• Search Search Please fill out this field.
  • Business Continuity Plan Basics
  • Understanding BCPs
  • Benefits of BCPs
  • How to Create a BCP
  • BCP & Impact Analysis
  • BCP vs. Disaster Recovery Plan

Frequently Asked Questions

  • Business Continuity Plan FAQs

The Bottom Line

What is a business continuity plan (bcp), and how does it work.

business continuity planning wiki

Investopedia / Ryan Oakley

What Is a Business Continuity Plan (BCP)? 

A business continuity plan (BCP) is a system of prevention and recovery from potential threats to a company. The plan ensures that personnel and assets are protected and are able to function quickly in the event of a disaster.

Key Takeaways

  • Business continuity plans (BCPs) are prevention and recovery systems for potential threats, such as natural disasters or cyber-attacks.
  • BCP is designed to protect personnel and assets and make sure they can function quickly when disaster strikes.
  • BCPs should be tested to ensure there are no weaknesses, which can be identified and corrected.

Understanding Business Continuity Plans (BCPs)

BCP involves defining any and all risks that can affect the company's operations, making it an important part of the organization's risk management strategy. Risks may include natural disasters—fire, flood, or weather-related events—and cyber-attacks . Once the risks are identified, the plan should also include:

  • Determining how those risks will affect operations
  • Implementing safeguards and procedures to mitigate the risks
  • Testing procedures to ensure they work
  • Reviewing the process to make sure that it is up to date

BCPs are an important part of any business. Threats and disruptions mean a loss of revenue and higher costs, which leads to a drop in profitability. And businesses can't rely on insurance alone because it doesn't cover all the costs and the customers who move to the competition. It is generally conceived in advance and involves input from key stakeholders and personnel.

Business impact analysis, recovery, organization, and training are all steps corporations need to follow when creating a Business Continuity Plan.

Benefits of a Business Continuity Plan

Businesses are prone to a host of disasters that vary in degree from minor to catastrophic. Business continuity planning is typically meant to help a company continue operating in the event of major disasters such as fires. BCPs are different from a disaster recovery plan, which focuses on the recovery of a company's information technology system after a crisis.

Consider a finance company based in a major city. It may put a BCP in place by taking steps including backing up its computer and client files offsite. If something were to happen to the company's corporate office, its satellite offices would still have access to important information.

An important point to note is that BCP may not be as effective if a large portion of the population is affected, as in the case of a disease outbreak. Nonetheless, BCPs can improve risk management—preventing disruptions from spreading. They can also help mitigate downtime of networks or technology, saving the company money.

How To Create a Business Continuity Plan

There are several steps many companies must follow to develop a solid BCP. They include:

  • Business Impact Analysis : Here, the business will identify functions and related resources that are time-sensitive. (More on this below.)
  • Recovery : In this portion, the business must identify and implement steps to recover critical business functions.
  • Organization : A continuity team must be created. This team will devise a plan to manage the disruption.
  • Training : The continuity team must be trained and tested. Members of the team should also complete exercises that go over the plan and strategies.

Companies may also find it useful to come up with a checklist that includes key details such as emergency contact information, a list of resources the continuity team may need, where backup data and other required information are housed or stored, and other important personnel.

Along with testing the continuity team, the company should also test the BCP itself. It should be tested several times to ensure it can be applied to many different risk scenarios . This will help identify any weaknesses in the plan which can then be corrected.

In order for a business continuity plan to be successful, all employees—even those who aren't on the continuity team—must be aware of the plan.

Business Continuity Impact Analysis

An important part of developing a BCP is a business continuity impact analysis. It identifies the effects of disruption of business functions and processes. It also uses the information to make decisions about recovery priorities and strategies.

FEMA provides an operational and financial impact worksheet to help run a business continuity analysis. The worksheet should be completed by business function and process managers who are well acquainted with the business. These worksheets will summarize the following:

  • The impacts—both financial and operational—that stem from the loss of individual business functions and process
  • Identifying when the loss of a function or process would result in the identified business impacts

Completing the analysis can help companies identify and prioritize the processes that have the most impact on the business's financial and operational functions. The point at which they must be recovered is generally known as the “recovery time objective.”

Business Continuity Plan vs. Disaster Recovery Plan

BCPs and disaster recovery plans are similar in nature, the latter focuses on technology and information technology (IT) infrastructure. BCPs are more encompassing—focusing on the entire organization, such as customer service and supply chain. 

BCPs focus on reducing overall costs or losses, while disaster recovery plans look only at technology downtimes and related costs. Disaster recovery plans tend to involve only IT personnel—which create and manage the policy. However, BCPs tend to have more personnel trained on the potential processes. 

Why Is Business Continuity Plan (BCP) Important?

Businesses are prone to a host of disasters that vary in degree from minor to catastrophic and business continuity plans (BCPs) are an important part of any business. BCP is typically meant to help a company continue operating in the event of threats and disruptions. This could result in a loss of revenue and higher costs, which leads to a drop in profitability. And businesses can't rely on insurance alone because it doesn't cover all the costs and the customers who move to the competition.

What Should a Business Continuity Plan (BCP) Include?

Business continuity plans involve identifying any and all risks that can affect the company's operations. The plan should also determine how those risks will affect operations and implement safeguards and procedures to mitigate the risks. There should also be testing procedures to ensure these safeguards and procedures work. Finally, there should be a review process to make sure that the plan is up to date.

What Is Business Continuity Impact Analysis?

An important part of developing a BCP is a business continuity impact analysis which identifies the effects of disruption of business functions and processes. It also uses the information to make decisions about recovery priorities and strategies.

FEMA provides an operational and financial impact worksheet to help run a business continuity analysis.

These worksheets summarize the impacts—both financial and operational—that stem from the loss of individual business functions and processes. They also identify when the loss of a function or process would result in the identified business impacts.

Business continuity plans (BCPs) are created to help speed up the recovery of an organization filling a threat or disaster. The plan puts in place mechanisms and functions to allow personnel and assets to minimize company downtime. BCPs cover all organizational risks should a disaster happen, such as flood or fire.  

Federal Emergency Management Agency. " Business Process Analysis and Business Impact Analysis User Guide ." Pages 15 - 17.

Ready. “ IT Disaster Recovery Plan .”

Federal Emergency Management Agency. " Business Process Analysis and Business Impact Analysis User Guide ." Pages 15-17.

business continuity planning wiki

  • Terms of Service
  • Editorial Policy
  • Privacy Policy
  • Your Privacy Choices

CIO Wiki

  • Recent changes
  • Random page
  • Help about MediaWiki
  • What links here
  • Related changes
  • Special pages
  • Printable version
  • Permanent link
  • Page information
  • View source

Business Continuity Plan (BCP)

The Business Continuity Plan (BCP) is an essential part of any organization’s response planning. It sets out how the business will operate following an incident and how it expects to return to ‘business as usual’ in the quickest possible time afterward. [1]

The Need for a Business Continuity Plan [2]

Major events such as terrorism (New York, 2001; London, 2005), Hurricane Katrina, and Swine Flu have brought the issue of Business Continuity Management to the attention of all business owners and executives. They now realize that they need to take steps to improve the chances that their business would survive such incidents and continue to operate, deliver an acceptable level of customer service, and generate income. Less news grabbing, but just as significant, are events such as:

  • local infrastructure failures (e.g., internet access or telephone systems);
  • access denial due to external incidents (a fire in another company, road traffic accidents, bad weather);
  • staff unavailability (winter flu, industrial action, unexpected Lottery win!);
  • accidental or malicious corruption or destruction of data;
  • theft of company property;
  • the failure of key suppliers to meet delivery deadlines;

These are all sound reasons to have in place a credible Business Continuity Management System. Other drivers which should encourage organizations to take Business Continuity Planning more seriously include:

  • Increased Executive/Board responsibilities (e.g., Turnbull Report/Combined Code of Corporate Governance, Sarbanes-Oxley Act (USA), Basel II Accord, etc.).
  • Large clients and public bodies often require that a Business Continuity Plan has been developed and implemented, even just to get on a preferred supplier list or submit a tender.
  • Auditors increasingly expect to see a Business Continuity Plan in place as part of their due diligence audits.
  • The Civil Contingencies Act 2004 has placed Business Continuity Management obligations on public sector organizations.
  • Insurers increasingly require to see evidence of Business Continuity Plans in place.
  • Holding Companies & Shareholders have rising expectations in respect of corporate governance.
  • Regulatory Bodies are starting to impose Business Continuity Management on the organizations they regulate.
  • Learning of a disaster to a neighbor or associate.
  • Experiencing a disaster or near miss!!

Business Continuity Plan Objectives [3]

  • Guide the company’s disaster recovery teams: This is one of the most fundamental objectives of business continuity management. Your BCP plan template is more than just a document to be stored away and never seen again. It’s a step-by-step guide that will be used by your recovery teams during an actual disaster situation.
  • Identify disaster recovery personnel: Who is o n those disaster recovery teams? What are their roles? How can they be reached in an emergency? Identifying this information is one of the most important goals of your business continuity planning.
  • Assess risks and impact: Another crucial purpose of creating a BCP is identifying the various threats to your operations. In a later section, your plan will outline different types of disasters that could disrupt the business. You will also include the impact of each scenario: how much damage would be caused, how long the recovery would take, the cost of operational losses, and so on.
  • Provide the step-by-step protocols: Your plan will provide the specific procedures that must be followed to assist in recovery. Chances are, when disaster strikes, personnel won’t remember exactly what they’re supposed to do. Your disaster recovery teams should have a general idea, but if needed they can consult the document to follow the exact procedures as they’re listed.
  • Identify the location of critical data and assets: One of the most important IT business continuity plan objectives is identifying where critical data and other assets are stored. This allows recovery teams to begin recovery even if key IT personnel are unavailable. Imagine, for example, a scenario in which you had no IT workforce. There must be, at least, a footprint for other personnel or stakeholders to follow. Any confusion will significantly impede the recovery process.
  • Prioritize emergency communications: Who communicates with the client during an emergency? Who notifies the workforce? Who speaks to the media? By having a business continuity management policy in place, recovery personnel will understand their roles in both internal and external emergency communications.
  • Identify backup locations and resources: Recovery teams need to know where and how to relocate operations and with what resources. Your BCP will outline the availability of any backup office space or the procedures for securing a new space rapidly. Additionally, it will cite the availability of backup physical resources, such as workstations and devices.
  • Outline existing preventative measures: A business stakeholder wants to know, “What are we doing to prevent ransomware situations like the one I just read about in the news?” This is another reason for your BCP. It will outline the technologies, tools, and protocols that are already in place to prevent or mitigate the effects of a disaster.
  • Find weaknesses and propose solutions: Any holes in your continuity planning must be addressed. The BCP is as much a process as it is a static document. It’s a work in progress in which risks must be constantly evaluated. Identify scenarios that would leave operations unprotected and propose specific action steps that should be taken immediately.

Components of Business Continuity Plan (BCP) [4]

There are five components of a Business Continuity Plan:

  • Disaster Recovery Plan
  • Continuity of Operations Plan
  • Incident Management Plan
  • Occupant Emergency Plan
  • Business Resumption Plan

Steps in Developing a Business Continuity Plan (BCP) [5]

The development of a business continuity plan includes four steps:

  • Conduct a business impact analysis to identify time-sensitive or critical business functions and processes and the resources that support them.
  • Identify, document, and implement to recover critical business functions and processes.
  • Organize a business continuity team and compile a business continuity plan to manage a business disruption.
  • Conduct training for the business continuity team and testing and exercises to evaluate recovery strategies and the plan.

Business Continuity Plan Vs. Emergency Response, Crisis Management, and Disaster Recovery [6]

Business Continuity Planning joins with Emergency Response, Crisis Management, and Disaster Recovery Planning [see Figure 1] to create a comprehensive process for recovering from unexpected events that threaten stability or even the future existence of an organization. Business Continuity is often the most crucial element in determining whether an organization can survive a major disruption over the long run. While the other three are certainly important factors in reducing damage, saving lives, and re-establishing a reliable snapshot of the organization's technology infrastructure, databases, and transactions, all are rendered ineffective without a sound Business Continuity Plan (BCP).

Business Continuity Plan

Benefits of Having a Business Continuity Plan [7]

  • Having a business continuity plan in place will keep businesses trading when they would have otherwise probably failed due to an incident.
  • Business continuity plans can significantly reduce the cost of disruptions.
  • Companies with business continuity plans benefit from insurance premium discounts, reduced excesses, and doors opening to new insurance markets.
  • A business continuity plan allows what would otherwise be unacceptable risks to be insured.
  • Business continuity maintains the continuity of operations and service delivery
  • Business continuity helps to build customer confidence
  • Business continuity helps to build confidence within the organization/business
  • Business continuity is potentially life-saving
  • Business continuity provides a competitive advantage
  • Business continuity provides compliance benefits
  • Business continuity helps mitigate business risks and financial exposures
  • Business continuity helps preserve brand value and company reputation
  • Business continuity ensures supply chain security and order fulfillment
  • Business continuity can help enhance or develop an appropriate organizational culture
  • Business continuity can help enhance health and safety
  • Business continuity helps the organization/business to be more resilient
  • Business continuity gathers information that is useful to the whole organization/business

Business Continuity Plan- Best Practices [8]

  • Full-Fledged Automation: In spite of remarkable advances in automation technologies, a good number of enterprises are found to rely on recovery systems that are manual or are handled by using human power. The important feature of such practice is over-reliance on entrepreneurs and their employees regarding their ability to access the organization’s remote facilities. Remote accessibility can be severely compromised in the event of a natural disaster or terror attack. Hence remote accessibility cannot be relied upon in these situations. By adopting full-scale automation, businesses can minimize their dependence on remote accessibility and involvement of human intervention to maintain business continuity.
  • Understand the limitations of virtual systems: Adoption of virtual servers, desktops, and storage can considerably improve the ability of the organization to deal with outages and downtime. These virtualized systems have an intrinsic ability that reduces the risk of downtime by offering greater protection from outages. In spite of this, you need to understand that such virtualized systems cannot offer a hundred percent safety against failure. This calls for the need to be prepared for the unexpected by employing a robust backup strategy.
  • Testing of Every Plan: Although employing a business continuity plan immunizes business against natural disasters and guarantees business availability, it cannot be considered to be a foolproof plan until you have checked and tested every single step. You need to make sure that the business continuity plan is able to sustain the most challenging conditions. More than twenty percent of businesses surveyed were found to have never undertaken to test of their business continuity plans. An equal number of companies admitted infrequent testing of the business continuity plan. Testing establishes the credibility of the business continuity plan and must be undertaken on a quarterly basis. This must involve running critical applications and testing every single system.
  • Relevance of Location: With reference to a recent Consumer Economics report, as high as forty percent of organizations in the midsized category rely on a single data center for their business operations. In view of the growing threats of terror attacks due to the current situation and the greater frequency of natural disasters owing to global warming, it is necessary to assess the security level of data centers in terms of their geographical locations. One must also consider ease of accessibility during unexpected events and the range of service availability in catastrophic situations. There is an urgent need to explore a cloud-based data storage option by organizations that have the facility of a single remotely located data center. These steps will help reduce the effect of downtime during extreme situations.
  • Need prioritization: Even if a comprehensive and in-depth business continuity plan is essential for those organizations whose requirements of data recovery are of extremely large scale, there has to be a critical analysis of the most significant applications, software, and data storage. These mission-critical applications must be given priority while planning expenditures for business continuity. Precise identification of critical applications can avoid unnecessary spending on less important applications.

