Anpassung und Reaktion auf Risiken mit einem Business Continuity Plan (BCP)
Von IBM Services
25 November 2020
Share this page on Twitter Share this page on Facebook Share this page on LinkedIn E-mail this page
Was ist ein Business Continuity Plan?
Ein business continuity plan (bcp) ist ein dokument, das beschreibt, wie ein unternehmen bei einer ungeplanten betriebsunterbrechung weiterarbeitet. er ist umfassender als ein disaster-recovery -plan und enthält eventualitäten für geschäftsprozesse, anlagen, personal und geschäftspartner – jeden aspekt des unternehmens, der betroffen sein könnte..
Die Pläne enthalten in der Regel eine Checkliste, die Material und Ausrüstung, Datensicherungen und Standorte für die Datensicherung umfasst. Pläne können auch Planadministratoren identifizieren und Kontaktinformationen für Notfallhelfer, Schlüsselpersonal und Anbieter von Backup-Standorten enthalten. Die Pläne können detaillierte Strategien bereitstellen, wie der Geschäftsbetrieb sowohl bei kurzfristigen als auch bei langfristigen Ausfällen aufrechterhalten werden kann.
Eine Schlüsselkomponente eines Business-Continuity-Plans (BCP) ist ein Disaster-Recovery-Plan, der Strategien für den Umgang mit IT-Unterbrechungen von Netzwerken, Servern, PCs und mobilen Geräten enthält. Der Plan sollte abdecken, wie Büroproduktivität und Unternehmenssoftware wiederhergestellt werden können, damit wichtige Geschäftsanforderungen erfüllt werden können. Manuelle Fehlerungehungen sollten im Plan skizziert werden, damit der Betrieb fortgesetzt werden kann, bis die Computersysteme wiederhergestellt werden können.
Es gibt drei Hauptaspekte für einen Business Continuity Plan für wichtige Anwendungen und Prozesse:
- Hochverfügbarkeit: Bereitstellung der Funktionalität und Prozesse, damit ein Unternehmen unabhängig von lokalen Ausfällen Zugriff auf Anwendungen hat. Diese Ausfälle können in den Geschäftsprozessen, in den physischen Einrichtungen oder in der IT-Hardware oder -Software liegen.
- Kontinuierlicher Betrieb: Sicherstellen der Fähigkeit, den Betrieb während einer Unterbrechung sowie während geplanter Ausfälle zu gewährleisten, z. B. bei geplanten Backups oder geplanten Wartungsarbeiten.
- Disaster-Recovery: Erstellen einer Methode zur Wiederherstellung eines Rechenzentrums an einem anderen Standort, wenn eine Katastrophe den primären Standort zerstört oder anderweitig funktionsunfähig macht.
Entwicklung von Business Continuity Plänen
Business Continuity Planning ist Anfang der 1970er Jahre aus der Disaster-Recovery-Planung hervorgegangen. Finanzorganisationen, wie Banken und Versicherungen, investierten in alternative Standorte. Backup-Bänder wurden an geschützten Standorten fernab von Computern gelagert. Die Wiederherstellungsmaßnahmen wurden fast immer durch ein Feuer, eine Überschwemmung, einen Sturm oder eine andere physische Verwüstung ausgelöst. In den 1980er Jahren wuchsen die kommerziellen Wiederherstellungsstandorte, die Computerdienste auf gemeinsamer Basis anboten, aber der Schwerpunkt lag immer noch nur auf der IT-Wiederherstellung.
Die 1990er Jahre brachten eine starke Zunahme der Globalisierung von Unternehmen und die Durchdringung des Datenzugriffs. Unternehmen dachten über Disaster-Recovery hinaus und ganzheitlicher über den gesamten Business-Continuity -Prozess nach. Sie erkannten, dass sie ohne einen gründlichen Business-Continuity-Plan Kunden und ihren Wettbewerbsvorteil verlieren könnten. Gleichzeitig wurde die Business-Continuity-Planung immer komplexer, da sie Anwendungsarchitekturen wie verteilte Anwendungen, verteilte Verarbeitung, verteilte Daten und hybride Rechenumgebungen berücksichtigen musste.
Unternehmen sind sich heute zunehmend ihrer Anfälligkeit für Cyber-Angriffe bewusst, die ein Unternehmen lahmlegen oder seine IT-Systeme dauerhaft zerstören können. Außerdem schaffen die digitale Transformation und die Hyperkonvergenz unbeabsichtigte Einfallstore für Risiken, Schwachstellen, Angriffe und Ausfälle. Business-Continuity-Pläne müssen eine Cyber-Resilience-Strategie beinhalten, die einem Unternehmen helfen kann, störende Cyber-Vorfälle zu überstehen. Die Pläne beinhalten in der Regel Möglichkeiten zur Abwehr dieser Risiken, zum Schutz kritischer Anwendungen und Daten und zur Wiederherstellung nach einer Verletzung oder einem Ausfall auf kontrollierte, messbare Weise.
Ein weiteres Problem sind die exponentiell wachsenden Datenmengen. Anwendungen wie Entscheidungsunterstützung, Data-Warehousing, Data-Mining und Customer Resource Management können Investitionen in Petabyte-Größe in Online-Speicher erfordern.
Die Datenrettung lässt sich nicht mehr eindimensional betrachten. Die komplexe IT-Infrastruktur der meisten Installationen übersteigt die Möglichkeiten der meisten Shops, so zu reagieren, wie sie es noch vor wenigen Jahren taten. Forschungsstudien haben gezeigt, dass Unternehmen, die sich irgendwie von einem unmittelbaren Katastrophenereignis erholt haben, ohne angemessene Planung häufig mittelfristig nicht überleben.
Warum ist ein Business Continuity Plan wichtig?
Es ist wichtig, einen Business Continuity Plan zu haben, der die Synchronisierung von Geschäftsprozessen, Anwendungen und IT-Infrastruktur identifiziert und berücksichtigt. Laut IDC kann ein Ausfall der Infrastruktur im Durchschnitt 100.000 USD pro Stunde kosten und ein Ausfall einer kritischen Anwendung kann 500.000 bis 1 Million USD pro Stunde kosten.
Um diesen vielen Bedrohungen standzuhalten und zu gedeihen, haben Unternehmen erkannt, dass sie mehr tun müssen, als eine zuverlässige Infrastruktur zu schaffen, die das Wachstum unterstützt und Daten schützt. Unternehmen entwickeln jetzt ganzheitliche Business-Continuity-Pläne, die den Betrieb aufrechterhalten, Daten schützen, die Marke sichern, Kunden binden – und letztlich helfen, die Gesamtbetriebskosten langfristig zu senken. Mit einem Business-Continuity-Plan können Ausfallzeiten minimiert und nachhaltige Verbesserungen in den Bereichen Business Continuity, IT-Disaster-Recovery, Krisenmanagement-Fähigkeiten des Unternehmens und Einhaltung gesetzlicher Vorschriften erreicht werden.
Die Entwicklung eines umfassenden Business-Continuity-Plans ist jedoch schwieriger geworden, da die Systeme zunehmend integriert und über hybride IT-Umgebungen verteilt sind, was potenzielle Schwachstellen schafft. Die Verknüpfung kritischerer Systeme miteinander, um höhere Erwartungen zu erfüllen, erschwert die Planung der Geschäftskontinuität – zusammen mit Disaster-Recovery, Ausfallsicherheit, Einhaltung gesetzlicher Vorschriften und Sicherheit. Wenn ein Glied in der Kette bricht oder angegriffen wird, können die Auswirkungen auf das gesamte Unternehmen übergreifen. Ein Unternehmen kann Umsatzeinbußen und ein schwindendes Kundenvertrauen erleiden, wenn es nicht in der Lage ist, die geschäftliche Widerstandsfähigkeit aufrechtzuerhalten und sich gleichzeitig schnell an Risiken und Chancen anzupassen und auf diese zu reagieren.
Einsatz von Consulting, Software und Cloud-basierten Lösungen für einen Business-Continuity-Plan
Viele Unternehmen haben Schwierigkeiten, ihre Ausfallsicherheitsstrategien schnell genug weiterzuentwickeln, um den heutigen hybriden IT-Umgebungen und sich ändernden Geschäftsanforderungen gerecht zu werden. In einer rund um die Uhr aktiven Welt können globale Unternehmen einen Wettbewerbsvorteil erlangen – oder Marktanteile verlieren – je nachdem, wie zuverlässig die IT-Ressourcen die Kerngeschäftsanforderungen erfüllen.
Einige Unternehmen nutzen externe Beratungsdienste für das Business Continuity Management , um die Synchronisierung von Geschäftsprozessen, Anwendungen und IT-Infrastrukturen zu identifizieren und zu verbessern. Berater können flexible Business-Continuity- und Disaster-Recovery-Beratung anbieten, um die Anforderungen eines Unternehmens zu erfüllen – einschließlich Bewertungen, Planung und Design, Implementierung, Tests und vollständigem Business-Continuity-Management.
Es gibt proaktive Services, wie die IBM IT Infrastructure Recovery Services, die Unternehmen dabei helfen, Risiken zu erkennen und sicherzustellen, dass sie auf die Erkennung, Reaktion und Wiederherstellung einer Störung vorbereitet sind.
Mit der Zunahme von Cyber-Angriffen gehen Unternehmen von einem traditionellen/manuellen Wiederherstellungsansatz zu einem automatisierten und softwaredefinierten Resiliency-Ansatz über. Der IBM Cyber Resilience Services Ansatz nutzt fortschrittliche Technologien und Best Practices, um Risiken zu bewerten, Prioritäten zu setzen und geschäftskritische Anwendungen und Daten zu schützen. Diese Services können Unternehmen auch dabei helfen, die IT während und nach einem Cyberangriff schnell wiederherzustellen.
Andere Unternehmen nutzen Cloud-basierte Backup-Services wie IBM Disaster Recovery as a Service (DRaaS) , um eine kontinuierliche Replikation von kritischen Anwendungen, Infrastrukturen, Daten und Systemen für eine schnelle Wiederherstellung nach einem IT-Ausfall zu gewährleisten. Es gibt auch Optionen für virtuelle Server, wie IBM Cloud Virtualized Server Recovery, um kritische Server in Echtzeit zu schützen. Dies ermöglicht eine schnelle Wiederherstellung Ihrer Anwendungen in einem IBM Resiliency Center, um den Betrieb während Wartungsarbeiten oder unerwarteten Ausfallzeiten aufrechtzuerhalten.
Für eine wachsende Zahl von Unternehmen liegt die Antwort in der Resiliency Orchestration, einem Cloud-basierten Ansatz, der die Automatisierung von Disaster-Recovery und eine Reihe von Business Continuity Management -Tools nutzt, die speziell für hybride IT-Umgebungen entwickelt wurden. IBM Resiliency Orchestration hilft beispielsweise dabei, Abhängigkeiten von Geschäftsprozessen über Anwendungen, Daten und Infrastrukturkomponenten hinweg zu schützen. Es erhöht die Verfügbarkeit von Geschäftsanwendungen, so dass Unternehmen über ein zentrales Dashboard auf die notwendigen Informationen auf hoher Ebene oder in der Tiefe hinsichtlich Recovery Point Objective (RPO), Recovery Time Objective (RTO) und dem allgemeinen Zustand der IT-Kontinuität zugreifen können.
Hauptmerkmale eines effektiven Business Continuity Plans (BCP)
Die Komponenten der Geschäftskontinuität sind:
- Strategie: Objekte, die sich auf die Strategien beziehen, die das Unternehmen verwendet, um die täglichen Aktivitäten zu erledigen und gleichzeitig einen kontinuierlichen Betrieb sicherzustellen
- Organisation: Objekte, die sich auf die Struktur, die Fähigkeiten, die Kommunikation und die Verantwortlichkeiten der Mitarbeiter beziehen
- Anwendungen und Daten: Objekte, die sich auf die Software beziehen, die notwendig ist, um den Geschäftsbetrieb zu ermöglichen, sowie die Methode zur Bereitstellung von Hochverfügbarkeit, die zur Implementierung dieser Software verwendet wird
- Prozesse: Objekte, die sich auf die kritischen Geschäftsprozesse beziehen, die für den Betrieb des Unternehmens notwendig sind, sowie die IT-Prozesse, die für einen reibungslosen Betrieb sorgen
- Technologie: Objekte, die sich auf die Systeme, das Netzwerk und die branchenspezifische Technologie beziehen, die erforderlich sind, um einen kontinuierlichen Betrieb und Backups für Anwendungen und Daten zu ermöglichen
- Einrichtungen: Objekte, die sich auf die Bereitstellung eines Disaster-Recovery-Standorts beziehen, wenn der primäre Standort zerstört ist
Der Business-Continuity-Plan wird zum Zeitpunkt eines Business-Continuity-Ereignisses oder einer Krise zu einer Quellenreferenz und zur Blaupause für die Strategie und Taktik zur Bewältigung des Ereignisses oder der Krise.
Die folgende Abbildung veranschaulicht einen Business-Continuity-Planungsprozess, der von IBM Global Technology Services verwendet wird. Es ist ein geschlossener Kreislauf, der kontinuierliche Iteration und Verbesserung als Ziel unterstützt. Der Planungsprozess besteht aus drei Hauptabschnitten:
- Geschäftspriorisierung: Identifizierung verschiedener Risiken, Bedrohungen und Schwachstellen und Festlegung von Prioritäten.
- Integration in die IT: Aus dem Input der Geschäftspriorisierung wird ein Gesamtentwurf für ein Business-Continuity-Programm erstellt.
- Management: Verwaltung dessen, was beurteilt und entworfen wurde.
- Skip to content
- Skip to search
- Skip to footer
What Is Business Continuity?
Business continuity is an organization's ability to maintain or quickly resume acceptable levels of product or service delivery following a short-term event that disrupts normal operations. Examples of disruptions range from natural disasters to power outages.
