of Businesses Daniel Yaw Dushie ... conceptual framework of elements considered with the possibilities to minimize vulnerabilities and disaster risks throughout a society, to avoid or to limit adverse impact of hazards, within the broad ...
Testing & Exercises. Business Continuity Planning Process Diagram. Develop questionnaire, Conduct workshop to Instruct business function and process managers how to complete the BIA, Receive Completed BIA questionnaire forms, Review BIA questionnaires, Conduct follow-up interviews to validate information and fill any information gaps.
The components of modified BCM/BCP framework are discussed below: 1. Project Foundation: The most decisive aspect of a BCM is an organization's senior leadership to see the need for the plan, to buy-in to it, and then commit to developing and maintaining the plan as a living program over the life of the organization. Senior management is responsible, accountable, and liable to all stakeholders ...
A business continuity plan includes guidelines and procedures to guide a business through disruption. The efforts to create a plan are the same for large or small organizations. A simple plan is better than no plan. The basic steps for writing a business continuity plan are as follows: Create a governance team.
A business continuity plan outlines procedures and instructions an organization must follow in the face of disaster, whether fire, flood or cyberattack. Here's how to create one that gives...
St. Cloud State University
Develop the Business Continuity Plan (BCP) Establish alert levels and monitor Develop training and cross-training plans Identify key business partners such as suppliers and clients and determine if they have a BCP Assess potential financial impact of an emergency on the business
Make a plan. A good BC plan recognises potential threats to an organization and analyses what impact they may have on day-to-day operations. It also provides a way to mitigate these threats, putting in place a framework which allows key functions of the business to continue even if the worst happens.
business continuity plan (BCP): A business continuity plan (BCP) is a document that consists of the critical information an organization needs to continue operating during an unplanned event.
A Business Continuity Plan (BCP) is a detailed strategy and set of systems for ensuring an organization's ability to prevent or rapidly recover from a significant disruption to its operations.The plan is essentially a playbook for how any type of organization—such as a private-sector company, a government agency or a school—will continue its day-to-day business during a disaster scenario ...
A framework for business plan is a supportive outline over which the business operations and details are spread. It comprises a sequence of business plan essentials to make sure you work on each aspect of your business and no significant feature is overlooked.