Disaster Recovery Plan (DRP) Business Continuity Risk Management Enterprise Risk Management (ERM) Crisis Management

  • ↑ What is a Business Continuity Plan (BCP)?
  • ↑ Why is a Business Continuity Plan Needed?
  • ↑ Business Continuity Plan Objectives
  • ↑ What are the Components of Business Continuity Plan (BCP)?
  • ↑ What Steps should be followed in Developing a Business Continuity Plan (BCP)?
  • ↑ Business Continuity Plan Vs. Emergency Response, Crisis Management, and Disaster Recovery
  • ↑ What are the Benefits of Having a Business Continuity Plan
  • ↑ Business Continuity Plan- Best Practices

Further Reading

  • How to Create an Effective Business Continuity Plan
  • Small Firm Business Continuity Plan Template
  • How to Build an Effective and Organized Business Continuity Plan
  • Rethink Your Business Continuity Strategy
  • Why Your Business Continuity Plan Can't Wait
  • Skip to content
  • Skip to search
  • Skip to footer

What Is Business Continuity?

What is business continuity

Business continuity is an organization's ability to maintain or quickly resume acceptable levels of product or service delivery following a short-term event that disrupts normal operations. Examples of disruptions range from natural disasters to power outages.

  • Watch video (1:14)
  • Business continuity

Contact Cisco

  • Get a call from Sales

Call Sales:

  • 1-800-553-6387
  • US/CAN | 5am-5pm PT
  • Product / Technical Support
  • Training & Certification

Is business continuity the same as business resilience or disaster recovery?

Business continuity, disaster recovery, and business resilience are not the same, but they are related.

  • Business continuity is a process-driven approach to maintaining operations in the event of an unplanned disruption such as a cyber attack or natural disaster. Business continuity planning covers the entire business—processes, assets, workers, and more. It isn't focused solely on IT infrastructure and business systems.
  • Business resilience encompasses crisis management and business continuity. It requires a response to all types of risk that an organization may face. An organization that is business resilient is essentially in a constant state of "expecting the unexpected." It means continuously preparing to meet disruptions head-on, including events of extended duration that may affect more than one facility or region.
  • Disaster recovery focuses specifically on how to restore an enterprise's IT infrastructure and business systems following a disruption. It is considered an element of business continuity. A business continuity plan (BCP) might contain several disaster recovery plans, for example.

What is a business continuity strategy?

A business continuity strategy is a summary of the mitigation, crisis, and recovery plans to be implemented after a disruption to resume normal operations. "Business continuity strategy" is often used interchangeably with "business continuity plan." Both consider the broader goals, legal and regulatory requirements, personnel, and even the business's clients and partners.

What does a business continuity plan mitigate?

A relevant and well-tested BCP can help ease the negative impacts of an unexpected business disruption in many ways.

  • Financial impact: Disruptions to product supply chains and critical services to customers can directly affect sales and revenue. Downtime caused by unplanned disruptions can also result in higher costs for a business as it looks to repair operations and mitigate previously unidentified threats.
  • Reputation and brand impact: Failure to resume operations quickly and supply customers with the products or services they expect can prompt customer defections and tarnish the brand. Damage to reputation can in turn cause investors and capital sources to pull back funding, exacerbating the financial impact of a business disruption.
  • Regulatory impact: Customers and vendors are likely to complain when businesses fail to respond appropriately to disruptions, which may result in regulatory scrutiny or even censure. In highly-regulated industries, such as energy and financial services, business continuity planning is mandatory to ensure regulatory compliance.

Business continuity planning activities

A well-crafted and tested BCP can go a long way toward helping a business recover swiftly from a disruption. These are key steps a business may want to take.

Identifying critical business areas and functions

Business continuity planning begins with identifying an organization's key business areas and the critical functions within those areas. A business needs to determine and document the acceptable downtime for each area and function considered vital to operations. Then a plan to restore operations can be established, documented, and communicated.

Analyzing risks, threats, and potential impacts

Creating appropriate response scenarios requires knowing what disruptions the business could experience. An upfront analysis of risks and threats is necessary in order to prepare contingency responses to events. Organizations can also conduct a back-end analysis after an event to gather metrics and assess lessons learned. This information can drive improvements in how the business responds to disruptions.

Outlining and assigning responsibilities

A BCP details which personnel will be responsible for implementing specific aspects of the plan. It also identifies key decision-makers and a chain of command. The plan should include alternative options in case primary personnel are incapacitated or unavailable to respond to the disruption.

Defining and documenting alternatives

A business continuity plan should define and document alternative communication strategies in case telephone services or the internet are down. Enterprises should also have alternatives for mission-critical spaces such as data centers or manufacturing facilities in case buildings are damaged.

Assessing the need for critical backups

Essential equipment may be damaged or unavailable during a disruptive event. A business should consider whether it has access to backup equipment and uninterruptible power supplies (UPS) during extended power outages. Business-critical data needs to be backed up regularly, and is mandatory in many regulated industries.

Testing, training, and communication

Business continuity plans need to be tested to ensure they will be effective. (Disaster recovery plans should be tested as well.) A best practice is to conduct a plan review at least quarterly with leadership and key team members who are responsible for executing the plan.

Many companies use role-playing sessions, simulations, and other types of exercises several times per year to test their BCPs. This approach helps to identify gaps, develop strategies for improvement, and determine if more resources are needed. Targeted staff training and communicating to the whole workforce the benefits of having a business continuity plan are also vital to its success.

Related products and solutions

  • Cisco Webex Contact Center
  • Virtual Desktop Infrastructure (VDI)
  • Cisco Intersight Workload Optimizer
  • AppDynamics Application Performance Management
  • ThousandEyes End User Monitoring
  • ThousandEyes Endpoint Agents

You may also like…

  • Cisco’s Business Resiliency Strategy
  • Business Continuity Blogs
  • Business Continuity Planning

business continuity planning wiki

  • Developing Your MVP
  • Incident Management
  • Needs Assessment Process
  • Product Development From Ideation to Launch
  • Visualizing Competitive Landscape
  • Communication Plan
  • Graphic Organizer Creator
  • Fault Tree Software
  • Bowman's Strategy Clock Template
  • Decision Matrix Template
  • Communities of Practice
  • Goal Setting for 2024
  • Meeting Templates
  • Meetings Participation
  • Microsoft Teams Brainstorming
  • Retrospective Guide
  • Skip Level Meetings
  • Visual Documentation Guide
  • Weekly Meetings
  • Affinity Diagrams
  • Business Plan Presentation
  • Post-Mortem Meetings
  • Team Building Activities
  • WBS Templates
  • Online Whiteboard Tool
  • Communications Plan Template
  • Idea Board Online
  • Meeting Minutes Template
  • Genograms in Social Work Practice
  • How to Conduct a Genogram Interview
  • How to Make a Genogram
  • Genogram Questions
  • Genograms in Client Counseling
  • Understanding Ecomaps
  • Visual Research Data Analysis Methods
  • House of Quality Template
  • Customer Problem Statement Template
  • Competitive Analysis Template
  • Creating Operations Manual
  • Knowledge Base
  • Folder Structure Diagram
  • Online Checklist Maker
  • Lean Canvas Template
  • Instructional Design Examples
  • Genogram Maker
  • Work From Home Guide
  • Strategic Planning
  • Employee Engagement Action Plan
  • Huddle Board
  • One-on-One Meeting Template
  • Story Map Graphic Organizers
  • Introduction to Your Workspace
  • Managing Workspaces and Folders
  • Adding Text
  • Collaborative Content Management
  • Creating and Editing Tables
  • Adding Notes
  • Introduction to Diagramming
  • Using Shapes
  • Using Freehand Tool
  • Adding Images to the Canvas
  • Accessing the Contextual Toolbar
  • Using Connectors
  • Working with Tables
  • Working with Templates
  • Working with Frames
  • Using Notes
  • Access Controls
  • Exporting a Workspace
  • Real-Time Collaboration
  • Notifications
  • Meet Creately VIZ
  • Unleashing the Power of Collaborative Brainstorming
  • Uncovering the potential of Retros for all teams
  • Collaborative Apps in Microsoft Teams
  • Hiring a Great Fit for Your Team
  • Project Management Made Easy
  • Cross-Corporate Information Radiators
  • Creately 4.0 - Product Walkthrough
  • What's New

Understanding the Essentials of a Business Continuity Plan

hero-img

In the face of unforeseen disruptions, a robust business continuity plan (BCP) is essential to preserve the trust of stakeholders. If you are able to seamlessly continue operations even in the face of sudden challenges, stakeholders are reassured of the company’s resilience and commitment to their interests.

In this blog post, we offer a comprehensive guide to business continuity planning, how it can benefit organizations and share key insights into Developing and Maintaining an Effective business continuity plan.

What is a Business Continuity Plan?

A business continuity plan (BCP) is an essential blueprint that outlines how a company will continue operating during an unplanned disruption in service. It’s more than just a reactive strategy; it’s a proactive measure to ensure that critical business functions can continue during and after a crisis. The purpose of a BCP is to provide a systematic approach to mitigate the potential impact of disruptions and maintain business operations at an acceptable predefined level.

The role of a BCP is crucial in maintaining operations during unforeseen events such as natural disasters, cyber-attacks, or any other incident that could interrupt business processes. By having a well-structured business continuity plan, organizations can:

  • Minimize downtime and ensure that essential functions remain operational
  • Protect the integrity of data and IT infrastructure
  • Maintain customer service and preserve stakeholder trust

Why is a Business Continuity Plan Important

Immediate Response : A BCP ensures that there is a predefined action plan, minimizing downtime and demonstrating control over the situation.

Transparent Communication : Keeping stakeholders informed during a crisis promotes transparency and maintains confidence in the company’s management.

Inclusive Planning : Involve stakeholders in the business continuity plan development process. Their insights can enhance the plan’s effectiveness and ensure their needs are addressed.

Consistency in Service : By prioritizing critical operations, a BCP helps maintain the quality and consistency of services or products, which is important for customer retention.

The absence of a business continuity plan can lead to a domino effect of negative outcomes, including a tarnished reputation and the potential loss of future business. Stakeholders remember how a company responds in a crisis, and a well-executed BCP can be the difference between a temporary setback and a long-term impact on the company’s image and relationships.

Elements of a Business Continuity Plan

When exploring various business continuity plan examples, certain common elements emerge as critical for their effectiveness. These elements serve as the backbone for a robust BCP plan, ensuring that businesses can maintain operations and protect their reputation during unforeseen events. Here are some of the key components found in successful BCP examples:

Risk Assessment and Business Impact Analysis : Identifying potential threats and assessing their impact on business operations is a foundational step in any BCP plan.

Crisis Communication Plan : A clear communication strategy is essential to manage stakeholder expectations and maintain trust.

Recovery Strategies : Detailed procedures for restoring business functions and services post-disruption are indispensable.

Employee Training and Awareness : Ensuring staff are well-prepared and knowledgeable about the BCP plan is crucial for its successful implementation.

Case studies of successful BCP implementations often highlight how these elements are tailored to fit specific business models and industries. For instance, a financial institution may focus heavily on data security and regulatory compliance within their BCP, while a manufacturing business might prioritize supply chain alternatives and on-site safety protocols. Regular testing and adjustment of these plans are also a common thread, underscoring the importance of adaptability and continuous improvement in business continuity planning.

Business Continuity Plan Toolkit

exit full-screen

Business Continuity vs. Disaster Recovery

It’s important to distinguish between a business continuity plan and a disaster recovery plan. While both are vital, a BCP is broader and focuses on the continuity of the entire business, whereas a disaster recovery plan is more technical and concentrates on the recovery of specific operations, such as IT services. Understanding these differences helps organizations allocate resources effectively and ensures comprehensive preparedness for any type of disruption. Understanding when to activate a business continuity plan (BCP) versus a disaster recovery plan is crucial for maintaining operational resilience.

To ensure a comprehensive crisis management strategy, consider the following integration points:

Pre-emptive Planning : Establish clear triggers for when each plan is activated. For instance, a BCP might be initiated in the face of a supply chain disruption, while disaster recovery would come into play during a data breach or server failure.

Unified Communication : Both plans should have a coordinated communication strategy to inform stakeholders and employees about the status and steps being taken.

Regular Testing : Conduct joint drills that test both the BCP and disaster recovery plans to identify any gaps or overlaps in procedures.

Continuous Improvement : Use insights from drills and actual incidents to refine both plans, ensuring they evolve with the changing business landscape and technological advancements.

By integrating both plans, organizations can navigate crises with agility and confidence, minimizing downtime and protecting their reputation. Tools like Creately, with features such as real-time collaboration and visual project management, can help create and maintain these critical plans, ensuring that all stakeholders are on the same page and ready to act when necessary.

Crisis Communication Strategies within Business Continuity Planning

A business continuity plan (BCP) is not just about responding to the crisis at hand, but also about how you communicate during the disruptions and the decisions you make. Here are some best practices to ensure your crisis communication and decision-making processes effective:

Clear Communication Channels : Establish predefined channels for internal and external communication. This ensures that messages are consistent and reach all stakeholders promptly.

Designated Spokespersons : Identify individuals who are authorized to speak on behalf of the company during a crisis. This helps maintain a unified voice and message.

Factual Updates : Provide regular, factual updates to keep stakeholders informed. Avoid speculation and commit to transparency.

Decision-Making Protocols : Implement decision-making protocols that are clear and allow for swift action. This includes having a chain of command and predefined criteria for making critical decisions.

Training and Simulations : Regularly train your crisis management team and conduct simulations to prepare for potential scenarios. This ensures that when a crisis does occur, your team is ready to act effectively.

By integrating these best practices into your BCP plan, you can maintain control during a crisis, make informed decisions, and communicate effectively with all parties involved. Remember, the goal is to protect your company’s operations, reputation, and stakeholder relationships during unexpected events.

Utilizing Business Continuity Plan Templates and Tools

When it comes to developing a robust business continuity plan (BCP), leveraging templates can offer a significant head start. These templates serve as a foundational framework that can be customized to align with the specific requirements of your business. Here’s why using BCP templates is advantageous:

Efficiency in Development : BCP templates provide a structured approach, ensuring that all critical elements are considered without starting from scratch. This saves valuable time and resources.

Consistency Across the Organization : Templates help maintain a uniform response strategy, which is crucial for coherent and coordinated action during a crisis.

Ease of Customization : While templates offer a general outline, they are designed to be adaptable. This means you can tailor them to reflect your business’s unique operational processes, risk profile, and recovery objectives.

Incorporating features like crisis response directions into your BCP template is essential. With Creately you can,

  • Visualize these procedures on an infinite canvas, ensuring clarity and accessibility for all team members.
  • Easily modify the plan as your business evolves, with the drag-and-drop functionality, making regular testing and adjustment a seamless process.
  • Create a central repository of information by having docs, links and attachments in the notes panel of any shape in your diagram.