- Watch video (1:14)
- Business continuity
- Get a call from Sales
- Product / Technical Support
- Training & Certification
- US/CAN | 5am-5pm PT
Is business continuity the same as business resilience or disaster recovery?
Business continuity, disaster recovery, and business resilience are not the same, but they are related.
- Business continuity is a process-driven approach to maintaining operations in the event of an unplanned disruption such as a cyber attack or natural disaster. Business continuity planning covers the entire business—processes, assets, workers, and more. It isn't focused solely on IT infrastructure and business systems.
- Business resilience encompasses crisis management and business continuity. It requires a response to all types of risk that an organization may face. An organization that is business resilient is essentially in a constant state of "expecting the unexpected." It means continuously preparing to meet disruptions head-on, including events of extended duration that may affect more than one facility or region.
- Disaster recovery focuses specifically on how to restore an enterprise's IT infrastructure and business systems following a disruption. It is considered an element of business continuity. A business continuity plan (BCP) might contain several disaster recovery plans, for example.
What is a business continuity strategy?
A business continuity strategy is a summary of the mitigation, crisis, and recovery plans to be implemented after a disruption to resume normal operations. "Business continuity strategy" is often used interchangeably with "business continuity plan." Both consider the broader goals, legal and regulatory requirements, personnel, and even the business's clients and partners.
What does a business continuity plan mitigate?
A relevant and well-tested BCP can help ease the negative impacts of an unexpected business disruption in many ways.
- Financial impact: Disruptions to product supply chains and critical services to customers can directly affect sales and revenue. Downtime caused by unplanned disruptions can also result in higher costs for a business as it looks to repair operations and mitigate previously unidentified threats.
- Reputation and brand impact: Failure to resume operations quickly and supply customers with the products or services they expect can prompt customer defections and tarnish the brand. Damage to reputation can in turn cause investors and capital sources to pull back funding, exacerbating the financial impact of a business disruption.
- Regulatory impact: Customers and vendors are likely to complain when businesses fail to respond appropriately to disruptions, which may result in regulatory scrutiny or even censure. In highly-regulated industries, such as energy and financial services, business continuity planning is mandatory to ensure regulatory compliance.
Business continuity planning activities
A well-crafted and tested BCP can go a long way toward helping a business recover swiftly from a disruption. These are key steps a business may want to take.
Identifying critical business areas and functions
Business continuity planning begins with identifying an organization's key business areas and the critical functions within those areas. A business needs to determine and document the acceptable downtime for each area and function considered vital to operations. Then a plan to restore operations can be established, documented, and communicated.
Analyzing risks, threats, and potential impacts
Creating appropriate response scenarios requires knowing what disruptions the business could experience. An upfront analysis of risks and threats is necessary in order to prepare contingency responses to events. Organizations can also conduct a back-end analysis after an event to gather metrics and assess lessons learned. This information can drive improvements in how the business responds to disruptions.
Outlining and assigning responsibilities
A BCP details which personnel will be responsible for implementing specific aspects of the plan. It also identifies key decision-makers and a chain of command. The plan should include alternative options in case primary personnel are incapacitated or unavailable to respond to the disruption.
Defining and documenting alternatives
A business continuity plan should define and document alternative communication strategies in case telephone services or the internet are down. Enterprises should also have alternatives for mission-critical spaces such as data centers or manufacturing facilities in case buildings are damaged.
Assessing the need for critical backups
Essential equipment may be damaged or unavailable during a disruptive event. A business should consider whether it has access to backup equipment and uninterruptible power supplies (UPS) during extended power outages. Business-critical data needs to be backed up regularly, and is mandatory in many regulated industries.
Testing, training, and communication
Business continuity plans need to be tested to ensure they will be effective. (Disaster recovery plans should be tested as well.) A best practice is to conduct a plan review at least quarterly with leadership and key team members who are responsible for executing the plan.
Many companies use role-playing sessions, simulations, and other types of exercises several times per year to test their BCPs. This approach helps to identify gaps, develop strategies for improvement, and determine if more resources are needed. Targeted staff training and communicating to the whole workforce the benefits of having a business continuity plan are also vital to its success.
Related products and solutions
- Cisco Webex Contact Center
- Virtual Desktop Infrastructure (VDI)
- Cisco Intersight Workload Optimizer
- AppDynamics Application Performance Management
- ThousandEyes End User Monitoring
- ThousandEyes Endpoint Agents
You may also like…
- Cisco’s Business Resiliency Strategy
- Business Continuity Blogs
- Business Continuity Planning
- Business Continuity Plan
Business Continuity Plan Template
Prepare for business disruption and disaster recovery.
Start using template
- Customize and create
- Use instantly
- Automatically generate reports from checklists
Use this Business Continuity Plan (BCP) template as an outline for your business continuity plan that will critically assess all aspects of the business and make sure the emergency procedures and equipment are adequate. This business continuity template can help with ISO 22301 compliance and allow business continuity managers and consultants to:
- Identify key business functions and components to be prioritized for restoration and recovery during an emergency.
- Add list of processes/equipment most at risk of disrupting business operations.
- Discuss roles and responsibilities of key personnel and gather confirmation (digital signatures).
Click on the Web or PDF report below to view the business continuity plan example.
- Preview Sample Digital Report
- Preview Sample PDF Report
Updated 15 Feb 2023 , Published 1 Feb 2019
What is a Business Continuity Plan Template?
A Business Continuity Plan (BCP) template is a tool used by business continuity managers and IT teams to outline strategies for keeping businesses operational despite emergencies such as extreme weather events, building evacuations, power outages, etc. It identifies high business impact operational areas, assets, and recovery strategies with assigned personnel.
Download Free Template
Business continuity templates can be used in any industry for IT disaster recovery, continuity of customer-facing operations, and backup of transport & logistics operations.
In this article
7 elements of business continuity planning, components of a bcp template with examples, faqs about bcp, how do you write a business continuity plan with safetyculture (formerly iauditor), featured business continuity plan templates.
When the COVID-19 pandemic hit the world, the economy took a massive hit. The need for a business continuity plan became more apparent to organizations. Business continuity planning enables businesses, small or large, to build a more resilient operation.
A Business Continuity Plan should include:
1. BCP Team
In the midst of a disaster or emergency, having a team or point person to go to will be essential. The BCP team will be responsible for planning and testing business continuity strategies. Background of each member in the BCP team can vary from organization managers or supervisors to specialists.
2. Business Impact Analysis
A business impact analysis (BIA) identifies, quantifies, and qualifies the impact of a loss, interruption, or disruption. Having a BIA will be essential in discovering risks that your business is exposed to and the potential disruptions that may occur.
3. Risk Mitigation
This element pertains to the strategies against the risks that were discovered during the BIA. Risk mitigation strategies may include putting up security and safety systems in the workplace, conducting preventive maintenance of vehicles, machines, equipment, or any asset vital to operations, and training of employees, among others.
4. Business Continuity Strategies
A good business continuity plan should establish strategies or alternate practices to keep the business running despite disruptions or disasters. An example of a continuity strategy that a lot of businesses had to implement during the pandemic was remote working or work-from-home. This enabled businesses to continue their operations and keep their employees safe from contracting COVID-19 in the workplace.
5. Business Continuity Plan
The business continuity plan is a combination of findings from the performed BIA and the recovery strategies established by the organization. A BCP plan typically includes 4 key components: scope & objectives, operations at risk, recovery strategy, and roles and responsibilities.
All relevant personnel associated with the business continuity, disaster recovery, and incident response process should be trained according to the BCP plan that’s established and agreed upon.
In the testing phase, strategies and plans are being rehearsed or exercised to demonstrate its effectiveness. Testing the plan before rolling it out will enable the BCP team to discover potential flaws and fix them before they lead to damage or injury. It is recommended to review and test the plan periodically to ensure that all protocols and strategies are up-to-date.
Business Continuity Plan Template | Preview Sample PDF Report
BCP serves as a guide for organizations on creating an effective strategy for responding to potential business-disrupting events. Here are four key components of a BCP:
Scope & Objectives
States the purpose of the BCP, including specific business functions that should be prioritized for recovery during an emergency. This section should include examples of emergency events that would trigger the response of this BCP.
This BCP is to ensure the continuity of IT services and customer lines in the event of an unforeseen and prolonged power shutdown. Power disruption could be caused by emergency weather conditions or a building fire. Functional areas that are prioritized for recovery in this BCP include the customer support desk and finance team.
Operations at Risk
Includes possible risks with key operational functions which would greatly disrupt business and customer continuity. This also involves the magnitude of risk to each function, which will help the BCP committee decide on appropriate preventive actions.
Operation: Customer Support Operation Description: Customer support team looking after 24-hour global operations of live chat and customer calls for US, EMEA and APAC regions Business Impact: Critical Impact description: 100% of live chats go through the customer support team in Manila. 20% of live calls are routed to Manila office. A disruption would mean no more live chat support and customers experiencing significant wait times on calls Project timeline and team schedules
Outlines all the relevant procedures to restore business operations after an incident or crisis. A good recovery strategy includes a realistic recovery timeline and essential emergency resources.
IT personnel and BCP committees should operate alternate backup programs and servers to help save customer requests after power outage. Customer support should be able to receive the requests and respond to customers within 30 minutes. IT Director should operate alternate server rooms in Area B if the power outage last more than an hour to prevent huge revenue loss.
Roles & Responsibilities
Refers to key personnel and their assigned tasks during or after an incident. Each committee member has a unique set of responsibilities to successfully carry out the BCP for each business function.
Representative: Jon Sims Role: Head of Operations Contact Details: [email protected] Description of Responsibilities: 1. Must ensure BCPs are updated and must coordinate with team leaders regarding changes 2. Helps notify key stakeholders in EMEA region of threats in Customer Support programs & tools
Business Continuity Planning (BCP) is important because it helps organizations protect their business amid a crisis or emergency. A business continuity plan contains instructions that will serve as a guide for the organization to maintain their operations.
A business continuity plan should be tested at least every 6 months to verify the BCP’s effectiveness. Frequent testing can also allow the discovery of gaps, and potential issues. This will help the organization update protocols and strategies accordingly.
BCP documents should be updated regularly. If any organizational changes have been made in terms of team structures and operational procedures, the BCP should be updated. A review will be conducted to check if information in the BCP is still reliable. .
Outdated BCPs might result in loss of customer trust, huge revenue loss, and damage to brand and company reputation. This is why it is crucial for BCPs to remain up-to-date.
Regular BCP audits are essential to help evaluate emergency procedures and identify if there are vulnerabilities. They also help realign emergency procedures to the ISO 22301 standard, business goals, and industry practices. Up-to-date and efficient BCPs help businesses effectively manage any unexpected event, prevent extra costs, and continuously develop their overall processes and key functions. Using a business continuity plan checklist can aid business continuity managers and IT teams to ensure comprehensive BCP audit reports.
SafetyCulture , the world’s leading digital form mobile software, can help businesses create and prepare a good business continuity plan more efficiently. Paper-based business continuity plan templates and Excel spreadsheets can be troublesome for management to keep and regularly update. With SafetyCulture as a business continuity software , businesses can switch to a paperless planning process where you can create your own templates, easily assess the accuracy of recovery procedures, and update your plans as needed in your mobile device. With SafetyCulture, you can:
- Create and customize business continuity plans using your desktop, iPad, or even on your mobile phone
- Easily assign tasks to key personnel and BCP committee members
- Use speech to text dictation to easily complete audits
- Gather photographic evidence in your BCP drills
- Record electronic signatures as required
- Send and share an updated business continuity plan report to your team in a few taps. See sample business continuity plan PDF report here .
- Automatically save your BCPs in the cloud
To help you get started on your paperless planning, we have created the business continuity templates and checklists you can download and customize for free.
Business Continuity and Disaster Recovery Plan Template (IT)
A business continuity and disaster recovery plan template is used to identify business functions at risk during an emergency and come up with a plan for continuous operation and recovery. This business continuity and disaster recovery plan template aims to help IT teams and business continuity managers become proactive in preparing for events that could disrupt operations and come up with strategies for disaster recovery. This template empowers you to:
- Specify and prioritize IT functions for recovery during a disaster.
- Describe IT equipment/ systems at risk in disrupting normal operations and essential backup programs needed for recovery.
- Confirm assigned tasks with IT team members through their digital signatures.
Business Continuity Plan Checklist
Perform regular audits of your organization’s BCP with a business continuity plan checklist. Whether small or medium business, this checklist can be used to ensure BCPs are up to date and reflect current high impact operations. Review key operational functions outlined in the BCP including recovery strategies and relevant assigned resources. SafetyCulture (iAuditor) BCP templates can be edited to fit the organization’s needs.
- Download PDF Report
Business Continuity Awareness Checklist
This template highlights the importance of employee awareness and employee knowledge of business continuity plans and business continuity processes. As a business continuity process template, this document helps:
- Gauge the level of understanding employees have regarding BCP processes.
- Determine opportunities how to better acclimate teams to internal business continuity plans.
- Identify the need for continuous improvement of business continuity programs.
SafetyCulture staff writer
Erick Brent Francisco
Erick Brent Francisco is a content writer and researcher for SafetyCulture since 2018. As a content specialist, he is interested in learning and sharing how technology can improve work processes and workplace safety. His experience in logistics, banking and financial services, and retail helps enrich the quality of information in his articles.
Explore more templates
A business continuity and disaster recovery plan template is used to identify business functions at risk during an emergency and…
Download free Read more
Perform regular audits of your organization’s BCP with a business continuity plan checklist. Whether small or medium business, this checklist…
This template highlights the importance of employee awareness and employee knowledge of business continuity plans and business continuity processes. As…
- RIDDOR Report
- Employee Self-Evaluation Form
- Peer Evaluation Form
- Food Hygiene Inspection Checklist
- Environmental Audit Checklist
- Asset Tracking Software
- Task Management Software
- Lone Worker Safety Devices
- Farm Equipment Maintenance Software
- MRO Software
An official website of the United States government
Here’s how you know
Official websites use .gov A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS A lock ( Lock A locked padlock ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
Business Continuity Plan
Business Continuity Planning Process Diagram - Text Version
When business is disrupted, it can cost money. Lost revenues plus extra expenses means reduced profits. Insurance does not cover all costs and cannot replace customers that defect to the competition. A business continuity plan to continue business is essential. Development of a business continuity plan includes four steps:
- Conduct a business impact analysis to identify time-sensitive or critical business functions and processes and the resources that support them.
- Identify, document, and implement to recover critical business functions and processes.
- Organize a business continuity team and compile a business continuity plan to manage a business disruption.
- Conduct training for the business continuity team and testing and exercises to evaluate recovery strategies and the plan.
Information technology (IT) includes many components such as networks, servers, desktop and laptop computers and wireless devices. The ability to run both office productivity and enterprise software is critical. Therefore, recovery strategies for information technology should be developed so technology can be restored in time to meet the needs of the business. Manual workarounds should be part of the IT plan so business can continue while computer systems are being restored.
Resources for Business Continuity Planning
- Standard on Disaster/Emergency Management and Business Continuity Programs - National Fire Protection Association (NFPA) 1600
- Professional Practices for Business Continuity Professionals - DRI International (non-profit business continuity education and certification body)
- Continuity Guidance Circular - Federal Emergency Management Agency
- Open for Business® Toolkit - Institute for Business & Home Safety
Business Continuity Impact Analysis
Business continuity impact analysis identifies the effects resulting from disruption of business functions and processes. It also uses information to make decisions about recovery priorities and strategies.
The Operational & Financial Impacts worksheet can be used to capture this information as discussed in Business Impact Analysis . The worksheet should be completed by business function and process managers with sufficient knowledge of the business. Once all worksheets are completed, the worksheets can be tabulated to summarize:
- the operational and financial impacts resulting from the loss of individual business functions and process
- the point in time when loss of a function or process would result in the identified business impacts
Those functions or processes with the highest potential operational and financial impacts become priorities for restoration. The point in time when a function or process must be recovered, before unacceptable consequences could occur, is often referred to as the “Recovery Time Objective.”
Resource Required to Support Recovery Strategies
Recovery of a critical or time-sensitive process requires resources. The Business Continuity Resource Requirements worksheet should be completed by business function and process managers. Completed worksheets are used to determine the resource requirements for recovery strategies.
Following an incident that disrupts business operations, resources will be needed to carry out recovery strategies and to restore normal business operations. Resources can come from within the business or be provided by third parties. Resources include:
- Office space, furniture and equipment
- Technology (computers, peripherals, communication equipment, software and data)
- Vital records (electronic and hard copy)
- Production facilities, machinery and equipment
- Inventory including raw materials, finished goods and goods in production.
- Utilities (power, natural gas, water, sewer, telephone, internet, wireless)
- Third party services
Since all resources cannot be replaced immediately following a loss, managers should estimate the resources that will be needed in the hours, days and weeks following an incident.
Conducting the Business Continuity Impact Analysis
The worksheets Operational and Financial Impacts and Business Continuity Resource Requirements should be distributed to business process managers along with instructions about the process and how the information will be used. After all managers have completed their worksheets, information should be reviewed. Gaps or inconsistencies should be identified. Meetings with individual managers should be held to clarify information and obtain missing information.
After all worksheets have been completed and validated, the priorities for restoration of business processes should be identified. Primary and dependent resource requirements should also be identified. This information will be used to develop recovery strategies.
If a facility is damaged, production machinery breaks down, a supplier fails to deliver or information technology is disrupted, business is impacted and the financial losses can begin to grow. Recovery strategies are alternate means to restore business operations to a minimum acceptable level following a business disruption and are prioritized by the recovery time objectives (RTO) developed during the business impact analysis .
Recovery strategies require resources including people, facilities, equipment, materials and information technology. An analysis of the resources required to execute recovery strategies should be conducted to identify gaps. For example, if a machine fails but other machines are readily available to make up lost production, then there is no resource gap. However, if all machines are lost due to a flood, and insufficient undamaged inventory is available to meet customer demand until production is restored, production might be made up by machines at another facility—whether owned or contracted.
Strategies may involve contracting with third parties, entering into partnership or reciprocal agreements or displacing other activities within the company. Staff with in-depth knowledge of business functions and processes are in the best position to determine what will work. Possible alternatives should be explored and presented to management for approval and to decide how much to spend.
Depending upon the size of the company and resources available, there may be many recovery strategies that can be explored.
Utilization of other owned or controlled facilities performing similar work is one option. Operations may be relocated to an alternate site - assuming both are not impacted by the same incident. This strategy also assumes that the surviving site has the resources and capacity to assume the work of the impacted site. Prioritization of production or service levels, providing additional staff and resources and other action would be needed if capacity at the second site is inadequate.
Telecommuting is a strategy employed when staff can work from home through remote connectivity. It can be used in combination with other strategies to reduce alternate site requirements. This strategy requires ensuring telecommuters have a suitable home work environment and are equipped with or have access to a computer with required applications and data, peripherals, and a secure broadband connection.
In an emergency, space at another facility can be put to use. Cafeterias, conference rooms and training rooms can be converted to office space or to other uses when needed. Equipping converted space with furnishings, equipment, power, connectivity and other resources would be required to meet the needs of workers.
Partnership or reciprocal agreements can be arranged with other businesses or organizations that can support each other in the event of a disaster. Assuming space is available, issues such as the capacity and connectivity of telecommunications and information technology, protection of privacy and intellectual property, the impacts to each other’s operation and allocating expenses must be addressed. Agreements should be negotiated in writing and documented in the business continuity plan. Periodic review of the agreement is needed to determine if there is a change in the ability of each party to support the other.
There are many vendors that support business continuity and information technology recovery strategies. External suppliers can provide a full business environment including office space and live data centers ready to be occupied. Other options include provision of technology equipped office trailers, replacement machinery and other equipment. The availability and cost of these options can be affected when a regional disaster results in competition for these resources.
There are multiple strategies for recovery of manufacturing operations. Many of these strategies include use of existing owned or leased facilities. Manufacturing strategies include:
- Shifting production from one facility to another
- Increasing manufacturing output at operational facilities
- Retooling production from one item to another
- Prioritization of production—by profit margin or customer relationship
- Maintaining higher raw materials or finished goods inventory
- Reallocating existing inventory, repurchase or buyback of inventory
- Limiting orders (e.g., maximum order size or unit quantity)
- Contracting with third parties
- Purchasing business interruption insurance
There are many factors to consider in manufacturing recovery strategies:
- Will a facility be available when needed?
- How much time will it take to shift production from one product to another?
- How much will it cost to shift production from one product to another?
- How much revenue would be lost when displacing other production?
- How much extra time will it take to receive raw materials or ship finished goods to customers? Will the extra time impact customer relationships?
- Are there any regulations that would restrict shifting production?
- What quality issues could arise if production is shifted or outsourced?
- Are there any long-term consequences associated with a strategy?
Resources for Developing Recovery Strategies
- The Telework Coalition (America’s leading nonprofit telework education and advocacy organization)
Telephones are ringing and customer service staff is busy talking with customers and keying orders into the computer system. The electronic order entry system checks available inventory, processes payments and routes orders to the distribution center for fulfillment. Suddenly the order entry system goes down. What should the customer service staff do now? If the staff is equipped with paper order forms, order processing can continue until the electronic system comes back up and no phone orders will be lost.
The order forms and procedures for using them are examples of “manual workarounds.” These workarounds are recovery strategies for use when information technology resources are not available.
Developing Manual Workarounds
Identify the steps in the automated process - creating a diagram of the process can help. Consider the following aspects of information and work flow:
Internal Interfaces (department, person, activity and resource requirements)
- External Interfaces (company, contact person, activity and resource requirements)
- Tasks (in sequential order)
- Manual intervention points
Create data collection forms to capture information and define processes for manual handling of the information collected. Establish control logs to document transactions and track their progress through the manual system.
Manual workarounds require manual labor, so you may need to reassign staff or bring in temporary assistance.
Last Updated: 05/26/2021
Return to top
Global Consumer Insights Pulse Survey - June 2022
Achieving net zero infrastructure
Manufacturing COO Pulse Survey
Ukraine: Tax, Legal and People considerations
Digital Trust Insights Survey 2022
M&A industry trends report
The Leadership Agenda
26th Annual Global CEO Survey
strategy+business — a PwC publication
The New Equation
PwC's Global Annual Review
Committing to Net Zero by 2030
No Match Found
A holistic approach .
Can your organisation sustain operations in the midst of a serious crisis? How do you identify “mission-critical” processes? Do you have a backup strategy in the event of a massive disruption in your technology, facilities or other functions? Are your employees trained to respond during business disruptions?
Companies that take a holistic approach to business continuity management develop the ability to identify, prevent and prepare for events that may disrupt normal activities.
A fully integrated business continuity strategy helps to build an overall culture of resilience .
67% of organisations applied a business continuity plan as part of their response to the COVID-19 pandemic. Source: PwC’s Global Crisis Survey 2021
Business continuity and a culture of resilience
Business continuity means more than just making sure the lights stay on when a crisis hits. The benefits of establishing a business continuity strategy include:
- Resilience: With greater awareness of what really matters during a crisis, you can focus resources effectively.
- Employee engagement and ownership: Your people understand their roles and responsibilities in a crisis, and are invested in executing a seamless recovery .
- Strategic recovery plans: Pre-defined strategic decisions are embedded into recovery plans to guide your people toward a common goal during disruption.
- Detailed business impacts and risks identified: Potential risks and areas of concern can be mitigated in “peace time” rather than in the heat of a crisis.
- Empowered leadership: Leaders are actively enabled to monitor the state of resilience within the organisation and provide hands-on guidance and support.
- Continuous improvement: Tests, drills and simulation exercises help you understand what works and what doesn’t, enabling continued resilience and growth.
Assessing an organisation’s business continuity program
Effective business continuity programs have a common framework, core capabilities, and coordination of resources and activities to plan for and respond to events.
PwC’s Organizational Preparedness Assessment (OPA), based on leading industry practices, helps organisations identify program blind spots and provides actionable recommendations to enhance program maturity.
PwC’s business continuity planning solutions
We’ve built scalable solutions to create a bespoke solution for each of our clients:
- Business continuity program assessment and design
- Business impact analysis and interruption risk assessment
- Recovery plan creation and resilience improvement
- Business continuity program exercises, maintenance and training
- Business continuity program technology enablement and enterprise risk management integration
- Third-party resilience framework and analysis
- Crisis management program development and exercises
- Information technology disaster recovery and business continuity program alignment and analysis
PwC brings depth and experience to support your response to an enterprise-wide crisis
Our PwC crisis management teams have developed tools and processes to help you survive an unexpected event and emerge stronger.
We take a holistic view of your organisation’s business continuity needs. And as your trusted advisor, we’ll help you build resilience for the long term.
We welcome your comments
Your request / feedback has been routed to the appropriate person. Should you need to reference this in the future we have assigned it the reference number "refID" .
Thank you for your comments / suggestions.
Required fields are marked with an asterisk( * )
Please correct the errors and send your information again.
Tick this box to verify you are not a robot
By submitting your email address, you acknowledge that you have read the Privacy Statement and that you consent to our processing data in accordance with the Privacy Statement (including international transfers). If you change your mind at any time about wishing to receive the information from us, you can send us an email message using the Contact Us page.
Global Crisis & Resilience Co-Leader, PwC United States
Tel: +1 678 419 1355
Global Crisis & Resilience Co-Leader, PwC United Kingdom
Tel: +44 (0)7483 422701
© 2017 - 2023 PwC. All rights reserved. PwC refers to the PwC network and/or one or more of its member firms, each of which is a separate legal entity. Please see www.pwc.com/structure for further details.
- Legal notices
- Legal disclaimer
- Terms and conditions
Contingency and business continuity planning best practices – Beyond templates and checklists
Contingency planning is a broad term. in theory, any business continuity checklist can be developed around issues as mundane as organizing fire drills (don’t forget to take your laptop with you). but if the covid-19 crisis is any indication as to how quickly normal operations can be upended, today’s hr organizations should be thinking about and creating business continuity plans for a much wider range of scenarios..
Everything should be on the table, from the next pandemic to preventable and unpreventable scenarios alike. Think natural disasters, accidents, intentional acts, IT outages, you name it. In each case, lay out how operations and resources must be shifted, refocused, removed, or added to maintain as much business continuity as possible.
All this begs the question of where to begin.
The short answer is anywhere and everywhere, all at once, so the organization isn’t caught flat-footed, as so many were at the start of 2020. But the long answer is that there are several emergency-preparedness best practices that HR managers should adhere to in part or in sum to ensure business continuity in the face of a crisis. Keeping these best practices in mind will inform the foundation of a business continuity plan template that can be followed, expanded upon, or customized to fit any situation as it develops.
How to create a contingency plan: Critical elements
There’s power in communication and policy alike. So before developing tactical steps to suit any possible scenario, it’s important to think of contingency planning as encapsulating three ideas:
- What workers want, which is essentially the employee experience in an emergency situation;
- Perception, which comprises the rumors circulating about how the company is handling the situation; and
- Business needs, which is how the company is performing in terms of maintaining business continuity and serving customers effectively.
Where these three overlap is the feedback loop – when, where, how, with what frequency, and the authenticity of communication between the company and its employees about the adverse event or situation.
Critical elements to consider in a contingency plan.
The feedback has to be timely, and whoever delivers the communication has to be honest and transparent.
Greg Selke, VP and HR value advisor, SAP SuccessFactors
“The feedback has to be timely, and whoever delivers the communication has to be honest and transparent,” says Greg Selke, vice president and HR value advisor for SAP SuccessFactors. And as part of any business continuity plan, he explains, the methods of communication need to be planned well in advance. If, in the aftermath of unfortunate events, HR managers are deciding whether to send an email or text message to employees, the action plan is already lagging. But the more important thing to remember about the model above, Selke notes, is that it can work as well for a company of 20 employees as for one of 200,000.