Key Insights for Developing and Maintaining an Effective Business Continuity Plan

A robust business continuity plan (BCP) is not a ‘set it and forget it’ document; it requires ongoing attention and refinement. Here’s why regular testing, updates, and staff training are non-negotiables in business continuity:

Financial Protection : By regularly testing your BCP, you can identify and rectify gaps that could otherwise lead to significant financial losses during a crisis. It’s not just about having a plan, but ensuring it works effectively when you need it most.

Reputational Safeguarding : Your company’s reputation is on the line when disaster strikes. A well-rehearsed BCP means your team can respond swiftly and competently, preserving stakeholder trust and customer loyalty.

Customization for Evolving Threats : The threat landscape is constantly changing. Regular BCP reviews allow you to tailor your plan to new types of risks, ensuring your business remains resilient against the unforeseen.

Empowered Employees : Training staff on the BCP turns theory into practice. When every team member knows their role in a crisis, response times improve, and confusion is minimized.

Remember, a BCP is a living document. It thrives on the feedback loop created by regular drills and updates, ensuring that when a crisis does occur, your business is prepared not just to survive, but to continue operations with minimal disruption.

Join over thousands of organizations that use Creately to brainstorm, plan, analyze, and execute their projects successfully.

More Related Articles

How to Use T Charts to Organize Information

Hansani has a background in journalism and marketing communications. She loves reading and writing about tech innovations. She enjoys writing poetry, travelling and photography.

Business Continuity Planning

A Business Continuity Planning (BCP) methodology is used to produce a plan to enable an organization to continue in operation in the face of some kind of interruption to its normal operation. The methodology needs to be scalable for an organization of any size and complexity. Even though the methodology has roots in regulated industries, any type of organization may create a BCP manual, and arguably every organization should have one in order to ensure the organization's longevity. Evidence that firms do not invest enough time and resources into BCP preparations are evident in disaster survival statistics. Fires permanently close 44% of the business affected. In the 1993 World Trade Center bombing, 150 businesses out of 350 affected failed to survive the event. Conversely, the firms affected by the Sept 11 attacks with well-developed and tested BCP manuals were back in business within days.

A BCP manual for a small organization may be simply a printed manual stored safely away from the primary work location, containing the names, addresses, and phone numbers for crisis management staff, general staff members, clients, and vendors along with the location of the off-site data backup storage media, copies of insurance contracts, and other critical materials necessary for organizational survival. At its most complex, a BCP manual may outline a secondary work site, technical requirements and readiness, regulatory reporting requirements, work recovery measures, the means to re-establish physical records, the means to establish a new supply chain, or the means to establish new production centers. Firms should ensure that their BCP manual is realistic and easy to use during a crisis. As such, BCP sits along side crisis management and disaster recovery planning and is a part of an organization's overall risk management .

The development of a BCP manual has five main phases: analysis, solution design, implementation, testing and organization acceptance, and maintenance.

  • 1.1 Impact analysis
  • 1.2 Threat analysis
  • 1.3 Definition of impact scenarios
  • 1.4 Recovery requirement documentation
  • 2 Solution design
  • 3 Implementation
  • 4 Testing and organizational acceptance
  • 5.1 Information update and testing
  • 5.2 Testing and verification of technical solutions
  • 5.3 Testing and verification of organization recovery procedures
  • 5.4 Treatment of test failures

Analysis [ edit | edit source ]

The analysis phase in the development of a BCP manual consists of an impact analysis, threat analysis, and impact scenarios with the resulting BCP plan requirement documentation.

Impact analysis [ edit | edit source ]

An impact analysis results in the differentiation between critical and non-critical organization functions. A function may be considered critical if the implications for stakeholders of damage to the organization resulting are regarded as unacceptable. Perceptions of the acceptability of disruption may be modified by the cost of establishing and maintaining appropriate business or technical recovery solutions. A function may also be considered critical if dictated by law. Next, the impact analysis results in the recovery requirements for each critical function. Recovery requirements consist of the following information:

  • The time frame in which the critical function must be resumed after the disaster
  • The business requirements for recovery of the critical function, and/or
  • The technical requirements for recovery of the critical function

Threat analysis [ edit | edit source ]

After defining recovery requirements, documenting potential threats is recommended to detail a specific disaster’s unique recovery steps. Some common threats include the following:

  • Natural disasters (e.g., earthquakes, hurricanes, flooding, fires)
  • Power outage

All threats in the examples above share a common impact - the potential of damage to organizational infrastructure - except one, disease. The impact of diseases is initially purely human, and may be alleviated with technical and business solutions. During the 2002-2003 SARS outbreak, some organizations grouped staff into separate teams, and rotated the teams between the primary and secondary work sites, with a rotation frequency equal to the incubation period of the disease.

The organizations also banned face-to-face contact between opposing team members during business and non-business hours. With such a split, organizations increased their resiliency against the threat of government-ordered quarantine measures if one person in a team contracted or was exposed to the disease.

Damage from flooding also has a unique characteristic. If an office environment is flooded with non-saline and contamination-free water (e.g., in the event of a pipe burst), equipment can be thoroughly dried and may still be functional.

Definition of impact scenarios [ edit | edit source ]

After defining potential threats, documenting the impact scenarios that form the basis of the business recovery plan is recommended. In general, planning for the most wide-reaching disaster or disturbance is preferable to planning for a smaller scale problem, as almost all smaller scale problems are partial elements of larger disasters. A typical impact scenario like 'Building Loss' will most likely encompass all critical business functions, and the worst potential outcome from any potential threat. A business continuity plan may also document additional impact scenarios if an organization has more than one building. Other more specific impact scenarios - for example a scenario for the temporary or permanent loss of a specific floor in a building - may also be documented.

Recovery requirement documentation [ edit | edit source ]

After the completion of the analysis phase, the business and technical plan requirements are documented in order to commence the implementation phase. For an office-based, information technology intensive business, the plan requirements may cover the following elements which may be classed as ICE (In Case of Emergency) data:

  • The numbers and types of desks, whether dedicated or shared, required outside of the primary business location in the secondary location
  • The individuals involved in the recovery effort along with their contact and technical details
  • The applications and application data required from the secondary location desks for critical business functions
  • The manual workaround solutions
  • The maximum outage allowed for the applications
  • The peripheral requirements like computer printers, copiers, fax machines, calculators, paper, pens etc.

Other business environments, such as production, distribution, warehousing, etc., will need to cover these elements, but are likely to have additional issues to manage following a disruptive event.

Solution design [ edit | edit source ]

The goal of the solution design phase is to identify the most cost effective disaster recovery solution that meets two main requirements from the impact analysis stage. For IT applications, this is commonly expressed as:

  • The minimum application and application data requirements
  • The time frame in which the minimum application and application data must be available

Disaster recovery plans may also be required outside the IT applications domain, for example in preservation of information in hard copy format, or restoration of embedded technology in process plant. This BCP phase overlaps with the disaster recovery planning methodology. The solution phase determines:

  • the crisis management command structure
  • the location of a secondary work site (where necessary)
  • telecommunication architecture between primary and secondary work sites
  • data replication methodology between primary and secondary work sites
  • the application and software required at the secondary work site, and
  • the type of physical data requirements at the secondary work site.

Implementation [ edit | edit source ]

The implementation phase, quite simply, is the execution of the design elements identified in the solution design phase. Work package testing may take place during the implementation of the solution, however; work package testing does not take the place of organizational testing.

Testing and organizational acceptance [ edit | edit source ]

The purpose of testing is to achieve organizational acceptance that the business continuity solution satisfies the organization's recovery requirements. Plans may fail to meet expectations due to insufficient or inaccurate recovery requirements, solution design flaws, or solution implementation errors. Testing may include:

  • Crisis command team call-out testing
  • Technical swing test from primary to secondary work locations
  • Technical swing test from secondary to primary work locations
  • Application test
  • Business process test

At minimum, testing is generally conducted on a biannual or annual schedule. Problems identified in the initial testing phase may be rolled up into the maintenance phase and retested during the next test cycle.

Maintenance [ edit | edit source ]

Maintenance of a BCP manual is broken down into three periodic activities. The first activity is the confirmation of information in the manual. The second activity is the testing and verification of technical solutions established for recovery operations. The third activity is the testing and verification of documented organization recovery procedures. A biannual or annual maintenance cycle is typical.

Information update and testing [ edit | edit source ]

All organizations change over time, therefore a BCP manual must change to stay relevant to the organization. Once data accuracy is verified, normally a call tree test is conducted to evaluate the notification plan's efficiency as well as the accuracy of the contact data. Some types of changes that should be identified and updated in the manual include:

  • Staffing changes
  • Staffing persona
  • Changes to important clients and their contact details
  • Changes to important vendors/suppliers and their contact details
  • Departmental changes like new, closed or fundamentally changed departments.

Testing and verification of technical solutions [ edit | edit source ]

As a part of ongoing maintenance, any specialized technical deployments must be checked for functionality. Some checks include:

  • Computer virus definition distribution
  • Application security and service patch distribution
  • Hardware operability check
  • Application operability check
  • Data verification

Testing and verification of organization recovery procedures [ edit | edit source ]

As work processes change over time, the previously documented organizational recovery procedures may no longer be suitable. Some checks include:

  • Are all work processes for critical functions documented?
  • Have the systems used in the execution of critical functions changed?
  • Are the documented work checklists meaningful and accurate for staff?
  • Do the documented work process recovery tasks and supporting disaster recovery infrastructure allow staff to recover within the predetermined recovery time objective?

Treatment of test failures [ edit | edit source ]

As suggested by the diagram included in this article, there is a direct relationship between the test and maintenance phases and the impact phase. When establishing a BCP manual and recovery infrastructure from scratch, issues found during the testing phase often must be reintroduced to the analysis phase.

business continuity planning wiki

  • Book:Business Continuity Planning
  • Shelf:Business
  • Books to be broken into subpages
  • Alphabetical/B
  • Subject:Business
  • Subject:Business/all books
  • Subject:Social sciences/all books
  • Subject:Books by subject/all books
  • Book:Wikibooks Stacks/Books
  • Shelf:Business/all books
  • Department:Social sciences/all books
  • Freshly started books
  • Books by completion status/all books

Navigation menu

5 Step Guide to Business Continuity Planning (BCP) in 2021

A business continuity plan provides a concrete plan to maintain business cohesion in challenging circumstances. Click here for the key steps that can help you formulate a formidable BCP.

A business continuity plan (BCP) is defined as a protocol of preventing and recovering from potentially large threats to the company’s business continuity. This article explains what a business continuity plan is today, its key benefits, and a step-by-step guide to creating a formidable plan.

Table of Contents

What is a business continuity plan (bcp), key benefits of having a business continuity plan, step-by-step guide to building a formidable business continuity plan (bcp) in 2021.

A business continuity plan (BCP) is a protocol of preventing and recovering from potentially large threats to the company’s business continuity. Such a plan often aims to address the need for updated business norms and operational standards in unpredictable circumstances such as natural disasters, data breach/ exposures, large scale system failures etc. The goal of such a plan is to ensure continuity of business with no or little damage to regular working environments, including job security for its employees.

It covers everything from business processes, human resources details, and more. Essentially a BCP provides a concrete plan to the organization to maintain business continuity even in challenging circumstances. 

Below are key reasons why businesses need to have a BCP today:

  • BCP’s relevance has gone up considerably after the outbreak of the COVID-19 pandemic and was also a major testing time for organizations that did have such a plan in place. The organizations which had a business continuity plan in place were better able to cope during these unprecedented circumstances better than those who did not have any such plans.
  • The recorded number of natural disasters has increased from 375 in 2016 to 409 in 2019 Opens a new window . Globally, the loss because of natural disasters was $232 billion in 2019, according to a study by Aon Opens a new window .
  • The number of cyberattacks has also increased in all geographies and all business verticals. MonsterCloud reported that cyberattacks have skyrocketed during the COVID-19 pandemic. All this means that the organizations have to be better prepared to fight disasters. The importance of BCP can hardly be exaggerated in this context. Preparing a BCP is imperative for any enterprise, big or small, today. 

The end goal of a BCP is to ensure that the essential services continue to run in the event of an incident. For instance, if there is an earthquake where your customer service representatives operate from, your BCP will be able to tell you who will handle customer calls until the original office is restored.

Also Read: What Is Disaster Recovery? Definition, Cloud and On-premise, Benefits and Best Practices

Difference between a business continuity plan (BCP) and disaster recovery plan (DCP)

A BCP is often confused with a disaster recovery (DR) plan. While a DR plan is primarily focused on restoring the IT systems and infrastructure, a BCP is much more than that. It covers all areas and departments of the organization, including HR, marketing and sales, support functions. 

The underlying thought behind BCP is that IT systems can hardly work in silos. Other departments also need to be restored to cater to the client or for meeting the business demands. 

“Many people think a disaster recovery plan (DRP) is the same as a business continuity plan, but a DRP is only a small, yet essential, a portion of a full BCP. A DRP focuses solely on restoring an organization’s IT infrastructure while minimizing data loss. On the other hand, a BCP is a comprehensive guide on how to continue the mission and business-critical operations during a time of an unplanned disruption (natural disasters, pandemics, or malware),” says Caleb Pipkin, a security expert at Logically . 

Whether a business is small, big, or medium-sized, it needs a ‘plan B’ to recover quickly in the event of a natural disaster or a crisis and can survive the disruption. BCP helps you dust yourself and get back to business quickly and easily. It means that the enterprise will be better placed to address their customers’ needs even in the wake of a disaster. 

On the other hand, the lack of a plan means that your organization will take longer to recover from an event or incident. It could also lead to loss of business or clients. Let’s look at some key benefits of BCP.

1. It is a roadmap to act in a disaster

A well-defined business continuity plan is like a roadmap during a disruption. It allows the firms to react swiftly and effectively and maintain business continuity. In turn, this leads to a faster and complete recovery of the enterprise in the shortest possible timeframe. It brings down the business downtime and outlines the steps to be taken before, during, and after a crisis and thus helps maintain its financial viability. 

2. Offers a competitive edge

Fast reaction and business continuity during a disruption allow organizations to gain a competitive edge over its business rivals. It can translate into a significant competitive advantage in the long run. Further, your clients will be more confident in your ability to perform in adverse circumstances allowing you to build a long and sustainable relationship with your business partners.

Developing competence to act and handle any unfavorable event effectively has a positive effect on the company’s reputation and market value. It goes a long way in enhancing customer confidence. 

Also Read: Top 8 Disaster Recovery Software Companies in 2021

3. Cuts down losses

Disasters have a considerable impact on all types of business, whether big or small. Business disruption can lead to financial, legal, and reputational losses. Failure to plan could be disastrous for businesses. You may lose your customers while trying to get your business on track. In the worst circumstances, you may not be able to recover at all. A well-defined business continuity strategy minimizes the damage to an organization and allows you to bring down these losses as much as possible. 

4. Enables employment continuity and protects livelihoods

One of the most significant consequences of a disaster is the loss of employment. The loss of livelihood can be curtailed to an extent if the business continues to function in the event of a disaster. It leads to greater confidence in the workforce that their jobs might not be at risk, and the management is taking steps to protect their jobs. It helps build confidence in senior management’s ability to respond to the business disruption in a planned manner. 

5. Can be life-saving

A regularly tested and updated BCP can potentially help save the lives of the employees and the customers during a disaster. For instance, if the BCP plan for fire is regularly tested, the speed with which the workforce acts can help save lives. 