The model must, however, be underpinned by a robust examination and evolution of policy. That requires equal parts intelligence and agility, particularly for a situation like the COVID-19 pandemic, since no one knows what a return to normal even looks like, never mind if and when it will be possible. This should include everything from rethinking what performance management looks like to providing resources or even time off for employees to manage stress – or perhaps help with their school-age kids’ homework. It all speaks to a better employee experience while still holding workers accountable for results. Still, policy flexibility is essential.
Think of it like this. What if a company asks sales reps to arrange in-person meetings, but some feel it’s unsafe? Or what if the clients don’t want to be visited due to safety concerns? What about employees with disabilities or those at a higher risk of severe coronavirus symptoms? HR managers need to weigh all these types of scenarios and more as they augment emergency preparedness strategies with new policies. The employee experience of any situation is what should drive the business continuity response.
It’s only after the above three elements – what workers want, perception and business needs, and the overlapping feedback – are carefully considered that specific plans should be laid out.
Find the right framework: Common characteristics of continuity plans
There are multiple business continuity plan samples to be found online, all of which help lay out the types of steps and procedures for different types of companies, nonprofits, and public services – even schools. As an HR leader begins determining tactical steps in any of those frameworks to preserve the business amid several unfortunate scenarios, a few key components should stay front and center of plans that address both small- and large-scale situations.
While this is a broad and often overused term, in the context of business continuity it’s perhaps the most important consideration. It’s not just about people being able to work remotely; it’s about the company’s ability to communicate with everyone, wherever they are. Here are a few questions to start with:
- Are emergency contacts in place for everyone?
- What are the key business-critical roles and who holds them?
- Are there tools in place that ensure worker safety?
- Do employees have the ability to view their personal data and manage benefits , time off, and scheduling to adapt to the crisis at hand?
- Does the organization have the ability to gather clear insights on what employees are thinking and expecting from the company so HR can take quick, appropriate action?
The more HR leaders can think about agility in these terms and employ the proper tools (many of them interconnected and cloud-enabled), the easier it will be to develop a more comprehensive set of contingency plans.
When talking about business-critical roles, HR needs to be able to identify the required skills, potential successors, and alternates who can step in at a time of crisis. As part of contingency planning, HR professionals should be constantly imagining and reconfiguring the organization for certain and uncertain times alike. That means thinking about positions or even entire departments that might need to be moved, reconfigured, or reallocated under various business conditions and scenarios. It’s also important to have insight and analytics that lay out the wider effects any of these emergency-situation reconfigurations will have on the company – to payroll or diversity, for example. After all, realigning resources to fit with new goals will only go so far if it doesn’t deliver the cost savings required in leaner times or if it adversely affects diversity and inclusion – some of the most important considerations in any company’s long-term plans.
Most would file training, upskilling, and reskilling under agility (above), but in the context of business contingency planning, training takes on a different meaning. In terms of keeping operations running during uncertain times, having a robust training program in place well in advance of any crisis helps HR managers avoid frantic hiring when and if the corporate strategy needs to shift.
By defining the types of jobs that will be necessary and the requisite skills for each, then instituting the appropriate learning tools, HR managers can set up, launch, and track the needed training programs. This may constitute upskilling or reskilling initiatives – or a combination of the two – in line with business objectives likely to arise in the face of specific emergency situations. Either way, this means setting the concept of skills at the center of the HR talent approach so that they are the foundation of both job descriptions and people’s careers – and are ready for further development before adverse conditions arise.
Realigning and reconnecting
In times of normal operations, businesses tend to have little trouble setting goals and communicating them to employees. People tend to know the targets they’re working toward. However, when operations are disrupted by a pandemic, natural disaster, or some other short- or long-term situation, the goals tend to go out the window. But it’s not just about scaling back expectations. In order to preserve business continuity, objectives might have to be completely redefined, so it’s critical to set new targets, communicate them clearly, and keep track of how workers are performing toward those new objectives.
It’s also important that everyone and everything is working in harmony, even mid-crisis. HR managers in particular should look for digital toolkits that help teams, departments, groups of employees, HR – really anyone – communicate and collaborate without the hassle of adding IT infrastructure. The more employees can share knowledge and information with one another quickly and easily in times of uncertainty, the more resilient the business will be.
Balancing the business with the employee experience
While continuity planning is about having both the right mindset and set of tools in place so the company can pivot broadly or selectively in response to a crisis, HR managers must always walk the uncomfortable tightrope between employee advocacy and business strategy. At the same time, however, HR can’t and shouldn’t go it alone.
Effective preparedness requires input and buy-in throughout the organization – from the CEO to legal to finance to health and safety. HR should take the lead, but the best-prepared companies bring all the aforementioned functions to the table to plan and act accordingly so no one person – not even the CHRO – is making critical decisions in a vacuum. This approach not only puts the company in a better place for crises on the horizon, it underscores the unique role that HR plays in caring for employees while simultaneously honoring a commitment to ensure business continuity. Making accessible, intuitive technology a part of those plans only strengthens the understanding of HR’s mandate up and down the organization.
It shouldn’t take a once-in-a-generation earthquake or pandemic for everyone in the company to understand that. But if best practices are followed when developing continuity plans, a company’s preparedness will ensure business agility and resiliency in the short and long terms.
Explore SAP SuccessFactors HXM Suite
Access resources to help you manage your business in times of crisis.
More in this series
Sap insights newsletter, subscribe today.
Gain key insights by subscribing to our newsletter.
- Connect with us on Twitter
- Search Search Please fill out this field.
- Business Continuity Plan Basics
- Understanding BCPs
- Benefits of BCPs
- How to Create a BCP
- BCP & Impact Analysis
- BCP vs. Disaster Recovery Plan
Frequently Asked Questions
- Business Continuity Plan FAQs
The Bottom Line
What Is a Business Continuity Plan (BCP), and How Does It Work?
Pete Rathburn is a copy editor and fact-checker with expertise in economics and personal finance and over twenty years of experience in the classroom.
Investopedia / Ryan Oakley
What Is a Business Continuity Plan (BCP)?
A business continuity plan (BCP) is a system of prevention and recovery from potential threats to a company. The plan ensures that personnel and assets are protected and are able to function quickly in the event of a disaster.
- Business continuity plans (BCPs) are prevention and recovery systems for potential threats, such as natural disasters or cyber-attacks.
- BCP is designed to protect personnel and assets and make sure they can function quickly when disaster strikes.
- BCPs should be tested to ensure there are no weaknesses, which can be identified and corrected.
Understanding Business Continuity Plans (BCPs)
BCP involves defining any and all risks that can affect the company's operations, making it an important part of the organization's risk management strategy. Risks may include natural disasters—fire, flood, or weather-related events—and cyber-attacks . Once the risks are identified, the plan should also include:
- Determining how those risks will affect operations
- Implementing safeguards and procedures to mitigate the risks
- Testing procedures to ensure they work
- Reviewing the process to make sure that it is up to date
BCPs are an important part of any business. Threats and disruptions mean a loss of revenue and higher costs, which leads to a drop in profitability. And businesses can't rely on insurance alone because it doesn't cover all the costs and the customers who move to the competition. It is generally conceived in advance and involves input from key stakeholders and personnel.
Business impact analysis, recovery, organization, and training are all steps corporations need to follow when creating a Business Continuity Plan.
Benefits of a Business Continuity Plan
Businesses are prone to a host of disasters that vary in degree from minor to catastrophic. Business continuity planning is typically meant to help a company continue operating in the event of major disasters such as fires. BCPs are different from a disaster recovery plan, which focuses on the recovery of a company's IT system after a crisis.
Consider a finance company based in a major city. It may put a BCP in place by taking steps including backing up its computer and client files offsite. If something were to happen to the company's corporate office, its satellite offices would still have access to important information.
An important point to note is that BCP may not be as effective if a large portion of the population is affected, as in the case of a disease outbreak. Nonetheless, BCPs can improve risk management—preventing disruptions from spreading. They can also help mitigate downtime of networks or technology, saving the company money.
How to Create a Business Continuity Plan
There are several steps many companies must follow to develop a solid BCP. They include:
- Business Impact Analysis : Here, the business will identify functions and related resources that are time-sensitive. (More on this below.)
- Recovery : In this portion, the business must identify and implement steps to recover critical business functions.
- Organization : A continuity team must be created. This team will devise a plan to manage the disruption.
- Training : The continuity team must be trained and tested. Members of the team should also complete exercises that go over the plan and strategies.
Companies may also find it useful to come up with a checklist that includes key details such as emergency contact information, a list of resources the continuity team may need, where backup data and other required information are housed or stored, and other important personnel.
Along with testing the continuity team, the company should also test the BCP itself. It should be tested several times to ensure it can be applied to many different risk scenarios . This will help identify any weaknesses in the plan which can then be identified and corrected.
In order for a business continuity plan to be successful, all employees—even those who aren't on the continuity team—must be aware of the plan.
Business Continuity Impact Analysis
An important part of developing a BCP is a business continuity impact analysis. It identifies the effects of disruption of business functions and processes. It also uses the information to make decisions about recovery priorities and strategies.
FEMA provides an operational and financial impact worksheet to help run a business continuity analysis. The worksheet should be completed by business function and process managers who are well acquainted with the business. These worksheets will summarize the following:
- The impacts—both financial and operational—that stem from the loss of individual business functions and process
- Identifying when the loss of a function or process would result in the identified business impacts
Completing the analysis can help companies identify and prioritize the processes that have the most impact on the business's financial and operational functions. The point at which they must be recovered is generally known as the “recovery time objective.”
Business Continuity Plan vs. Disaster Recovery Plan
BCPs and disaster recovery plans are similar in nature, the latter focuses on technology and information technology (IT) infrastructure. BCPs are more encompassing—focusing on the entire organization, such as customer service and supply chain.
BCPs focus on reducing overall costs or losses, while disaster recovery plans look only at technology downtimes and related costs. Disaster recovery plans tend to involve only IT personnel—which create and manage the policy. However, BCPs tend to have more personnel trained on the potential processes.
Why Is Business Continuity Plan (BCP) Important?
Businesses are prone to a host of disasters that vary in degree from minor to catastrophic and business continuity plans (BCPs) are an important part of any business. BCP is typically meant to help a company continue operating in the event of threats and disruptions. This could result in a loss of revenue and higher costs, which leads to a drop in profitability. And businesses can't rely on insurance alone because it doesn't cover all the costs and the customers who move to the competition.
What Should a Business Continuity Plan (BCP) Include?
Business continuity plans involve identifying any and all risks that can affect the company's operations. The plan should also determine how those risks will affect operations and implement safeguards and procedures to mitigate the risks. There should also be testing procedures to ensure these safeguards and procedures work. Finally, there should be a review process to make sure that the plan is up to date.
What Is Business Continuity Impact Analysis?
An important part of developing a BCP is a business continuity impact analysis which identifies the effects of disruption of business functions and processes. It also uses the information to make decisions about recovery priorities and strategies.
FEMA provides an operational and financial impact worksheet to help run a business continuity analysis.
These worksheets summarize the impacts—both financial and operational—that stem from the loss of individual business functions and processes. They also identify when the loss of a function or process would result in the identified business impacts.
Business continuity plans (BCPs) are created to help speed up the recovery of an organization filling a threat or disaster. The plan puts in place mechanisms and functions to allow personnel and assets to minimize company downtime. BCPs cover all organizational risks should a disaster happen, such as flood or fire.
Federal Emergency Management Agency. " Business Process Analysis and Business Impact Analysis User Guide ," Pages 15 - 17. Accessed Sept. 5, 2021.
Government & Policy
Stocks & Bond News
- Editorial Policy
- Do Not Sell My Personal Information
By clicking “Accept All Cookies”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts.
- Other Threats
- Security Tips
- Identity Protection
- Digital Life
- Privacy Tips
- Performance Tips
Business Continuity Plan (BCP): What Is It and How to Make One
A business continuity plan is a key step for ensuring that businesses can minimize the losses relating to a data breach, cyberattack, or other disasters. This article looks at why business continuity planning matters, how to develop a BCP, and how to improve and review your plan.
What is a business continuity plan?
A business continuity plan (BCP) outlines a process to prevent and recover from a range of potential threats in the event of an unexpected incident such as a cyberattack, identity theft , or a data breach . It allows a quick reaction, and minimizes impact and recovery times.
This Article Contains:
See all Security articles
In order for it to be effective, a BCP should be extremely detailed with short-term and long-term planning, covering every area of the business that could be affected. This should include assets, personnel, business processes, and partners/customers.
As disaster recovery planning’s main focus is on IT recovery, it should be included as part of the BCP and provide a clear roadmap for maintaining operations in multiple scenarios.
Why does business continuity planning matter?
Having a plan means you can respond quickly and decisively, minimizing disruption — which is key to maintaining customer confidence in the face of a crisis. For this reason, business continuity planning is vital to businesses of all sizes.
Disruptions of any kind, from software failures to fires, will severely impact productivity and increase costs. If best practices are not followed by all members of staff, cybersecurity threats from IoT , spoofing and weak passwords also have the potential to cause significant disruption.
While the financial loss will be higher for larger businesses, the impact on companies with smaller margins could be catastrophic, as the cumulative cost of fines or penalties, recovery expenses, and loss of business could rapidly add up. For both, losing customer trust must be avoided wherever possible — some losses cannot be covered by insurance.
While a business continuity plan cannot anticipate events, a holistic approach can ensure that there is clear guidance to keep things moving, protect sensitive data, and retain customers during a crisis of any type.
How to develop your business continuity plan
Before producing a business continuity plan, it is important to assess your business and its processes. From a security perspective, identifying vulnerabilities will help you to make existing security measures more robust as well as identify which threats are most likely to occur. Similarly, taking the time to review existing processes could help to identify new efficiencies.
Implementing an OPSEC (operational security) process at this point can help to identify weak points in data security and inform the creation of your BCP.
What should be included in a business continuity plan?
While the requirements will vary between organizations, the key components of an effective business continuity plan are as follows:
1. Create a planning team
The size of the team will depend on your organization’s scale but should include managers from every department. In addition, leaders should be identified for key aspects such as IT, facilities, finance, and HR.
The team’s tasks will be to develop the plan, provide clear direction and training to staff, and test and review, ensuring that the measures outlined remain the most effective strategy.
2. Identify risks
The first task of the team is to conduct a business impact analysis (BIA). This analysis provides an ideal starting point as it will help you to identify and prioritize specific risks to security, finances, operations, etc.
Conducting a BIA can be a complicated process, but the result will be a valuable document that identifies the key risks to your business and how they would be impacted by a range of potential disruptions.
3. Mitigate risks
Having identified the risks, the next step is to review existing processes to identify changes that can be made to reduce the impact of an issue. This could include:
Reviewing fire safety
Implementing revised IT backup processes and cloud security
Increasing staff training
Preparing contingency suppliers
Updating cybersecurity policy and tools
4. Create continuity strategies
Simply knowing about risks is not enough. If disaster strikes, swift and decisive action will be required to minimize the impact and expedite recovery.
Continuity strategies should provide clear guidance on how to ensure operations can continue at an acceptable level during the recovery period. Key questions should be answered with specific instructions and information to ensure there is clarity in the approach. These should include:
Are there clear instructions for accessing data backups?
Is the contact information for key personnel and suppliers up to date?
Which tasks could be outsourced?
Is there an effective WFH policy?
Are manual processes in place if internet access is unavailable?
5. Implement and train
The continuity plan will evolve alongside the business and must remain a live document that is regularly updated. To identify where improvements are required, you should ensure regular testing of processing and systems.
Staff should be trained on general processes, with individuals assigned key roles — in the same way that you identify fire marshals or first-aiders.
While the level of detail will vary depending on the size of the company and the departments involved, the following example shows the steps that need to be taken in the case of a data breach:
Confirm the nature of the attack
Inform all staff immediately
Identify what has been compromised
Urgently prevent further damage
Change affected passwords and remove access permissions
Repair data and restore from backups
Call in external support
Identify how the breach happened
Notify customers and clients as required
Determine the impact and cost of the breach
Evaluate and strengthen security as required
Review response and adjust BCP
Provide updated training for staff
All of these steps should have specific guidance in the BCP.
How to test your business continuity plan
Don’t wait until disaster strikes to find out if your BCP is adequate. The best way to know if it will be effective is to implement regular and rigorous testing. Objectives should be measured and compared against previous tests to identify and fix weak spots that could be vulnerable to ransomware or zero-day attacks.
The frequency of testing varies, but many companies will test their business continuity plans up to four times per year. Due to the broad and detailed nature of a BCP, there are multiple ways to test. The most simple testing method is for the planning team to analyse the existing plan, identifying weak points and areas that require updates due to company changes (contact details, suppliers, etc.).
As part of this, the person responsible for a certain aspect, such as cybersecurity, can present the elements of their plan to the team for critical review before being re-assessed, using a selection of the most pertinent disaster scenarios.
Simulation tests should also be performed on an annual basis to determine how well the plans hold up in a real-world scenario. This could include evacuation drills and exercises to build confidence in the continuity processes. Simulations should include staff from outside the planning team to bring in fresh eyes to identify areas that require more clarity or other aspects that might otherwise have been overlooked.
Improving and reviewing your business continuity plan
In addition to the revisions made during the testing process, feedback from each department will help to strengthen your overall plan by providing a specialized perspective on policies and processes. Depending on the company structure, this stage could be conducted following the periodic testing or be implemented during the review process.
For a business continuity plan to be effective long-term, it has to be supported. If it becomes a quarterly task for department heads, it will not be adopted correctly and could fail to provide continuity of service should a crisis occur.
Instead, all members of staff should be trained to understand their role and the importance of rapid response to limiting the impact. Through familiarity with emergency processes, staff will feel safer and more able to respond positively and proactively to any situation.
Keep your business secure
Protect against an unexpected cyberattack using next-gen business antivirus by Avast Business — providing proactive solutions to protect against advanced cyberattacks and ransomware.
by Avast Business Team on December 15, 2021 Updated on July 20, 2022
Get Next-gen Business Antivirus
Manage the security of your business, all from one platform. Get Avast’s next-gen business antivirus for tailored business security.
All related articles
You might also like....
- What Is Malware and How to Protect Against Malware Attacks?
- What Is Scareware? Detection, Prevention, and Removal
- What Is Pegasus Spyware and Is Your Phone Infected with Pegasus?
- What Is the Mirai Botnet?
- The Zeus Trojan: What it is, How it Works, and How to Stay Safe
- How to Remove a Virus From Your Router
- What Is Trojan Malware? The Ultimate Guide
- What Are Keyloggers and How Do They Work?
- What Is a Botnet?
- What Is a Rootkit and How to Remove It?
- What Is Malvertising and How Do I Stop it?
- What Is a Logic Bomb? How to Prevent Logic Bomb Attacks
- What Is a Computer Worm?
- What Is Spyware, Who Can Be Attacked, and How to Prevent It
- What is Adware and How Can You Prevent it?
- Malware vs. Viruses: What’s the Difference?
- Can Macs Get Viruses?
- What Is a Computer Virus and How Does It Work?
- Stuxnet: What Is It & How Does It Work?
- Macro Virus: What Is It and How to Remove It
- Worm vs. Virus: What's the Difference and Does It Matter?
- Can Your iPhone or Android Phone Get a Virus?
- The Essential Guide to Ransomware
- What Is Ryuk Ransomware?
- The Destructive Reality of Ransomware Attacks
- How to Remove Ransomware from Android Devices
- How to Remove Ransomware from Your iPhone or iPad
- What is CryptoLocker Ransomware and How to Remove it
- Cerber Ransomware: Everything You Need to Know
- What is WannaCry?
- How to Prevent Ransomware
- What is Locky Ransomware?
- What is Petya Ransomware, and Why is it so Dangerous?
- How to Remove Ransomware from a Mac
- How to Remove Ransomware from Windows 10, 8 or 7
- How to Spot and Prevent IP Spoofing
- How to Spot Amazon Phishing Emails and Beat Scammers
- What Is Pharming and How to Protect Against It
- Spear Phishing: What Is It and How Can You Avoid It?
- What Is Phone Number Spoofing and How to Stop It
- What Is Spoofing and How Can I Prevent it?
- How to Identify and Prevent Apple ID Phishing Scams
- The Essential Guide to Phishing: How it Works and How to Defend Against it
- How to Avoid Amazon Scams
- Is PayPal Safe? How to Spot and Avoid PayPal Scams
- Instagram Phishing Scams — How to Spot & Avoid Scammers
- How to Spot and Avoid Gift Card Scams
- What Are Romance Scams and How to Avoid Them
- How to Identify & Prevent Tech Support Scams
- How to Report Online Scams and Fraud
- What Is a Scam: The Essential Guide to Staying Scam-Free
- How to Know If Your Phone Has Been Hacked
- What Is an Evil Twin Attack and How Does It Work?
- Hacker Types: Black Hat, White Hat, and Gray Hat Hackers
- ATM Skimming: What Is It and How to Spot a Skimmer
- What Is a Distributed Denial of Service (DDoS) Attack and How Does It Work?
- What Is a Brute Force Attack?
- What Is a Zero-Day Attack?
- How to Protect Yourself Against Router Hacking
- Exploits: What You Need to Know
- SQL Injection: What Is It, How Does It Work, and How to Stay Safe?
- What Are Meltdown and Spectre?
- What is Cracking? It’s Hacking, but Evil
- What Is Cross-Site Scripting (XSS)?
- What Is Hacking?
- What Is EternalBlue and Why Is the MS17-010 Exploit Still Relevant?
- Webcam Security: How to Stop Your Camera from Being Hacked
- Protect Yourself from Cryptojacking
- How to See Sensitive Content on Twitter
- What Are NFTs and How Do NFTs Work?
- What Is Catfishing and How Do You Spot a Catfisher?
- What to Do If Your Instagram Account Is Hacked
- How to Avoid Sugar Daddy Scams
- What Is a Security Breach?
- What Is Cyberstalking and How to Stop It
- What is Cybercrime and How Can You Prevent It?
- Cyberbullying: What You Need to Know
- Step-By-Step Guide to Password Protect a File or Folder in Windows
- How Does Two-Factor Authentication (2FA) Work?
- How to Choose the Best Password Manager
- How to Create a Strong Password
- The Top Password Cracking Techniques Used by Hackers
- How to Recover or Reset Forgotten Windows Passwords
What is cybersecurity?
IT Disaster Recovery Plans
What Is a Wildcard Certificate and How Does It Work?
OPSEC: What Is It and How Does It Work?
- What Is the Cyber Kill Chain and How Does It Work?
- How to Keep Your Facebook Business Page Secure
- What Is a Data Breach?
- What Is Cloud Security?
- What Is Server Security - and Why Should You Care?
- What Is Jailbreaking and Is It Safe?
- How to Find a Lost or Stolen Android Phone
- The Best Internet Security Software in 2023
- What Is a Firewall and Why Do You Need One?
- Internet Security: What It Is and How to Protect Yourself Online
- What Is Penetration Testing? Stages, Methods, and Tools
- What Is Cryptography and How Does It Work?
- What Is a Remote Desktop?
- How to Detect and Remove Spyware From an iPhone
- How to Remove a Virus From an iPhone and iPad
- The Best Kaspersky Antivirus Alternatives to Use in 2023
- What Is Endpoint Detection and Response and How Does It Work?
- Is Kaspersky Safe to Use in 2023?
- The Best Free Antivirus Software in 2023
- What Is the MD5 Hashing Algorithm and How Does It Work?
- How to Detect and Remove a Keylogger
- How to Remove Spigot From Your Mac
- How to Remove Viruses from an Android Phone
- The Best Privacy and Security Apps for iPhone
- How to Detect & Remove Spyware From an Android Phone
- How to Get Rid of Viruses and Other Malware From Your Computer
- How to Remove Spyware From a PC
- Is Windows Defender Good Enough?
- Mac Security: The Essential Guide
- How to Remove a Virus from a Mac
- Fake Apps: How to Spot Imposters Before it's Too Late
Latest Security Articles
Get tailored business security with Avast's next-gen business antivirus
- Business support
- Business products
- Business partners
- Business blog
- Mobile Carriers
- Press Center
- Research Participation
- Report vulnerability
- Contact security
- Modern Slavery Statement
- Do not sell my info
- Cookie Preferences
Take Control of Your Multi-Cloud Environment
73% of enterprises use two or more public clouds today. While multi-cloud accelerates digital transformation, it also introduces complexity and risk.
Vmware cross-cloud™ services enable organizations to unlock the potential of multi-cloud with enterprise security and resiliency., build & operate cloud native apps give developers the flexibility to use any app framework and tooling for a secure, consistent and fast path to production on any cloud., connect & secure apps & clouds deliver security and networking as a built-in distributed service across users, apps, devices, and workloads in any cloud., run enterprise apps anywhere run enterprise apps and platform services at scale across public and telco clouds, data centers and edge environments., automate & optimize apps & clouds operate apps and infrastructure consistently, with unified governance and visibility into performance and costs across clouds., access any app on any device empower your employees to be productive from anywhere, with secure, frictionless access to enterprise apps from any device., anywhere workspace.
Access Any App on Any Device Securely
Build and Operate Cloud Native Apps
Cloud & Edge Infrastructure
Run Enterprise Apps Anywhere
Automate and Optimize Apps and Clouds
Manage apps in a local virtualization sandbox
Security & Networking
Connect and Secure Apps and Clouds
Run VMware on any Cloud. Any Environment. Anywhere.
On public & hybrid clouds.
On Private Cloud & HCI
Anywhere Workspace Access Any App on Any Device Securely
App platform build and operate cloud native apps, cloud infrastructure run enterprise apps anywhere, cloud management automate and optimize apps and clouds, edge infrastructure enable the multi-cloud edge, networking enable connectivity for apps and clouds, security secure apps and clouds, by industry, manage your multi-cloud environment.
Multi-cloud made easy with a family of multi-cloud services designed to build, run, manage and secure any app on any cloud.
For partners, working together with partners for customer success.
See how we work with a global partner to help companies prepare for multi-cloud.
Tools & Training
Marketplace, blogs & communities.
- VMware Glossary
- Business Continuity Plan
What is a Business Continuity Plan (BCP)?
A Business Continuity Plan (BCP) is a detailed strategy and set of systems for ensuring an organization’s ability to prevent or rapidly recover from a significant disruption to its operations. The plan is essentially a playbook for how any type of organization—such as a private-sector company, a government agency or a school—will continue its day-to-day business during a disaster scenario or otherwise abnormal conditions.
Examples of such disruptions include a fire, a major earthquake or other a natural disaster, a disease outbreak, a cyberattack and many other scenarios that could upend “business as usual.” When such events significantly disrupt an organization’s normal routines, it turns to its business continuity plan for instructions, processes and tools it needs to continue to operate or to quickly recover from downtime.
The Virtual Floorplan: New Rules for a New Era of Work
Hindsight is 2020 - The Pandemic Provides a Wakeup Call
Why is a business continuity plan important.
Risks can be managed, but they can’t be eliminated. Business continuity planning is critical because without it, an organization faces downtime and other problems that could damage its financial health. In major disasters, a lack of a business continuity plan could cause irreparable financial harm that might ultimately force a company to permanently close.
How to create a Business Continuity Plan?