6. Preserves brand value and develops resilience

Possibly the biggest asset of an organization is its brand. Being able to perform in uncertain times helps build goodwill and maintain its brand value and may even help mitigate financial and reputational loss during a disaster. 

BCP curtails the damage to the company’s brand and finances because of a disaster event. This helps bring down the cost of any incident and thus help the company be more resilient. 

Also Read: 10 Best Practices for Disaster Recovery Planning (DRP)

7. Enables adherence to compliance requirements

Having a BCP allows organizations to have additional benefits of complying with regulatory requirements. It is a legal requirement in several countries.

8. Helps in supply chain security

A precise BCP goes a long way in protecting the supply chain from damage. It ensures continuity in delivering products and services by being able to perform critical activities.

9. Enhances operational efficiency

One of BCP’s lesser-known benefits is that it helps identify areas of operational efficiency in the organization. Developing BCP calls for an in-depth evaluation of the company’s processes. This can potentially reveal the areas of improvement. Essentially, it gathers information that can benefit in enhancing the effectiveness of the processes and operations. 

Also Read: 7 Ways to Build an Effective Disaster Recovery and Business Continuity Plan  

The COVID-19 pandemic has put the spotlight on preparing for a disaster like never before. We make the job easier for you by listing out the key steps in building a formidable business continuity plan: 

How to Build a Business Continuity Plan

How to Build a Business Continuity Plan

Step 1: Risk assessment 

This phase involves asking crucial questions to evaluate the risks faced by the company. What are the likely business threats and disruptions which are most likely to occur? What is the most profitable activity of your organization? It is vital to prioritize key risks and operations, which will help mitigate the damage in the event of a disaster. 

Step 2: Business impact analysis

The second step involves a thorough and in-depth assessment of your business processes to determine the vulnerable areas and the potential losses if those processes are disrupted. This is also known as Business Impact Analysis . 

Essentially, Business impact analysis (BIA) is a process that helps the organization define the impact if critical business operations are interrupted because of a disaster, accident, or emergency. It helps in identifying the most crucial elements of the business processes. For instance, maintaining a supply chain might be more critical during a crisis than public relations.

While there is no formal standard for a BIA, it typically involves the following steps: 

  • Collating information: As a first step, a questionnaire is prepared to find out critical business processes and resources that will help in the proper assessment of the impact of a disruptive event. One-on-one sessions with key management members may be conducted further to gain insights into the organization’s processes and workings.
  • Analysis: This is followed by analyzing the collected information. A manual or computer-assisted analysis is conducted. The analysis is based on an interruption in which crucial activities or resources are not available. Typically it works on the assumption of the worst-case scenario, even when the chances of a risk likelihood are low. This approach is followed to zero in on the systems that, when disrupted or interrupted, threaten the organization’s very survival. This way, these processes are prioritized in the business continuity plan. 

The analysis phase helps identify the minimum staff and resources required for running the organization in the event of a crisis. This also allows the organizations to assess the impact on the revenue if the business is unable to run for a day, a week, or more. There might be contractual penalties, regulatory fines, and workforce-related expenditure which need to be taken into account while finding out the impact on the business. Further, there might be specific vulnerabilities of the firm, and they need to be considered in the BIA. 

  • Preparing a report: The next step is preparing a BIA report, which is assessed by the senior management. The report is a thorough analysis of the gathered information along with findings. It also gives recommendations on the procedure that should be followed in the event of a business disruption. The BIA report also shares the impact on the revenue, supply chain, and customer delivery to the business in a specific time frame. 

The business impact analysis report may also include a checklist of all the resources, such as the names of key personnel, data backup , contact information, emergency responders, and more.

  • Presenting the report: Usually, this report goes through several amendments before being cleared by the senior management. The involvement of senior management is crucial to the success of the business continuity plan. It sends out a strong signal in the organization that it is a serious initiative. 

Also Read: Will Extreme Weather Events Affect Your Business? Lessons From the Texas Winter Storm

Step 3: BCP Testing

Several testing methods are available to test the effectiveness of the BCP. Here are a few common ones: 

  • TableTop test: As the name suggests, the identified executives go through the plan in detail to evaluate whether it will work on not. Different disaster types and the response to them are discussed at length. This type of testing is designed to make all the key personnel aware of their role in the event of a disaster. The response procedure is reviewed, and responsibilities are outlined, so everybody knows their roles.
  • Walk through: In this type of testing, the team members go through their part in the plan with a specific disaster in mind. Drills or a simulated response and disaster role-playing are part of this. This is a more thorough form of testing and likely to reveal the shortcoming in the plan. Any vulnerabilities discovered should be used to update the BCP accordingly.
  • Disaster simulation testing: In this type of testing, an environment that simulates an actual disaster is created. This is the closest to the actual event and gives the best case scenario about the plan’s workability. It will help the team find gaps that might be overlooked in the other types of tests. Document the results of your testing so you can compare the improvement from the previous tests. It will help you in strengthening your business continuity plan. 

Frequency of testing – Typically, organizations test BCP at least twice a year. At the same time, it depends on the size of your organization and the business vertical you operate in.

Step 4: Maintenance

A business continuity plan should not be treated as a one-time exercise. It needs to be maintained , so the organization’s structural and people changes are updated regularly. The key personnel might move on from the firm, and this would need to be updated in the Business Impact Analysis and BCP. The process for regular updating of the documentation should be followed to ensure that the organization is not caught on the wrong foot in case of a business disruption. 

Also Read: Offsite Data Replication: A Great Way To Meet Recovery Time Objectives

Step 5: Communication

Sometimes executives tend to ignore communication while preparing a BCP. It is a crucial aspect, and your BCP should clearly define who will maintain the communication channels with the employees, regulators, business partners, and partners during the crisis. The contact information of the key people should be readily accessible for the BCP to work without any trouble.

In the end, the organizations should accept that despite preparing a formidable business continuity plan, several factors beyond your control may still affect its success or failure. The key executives might not be available in the event of a crisis; both the primary and the alternate data recovery sites might have been affected by the event; the communications network might be damaged, and so on. Such factors are common during a natural disaster and may lead to the limited success of the business continuity plan. 

The success of a business depends on it acting swiftly and efficiently when confronted with an unanticipated crisis. Any failure to do so results in a financial and reputational loss, which takes up a long time to recover. It can be avoided if the organization quickly gathers itself during a disaster. A business continuity plan is then of paramount importance for a business of any size. At the same time, it is crucial to ensure that the BCP is not a one-time exercise. It needs to be continuously evaluated, tested, amended, and maintained so it doesn’t let you down when you need it the most. 

Did you enjoy reading this article? Comment below or let us know on  LinkedIn Opens a new window ,  Twitter Opens a new window , or  Facebook Opens a new window . We’d love to hear from you!

Share This Article:

Take me to Community

Recommended Reads

WiFi Security Vulnerabilities Make Linux and Android Systems Susceptible to Hackers

WiFi Security Vulnerabilities Make Linux and Android Systems Susceptible to Hackers

Vulnerable to Vigilant: SMBs Ramp Up Cybersecurity Efforts

Vulnerable to Vigilant: SMBs Ramp Up Cybersecurity Efforts

Over 25,000 Websites Impacted by WordPress Theme Vulnerability

Over 25,000 Websites Impacted by WordPress Theme Vulnerability

Azure and Microsoft Exchange Servers Victim To Active Exploitation by Hackers

Azure and Microsoft Exchange Servers Victim To Active Exploitation by Hackers

The Invisible Pickpocket: When Your Gmail Becomes a Hacker’s Playground

The Invisible Pickpocket: When Your Gmail Becomes a Hacker’s Playground

3 Significant Ways AI Can Impact Cybersecurity This Year

3 Significant Ways AI Can Impact Cybersecurity This Year

Advisory boards aren’t only for executives. Join the LogRocket Content Advisory Board today →

LogRocket blog logo

  • Product Management
  • Solve User-Reported Issues
  • Find Issues Faster
  • Optimize Conversion and Adoption

How to craft an effective business continuity plan

business continuity planning wiki

Let me take you back in time to the United Kingdom in the 1970s. Punk music was gaining popularity, and the Sex Pistols entered the punk rock scene with the force of a shooting star, capturing fans’ attention.

How To Craft An Effective Business Continuity Plan

But as quickly as they arrived, they quickly left the scene. When they broke up in 1978 after a period of internal conflicts, legal troubles, and their frontman’s imprisonment, fans were left both shocked and surprised.

Just like the Sex Pistols, plenty of companies experience rapid growth and success, only to face unexpected challenges and internal conflicts that result in their downfall.

In this article, we’ll draw inspiration from the Sex Pistols’ turbulent journey to explore the concept of business continuity planning (BCP). We’ll look at what a BCP is, why you need one and delve into the strategies and contingency measures that can help you maintain your rhythm and continuity, even when faced with the inevitable storms that can disrupt your operations.

What is a business continuity plan?

A business continuity plan describes how you’ll continue your business when disaster hits. It is a structured strategy outlining how your organization will maintain essential functions when disaster strikes, to ensure minimal downtime and guarantee that operations continue.

Why do you need a BCP in place?

The BCP is crucial and revolves around ensuring your resilience and ability to continue operating in the face of unexpected disruptions, such as natural disasters, cyberattacks, or other emergencies.

Let’s look at it a bit closer, and understand some of the key reasons to have a BCP better:

Minimize downtime

Protect revenue and reputation, compliance and legal requirements, resource allocation, maintain customer service, employee safety.

A BCP helps you minimize downtime. It does this by providing a structured approach to quickly recover and resume your critical business functions.

Example: You’re a retail company with an extensive online presence. If your website experiences a cyberattack that takes it offline, a well-prepared BCP outlines the steps to take to mitigate the attack, get your website back up in no time, and allow you to continue serving your customers.

No one likes disruptions as they result in revenue loss and can damage your reputation. A BCP helps you protect against financial losses and keep customer trust.

Example: You’re the owner of a restaurant chain with multiple locations and one of your branches has a food safety crisis. A BCP can guide you in managing the crisis, ensuring food safety compliance, and communicating effectively with customers to maintain trust in the brand and other locations.

Some industries, like the financial, and pharma industries, have regulatory requirements that mandate businesses to have BCPs in place. Failure to do so has legal and financial consequences.

Example: You’re the owner of a FinTech company. You are required by regulators to have robust BCPs to ensure customer data security and financial system stability.

When a crisis hits you need the right resources to get you back up and running. A BCP helps allocate resources effectively during a crisis, ensuring that personnel, equipment, and materials are used efficiently to address the most critical needs.

business continuity planning wiki

Over 200k developers and product managers use LogRocket to create better digital experiences

business continuity planning wiki

Example: You’re a manufacturing company hit by a sudden supply chain disruption because the Suez Canal is blocked again. You use your BCP to allocate available resources to meet customer demands and minimize production delays.

When all hell breaks loose you want to make sure customer experience takes a minimum blow. A BCP outlines measures to maintain customer service and communication, so customers receive timely updates and support.

Example: You run an airline and there is a labor strike. Your BCP tells you how to manage customer inquiries, rebook affected passengers, and maintain a level of service.

Let’s not forget about the well-being of your employees. During a crisis, this is a top priority. A BCP includes procedures for evacuations, remote work arrangements, and employee support.

Example: There is a fire at your workplace. The BCP outlines evacuation routes, assembly points, and contact information for employees to report their safety status.

Business continuity planning: Steps for success

That’s a lot of reasons, right? Now that we addressed the necessity and urgency of having BCP, let’s look at 5 steps to creating a successful one:

  • Analyze your company
  • Assess the risk
  • Create the procedures
  • Get the word out
  • Iterate and improve

1. Analyze your company

In this phase you conduct an analysis to identify critical activities, determine which activities must continue, which can be temporarily paused, and which can operate at a reduced capacity.

You then assess the financial impact of disruptions. This involves asking yourself the question, “How long can I operate without generating revenue and incurring recovery costs?”

As this step covers your whole company, it’s important to get key stakeholders involved from the beginning.

2. Assess the risk

Now you have a good overview of your critical processes and the impact of disruption. At this point, pivot your attention to the risks they face, how well you can handle when things don’t work as usual, and how long you can manage if things go wrong.

The goal here is to understand what could go wrong and find ways to avoid, reduce, or transfer them. This assessment will help you strengthen your preparedness and resilience.

More great articles from LogRocket:

  • How to implement issue management to improve your product
  • 8 ways to reduce cycle time and build a better product
  • What is a PERT chart and how to make one
  • Discover how to use behavioral analytics to create a great product experience
  • Explore six tried and true product management frameworks you should know
  • Advisory boards aren’t just for executives. Join LogRocket’s Content Advisory Board. You’ll help inform the type of content we create and get access to exclusive meetups, social accreditation, and swag.

Think about risks specific to your industry and location

It’s important to consider both internal (e.g. an IT system failure or employee shortage) and external threats (e.g. a natural disaster or supply chain disruption) to your critical business activities.

3. Create the procedures

Once you analyze and assess, you need to create procedures.

Develop detailed, step-by-step procedures to minimize risks to your organization’s people, operations, and assets. This can include changes to your operating model, such as using alternative suppliers or implementing remote work options.

4. Get the word out

A plan is just a plan and no one will know how to act if you don’t communicate.

This step is all about communication. Integrate the BCP into your operations, policies, and company culture, and train, test, and communicate with your employees.

And don’t forget that communication is not limited to your company only. Communicate with external stakeholders, customers, suppliers, and so forth.

5. Iterate and improve

Before implementing your BCP ensure its effectiveness.

Don’t worry there are plenty more options to test your BCP. Consider involving external stakeholders or vendors as it makes exercises more realistic. Frequently train those who are accountable for executing the BCP.

After experiencing a real incident or conducting a training exercise, update your plan to improve its ability to protect your business. Keep in mind that both your organization’s development and the circumstances you operate in change, so a regular review isn’t a luxury but a necessity.

How to structure your continuity plan

Now you have a high-level understanding, let’s look at how to structure your business continuity plan.

You can find a copy of the template I use here .

Make sure to include the following sections in your BCP:

Version history

Executive summary, functions and process prioritization, plan activation, governance and responsibilities, recovery plans, crisis communication plan, emergency location and contents, review and testing.

This section shows the revision history. It includes the version numbers of the changes made, by whom, when, and who approved the changes. The revision history allows anyone reading the BCP to understand how it has evolved over time.

The executive summary provides a brief summary of the key objectives, goals, scope, and applicability of the BCP.

This chapter outlines the critical functions and processes in scope of continuation in case of a disastrous event.

This section refers to the risk and business impact assessment outcome. Its aim is to set out what triggers the activation of the plan.

Governance and responsibilities talks about who has to act when the BCP is activated. It includes the members, a description of their responsibilities, contact details of the BCP team, and the chain of command during a crisis.

This section builds upon the business continuity strategies, specifically the one chosen when a disaster occurs. It describes the detailed recovery plans for each critical function, the procedures for restarting operations, resource allocation, and recovery time objectives (RTOs).

Here you cover the internal and external communication strategies. You also address employee awareness and training activities.

Now there is a good chance the disaster will require your crucial activities to temporarily continue at a different location. This section covers all details about the location and what needs to be available at the location.