There are many frameworks for creating an effective business continuity plan. Most of them cover three overlapping phases:
- Analysis : In this phase, you identify and evaluate the various functions of your business and its operations. Then, you determine how those different functions will be affected by a disaster. This phase usually entails prioritizing different areas or departments in terms of how important they are to your operation, so that your plan ultimately ensures the continuity of your most critical functions first. Business continuity professionals often conduct a Business Impact Analysis (BIA) at the outset of developing a new plan. A BIA estimates the consequences of different disaster scenarios in terms of lost revenue and other business-specific metrics.
- Planning : Once an initial analysis is complete, the next phase entails all facets of developing an actual plan for continuing to operate in a disaster, or rapidly recovering from a disruption to normal operations. During the planning phase, organizations:
- Develop protocols for potential needs such as a rapid relocation or shift to remote work .
- Strategize temporary staffing changes or needs.
- Implement IT disaster recovery tools to ensure continuity of critical systems.
A key part of this phase is to name a continuity or crisis management team, comprised of executives and stakeholders who will lead the plan’s implementation if necessary.
- Training and Testing : Even the most robust BCP must be put through regular testing to ensure it will work if needed. This includes educating employees on their roles and responsibilities in these scenarios, as well as conducting trials of various elements of the plan. An example would include a short-term rollout of a remote work scenario to identify issues and opportunities for optimization.
Key features of a business continuity plan
Some features of a BCP will be industry or business-specific, but there are components that are common to almost any plan:
People : A BCP will clearly define roles and responsibilities, not just for the crisis management leadership team, but also for any units responsible for implementing different pieces of the plan in a disaster scenario. Some BCPs will also define “essential personnel”—for example, people whose job requires them to report to work even in periods of heightened risk.
Technology : Almost all modern business continuity plans will also clearly outline the role that information technology will play in ensuring critical data, applications and services remain available or are quickly restored after an interruption. These include:
- Data backup and recovery tools
- Cloud computing infrastructure and services
- Remote work platforms
Service Delivery : A BCP should also describe which services are most critical and how they will continue to be delivered to customers, employees, partners, the public and other stakeholders.
Health & Safety : Finally, a strong business continuity program will include criteria and guidelines for ensuring the health and safety of all people involved—employees, customers, partners—as the plan is implemented and managed.
Business Continuity Plan checklist
Many organizations create a checklist as part of their business continuity planning. This is a list of all of the key steps in the BCP. It can be used in two ways:
- Conception : First, it can be used as part of the initial creation of the plan. In this context, the BCP checklist would describe in detail the steps necessary to develop the plan, from analysis through testing.
- Implementation : Second, a BCP checklist can be used for testing and/or actually implementing the plan. In this context, the BCP or crisis management team would use the checklist to ensure that it addresses all of the plan’s tools and processes and communicates them effectively throughout the organization.
Business Continuity and Disaster Recovery Planning
Business continuity planning and disaster recovery planning are often mentioned in similar contexts, but they are not interchangeable terms. A business continuity plan is an overarching strategy for operating in disaster scenarios or recovering from a major disruption.
A disaster recovery (DR) plan refers more specifically to the IT processes and tools you can rely on to retain or restore access to mission-critical data, applications, and services in these scenarios. A DR plan would detail, for example, how you could restore access to a revenue-generating web application in the event of a flood in the data center that powers that service.
How often should a Business Continuity Plan be reviewed?
Most experts recommend that business continuity plans be reviewed regularly and updated as needed. This helps ensure that the plan will still meet the organization’s needs in the face of evolving risks and threats.
The frequency with which you review a business continuity plan depends on many factors, including the nature of the organization, its industry and its particular risks. As a general rule of thumb, such plans should be reviewed annually or at least every other year. However, there are multiple scenarios where an organization may want to consider more frequent reviews, including:
- Significant changes to the business or its operations
- Location in a region at greater risk for natural disasters or other potentially disruptive events
- Any organization or agency that provides essential services to the public
Recommended for You
- Business Continuity
- Business Mobility
- Disaster Recovery
- Business Continuity Application
Related Solutions and Products
Remote work solutions.
Connect Your Distributed Workforce with Remote Work Solutions
Anywhere Workspace Solutions
Enable employees to work from anywhere with secure, frictionless experiences.
Assure Experience & Productivity
Support an agile, remote workforce with seamless and secure access.
- What is Business Continuity?
- What is Business Continuity Application?
- What is Disaster Recovery?
Experts Discuss the Importance and Advantages of Business Continuity Plans
Smartsheet Contributor Andy Marker
August 25, 2020 (updated October 14, 2021)
Experts make the case for developing a business continuity plan so that disruptions don’t negatively affect your operations, when they inevitably arise.
Included on this page, you’ll learn the importance and benefits of business continuity planning (BCP) , and how a strong plan helps staff in a crisis . Plus, find a PowerPoint business continuity argument template to help make the case for embracing business continuity in your company.
What Is a Business Continuity Plan?
A business continuity plan (BCP) is part of a business continuity management system (BCMS), and includes the procedures an organization must follow in an emergency. The document also contains steps for recovery in the days and months after the incident.
One part of a BCP is the disaster recovery plan , which contains plans for IT and technical continuity. An organization can follow specific steps to write its business continuity plan, or hire an outside consultant. For details on writing a BCP, read "How to Write a Business Continuity Plan” ,
Importance of a Business Continuity Plan
A strong business continuity plan can reduce risks during a crisis, and helps ensure that the company can continue to provide goods or services and earn income by detailing how to respond during and after an incident.
An often-quoted statistic claims that 40 percent of businesses never recover from a disaster . Although some experts question the statistic’s sources, it stands to reason that recovering from a major disruption is tough. After all, staying in business can be difficult, even during the best of times.
As business continuity consultant Alex Fullick, General Manager at Stone Road , explains, "I think the global pandemic has proven that everybody and every organization, no matter what size, needs the ability to respond and recover from any sort of eventuality, whether large or small. If anyone still has the mindset that it's going to happen to someone else, they're probably going to go out of business."
As natural disasters and data breaches become more frequent, the question is not if, but when a disruptive event will take place.
Business continuity plans can help an organization address the following issues before disruption occurs:
- People Don't Know What to Do in a Disaster: Proactively creating plans and training employees ensures a safe and timely recovery. When you've identified sensitive and critical functions ahead of time, you can better plan to execute quickly when a crisis occurs.
- Insurance Isn't a Solution: An organization may acquire insurance plans for healthcare, vehicles, or fixtures and equipment replacement. However, insurance can't cover the loss of customers who turn to other companies when you can't fulfill orders or reimburse you for a lost reputation.
- Creating a Plan Is an Investment in Your Company: Although a BCP may carry fixed costs in training, wages, or equipment, the plan will get your company up and running ASAP in a disaster. For more about budgeting for a business continuity plan, read “ Business Continuity Planning: How to Do It Well .”
Business continuity can also provide a competitive edge. As the following examples show, companies that pursue business continuity are first to get back to work after a disaster.
- Fire swept through the facilities of Cantey Technology, a consultancy and server host, destroying cables and hardware. However, a business continuity plan gave the company the foresight to implement a redundant offsite data center with regularly scheduled backups, which ensured seamless, continued service for clients.
- In another instance of a fire, this time at a telecom provider, redundant network infrastructure and solid incident planning enabled the company to restore service within six hours of a fire reaching the switching center.
- Even though they were located on the second floor, Houston-based Gaille Media’s offices were destroyed during Hurricane Harvey. Since they stored their data and critical documents in the cloud, however, they continued to serve customers throughout the disruption, with staff working remotely.
"I find myself a little frustrated with some planners who have said, ‘Oh, they're busy updating their pandemic plan now,’" Fullick adds. "What do you mean you're updating your plan on people's availability? Don't you already have plans in place for, let's say, the winter flu season when you're missing 20 percent of your staff because they're all at home with the flu?"
How Business Continuity Helps Different Departments
Importance of business continuity for the supply chain .
Supply chain disruptions can be crippling, and a BCP can help sustain inventory levels. A business impact analysis (BIA) can reveal risks to key vendors’ ability to make and deliver goods in a crisis, so you can plan ahead.
Toyota plants in North America demonstrate how a broken supply chain shut down production thousands of miles away. After the 2011 Fukushima earthquake in Japan, Japanese parts manufacturers went offline. When Toyota plants in southern Ontario couldn’t get parts for the assembly line, the company had to lay off many employees.
"Companies are starting to realize they can be impacted, [and] not just directly by an upstream supplier that sends them something. That supplier can be impacted, too, and the effect trickles down,” Fullick explains. “[As] you see in the news, companies are starting to think more locally, rather than internationally. Companies have more control over a supplier or a vendor who is local, in the same state or province or country, than [they do] over a supplier in another country."
Ask how your suppliers will respond to a disruption to determine if they have a business continuity plan. Then, work that information into your BCP.
Importance of Business Continuity to Small Business
Small business owners often think they are exempt from crises — but when large-scale events occur, they can be among the first casualties. Almost a quarter of companies that do reopen fail within a year; having a BCP is essential to recovery.
"Unfortunately, some people think it won't happen to us ," says Fullick. "That carefree attitude is no longer tenable, especially after a pandemic that affected everyone."
For Tony Bombacino, business continuity is a daily practice. He is the co-founder and President of Real Food Blends , a private company that makes whole foods for people with feeding tubes. “I'm always thinking to myself, 'What am I not thinking about?'” he says. “I spend a lot of time thinking about what might happen, and how to be ready for it.”
Bombacino also believes that business continuity preparedness starts outside of the business continuity plan. "It starts up front with contract negotiation” he says. “Cash is king in a small business.”
Real Food Blends doesn’t produce or pack their products, so it’s important that his manufacturing partners are large, stable, and have their own well-defined business continuity plans. If his partners aren’t prepared for handling disruption, his business might not be able to survive.
Importance of Business Continuity to IT
Most companies rely on IT to maintain services like the internet and Voice over IP (VoIP). The team also stores documents and runs machines. Without IT, a business is unworkable. Therefore, a business continuity plan for IT is crucial.
Importance of Business Continuity Planning in Crisis Management
Crisis management is part of a business continuity plan. Business continuity provides the overall approach for protecting human and other resources, and ensures that vital processes keep running. Crisis management focuses on communications and decision-making.
The Importance of Governance in Business Continuity Management
Effective governance is key to sustaining business continuity efforts. Governance starts with the business continuity policy, and the support of leadership ensures the plan always covers new risks.
However, not everyone thinks that governance always addresses all the correct questions. "Traditionally, governance tends to focus on how many scenarios your plan covers," explains Fullick. "It covers a flood, it covers fire, it covers an earthquake, a tornado, and a hurricane. You need a different plan for each one. Five plans. Each department has five plans, but do they contain the right detail?”
The Importance of Business Continuity to HR and People
Crises do not only impact tools and buildings — they also affect human well-being. If you understand how disasters change lives, you can better help staff manage their emotional and physical tolls.
"We bring our whole selves to work," says Debbie Rosemont, a productivity consultant and Certified Professional Organizer at Simply Placed , a business consulting firm. "I don't take my emotions, or what happened to me before I came to work, and set that outside. Who I am and how I feel shapes my ability to work and produce. When businesses or companies think about continuity plans, they've got to consider the whole person and how an event or disruption might impact somebody, even if it happens outside of work."
Disruptions can prevent people from coming to work. Illness, like a flu outbreak, may keep them at home. Damaged roads and train systems (that can occur after an earthquake) can hinder their commute. Whether employees commute to the office or work remotely, some of the following concerns may distract them from their duties:
- They fear they will be laid off.
- They've lost loved ones.
- They have a financial burden and are anxious about economic losses.
- They've suffered a disruption to their living arrangements with a loss of personal effects from a natural or human-made disaster.
"When there are job losses, when people don't know when they're going to get their next gig, when some people have lost numerous family members, this is extreme grief," says Michele Barry , Principal Consultant at Fortis Consulting. "You need your cloud system as your recovery system. You need an evacuation plan. You need to get all your files back after a crisis, which could motivate staff and sustain the business. But understanding people and politics is essential, too."
Rosemont suggests that doing business continuity planning in "normal times" is a chance for employers to source support systems. Employees can use these resources daily and during a crisis. Examples of resources include the following:
- An excellent healthcare benefits program
- An employee assistance program (EAP) that provides discounted legal or other advice
- Mental health and medical resources, such as access to doctors or counselors
- Daycare facilities or resources for both children and adults (such as elderly parents)
- Financial planning tools or advisors
- Sources of financial assistance
- Apps for meditation and calming anxiety
A further consideration, especially in natural disasters, is that it may be easier to restore the business than to gather your workforce. “It's easier to recover technology than it is to have the people there to use it,” explains Mike Semel, President and Chief Compliance Officer at Semel Consulting . “With the cloud and online backups, you can just go to somebody else's computer and log into Microsoft and get to your email. Your bigger problem will be people, and you need to focus on making sure your people don't disappear on you.”
In disasters, people may leave town. If you can keep people safe, but local, you may be able to recover your business faster. As an example, he shares how his company guided a credit union to contract with a local hotel chain. The executives would move their families to safety and only then return to work. This same consideration applies to small businesses. “If you're a doctor's office, you know that the doctor needs to be there,” says Semel. “The receptionist needs to be there. The nurse needs to be there.”
How Business Continuity Helps
Business continuity business case template.
Top leadership might wonder why they should invest time and money in business continuity planning. Use this free downloadable business case template to build a convincing argument for business continuity. These customizable slides include suggested argument points that you can adapt to fit your company’s needs.
Download Business Continuity Business Case Template — PowerPoint
For most useful free, downloadable business continuity plan (BCP) templates please read our "Free Business Continuity Plan Templates" article.
Benefits of Having a Business Continuity Plan
The benefit of a business continuity plan is that it prepares a company for a crisis. Trained staff will know what to do and the organization will be able to safely continue delivering key products and services, while meeting its legal and other commitments.
The following are additional advantages of business continuity:
- Review Weaknesses and Risks: Planning for business continuity provides valuable data and insights that have worth beyond emergency preparedness. Business continuity planning means leadership can assess skills, resources, strategies, and personalities, and uncover inefficiencies. Such findings often result from a business impact analysis. To learn more, read “ All about Business Impact Analysis: A Step-by-Step How-To .”
- Understand Your Business Processes: Business continuity planning demands that you put your entire organization under a microscope. As a result, you can find and remedy inefficiencies in everyday operations, which will make your company more resilient.
- Improve Processes: Ideally, your plan will cover all aspects of the company and can reveal new challenges and opportunities. Improving processes at all levels pays for the investment.
- Help Companies Pivot Quickly: Planning helps you quickly recover critical IT systems and other processes after an incident.
- Build Confidence among Customers: With your BCP, customers know they can rely on continued access to your products or services. For example, when experiencing the aftermath of a natural disaster or a pandemic, B2C customers may find comfort in such things as a favorite food that you may provide. Your parts and services may help B2B customers pursue their livelihoods in the face of uncertainty.
- Build Confidence among Employees: A plan and adequate training shows staff what to do when a crisis occurs. They also have some reassurance that their jobs will continue during and after a disruption.
- Mitigate Financial Risk: A 2019 ITIC survey indicates that an hour of downtime can cost anywhere between $1 million and $5 million for large enterprises. Smaller businesses (those with 200 to 500 employees) responded that halting processes for one hour can cost at least $100,000. Can your company afford such losses? Plans reduce losses.
- Keep Your Team Members Safe: Creating and training staff on an accident response and evacuation plan can keep your team safe during accidents and disasters.
- Define Responsibility: When management and the chain of command grow ad hoc, they can fail in a crisis. A strong business continuity system names and trains crisis response leaders, and also provides roles for the rest of the team. "People need to be empowered to actually take action, and not sit there and wait for the CEO to make a decision," insists Fullick.
- Streamline Technology: As part of the process, you will review processes and the digital platforms and infrastructure that the company has pieced together over time. You may find that it’s practical to integrate technology, and one platform may effectively complete the tasks of several disparate apps.
- Allocate Key Financial and Human Resources: Understanding your company’s critical functions means you can focus financial and human resources on those processes, so you can keep the business running during a severe disruption.
- Provide a Way to Continue Working: Planning helps ensure that remote workers have access to the files, applications, and digital resources they need. This step reduces or eliminates downtime, so you can still provide products and services to customers.
- Eliminate Potential Costs: When a business is offline or closed, it inevitably loses revenue. However, slipped supply deadlines can result in additional fees from vendors or, depending on the locale and industry, fines for regulatory non-compliance.
- Make Coping in a Crisis Easier: In an emergency, people are often distracted thinking about their safety, as well as that of their friends and family. Training and a plan to fall back on helps people focus.
What Is Business Continuity Management (BCM)?
Business continuity management is the process a company uses to identify risks and, from there, to avoid or reduce the impact of those risks. Ultimately, this makes a company more resilient in a crisis.
Disruptive events can impact information systems, business processes, or both. For example, a hurricane or an earthquake can cut electricity. Without power to run data centers or laptops, business processes such as supply replenishment and payroll are impossible.
As StoneRoad’s Fullick explains, "Business continuity management is a set of plans and procedures to help you prepare for, respond to, and recover from business interruptions. Beyond that, it empowers people to make decisions when things occur. It's about knowing what resources and skills are available when something happens, whether it’s a small incident or a global pandemic."
With BCM, companies review their needs and capabilities to create contingency plans. From there, they can deliver at least some of their regular output, or the minimum acceptable service, in the event of a crisis. Continuity of service preserves a corporation’s reputation and revenue.
Benefits of Business Continuity Management System (BCMS)
A BCMS keeps staff safe and protects assets from risk. With human, IT, and other resources, a company can continue to provide goods and services. As a result, the company will continue to create revenue and retain a solid reputation.
You can learn about the types of risks and threats to organizations, as well as regulatory requirements for business continuity planning in our article, “ Business Continuity Planning: How to Do It Well .”
"I don't think as many business people consider business continuity like they should,” says Bombacino. “I feel more prepared here, at my company, than I did when I worked at big companies. I think that’s because when big companies get really big or successful, or have lots of money, they think nothing bad can happen to them. One boss used to say there's a difference between being successful because of something and being successful in spite of something. Many companies are successful and don't have a business continuity plan. But what one thing could happen and wipe them out because they're not ready?”
Fullick adds that the value of business continuity will become increasingly clear to companies in the near future. “I think business continuity will grow as a key component for a lot of organizations, and [that] leadership on all levels is going to focus on BCP now.”
Disadvantages of Business Continuity Plans
Business continuity plans are costly and time-consuming to execute. Plans often require outside advice, and poorly written plans (or those that leadership doesn’t support) can be unsafe and cause financial losses.
A plan also risks becoming a ticked box on a requirements list, rather than an actionable, practical document. Management can forget to share the plan with the teams who could benefit from it. "Often when people aren't a part of discussions, the crisis management team is activated, but everyone else, including leadership, is sitting around and thinking, ‘What's going on?’” explains Fullick. “Management and employees are each waiting for the other to act. But people should know what to do and just start doing it."
Plan writers also often worry too much about specific disaster scenarios. "You need to focus on people, places, and things, and not so much on the trigger," Fullick urges. "You could lose your building because of a pandemic, or a flood, a fire, or an earthquake. Those are all different triggers for the same problem: What do we do now that our building is gone? Continuity planning should be about building a skillset, so your employees and leadership — beyond the disaster recovery team — know exactly what to do, and what the resources are, no matter what is happening."
In essence, business continuity planning empowers people and adds value to the company. Real Food Blends’ Bombacino says, “Some entrepreneurs hate meetings and process and structure. They don't want to talk about business continuity planning. But for us, this is our life's work. Other families, our customers, depend on us. So we view business continuity planning not as just a smart thing to do, but as our responsibility to make sure that we avoid the continuity pitfalls out there."
Improve Business Continuity with Real-Time Work Management in Smartsheet
Empower your people to go above and beyond with a flexible platform designed to match the needs of your team — and adapt as those needs change.
The Smartsheet platform makes it easy to plan, capture, manage, and report on work from anywhere, helping your team be more effective and get more done. Report on key metrics and get real-time visibility into work as it happens with roll-up reports, dashboards, and automated workflows built to keep your team connected and informed.
When teams have clarity into the work getting done, there’s no telling how much more they can accomplish in the same amount of time. Try Smartsheet for free, today.
Discover why over 90% of Fortune 100 companies trust Smartsheet to get work done.
- Disaster recovery planning and management
business continuity plan (BCP)
- Vicki-Lynn Brunskill
What is a business continuity plan (BCP)?
A business continuity plan (BCP) is a document that consists of the critical information an organization needs to continue operating during an unplanned event.
The BCP states the essential functions of the business, identifies which systems and processes must be sustained, and details how to maintain them. It should consider any possible business disruption.
A BCP covers risks including cyber attacks , pandemics, natural disasters and human error. The array of possible risks makes it vital for an organization to have a business continuity plan to preserve its health and reputation. A proper BCP decreases the chance of a costly power outage or IT outage.
IT administrators often create the plan. However, the executive staff participate in the process, providing knowledge of the company and oversight. They also ensure the BCP is regularly updated.
This article is part of
What is BCDR? Business continuity and disaster recovery guide
- Which also includes:
- Business resilience vs. business continuity: Key differences
- A free business continuity plan template and guide
- Preparing an annual schedule of business continuity activities
Download this entire guide for FREE now!
Importance of business continuity planning
Business continuity planning is a proactive business process that lets a company understand potential threats, vulnerabilities and weaknesses to its organization in times of crisis. The creation of a business continuity program ensures company leaders can react quickly and efficiently to business interruption .
A BCP enables a company to continue to serve customers during a crisis and minimize the likelihood of customers going to competitors. These plans decrease business downtime and outline the steps to be taken -- before, during and after an emergency -- to maintain the company's financial viability.
Elements of a business continuity plan
According to business continuity consultant Paul Kirvan, a BCP should contain the following items:
- initial data at the beginning of the plan, including important contact information;
- a revision management process that describes change management procedures;
- the purpose and scope;
- how to use the plan, including guidelines as to when the plan will be initiated;
- policy information;
- emergency response and management procedures;
- step-by-step procedures;
- checklists and flow diagrams;
- a glossary of terms used in the plan; and
- a schedule for reviewing, testing and updating the plan.
In the book Business Continuity and Disaster Recovery Planning for IT Professionals , Susan Snedaker recommends asking the following questions:
- How would the organization function if desktops, laptops, servers, email and internet access were unavailable?
- What single points of failure exist?
- What risk controls and risk management systems are in place?
- What are the critical outsourced relationships and dependencies?
- During a disruption, what workarounds are there for key business processes and internal functions, such as human resources?
- What is the minimum number of staff needed to run data center and other operations, and what functions would they need to carry out?
- What are the key skills, knowledge and expertise needed to recover?
- What critical security or operational controls are needed if computer systems are down?
Business continuity planning steps
The business continuity planning lifecycle contains these five steps:
- Information gathering and analysis, featuring business impact analysis (BIA) and risk assessment (RA);
- plan development and design;
- testing; and
- maintenance and updating.
Once the business has started the planning process, it launches the BIA and RA processes to collect important data. The BIA defines the critical functions that must continue during a crisis and the resources needed to maintain those operations. The RA details the potential internal and external risks and threats, the likelihood of them happening, and the possible damage they could cause.
The next step determines the best ways to deal with the risks and threats outlined in the BIA and RA, and how to limit damage from an event. A successful business continuity plan defines step-by-step procedures for response.
The BCP should not be overly complex and does not need to be hundreds of pages long; it should contain just the right amount of information to keep the business running. Small businesses can use a one-page plan with all the necessary details. That can be more helpful than a long plan that is difficult to use. Those details should include the following:
- minimum resources needed for business continuity;
- locations where that can take place;
- personnel needed to accomplish it; and
- potential costs.
Key implementation steps
The four steps involved in implementing a BCP are the following:
- Oversight. Decide who will oversee the plan. Ideally, a BCP committee will include business, security and IT leaders.
- Analysis. Conduct the BIA.
- Who will be affected by a business disruption?
- Who holds a hard copy of contact information for top customers and clients?
- How and when will customers, employees and management be notified?
- What are the alternative means of communication if phones go down?
- Which employees are needed for the restoration of critical business functions and how will they be reached or relocated?
- Which critical products and services should the company focus on restoring first?
- What issues must be addressed within the first 24 to 48 hours?
- Does every team and department have its own BCP? Who is in charge of each?
- What is the emergency succession plan for senior staff, including the CEO?
- Which employees will perform emergency tasks?
- Where will off-site crisis meetings take place?
- Who will interact with local emergency responders, such as firefighters and police?
- Who are the key vendors, including data backup providers?
- Initial response. This defines how the company will respond to the business interruption within the first hours. This is the period when team members are contacted and the BCP is activated.
- Relocation. During this stage, alternate facilities are activated and work-at-home policies implemented.
- Recovery. Once personnel and equipment have been relocated, the assessment of damage and monitoring of business recovery begins. The recovery strategy must consider the organization's recovery time objective , or RTO, which is the maximum time IT systems can be down after a failure, as well as its recovery point objective , or RPO, which is the maximum data loss the organization can tolerate.
- Restoration. Personnel return to the original workplace or an alternate site. The company undertakes infrastructure verification, documents the incident and reviews lessons learned.
An organization's technology, processes, staff and facilities constantly change. Therefore, regular testing, reviewing and updating of a BCP is critical. Plan testing should be undertaken using tabletop exercises, walk-throughs, practice crisis management communications and emergency enactments to test the viability of the plan and to see how employees and executives react under stress.
Regular testing and maintenance ensure the BCP is current and accurate. A simple test of a business continuity plan might involve talking through it. A complex test requires a full run-through of what will happen in the event of a business disruption.
The test can be planned in advance or it can be done spur of the moment to better simulate an unplanned event. If issues arise during testing, the plan should be corrected accordingly during the maintenance phase. Maintenance also includes a review of the critical functions outlined in the BIA and the risks described in the RA, as well as plan updating if necessary.
A business continuity plan must be continually improved; updates should not wait for a crisis. Staff members involved in the plan must get regular updates and business continuity training . An internal or external business continuity plan audit should be used to evaluate the effectiveness of the BCP and highlight areas for improvement.
For specific BCP testing steps, download the guide Business continuity and disaster recovery testing templates .
Business continuity planning software, tools and trends
There is help available to guide organizations through the business continuity planning process, from consultants to tools to full software. Which approach an organization should take depends on the complexity of the business continuity planning task, the amount of time and personnel available, and the budget. Before making a purchase, it is advisable to research both products and vendors, evaluate demos, and talk to other users.
For more complicated functions, business continuity planning software uses databases and modules for specific exercises. The U.S. Department of Homeland Security, through its Ready.gov website, offers software in its Business Continuity Planning Suite. Other business continuity software vendors include Castellan, formed from the merger of Assurance, Avalution and ClearView in 2020; CLDigital, formerly Continuity Logic; Fusion Risk Management; Quantivate; and Sungard Availability Services.
The Federal Financial Institutions Examination Council's Business Continuity Management booklet contains guidance on plan development, testing, standards and training for both financial and nonfinancial organizations.
Free download of BCP template
The role of the business continuity professional has changed and continues to evolve. As IT administrators are increasingly asked to do more with less, it is advisable for business continuity professionals to be well versed in technology, security, risk management, emergency management and strategic planning.
Business continuity planning must also take into account emerging and growing technologies, such as the cloud and virtualization , as well as new threats, such as cyber attacks like ransomware .
One resource that combines all these elements is SearchDisasterRecovery's free, downloadable business continuity plan template . It provides guidance and insight for creating a successful BCP.
Business continuity planning standards
Business continuity planning standards provide a starting point.