The BCP is to be tested to reduce the risk of missing things or even worse failing. Here jot down the testing procedures and document results and lessons learned.

This section includes all appendices. Think about the following

  • Supporting documents, such as contact lists, maps, and technical specifications
  • References to external standards, guidelines, or regulations
  • Training programs for BCP team members
  • Review of insurance policies
  • Financial reserves and funding for recovery efforts
  • Procedures for keeping the BCP documentation up to date

Business continuity plan example

Earlier this year, the Koninklijke Nederlands Voetbal Bond (KNVB), which is the Royal Dutch Football Association, was hit by ransomware. The cyberattackers threatened to share personally identifiable information captured and the KNVB paid over one million euros to avoid this from happening.

What could have been done to mitigate the ransomware attack risk?

The Risk of the attack to succeed could have been mitigated with:

  • Regular data backups
  • Segmentation of networks
  • Intrusion detection systems

How to ensure business continuity in case of ransomware?

In response to the ransomware incident, and to allow for continued business as usual as soon as possible, steps could include:

  • Isolating affected systems
  • Activating backups
  • Notifying law enforcement
  • Engaging with a cybersecurity incident response team

Key takeaways

A business continuity plan (BCP) is like a safety net for your business when things go haywire. It helps you keep going, avoiding downtime, revenue loss, and reputation hits. On top of that, it’s a legal must in certain industries.

To make a solid BCP, just follow five steps: figure out what’s crucial for your business, spot the risks, plan how to bounce back, make sure everyone knows the plan, and keep fine-tuning it.

Structurally, your BCP should have sections like history, a quick guide, what’s most important, when to activate it, who’s in charge, the nitty-gritty recovery plans, how communication is done, where to go in a crisis, how to test the BCP works, and some extra info.

Featured image source: IconScout

LogRocket generates product insights that lead to meaningful action

Get your teams on the same page — try LogRocket today.

Share this:

  • Click to share on Twitter (Opens in new window)
  • Click to share on Reddit (Opens in new window)
  • Click to share on LinkedIn (Opens in new window)
  • Click to share on Facebook (Opens in new window)
  • #collaboration and communication
  • #project management

business continuity planning wiki

Stop guessing about your digital experience with LogRocket

Recent posts:.

An Overview Of The Endowment Effect

An overview of the endowment effect

The endowment effect is a psychological quirk where people place higher value on things simply because they own them.

business continuity planning wiki

Leader Spotlight: Balancing inward and outward product management, with Kevin Morris

Kevin Morris talks about the importance of not overly focusing on the inward-facing components of product management.

business continuity planning wiki

A guide to sprint planning

While running a sprint planning ceremony is pretty straightforward, a lot of work goes into the planning both before and during the ceremony.

business continuity planning wiki

Leader Spotlight: The tipping point to scale, with Sam Schulte

Sam Schulte, Vice President, Product Engineering at Inspirato, talks about the delicate balance between innovation and scale.

business continuity planning wiki

Leave a Reply Cancel reply

Book cover

Sustainable Cities and Communities pp 33–44 Cite as

Business Continuity Planning

  • Markus Will 6 &
  • Jana Brauweiler 6  
  • Reference work entry
  • First Online: 01 January 2020

160 Accesses

2 Citations

Part of the Encyclopedia of the UN Sustainable Development Goals book series (ENUNSDG)

Adverse conditions ; Business continuity and resiliency planning (BCRP) ; Business continuity management (BCM) ; Crisis management ; Disaster ; Disaster recovery planning ; Disruption ; Emergency ; Hazards ; Incidents

Definitions

Business continuity planning supports an organization to continuing its operations after an incident or under adverse conditions, such as a natural disaster, disease pandemics, terrorist attacks, serious accidents, external hacker or other IT attacks, disruption of supply chains, and/or other abrupt and unexpected changes in business environment. Hence, business continuity is the organizational capability to continue delivery of products and services even under the aforementioned adverse conditions within an acceptable time frame. Business continuity planning means to identify critical core processes of the organization, to analyze business impacts, and to find backup processes and response strategies in the event of disruption. For this reason, business...

This is a preview of subscription content, log in via an institution .

Buying options

  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
  • Available as EPUB and PDF
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Barnes P (2007) Business impact analysis. In: Hiles A (ed) The definitive handbook of business continuity management, 3rd edn. Wiley, Chichester, pp 145–161

Google Scholar  

Barnes P (2011) Business impact analysis. In: Hiles A (ed) The definitive handbook of business continuity management, vol 3. Wiley, Chichester, pp S 166–S 182

Bauman S, Rössig v (2018) Business Continuity Management – unverzichtbares Element eines angemessenen Risikomanagements. In: Hunziker S, Meissner JO (eds) Ganzheitliches Chancen- und Risikomanagement. Interdisziplinäre und praxisnahe Konzepte. Springer Gabler, Wiesbaden. Springer Fachmedien Wiesbaden GmbH 2018

Business Continuity Institute BCI (2002) Good practice guidelines. Business Continuity Institute, Caversham

Business Continuity Institute BCI (2010) Good practice guidelines 2010. Business Continuity Institute, Caversham

Business Continuity Institute BCI (2013) Good practice guidelines 2013. Business Continuity Institute, Caversham

Cabinet Office – Government of Japan (2012) Business continuity guidelines —strategies and responses for surviving critical incidents, 3rd edn

Cornish M (2011) Business continuity management methodology. In: Hiles A (ed) The definitive handbook of business continuity management, vol 3. Wiley, Chichester, pp S 121–S 136

DoHS (2013) Supplemental tool: executing a critical infrastructure risk management approach. Department of Homeland Security National Critical Infrastructure Priorizitation Program (NCIPP)

Hiles A (2007) The Definitive handbook of business continuity management, 2nd edn. Chichester, West Sussex, United Kingdom: Wiley

HSE (2001) Reducing risks, protecting people, HSE’s decision-making process. HSE Information Services, Norwich

HSE (2019) Risk management_ ALARP at a glance. http://www.hse.gov.uk/risk/theory/alarpglance.htm (2019-07-28)

IEC (2019) IEC/ISO risk management – risk assessment techniques. International Standardization Organization, International Electrotechnical Commission

ISO (2018) ISO 22300 – Security and resilience – vocabulary. International Standardization Organization

ISO (2019a) ISO/DIS 22301 – Security and resilience – Business continuity management systems – Requirements. International Standardization Organization

ISO (2019b) ISO/DIS 22313 – Security and resilience –Business continuity management systems – Guidance. International Standardization Organization

Kirvan PF (2011) International standards and legislation in business continuity. In: Hiles A (ed.) The definitive handbook of business continuity management, 3rd Wiley, Chichester, pg. 736–745

Lagadec P (1982) Major technological risk. Pergamon, Oxford

Mahr WH (2009) BCM-Standards: ja, aber welche? IT-Security 1(9):36–38

ONR (2014) Risk Management for Organizations and Systems — part 3: guidelines for emergency. In: Crisis and business continuity management — implementation of ISO 31000

Perrow C (1984) Normal accidents: living with high-risk technologies. Princeton University Press

Reason J (1990) Human error. Cambridge University Press, Cambridge

Book   Google Scholar  

Thiel C, Thiel C (2010) Business Continuity Management für KMU DuD – Datenschutz und Datensicherheit:6/2010

Von Rössing R (2005) Betriebliches Kontinuitätsmanagement. mitp-Verlag, Bonn

Download references

Author information

Authors and affiliations.

University of Applied Sciences, Zittau/Görlitz, Germany

Markus Will & Jana Brauweiler

You can also search for this author in PubMed   Google Scholar

Corresponding author

Correspondence to Markus Will .

Editor information

Editors and affiliations.

European School of Sustainability Science and Research, Hamburg University of Applied Sciences, Hamburg, Germany

Walter Leal Filho

Center for Neuroscience and Cell Biology, Institute for Interdisciplinary Research, University of Coimbra, Coimbra, Portugal

Anabela Marisa Azul

Faculty of Engineering and Architecture, Passo Fundo University, Passo Fundo, Brazil

Luciana Brandli

Istinye University, Istanbul, Turkey

Pinar Gökçin Özuyar

University of Chester, Chester, UK

Section Editor information

OsloMet -Oslo Metropolitan University, Oslo, Norway

Astrid Skjerven

Rights and permissions

Reprints and permissions

Copyright information

© 2020 Springer Nature Switzerland AG

About this entry

Cite this entry.

Will, M., Brauweiler, J. (2020). Business Continuity Planning. In: Leal Filho, W., Marisa Azul, A., Brandli, L., Gökçin Özuyar, P., Wall, T. (eds) Sustainable Cities and Communities. Encyclopedia of the UN Sustainable Development Goals. Springer, Cham. https://doi.org/10.1007/978-3-319-95717-3_2

Download citation

DOI : https://doi.org/10.1007/978-3-319-95717-3_2

Published : 25 April 2020

Publisher Name : Springer, Cham

Print ISBN : 978-3-319-95716-6

Online ISBN : 978-3-319-95717-3

eBook Packages : Earth and Environmental Science Reference Module Physical and Materials Science Reference Module Earth and Environmental Sciences

Share this entry

Anyone you share the following link with will be able to read this content:

Sorry, a shareable link is not currently available for this article.

Provided by the Springer Nature SharedIt content-sharing initiative

  • Publish with us

Policies and ethics

  • Find a journal
  • Track your research

U.S. flag

An official website of the United States government

Here’s how you know

world globe

Official websites use .gov A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS A lock ( Lock A locked padlock ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

business continuity planning wiki

Business Continuity Planning

world globe

Organize a business continuity team and compile a  business continuity plan  to manage a business disruption. Learn more about how to put together and test a business continuity plan with the videos below.

Business Continuity Plan Supporting Resources

  • Business Continuity Plan Situation Manual
  • Business Continuity Plan Test Exercise Planner Instructions
  • Business Continuity Plan Test Facilitator and Evaluator Handbook

Business Continuity Training Videos

The Business Continuity Planning Suite is no longer supported or available for download.

feature_mini img

Business Continuity Training Introduction

An overview of the concepts detailed within this training. Also, included is a humorous, short video that introduces viewers to the concept of business continuity planning and highlights the benefits of having a plan. Two men in an elevator experience a spectrum of disasters from a loss of power, to rain, fire, and a human threat. One man is prepared for each disaster and the other is not.

View on YouTube

Business Continuity Training Part 1: What is Business Continuity Planning?

An explanation of what business continuity planning means and what it entails to create a business continuity plan. This segment also incorporates an interview with a company that has successfully implemented a business continuity plan and includes a discussion about what business continuity planning means to them.

Business Continuity Training Part 2: Why is Business Continuity Planning Important?

An examination of the value a business continuity plan can bring to an organization. This segment also incorporates an interview with a company that has successfully implemented a business continuity plan and includes a discussion about how business continuity planning has been valuable to them.

Business Continuity Training Part 3: What's the Business Continuity Planning Process?

An overview of the business continuity planning process. This segment also incorporates an interview with a company about its process of successfully implementing a business continuity plan.

Business Continuity Training Part 3: Planning Process Step 1

The first of six steps addressed in this Business Continuity Training, which detail the process of building a business continuity plan. This step addresses how organizations should “prepare” to create a business continuity plan.

Business Continuity Training Part 3: Planning Process Step 2

The second of six steps addressed in this Business Continuity Training, which detail the process of building a business continuity plan. This step addresses how organizations should “define” their business continuity plan objectives.

Business Continuity Training Part 3: Planning Process Step 3

The third of six steps addressed in this Business Continuity Training, which detail the process of building a business continuity plan. This step addresses how organizations should “identify” and prioritize potential risks and impacts.

Business Continuity Training Part 3: Planning Process Step 4

The fourth of six steps addressed in this Business Continuity Training, which detail the process of building a business continuity plan. This step addresses how organizations should “develop” business continuity strategies.

Business Continuity Training Part 3: Planning Process Step 5

The fifth of six steps addressed in this Business Continuity Training, which detail the process of building a business continuity plan. This step addresses how organizations should define their “teams” and tasks.

Business Continuity Training Part 3: Planning Process Step 6

The sixth of six steps addressed in this Business Continuity Training, which detail the process of building a business continuity plan. This step addresses how organizations should “test” their business continuity plans. View on YouTube

Last Updated: 12/21/2023

Return to top

Not logged in

  • Create account

Business continuity planning

Page actions.

  • View source

Business continuity may be defined as "the capability of an organization to continue the delivery of products or services at pre-defined acceptable levels following a disruptive incident", [1] and business continuity planning [2] [3] (or business continuity and resiliency planning ) is the process of creating systems of prevention and recovery to deal with potential threats to a company. [4] In addition to prevention, the goal is to enable ongoing operations before and during execution of disaster recovery . [5] Business continuity is the intended outcome of proper execution of both business continuity planning and disaster recovery.

Several business continuity standards have been published by various standards bodies to assist in checklisting ongoing planning tasks. [6]

An organization's resistance to failure is "the ability ... to withstand changes in its environment and still function". [7] Often called resilience, it is a capability that enables organizations to either endure environmental changes without having to permanently adapt, or the organization is forced to adapt a new way of working that better suits the new environmental conditions. [7]

  • 1.1 Resilience
  • 1.2 Continuity
  • 2 Inventory
  • 3.1.1 Maximum RTO
  • 3.1.2 Consistency
  • 3.2 Threat and risk analysis (TRA)
  • 3.3 Impact scenarios
  • 4 Tiers of preparedness
  • 5 Solution design
  • 6.1 ISO Standards
  • 6.2 British standards
  • 6.3 Australian standards
  • 6.4 United States
  • 7.1 Testing and organizational acceptance
  • 8.1 Information and targets
  • 8.2 Technical
  • 8.3 Testing and verification of recovery procedures
  • 10 References
  • 11 Further reading
  • 12 External links

Any event that could negatively impact operations should be included in the plan, such as supply chain interruption, loss of or damage to critical infrastructure (major machinery or computing/network resource). As such, BCP is a subset of risk management . [8] In the U.S., government entities refer to the process as continuity of operations planning (COOP). [9] A business continuity plan [10] outlines a range of disaster scenarios and the steps the business will take in any particular scenario to return to regular trade. BCP's are written ahead of time and can also include precautions to be put in place. Usually created with the input of key staff as well as stakeholders, a BCP is a set of contingencies to minimize potential harm to businesses during adverse scenarios. [11]

A 2005 analysis of how disruptions can adversely affect the operations of corporations and how investments in resilience can give a competitive advantage over entities not prepared for various contingencies [12] extended then-common business continuity planning practices. Business organizations such as the Council on Competitiveness embraced this resilience goal. [13]

Adapting to change in an apparently slower, more evolutionary manner - sometimes over many years or decades - has been described as being more resilient, [14] and the term "strategic resilience" is now used to go beyond resisting a one-time crisis, but rather continuously anticipating and adjusting, "before the case for change becomes desperately obvious".

This approach is sometimes summarized as: preparedness , [15] protection, response and recovery. [16]

Resilience Theory can be related to the field of Public Relations. Resilience is a communicative process that is constructed by citizens, families, media system, organizations and governments through everyday talk and mediated conversation. [17]

The theory is based on the work of Patrice M. Buzzanell, a professor at the Brian Lamb School of Communication at Purdue University . In her 2010 article, "Resilience: Talking, Resisting, and Imagining New Normalcies Into Being" [18] Buzzanell discussed the ability for organizations to thrive after having a crisis through building resistance. Buzzanell notes that there are five different processes that individuals use when trying to maintain resilience- crafting normalcy, affirming identity anchors, maintaining and using communication networks, putting alternative logics to work and downplaying negative feelings while foregrounding positive emotions.

When looking at the resilience theory, the crisis communication theory is similar, but not the same. The crisis communication theory is based on the reputation of the company, but the resilience theory is based on the process of recovery of the company. There are five main components of resilience: crafting normalcy, affirming identity anchors, maintaining and using communication networks, putting alternative logics to work, and downplaying negative feelings while foregrounding negative emotions. [19] Each of these processes can be applicable to businesses in crisis times, making resilience an important factor for companies to focus on while training.

There are three main groups that are affected by a crisis. They are micro (individual), meso (group or organization) and macro (national or interorganizational). There are also two main types of resilience, which are proactive and post resilience. Proactive resilience is preparing for a crisis and creating a solid foundation for the company. Post resilience includes continuing to maintain communication and check in with employees. [20] Proactive resilience is dealing with issues at hand before they cause a possible shift in the work environment and post resilience maintaining communication and accepting changes after an incident has happened. Resilience can be applied to any organization. In New Zealand, the Canterbury University Resilient Organisations programme developed an assessment tool for benchmarking the Resilience of Organisations. [21] It covers 11 categories, each having 5 to 7 questions. A Resilience Ratio summarizes this evaluation. [22]

Plans and procedures are used in business continuity planning to ensure that the critical organizational operations required to keep an organization running continue to operate during events when key dependencies of operations are disrupted. Continuity does not need to apply to every activity which the organization undertakes. For example, under ISO 22301:2019 , organizations are required to define their business continuity objectives, the minimum levels of product and service operations which will be considered acceptable and the maximum tolerable period of disruption (MTPD) which can be allowed. [23]

A major cost in planning for this is the preparation of audit compliance management documents; automation tools are available to reduce the time and cost associated with manually producing this information.

Planners must have information about:

  • Supplies and suppliers
  • Locations, including other offices and backup /work area recovery (WAR) sites
  • Business documents
  • Procedure documentation

The analysis phase consists of:

  • Impact analysis
  • Threat and risks analysis

Impact scenarios

Quantifying of loss ratios must also include "dollars to defend a lawsuit." [24] It has been estimated that a dollar spent in loss prevention can prevent "seven dollars of disaster-related economic loss." [25]

Business impact analysis (BIA)

A business impact analysis (BIA) differentiates critical (urgent) and non-critical (non-urgent) organization functions/activities. A function may be considered critical if dictated by law.

Each function/activity typically relies on a combination of constituent components in order to operate:

  • Human resources (full-time staff, part-time staff, or contractors)
  • Physical assets (mobile phones, laptops/workstations etc.)
  • Documents (electronic or physical)

For each function, two values are assigned:

  • Recovery point objective (RPO) – the acceptable latency of data that will not be recovered. For example, is it acceptable for the company to lose 2 days of data? [26] The recovery point objective must ensure that the maximum tolerable data loss for each activity is not exceeded.
  • Recovery time objective (RTO)  – the acceptable amount of time to restore the function

Maximum RTO

Maximum time constraints for how long an enterprise's key products or services can be unavailable or undeliverable before stakeholders perceive unacceptable consequences have been named as:

  • Maximum tolerable period of disruption (MTPoD)
  • Maximum tolerable downtime (MTD)
  • Maximum tolerable outage (MTO)
  • Maximum acceptable outage (MAO) [27] [28]

According to ISO 22301 the terms maximum acceptable outage and maximum tolerable period of disruption mean the same thing and are defined using exactly the same words. [29]

Consistency

When more than one system crashes, recovery plans must balance the need for data consistency with other objectives, such as RTO and RPO. [30] Recovery Consistency Objective (RCO) is the name of this goal. It applies data consistency objectives, to define a measurement for the consistency of distributed business data within interlinked systems after a disaster incident. Similar terms used in this context are "Recovery Consistency Characteristics" (RCC) and "Recovery Object Granularity" (ROG). [31]

While RTO and RPO are absolute per-system values, RCO is expressed as a percentage that measures the deviation between actual and targeted state of business data across systems for process groups or individual business processes.

The following formula calculates RCO with "n" representing the number of business processes and "entities" representing an abstract value for business data: [math]\displaystyle{ \text{RCO} = 1 - \frac{(\text{number of inconsistent entities})_n}{(\text{number of entities})_n} }[/math]

100% RCO means that post recovery, no business data deviation occurs. [32]

Threat and risk analysis (TRA)

After defining recovery requirements, each potential threat may require unique recovery steps. Common threats include:

The above areas can cascade: Responders can stumble. Supplies may become depleted. During the 2002–2003 SARS outbreak, some organizations compartmentalized and rotated teams to match the incubation period of the disease. They also banned in-person contact during both business and non-business hours. This increased resiliency against the threat.

Impact scenarios are identified and documented:

  • need for medical supplies [33]
  • need for transportation options [34]
  • civilian impact of nuclear disasters [35]
  • need for business and data processing supplies [36]

These should reflect the widest possible damage.

Tiers of preparedness

SHARE 's seven tiers of disaster recovery [37] released in 1992, were updated in 2012 by IBM as an eight tier model: [38]

  • Tier 0 – No off-site data • Businesses with a Tier 0 Disaster Recovery solution have no Disaster Recovery Plan. There is no saved information, no documentation, no backup hardware, and no contingency plan. Typical recovery time: The length of recovery time in this instance is unpredictable . In fact, it may not be possible to recover at all.
  • Tier 1 – Data backup with no Hot Site • Businesses that use Tier 1 Disaster Recovery solutions back up their data at an off-site facility. Depending on how often backups are made, they are prepared to accept several days to weeks of data loss , but their backups are secure off-site. However, this Tier lacks the systems on which to restore data. Pickup Truck Access Method (PTAM).
  • Tier 2 – Data backup with Hot Site • Tier 2 Disaster Recovery solutions make regular backups on tape. This is combined with an off-site facility and infrastructure (known as a hot site) in which to restore systems from those tapes in the event of a disaster. This tier solution will still result in the need to recreate several hours to days worth of data, but it is less unpredictable in recovery time . Examples include: PTAM with Hot Site available, IBM Tivoli Storage Manager.
  • Tier 3 – Electronic vaulting • Tier 3 solutions utilize components of Tier 2. Additionally, some mission-critical data is electronically vaulted. This electronically vaulted data is typically more current than that which is shipped via PTAM. As a result there is less data recreation or loss after a disaster occurs .
  • Tier 4 – Point-in-time copies • Tier 4 solutions are used by businesses that require both greater data currency and faster recovery than users of lower tiers. Rather than relying largely on shipping tape, as is common in the lower tiers, Tier 4 solutions begin to incorporate more disk-based solutions. Several hours of data loss is still possible , but it is easier to make such point-in-time (PIT) copies with greater frequency than data that can be replicated through tape-based solutions.
  • Tier 5 – Transaction integrity • Tier 5 solutions are used by businesses with a requirement for consistency of data between production and recovery data centers. There is little to no data loss in such solutions; however, the presence of this functionality is entirely dependent on the application in use.
  • Tier 6 – Zero or little data loss • Tier 6 Disaster Recovery solutions maintain the highest levels of data currency . They are used by businesses with little or no tolerance for data loss and who need to restore data to applications rapidly. These solutions have no dependence on the applications to provide data consistency.
  • Tier 7 – Highly automated, business-integrated solution • Tier 7 solutions include all the major components being used for a Tier 6 solution with the additional integration of automation. This allows a Tier 7 solution to ensure consistency of data above that of which is granted by Tier 6 solutions. Additionally, recovery of the applications is automated, allowing for restoration of systems and applications much faster and more reliably than would be possible through manual Disaster Recovery procedures.

Solution design

Two main requirements from the impact analysis stage are:

  • For IT: the minimum application and data requirements and the time in which they must be available.
  • Outside IT: preservation of hard copy (such as contracts). A process plan must consider skilled staff and embedded technology.

This phase overlaps with disaster recovery planning .

The solution phase determines:

  • Crisis management command structure
  • Telecommunication architecture between primary and secondary work sites
  • Data replication methodology between primary and secondary work sites
  • Backup site with applications, data and work space

ISO Standards

There are many standards that are available to support business continuity planning and management. [39] [40] The International Organization for Standardization (ISO) has for example developed a whole series of standards on Business continuity management systems [41] under responsibility of technical committee ISO/TC 292:

  • ISO 22300 :2021 Security and resilience – Vocabulary (Replaces ISO 22300 :2018 Security and resilience - Vocabulary and ISO 22300 :2012 Security and resilience - Vocabulary.) [42]
  • ISO 22301 :2019 Security and resilience – Business continuity management systems – Requirements (Replaces ISO 22301 :2012.) [43]
  • ISO 22313 :2020 Security and resilience – Business continuity management systems – Guidance on the use of ISO 22301 (Replaces ISO 22313 :2012 Security and resilience - Business continuity management systems - Guidance on the use of ISO 22301.) [44]
  • ISO/TS 22317:2021 Security and resilience – Business continuity management systems – Guidelines for business impact analysis - (Replaces ISO/TS 22315:2015 Societal security – Business continuity management systems – Guidelines for business impact analysis.) [45]
  • ISO/TS 22318:2021 Security and resilience – Business continuity management systems – Guidelines for supply chain continuity (Replaces ISO/TS 22318:2015 Societal security — Business continuity management systems — Guidelines for supply chain continuity.) [46]
  • ISO/TS 22330:2018 Security and resilience – Business continuity management systems – Guidelines for people aspects on business continuity (Current as of 2022.) [47]
  • ISO/TS 22331:2018 Security and resilience – Business continuity management systems – Guidelines for business continuity strategy - (Current as of 2022.) [48]
  • ISO/TS 22332:2021 Security and resilience – Business continuity management systems – Guidelines for developing business continuity plans and procedures (Current as of 2022.) [49]
  • ISO/IEC/TS 17021-6:2014 Conformity assessment – Requirements for bodies providing audit and certification of management systems – Part 6: Competence requirements for auditing and certification of business continuity management systems. [50]
  • ISO/IEC 24762:2008 Information technology — Security techniques — Guidelines for information and communications technology disaster recovery services (withdrawn) [51]
  • ISO/IEC 27001:2022 Information security , cybersecurity and privacy protection — Information security management systems — Requirements. (Replaces ISO/IEC 27001:2013 Information technology — Security techniques — Information security management systems — Requirements.) [52]
  • ISO/IEC 27002:2022 Information security, cybersecurity and privacy protection — Information security controls. (Replaces ISO/IEC 27002:2013 Information technology — Security techniques — Code of practice for information security controls.) [53]
  • ISO/IEC 27031:2011 Information technology – Security techniques – Guidelines for information and communication technology readiness for business continuity. [54]
  • ISO/PAS 22399:2007 Societal security - Guideline for incident preparedness and operational continuity management (withdrawn) [55]
  • IWA 5:2006 Emergency Preparedness (withdrawn) [56]

British standards

The British Standards Institution (BSI Group) released a series of standards which have since been withdrawn and replaced by the ISO standards above.

  • BS 7799 -1:1995 - peripherally addressed information security procedures. (withdrawn) [57]
  • BS 25999 -1:2006 - Business continuity management Part 1: Code of practice (superseded, withdrawn) [58]
  • BS 25999-2:2007 Business Continuity Management Part 2: Specification (superseded, withdrawn) [59]
  • 2008: BS 25777, Information and communications technology continuity management. Code of practice. (withdrawn) [60]

Within the UK, BS 25999-2:2007 and BS 25999-1:2006 were being used for business continuity management across all organizations, industries and sectors. These documents give a practical plan to deal with most eventualities—from extreme weather conditions to terrorism, IT system failure, and staff sickness. [61]

In 2004, following crises in the preceding years, the UK government passed the Civil Contingencies Act of 2004: Businesses must have continuity planning measures to survive and continue to thrive whilst working towards keeping the incident as minimal as possible. The Act was separated into two parts: Part 1: civil protection, covering roles & responsibilities for local responders Part 2: emergency powers. [62] In the United Kingdom, resilience is implemented locally by the Local Resilience Forum . [63]

Australian standards

  • HB 292-2006, "A practitioners guide to business continuity management" [64]
  • HB 293-2006, "Executive guide to business continuity management" [65]

United States

  • NFPA 1600 Standard on Disaster/Emergency Management and Business Continuity Programs (2010). National Fire Protection Association . (superseded). [66]
  • NFPA 1600, Standard on Continuity, Emergency, and Crisis Management (2019, current standard), National Fire Protection Association . [67]
  • Continuity of Operations (COOP) and National Continuity Policy Implementation Plan (NCPIP), United States Federal Government [68] [69] [70]
  • Business Continuity Planning Suite, DHS National Protection and Programs Directorate and FEMA. [71] [72] [73] [68]
  • ASIS SPC.1-2009, Organizational Resilience: Security, Preparedness, and Continuity Management Systems - Requirements with Guidance for Use, American National Standards Institute [74]

Implementation and testing

The implementation phase involves policy changes, material acquisitions, staffing and testing.

Testing and organizational acceptance

The 2008 book Exercising for Excellence , published by The British Standards Institution identified three types of exercises that can be employed when testing business continuity plans.

  • Tabletop exercises - a small number of people concentrate on a specific aspect of a BCP. Another form involves a single representative from each of several teams.
  • Medium exercises - Several departments, teams or disciplines concentrate on multiple BCP aspects; the scope can range from a few teams from one building to multiple teams operating across dispersed locations. Pre-scripted "surprises" are added.
  • Complex exercises - All aspects of a medium exercise remain, but for maximum realism no-notice activation, actual evacuation and actual invocation of a disaster recovery site is added.

While start and stop times are pre-agreed, the actual duration might be unknown if events are allowed to run their course.

Maintenance

Biannual or annual maintenance cycle maintenance of a BCP manual [75] is broken down into three periodic activities.

  • Confirmation of information in the manual, roll out to staff for awareness and specific training for critical individuals.
  • Testing and verification of technical solutions established for recovery operations.
  • Testing and verification of organization recovery procedures.

Issues found during the testing phase often must be reintroduced to the analysis phase.