The International Organization for Standardization (ISO) 22301:2019 standard is regarded as the global standard for business continuity management . ISO 22301 is often complemented by other standards, such as the following:
- ISO 22313 guidance on the use of ISO 22301;
- ISO 22317 guidelines for business impact analysis;
- ISO 22318 continuity of supply chains;
- ISO 22398 exercise guidelines; and
- ISO 22399 incident preparedness and operational continuity management.
Other standards include the following:
- National Fire Protection Association 1600 emergency management and business continuity;
- National Institute of Standards and Technology SP 800-34 IT contingency planning; and
- British Standards Institution BS 25999 standard for business continuity.
Emergency management and disaster recovery plans
An emergency management plan is a document that helps to lessen the damage of a hazardous event. Proper business continuity planning includes emergency management as an important component. The appointed emergency management team takes the lead during a business disruption.
An emergency management plan, like a BCP, should be reviewed, tested and updated regularly. It should be fairly simple and provide the steps needed to get through an event. The plan also should be flexible, because situations are often fluid. Teams involved in the event of a disaster should communicate frequently during the incident.
Disaster recovery (DR) and business continuity planning are often linked, but they are different. A DR plan is reactive, as it details how an organization recovers after a business disruption. A business continuity plan is a proactive approach that describes how an organization can maintain business operations during an emergency.
Learn more about responding to unplanned emergencies in this complete guide to managing crises .
Continue Reading About business continuity plan (BCP)
- Tips for obtaining BC/DR plan and resilience funding
- How to use AI for business continuity and disaster recovery planning
- Compare and contrast business resilience vs. business continuity
- Follow these standards for business continuity and resilience
- Cloud-era disaster recovery planning: Assessing risk and business impact
Dig deeper on disaster recovery planning and management.
6 reasons a business impact analysis is important
business impact analysis (BIA)
disaster recovery plan (DRP)
IBM is combining its data protection products and working with a new partner to address one of the biggest challenges for ...
Asigra's forthcoming SaaSBackup platform lets Asigra data protection technology protect SaaS backups. MSPs will be able to sell ...
A new SaaS backup specialist emerges from stealth to protect data in apps such as Trello, GitHub and GitLab, which CEO Rob ...
Persistent Kubernetes storage startups like Ondat are becoming extinct as enterprise IT vendors prow the market for container ...
Analytical capabilities of the data management vendor's flagship product are now available as a separate SaaS to help provide ...
Data reduction techniques have been difficult to achieve on SSDs, but vendors appear to be making progress. The more effective ...
While some 2022 ransomware statistics indicate a possible 'decline' in activity, threat researchers warn there's more to the ...
IceFire ransomware actors have shifted their attention to Linux servers and are actively exploiting a known vulnerability in ...
Adopting extended detection and response and employing managed detection and response services may be the missing pieces of the ...
As artificial intelligence adoption increases, experts believe it's time for Congress to enact AI regulations to safeguard ...
Agility, experimentation and empathy are critical drivers to a successful digital transformation. Learn why IT leaders should ...
U.S. senators showed concern for national security when it comes to popular tech platforms owned and operated by foreign entities...
DaaS and VDI
Zero Trust Network Access (ZTNA)
BY USE CASE
- Deploy DaaS
- Simplify hybrid cloud
- Accelerate employee onboarding
Secure Distributed Work
- Modernize your IT security
- Get a VPN alternative
- Protect apps and APIs
- Enable remote work
- Collaborate securely
- Enhance user experience
See all use cases
- Financial Services
Build your own digital workspace
DAAS AND VDI
Citrix DaaS Citrix Virtual Apps and Desktops Citrix Analytics for Performance
APP DELIVERY AND SECURITY
Citrix App Delivery and Security Service Citrix ADC Citrix Analytics for Security Citrix Secure Private Access Citrix Web App and API Protection
View all products
Download Citrix Workspace app
Citrix Workspace app is the easy-to-install client software that provides seamless secure access to everything you need to get work done.
- Trust Center
- Events & Webinars
- Customer Stories
- Citrix Discussions
View all resources
How the approach to cybersecurity and zero trust network access has evolved
View the infographic
The business value of Citrix Analytics for Performance
Read the brief
- Success Programs
- Consulting Services
- Premium Training
- Onboarding & Adoption
Get expert guidance, resources, and step-by-step instructions to navigate your path to the cloud.
Learn about planning, deployment, and management of Citrix solutions, so you can maximize the value of your investment.
- Corporate Citizenship
- Diversity & Inclusion
- Strategic Alliances
- Partner with Citrix
- Partner Central
- Citrix Ready Marketplace
- Find a Local Partner
From back to office to branch: How financial services can reimagine their IT
Read the blog
1 800 424 8749
Locate a Citrix Partner
My Citrix account Citrix Cloud Citrix Cloud Japan Citrix Cloud Government
Manage licenses Renew maintenance
Back to Glossary
What is a business continuity plan?
A business continuity plan refers to an organization’s system of procedures to restore critical business functions in the event of an unplanned disaster. These disasters could include natural disasters, cyberattacks, service outages, or other potential threats. Business continuity planning (BCP) enables organizations to resume business operations with minimal downtime.
Explore additional business continuity planning topics:
What is the purpose of a business continuity plan?
- 5 elements of a successful business continuity plan
- Citrix solutions for business continuity
An optimized business continuity plan encompasses three main components.
First, a company needs to be resilient. That means key business functions are designed within the context of potential disasters. The business continuity team runs a risk assessment against each function for weaknesses and susceptibilities, then establishes protections against them. This supports ongoing risk management policies.
Second, stakeholders prioritize functions and determine which need to be brought online first. Disaster recovery is a key factor, and the faster functions can return to an operational state, the less likely the organization is to sustain lasting damage. IT stakeholders set disaster recovery time goals and develop an actionable disaster recovery plan. After mission-critical functions return to working order, team members work down the list of priority functions, utilizing third-party support to implement recovery strategies as needed.
Third, organizations require a contingency plan with branching paths that describe chains of command, stakeholder responsibilities, and any necessary technical knowledge necessary for emergency management within established disaster scenarios. Finally, an optimized business continuity plan includes a recovery time objective (RTO) to establish the speed at which business operations must be recovered, and a business impact analysis (BIA) to determine how successful recovery efforts were. Likewise, a disaster report shows stakeholders how the disaster recovery planning process can improve in the future.
With these three elements, an organization can weather crises, assess damage quickly, and recover as soon as possible. It's also important to understand that a business continuity plan is a living document that must be updated regularly as the organization adopts new technologies and processes. As organizations grow to scale, they adopt new solutions and infrastructures; these must be accounted for in the plan, or disaster recovery challenges could become augmented by unexpected bottlenecks.
Five elements of a successful business continuity plan
Although each business disruption is unique and many decisions will have to be made as situations unfold, a business continuity plan provides a framework and preparation to guide these decisions, as well as a clear indication of who will make them. A successful business continuity plan includes the following elements.
1. Define a team structure
- Develop a clear decision-making hierarchy, so that in an emergency, people don’t wonder who has the responsibility or authority to make a given decision
- Create a core business continuity team with personnel from throughout the organization, including executive leaders, information technology, facilities, and real estate, as well as physical security, communications, human resources, finance, and other service departments
- Create supporting teams devoted to related functions such as emergency response, communications, campus response, and business readiness
2. Establish a plan
- Identify potential disruptions to your business process that can affect any of your organization’s locations, such as power outages, epidemics, and fires•
- Base your plan on worst-case scenarios rather than multiple graduated versions of each incident, to keep the number of scenarios manageable
- Prioritize the most essential operations as well as who will perform them and how work will be redirected if key people are unavailable
- Determine how employees will work from home in the event of a prolonged outage
- Update your plan annually to reflect changes in the criticality and dependency of applications, business priorities, risk management, business locations, operations, and other considerations
3. Test your plan
- Conduct full emergency simulations annually, including crisis communications, safety drills, and workplace recovery processes
- Measure your test results and strive for continuous improvements, whether they’re application availability goals or personnel safety assurances
4. Create a crisis communications strategy
- Establish emergency notification procedures, incorporating both push and pull systems to communicate quickly
- Identify all stakeholders for emergency communications, including employees, contractors, clients, vendors, media, and executive management—and collect all contact information
- Prepare scripted communications that can be easily updated and ready to transmit immediately
5. Educate people on safety procedures
- Train your workforce so they’re aware of the processes they should follow in the event of an emergency and so they know where to find resources for help
- Consult with local and federal agencies for emergency response training and other guidance for your program
- Conduct employee drills to help personnel become familiar with procedures, such as finding emergency exits
Citrix solutions for business continuity planning
If people can’t access the applications, data, and files they depend on, business stays down—and risks losing money, customers, productivity, reputation, and opportunities every moment it takes to get them back to work. Citrix keeps your business running during unplanned downtimes to ensure continuity of operations.
- Provide people with secure offsite access to a virtual applications and desktops, from any location and device
- Simplify business continuity management by leveraging everyday infrastructure, eliminating the need for separate tools, devices, and recovery units
- Ensure IT availability through rapid, automated datacenter failover, load balancing, and network capacity management as well as cloud-based deployment choices
What is business continuity?
What is disaster recovery?
Learn about business continuity with Citrix
Ein Business Continuity Plan (BCP) ist ein Dokument, das beschreibt, wie ein Unternehmen bei einer ungeplanten Betriebsunterbrechung weiterarbeitet. Er ist umfassender als ein Disaster-Recovery -Plan und enthält Eventualitäten für Geschäftsprozesse, Anlagen, Personal und Geschäftspartner - jeden Aspekt des Unternehmens, der betroffen sein könnte.
Ein Business Continuity-Plan ist eine übergreifende Strategie für den Betriebsablauf in Zwischenfallszenarien oder für die Recovery nach einer größeren Unterbrechung. Ein Disaster Recovery-Plan (DR) bezieht sich speziell auf die IT-Prozesse und -Tools, die den Zugriff auf unternehmenskritische Daten, Anwendungen und Services in diesen ...
business continuity plan noun Betriebskontinuitätsplan m The consultants prepared a business continuity plan. Die Berater erstellten einen Betriebskontinuitätsplan. Plan zur Betriebsaufrechterhaltung m Many companies have a business continuity plan in place. Viele Unternehmen verfügen über einen Plan zur Betriebsaufrechterhaltung.
einen entsprechenden Business-Continuity-Plan, für den das Management. [...] verantwortlich zeichnet, begrenzt. efgbank.ch. efgbank.ch. It comprises the protection of employees, [...] data protection and assurance of the capacity to act in extraordinary situations -.
Business continuity planning is the process of ensuring the resiliency of your business in the event of a catastrophic event. Business continuity plans help businesses prepare to experience disruptions without spiraling into catastrophe while preserving operations and keeping personnel safe. Every company needs to assess their business ...
A business continuity strategy is a summary of the mitigation, crisis, and recovery plans to be implemented after a disruption to resume normal operations. "Business continuity strategy" is often used interchangeably with "business continuity plan." Both consider the broader goals, legal and regulatory requirements, personnel, and even the ...
A business continuity plan is a practical guide developed by companies to enable continuous operations in the event of major business disruptions like natural disasters and global lockdowns. Business continuity planning usually involves analyzing the impact of disrupted business processes and determining recovery strategies with management.
The business continuity plan is a combination of findings from the performed BIA and the recovery strategies established by the organization. A BCP plan typically includes 4 key components: scope & objectives, operations at risk, recovery strategy, and roles and responsibilities. 6. Training
A business continuity plan to continue business is essential. Development of a business continuity plan includes four steps: Conduct a business impact analysis to identify time-sensitive or critical business functions and processes and the resources that support them.
This template outlines the structure involved in creating a business continuity plan. It provides an easy, comprehensive way to detail the steps that will comprise your unique BCP. Use this template to plan each phase of a typical BCP, including the business impact analysis, recovery strategies, and plan development.
Business continuity means more than just making sure the lights stay on when a crisis hits. The benefits of establishing a business continuity strategy include: Resilience: With greater awareness of what really matters during a crisis, you can focus resources effectively.
A business continuity plan refers to the steps a company takes to help it continue operations during a crisis. In order to write a business continuity plan, you gather information about key people, tools, and processes, then write the plan as procedures and lists of resources.
Business continuity may be defined as "the capability of an organization to continue the delivery of products or services at pre-defined acceptable levels following a disruptive incident",  and business continuity planning   (or business continuity and resiliency planning) is the process of creating systems of prevention and recovery to …
Contingency and business continuity planning best practices - Beyond templates and checklists. Contingency planning is a broad term. In theory, any business continuity checklist can be developed around issues as mundane as organizing fire drills (don't forget to take your laptop with you!). But if the COVID-19 crisis is any indication as to ...
Business continuity plans (BCPs) are prevention and recovery systems for potential threats, such as natural disasters or cyber-attacks. BCP is designed to protect personnel and assets and make...
A business continuity plan (BCP) outlines a process to prevent and recover from a range of potential threats in the event of an unexpected incident such as a cyberattack, identity theft, or a data breach. It allows a quick reaction, and minimizes impact and recovery times.
A business continuity plan is an overarching strategy for operating in disaster scenarios or recovering from a major disruption. A disaster recovery (DR) plan refers more specifically to the IT processes and tools you can rely on to retain or restore access to mission-critical data, applications, and services in these scenarios.
A business continuity plan (BCP) is part of a business continuity management system (BCMS), and includes the procedures an organization must follow in an emergency. The document also contains steps for recovery in the days and months after the incident. One part of a BCP is the disaster recovery plan, which contains plans for IT and technical continuity.
business continuity plan (BCP): A business continuity plan (BCP) is a document that consists of the critical information an organization needs to continue operating during an unplanned event.
An optimized business continuity plan encompasses three main components.. First, a company needs to be resilient. That means key business functions are designed within the context of potential disasters. The business continuity team runs a risk assessment against each function for weaknesses and susceptibilities, then establishes protections against them.