Information and targets

The BCP manual must evolve with the organization, and maintain information about who has to know what :

  • Job descriptions, skillsets needed, training requirements
  • Documentation and document management
  • Definitions of terminology to facilitate timely communication during disaster recovery , [76]
  • Distribution lists (staff, important clients, vendors/suppliers)
  • Information about communication and transportation infrastructure (roads, bridges) [77]

Specialized technical resources must be maintained. Checks include:

  • Virus definition distribution
  • Application security and service patch distribution
  • Hardware operability
  • Application operability
  • Data verification
  • Data application

Testing and verification of recovery procedures

Software and work process changes must be documented and validated, including verification that documented work process recovery tasks and supporting disaster recovery infrastructure allow staff to recover within the predetermined recovery time objective. [78]

  • ↑ BCI Good Practice Guidelines 2013, quoted in Mid Sussex District Council, Business Continuity Policy Statement , published April 2018, accessed 19 February 2021
  • ↑ "How to Build an Effective and Organized Business Continuity Plan" . Forbes . June 26, 2015 . https://www.forbes.com/sites/johnrampton/2015/06/26/how-to-build-an-effective-and-organized-business-continuity-plan .  
  • ↑ "Surviving a Disaster" . 2011 . https://www.americanbar.org/content/dam/aba/events/disaster/surviving_a_disaster_a_lawyers_guide_to_disaster_planning.authcheckdam.pdf .  
  • ↑ Elliot, D.; Swartz, E.; Herbane, B. (1999) Just waiting for the next big bang: business continuity planning in the UK finance sector. Journal of Applied Management Studies, Vol. 8, No, pp. 43–60. Here: p. 48.
  • ↑ Alan Berman (March 9, 2015). "Constructing a Successful Business Continuity Plan" . Business Insurance Magazine . http://www.businessinsurance.com/article/20150309/ISSUE0401/303159991/constructing-a-successful-business-continuity-plan .  
  • ↑ "Business Continuity Plan" . United States Department of Homeland Security . https://www.ready.gov/business/implementation/continuity .  
  • ↑ 7.0 7.1 Ian McCarthy; Mark Collard; Michael Johnson (2017). "Adaptive organizational resilience: an evolutionary perspective". Current Opinion in Environmental Sustainability 28 : 33–40. doi : 10.1016/j.cosust.2017.07.005 . Bibcode :  2017COES...28...33M .  
  • ↑ Intrieri, Charles (10 September 2013). "Business Continuity Planning" . Flevy . http://flevy.com/blog/business-continuity-planning/ .  
  • ↑ "Continuity Resources and Technical Assistance | FEMA.gov" . https://www.fema.gov/emergency-managers/national-preparedness/continuity .  
  • ↑ 10.0 10.1 "A Guide to the preparation of a Business Continuity Plan" . https://www.aig.co.uk/content/dam/aig/emea/united-kingdom/documents/property-insights/business-continuity-planning-guidelines-for-preparation-of-your-plan.pdf .  
  • ↑ "Business Continuity Planning (BCP) for Businesses of all Sizes" . 19 April 2017 . http://www.williamadvisorygroup.com/business-continuity-planning-bcp-for-businesses-of-all-sizes/ .  
  • ↑ Yossi Sheffi (October 2005). The Resilient Enterprise: Overcoming Vulnerability for Competitive Enterprise . MIT Press . http://resilient-enterprise.mit.edu .  
  • ↑ "Transform. The Resilient Economy" . http://www.compete.org/publications/detail/31/the-resilient-economy-integrating-competitiveness-and-security .  
  • ↑ "Newsday | Long Island's & NYC's News Source | Newsday" . https://www.newsday.com/2.811/jamie-herzlich/small-business-a-good-plan-shields-from-storm-clouds-1.1322137?firstfree=yes .  
  • ↑ Tiffany Braun; Benjamin Martz (2007). "Business Continuity Preparedness and the Mindfulness State of Mind". ""An estimated 80 percent of companies without a well-conceived and tested business continuity plan, go out of business within two years of a major disaster" (Santangelo 2004)"  
  • ↑ "Annex A.17: Information Security Aspects of Business Continuity Management" . ISMS.online. November 2021 . https://www.isms.online/iso-27001/annex-a-17-information-security-aspects-of-business-continuity-management/ .  
  • ↑ "Communication and resilience: concluding thoughts and key issues for future research" . https://www.researchgate.net/publication/322693327 .  
  • ↑ Buzzanell, Patrice M. (2010). "Resilience: Talking, Resisting, and Imagining New Normalcies Into Being". Journal of Communication 60 (1): 1–14. doi : 10.1111/j.1460-2466.2009.01469.x . ISSN   1460-2466 .  
  • ↑ Buzzanell, Patrice M. (March 2010). "Resilience: Talking, Resisting, and Imagining New Normalcies Into Being". Journal of Communication 60 (1): 1–14. doi : 10.1111/j.1460-2466.2009.01469.x . ISSN   0021-9916 .  
  • ↑ Buzzanell, Patrice M. (2018-01-02). "Organizing resilience as adaptive-transformational tensions". Journal of Applied Communication Research 46 (1): 14–18. doi : 10.1080/00909882.2018.1426711 . ISSN   0090-9882 .  
  • ↑ "Resilient Organisations" . March 22, 2011 . http://www.resorgs.org.nz .  
  • ↑ "Resilience Diagnostic" . November 28, 2017 . https://resiliencei.com/resilience-diagnostic .  
  • ↑ ISO, ISO 22301 Business Continuity Management: Your implementation guide , published, accessed 20 February 2021
  • ↑ "Emergency Planning" . http://www.jcrcny.org/wp-content/uploads/2013/10/EmergencyManual.2.0.pdf .  
  • ↑ Helen Clark (August 15, 2012). "Can your Organization survive a natural disaster?" . http://www.riema.ri.gov/berhodyready/files/Session_1_Business%20Continuity.pdf .  
  • ↑ May, Richard. "Finding RPO and RTO" . http://www.virtualdcs.co.uk/blog/business-continuity-planning-rpo-and-rto.html .  
  • ↑ "Maximum Acceptable Outage (Definition)" . Albion Research Ltd. . http://www.riskythinking.com/glossary/maximum_acceptable_outage.php .  
  • ↑ "BIA Instructions, BUSINESS CONTINUITY MANAGEMENT - WORKSHOP" . Disaster Recovery Information Exchange (DRIE) Central . http://www.driecentral.org/biainstructions.pdf .  
  • ↑ "Plain English ISO 22301 2012 Business Continuity Definitions" . Praxiom Research Group LTD. . http://www.praxiom.com/iso-22301-definitions.htm .  
  • ↑ "The Rise and Rise of the Recovery Consistency Objective" . 2016-03-22 . https://www.opscentre.com/blog/2016/03/22/recovery-consistency-objective .  
  • ↑ "How to evaluate a recovery management solution." West World Productions, 2006 [1]
  • ↑ "Six Myths About Business Continuity Management and Disaster Recovery" . Gartner Research . http://www.gartner.com/it/content/868800/868812/six_myths_about_bcm.pdf .  
  • ↑ Medical supply location and distribution in disasters . doi : 10.1016/j.ijpe.2009.10.004 .   [ clarification needed ]
  • ↑ "transportation planning in disaster recovery" . https://scholar.google.com/scholar_url?url=https://orbi.uliege.be/bitstream/2268/8333/1/JORS_Barbarosoglu_Arda_2004.pdf%26hl=en%26sa=X%26scisig=AAGBfm0xx_ynzP503rz-gtdgZVSN_h-m7w%26nossl=1%26oi=scholarr .  
  • ↑ "PLANNING SCENARIOS Executive Summaries" . https://www.globalsecurity.org/security/library/report/2004/hsc-planning-scenarios-jul04_exec-sum.pdf .  
  • ↑ Chloe Demrovsky (December 22, 2017). "Holding It All Together". Manufacturing Business Technology .  
  • ↑ developed by SHARE's Technical Steering Committee, working with IBM
  • ↑ Ellis Holman (March 13, 2012). "A Business Continuity Solution Selection Methodology" . IBM Corp. . https://share.confex.com/share/118/webprogram/Handout/Session10387/Session%2010387%20Business%20Continuity%20Soloution%20Selection%20Methodology%2003-7-2012.pdf .  
  • ↑ Tierney, Kathleen (21 November 2012). "Disaster Governance: Social, Political, and Economic Dimensions" (in en). Annual Review of Environment and Resources 37 (1): 341–363. doi : 10.1146/annurev-environ-020911-095618 . ISSN   1543-5938 . https://doi.org/10.1146/annurev-environ-020911-095618 . Retrieved 5 January 2023 .  
  • ↑ Partridge, Kevin G.; Young, Lisa R. (2011). CERT® Resilience Management Model (RMM) v1.1: Code of Practice Crosswalk Commercial Version 1.1 . Pittsburgh, PA: Carnegie Mellon University . https://apps.dtic.mil/sti/pdfs/ADA585451.pdf . Retrieved 5 January 2023 .  
  • ↑ "ISO - ISO/TC 292 - Security and resilience" . https://www.iso.org/committee/5259148/x/catalogue/p/1/u/0/w/0/d/0 .  
  • ↑ "ISO 22300:2018" . 12 July 2019 . https://www.iso.org/cms/render/live/en/sites/isoorg/contents/data/standard/06/84/68436.html .  
  • ↑ "ISO 22301:2019" . 5 June 2023 . https://www.iso.org/cms/render/live/en/sites/isoorg/contents/data/standard/07/51/75106.html .  
  • ↑ "ISO 22313:2020" . https://www.iso.org/cms/render/live/en/sites/isoorg/contents/data/standard/07/51/75107.html .  
  • ↑ "Iso/Ts 22317:2021" . https://www.iso.org/standard/79000.html .  
  • ↑ "Iso/Ts 22318:2021" . https://www.iso.org/standard/79001.html .  
  • ↑ "ISO/TS 22330:2018" . 12 July 2019 . https://www.iso.org/cms/render/live/en/sites/isoorg/contents/data/standard/05/00/50067.html .  
  • ↑ "ISO/TS 22331:2018" . https://www.iso.org/cms/render/live/en/sites/isoorg/contents/data/standard/05/00/50068.html .  
  • ↑ "Iso/Ts 22332:2021" . https://www.iso.org/standard/50069.html .  
  • ↑ "ISO/IEC TS 17021-6:2014" . https://www.iso.org/cms/render/live/en/sites/isoorg/contents/data/standard/06/49/64956.html .  
  • ↑ "ISO/IEC 24762:2008" (in en). 6 March 2008 . https://www.iso.org/standard/41532.html .  
  • ↑ "ISO/IEC 27001:2022" (in en) . https://www.iso.org/standard/82875.html .  
  • ↑ "ISO/IEC 27002:2022" (in en) . https://www.iso.org/standard/75652.html .  
  • ↑ "ISO/IEC 27031:2011" (in en). 5 September 2016 . https://www.iso.org/standard/44374.html .  
  • ↑ "ISO/PAS 22399:2007" (in en). 18 June 2012 . https://www.iso.org/standard/50295.html .  
  • ↑ "IWA 5:2006" (in en) . https://www.iso.org/standard/44985.html .  
  • ↑ "BS 7799-1:1995 Information security management - Code of practice for information security management systems" . https://knowledge.bsigroup.com/products/information-security-management-code-of-practice-for-information-security-management-systems/standard .  
  • ↑ "BS 25999-1:2006 Business continuity management - Code of practice" . https://knowledge.bsigroup.com/products/bs-25999-1-2006-business-continuity-management-code-of-practice/standard .  
  • ↑ "BS 25999-2:2007 (USA Edition) Business continuity management - Specification" . https://knowledge.bsigroup.com/products/business-continuity-management-specification-1/standard .  
  • ↑ "BS 25777:2008 (Paperback) Information and communications technology continuity management. Code of practice" . https://knowledge.bsigroup.com/products/information-and-communications-technology-continuity-management-code-of-practice-1/standard .  
  • ↑ British Standards Institution (2006). Business continuity management-Part 1: Code of practice :London
  • ↑ Cabinet Office. (2004). overview of the Act. In: Civil Contingencies Secretariat Civil Contingencies Act 2004: a short. London: Civil Contingencies Secretariat
  • ↑ "July 2013 (V2) The role of Local Resilience Forums: A reference document" . https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/62277/The_role_of_Local_Resilience_Forums-_A_reference_document_v2_July_2013.pdf .  
  • ↑ "HB HB 292—2006 Executive Guide to Business Continuity Management" . https://www.saiglobal.com/PDFTemp/Previews/OSH/as/misc/handbook/HB292-2006.pdf .  
  • ↑ "HB 293—2006 Executive Guide to Business Continuity Management" . https://www.saiglobal.com/PDFTemp/Previews/OSH/as/misc/handbook/HB293-2006.pdf .  
  • ↑ NFPA 1600, Standard on Disaster/Emergency Management and Business Continuity Programs (2010 ed.). Quincy, MA: National Fire Protection Association. 2010. ISBN   978-161665005-6 . https://www.nfpa.org/assets/files/AboutTheCodes/1600/1600-10-PDF.pdf .  
  • ↑ "A Comprehensive Overview of the NFPA 1600 Standard" (in en). 29 January 2019 . https://www.alertmedia.com/blog/nfpa-1600/ .  
  • ↑ 68.0 68.1 "Business Continuity Plan | Ready.gov" . https://www.ready.gov/business-continuity-plan .  
  • ↑ "NATIONAL CONTINUITY POLICY IMPLEMENTATION PLAN Homeland Security Council August 2007" . https://emilms.fema.gov/IS0545/documents/NCPIP_August_2007_508_Compliant.pdf .  
  • ↑ "Continuity Resources and Technical Assistance | FEMA.gov" (in en) . https://www.fema.gov/emergency-managers/national-preparedness/continuity .  
  • ↑ "Continuity of operations: An overview" . https://www.fema.gov/pdf/about/org/ncp/coop_brochure.pdf .  
  • ↑ "Business | Ready.gov" . https://www.ready.gov/business .  
  • ↑ "Business Continuity Planning Suite | Ready.gov" . https://www.ready.gov/business-continuity-planning-suite .  
  • ↑ ASIS SPC.1-2009 Organizational Resilience: Security, Preparedness, and Continuity Management Systems - Requirements with Guidance for Use . American National Standards Institute. 2009. ISBN   978-1-887056-92-2 . https://www.ndsu.edu/fileadmin/emgt/ASIS_SPC.1-2009_Item_No._1842.pdf .  
  • ↑ "Business Continuity Plan Template" . https://publications.qld.gov.au/dataset/05765d5a-91b3-45fd-af43-699ede65dd8a/resource/63f7d2dc-0f40-4abb-b75f-7e6acfeae8f3/download/businesscontinuityplantemplate.doc .  
  • ↑ "Glossary | DRI International" . https://drii.org/resources/viewglossary .  
  • ↑ "Disaster Recovery Plan Checklist" . https://www.cms.gov/Medicare/Medicare-Contracting/FFSProvCustSvcGen/Downloads/Disaster-Recovery-Plan-Checklist.pdf .  
  • ↑ Othman. "Validation of a Disaster Management Metamodel (DMM)" . https://scholar.google.com/scholar_url?url=http://ro.uow.edu.au/cgi/viewcontent.cgi%253Farticle%253D2748%2526context%253Deispapers%26hl=en%26sa=X%26scisig=AAGBfm0CkEknKpMQtJeZBAWSgF_CqnzjNg%26nossl=1%26oi=scholarr .  

Further reading

  • James C. Barnes (2001-06-08). A Guide to Business Continuity Planning . Wiley. ISBN   978-0471530152 .  
  • Kenneth L Fulmer (2004-10-04). Business Continuity Planning, A Step-by-Step Guide . Rothstein. ISBN   978-1931332217 .  
  • Richard Kepenach. Business Continuity Plan Design, 8 Steps for Getting Started Designing a Plan .  
  • Judy Bell (October 1991). Disaster Survival Planning: A Practical Guide for Businesses . Disaster Survival Planning, Incorporated. ISBN   978-0963058003 .  
  • Dimattia, S. (November 15, 2001). "Planning for Continuity" . Library Journal 126 (19): 32–34 . http://eric.ed.gov/?id=EJ645580 .  
  • Andrew Zolli; Ann Marie Healy (2013). Resilience: Why Things Bounce Back . Simon & Schuster. ISBN   978-1451683813 .  
  • International Glossary for Resilience , DRI International.

External links

  • The tiers of Disaster Recovery and TSM. Charlotte Brooks, Matthew Bedernjak, Igor Juran, and John Merryman. In, Disaster Recovery Strategies with Tivoli Storage Management. Chapter 2. Pages 21–36. Red Books Series. IBM. Tivoli Software. 2002.
  • SteelStore Cloud Storage Gateway: Disaster Recovery Best Practices Guide. Riverbed Technology, Inc. October 2011.
  • Disaster Recovery Levels. Robert Kern and Victor Peltz. IBM Systems Magazine. November 2003.
  • Business Continuity: The 5-tiers of Disaster Recovery. Recovery Specialties. 2007.
  • Continuous Operations: The Seven Tiers of Disaster Recovery. Mary Hall. The Storage Community (IBM). 18 July 2011. Retrieved 26 March 2013.
  • Maximum Tolerable Period of Disruption (MTPOD)
  • Maximum Tolerable Period of Disruption (MTPOD): BSI committee response
  • Wayback Machine
  • Janco Associates
  • Business Continuity Plan
  • Department of Homeland Security Emergency Plan Guidelines
  • CIDRAP/SHRM Pandemic HR Guide Toolkit
  • Adapt and respond to risks with a business continuity plan (BCP)
  • Wikipedia articles needing clarification from December 2021
  • Systems thinking
  • Business continuity
  • Collaboration
  • Emergency management
  • Articles with invalid date parameter in template

business continuity planning wiki

  • Add a new article
  • Search in all topics
  • Search in namespaces
  • Search in categories
  • Search using prefix
  • About HandWiki
  • How to edit
  • Citation manager
  • Formatting articles
  • List of categories
  • Recent pages
  • Recent changes
  • Random page
  • Support & Donate
  • Special pages
  • Cite this page

User page tools

  • What links here
  • Related changes
  • Printable version
  • Permanent link
  • Page information

Other projects

In other languages, hidden category.

Powered by MediaWiki

  • This page was last edited on 6 February 2024, at 13:39.
  • Privacy policy
  • Disclaimers

U.S. flag

An official website of the United States government

Here’s how you know

Official websites use .gov A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS A lock ( Lock A locked padlock ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

https://www.nist.gov/mep/business-continuity-planning

Manufacturing Extension Partnership (MEP)

Business continuity planning.

Business continuity planning enables you to create an easy-to-use, actionable business continuity planning solution to prepare for the impact of a broad range of threats including natural disasters, disease outbreaks, accidents and terrorism. In addition business continuity planning can help when you face technology-related hazards like the failure of systems, equipment or software. MEP Centers can assist you in developing a plan unique to your needs.

If your company needs to create or tweak a business continuity plan, I highly suggest reaching out to Purdue MEP!

—Doug Ellington, Director of Finance, Estes Design and Manufacturing Read the Success Story

Businessman holding tablet and showing the best quality assurance with golden five stars

Illuminating Possibilities to Achieve ISO Certification

Destructive Weather

Business Continuity Plans: Lessons Learned From Puerto Rico

For more information or assistance with business continuity planning, please contact your local MEP Center .

If you would like someone to contact you about business continuity planning , please complete the form below.

For General Information

  • MEP Headquarters [email protected] (301) 975-5020 100 Bureau Drive, M/S 4800 Gaithersburg, MD 20899-4800

Business Continuity Plan (BC Plan)

business continuity planning wiki

2. Documented procedures that guide organizations to respond, recover, resume, and restore to a pre-defined level of operation following disruption .

business continuity planning wiki

Notes:  : Typically this covers resources, services and activities required to ensure the continuity of critical business functions .

( Source : ISO 22301:2012 – Societal Security – Business Continuity Management Systems - Requirements) - clause 3.6

Types of Plans

3. Documented collection. of procedures and information that is developed, compiled and maintained in readiness for use in an incident to enable an organization to continue to deliver its critical activities at an acceptable pre-defined level.

( Source : AE/HSC/NCEMA 7000:2012)

business continuity planning wiki

4. Documents describing the roles, responsibilities and actions necessary to resume business processes following a disruption. The Business Continuity Plan will provide a defining structure for and exert a major influence upon the development of IS continuity plans. Its scope both encompasses and exceeds Business Continuity Management (BCM) and is normally a business responsibility. (Source: ENISA - the European Network and Information Security Agency . BCM & Resilience Glossary )

5. Documented collection of procedures and information that is developed, compiled and maintained in readiness for use in an incident to enable an organization to continue to deliver its critical activities at an acceptable pre-defined level.

( Source: British Standard BS25999-1:2006 Code of Practice for Business Continuity Management)

6. A clearly defined and documented operation plan that guides organizations to reduce , respond , recover , resume , restore and return to full recovery. Typically it covers key personnel, resources, services and actions required to ensure critical business functions can continue within planned levels of disruption .

( Source: Singapore Standard 540 - SS 540:2008)

7. A clearly defined and documented plan.

( Source: Business Continuity Institute - BCI)

8. An ongoing process supported by senior management and funded to ensure that the necessary steps are taken to identify the impact of potential losses , maintain viable recovery strategies and plans, and ensure the continuity of operations through personnel training , plan testing and maintenance.

( Source: ASIS International - ASIS International)

9. A collection of procedures and information that is developed,compiled and maintained in readiness for use in the event of an emergency or disaster . (Associated terms: Business Recovery Plan, Disaster Recovery Plan, Recovery Plan).

( Source: HB 221:2004 Business Continuity Management)

10. A collection of documents containing procedures , resources and information that is developed, compiled and maintained in readiness for use in the event of an emergency or disaster .

( Source: Malaysia BCM Standard MS1970:2007)

11. A collection of procedures and information that is developed, compiled and maintained in readiness for use in the event of a disruption to an organization or its value chain.

NOTE: Business continuity planning is often used to refer to those activities associated with preparing documentation to assist in the continuing availability of property, people and information and processes.

( Source : AS/NZS 5050.1 Australian and New Zealand Standards for business continuity management.

Part 1: Business continuity management system specification)

12. A collection of procedures and information that is developed, compiled and maintained in readiness for use in the event of a disruption to an organization or its value chain.

( Source : AS/NZS 5050.2 Australian and New Zealand Standards for business continuity management.

Part 2: Business continuity management practice standard)

  • BCM Institute Glossary
  • BCM Institute Crisis Communication Glossary
  • BCM Institute Crisis Management Glossary
  • BCM Institute DR Glossary
  • BCM Institute OR Glossary
  • BcmBoK 1 CL 1B
  • BcmBoK 1 CL 1C
  • BcmBoK 1 CL 1CC
  • BcmBoK 1 CL 1D
  • BcmBoK 1 CL 1OR

Navigation menu

Personal tools.

  • Request account
  • View source
  • View history
  • About BCM Institute
  • Business Continuity
  • Crisis Management
  • Crisis Communication
  • Disaster Recovery
  • Supply Chain BCM
  • Cyber Security
  • Operational Resilience
  • Pandemic Flu
  • Competency Level
  • OR Competency Level

Chinese Glossary (S)

Bahasa glossary (m).

  • Examination
  • Certification
  • Recertification
  • Meet-the-Experts
  • World Continuity Congress
  • BCM Institute Website
  • Specialist Series
  • Dictionary Series

Acknowledgment

  • Contributors

ISO Glossary

Bcm glossary.

  • Request Changes
  • What links here
  • Related changes
  • Special pages
  • Printable version
  • Permanent link
  • Page information
  • This page was last edited on 28 October 2020, at 06:54.
  • Privacy policy
  • About BCMpedia. A Wiki Glossary for Business Continuity Management (BCM) and Disaster Recovery (DR).
  • Disclaimers

Powered by MediaWiki

business continuity planning wiki

The New Equation

business continuity planning wiki

Executive leadership hub - What’s important to the C-suite?

business continuity planning wiki

Tech Effect

business continuity planning wiki

Shared success benefits

Loading Results

No Match Found

Business Continuity Planning Solutions

In an increasingly interconnected world, it’s imperative for you to rethink contingency planning. Transformed global business and operations strategies add new interruption risks to risk portfolios. Building resilient and recoverable operations is more difficult to implement when time is precious and challenges are approaching.

PwC’s business continuity planning solutions help you identify, prepare for and prevent events that may disrupt business activities. Working with us, you can develop the plans needed to recover efficiently and effectively including program assessment, implementation, testing, maintenance and training.

Understanding today’s drivers is the first step when planning a business continuity program

Recent industry interruptions.

Cyber events and natural disasters have sparked the need to develop more robust recovery plans.

Third-party resiliency

Regulatory guidance now requires transparency into critical third-party resiliency. Third parties may include call centers, IT providers and back office services.

Being a resilient supplier/partner

Regulators and partners are seeking insight into resiliency plans to assure fund availability and portfolio integrity as well as their relative priority during crisis events.

Focus on enterprise-wide governance, risk management and compliance (GRC)

Organizations are increasingly focused on integrated risk and compliance management to reduce compliance cost and provide better risk insight.

Reduced tolerance for downtime

Customers demand 24/7 access to products and services. The new technology has high availability requirements to provide competitive and customized service offerings. Regulators' tolerance for critical system downtime is also diminishing.

Crisis management and social media

Quick identification and internal/external response to crisis events can protect and increase brand value

Developing operational resilience and business continuity

PwC’s business continuity planning solutions will help you develop operational resilience and business continuity that is scalable and that enables your company to prioritize investments.

Some of our solutions include:

  • BCP program assessment and design
  • Business impact analysis and interruption risk assessment
  • Recovery strategy selection and implementation
  • Recovery plan creation and resiliency improvement
  • BCP program exercising, maintenance and training
  • BCP program technology enablement and enterprise risk management integration
  • Third-party resiliency framework and analysis
  • Crisis management program development and exercises
  • IT disaster recovery and BCP program alignment and analysis  

business continuity planning wiki

Explore further

Mike Maali

Partner, Cyber, Risk and Regulatory, PwC US

Linkedin Follow

© 2017 - 2024 PwC. All rights reserved. PwC refers to the PwC network and/or one or more of its member firms, each of which is a separate legal entity. Please see www.pwc.com/structure for further details.

  • Data Privacy Framework
  • Cookie info
  • Terms and conditions
  • Site provider
  • Your Privacy Choices
  • it Italiano
  • fr Français
  • ru Русский
  • es Español
  • zh 中文
  • hi हिन्दी
  • ar العربية
  • pt Português
  • ms Bahasa Melayu
  • ko 한국어
  • tr Türkçe
  • ja 日本語
  • nl Nederlands
  • is Íslenska

Business Continuity Planning (BCP)

Business Continuity Planning (BCP)

What Is Business Continuity Planning (BCP)?

Business continuity planning (BCP) is the cycle engaged with making a system of prevention and recovery from expected dangers to a company. The plan guarantees that work force and assets are protected and are able to function rapidly in the event of a disaster.

Understanding Business Continuity Planning (BCP)

BCP implies characterizing all possible risks that can influence the company's operations, making it an important part of the organization's risk management strategy. Risks might incorporate natural disasters — fire, flood, or climate related events — and digital assaults. When the risks are recognized, the plan ought to likewise include:

  • Deciding what those risks will mean for operations
  • Executing shields and procedures to relieve the risks
  • Testing procedures to guarantee they work
  • Looking into the cycle to ensure that it is cutting-edge

BCPs are an important part of any business. Dangers and disruptions mean a loss of revenue and higher costs, which prompts a drop in profitability. Also, businesses can't depend on insurance alone in light of the fact that it doesn't cover every one of the costs and the customers who move to the competition. It is generally considered in advance and includes input from key partners and work force.

Businesses are inclined to a large group of disasters that change in degree from minor to catastrophic. Business continuity planning is regularly meant to assist a company with keeping on operating in the event of major disasters like flames. BCPs are unique in relation to a disaster recovery plan, which centers around the recovery of a company's IT system after a crisis.

Consider a finance company situated in a major city. It might put a BCP in place by making strides including backing up its computer and client documents offsite. If something somehow managed to happen to the company's corporate office, its satellite offices would in any case approach important data.

An important point to note is that BCP may not be as effective in the event that a large portion of the population is impacted, as on account of a disease episode.

Business impact analysis, recovery, organization, and training are steps corporations need to follow while making a Business Continuity Plan.

Fostering a Business Continuity Plan

There are several means many companies must follow to foster a strong BCP. They include:

  • Business Impact Analysis : Here, the business will recognize functions and related resources that are time-delicate. (More on this below.)
  • Recovery : In this portion, the business must recognize and execute moves toward recover critical business functions.
  • Organization : A continuity team must be made. This team will devise a plan to deal with the disruption.
  • Training : The continuity team must be prepared and tried. Individuals from the team ought to likewise complete activities that go over the plan and strategies.

Companies may likewise find it valuable to think of an agenda that incorporates key subtleties, for example, emergency contact data, a rundown of resources the continuity team might require, where backup data and other required data are housed or stored, and other important faculty.

Alongside testing the continuity team, the company ought to likewise test the BCP itself. It ought to be tried several times to guarantee it very well may be applied to a wide range of risk situations. This will assist with recognizing any shortcomings in the plan which can then be distinguished and rectified.

For a business continuity plan to find lasting success, all representatives — even the people who aren't in the continuity team — must know about the plan.

Business Continuity Impact Analysis

An important part of fostering a BCP is a business continuity impact analysis. It recognizes the effects of disruption of business functions and processes. It additionally utilizes the data to settle on conclusions about recovery needs and strategies.

FEMA gives an operational and financial impact worksheet to assist with running a business continuity analysis. The worksheet ought to be completed by business function and cycle managers who are very much familiar with the business. These worksheets will sum up the following:

  • The impacts — both financial and operational — that stem from the loss of individual business functions and interaction
  • Distinguishing when the loss of a function or cycle would bring about the recognized business impacts

Finishing the analysis can help companies distinguish and focus on the processes that for the most part affect the business' financial and operational functions. The place where they must be recovered is generally known as the "recovery time objective."

  • BCP is intended to safeguard work force and assets and ensure they can function rapidly when disaster strikes.
  • BCPs ought to be tried to guarantee there are no shortcomings, which can be distinguished and rectified.
  • Business continuity planning (BCP) is the cycle a company goes through to make a prevention and recovery system from potential dangers like natural disasters or digital assaults.

Why Is Business Continuity Planning (BCP) Important?

Businesses are inclined to a large group of disasters that change in degree from minor to catastrophic and BCPs are an important part of any business. BCP is normally meant to assist a company with keeping on operating in the event of dangers and disruptions. This could bring about a loss of revenue and higher costs, which prompts a drop in profitability. Also, businesses can't depend on insurance alone in light of the fact that it doesn't cover every one of the costs and the customers who move to the competition.

What Is Business Continuity Impact Analysis?

An important part of fostering a BCP is a business continuity impact analysis which recognizes the effects of disruption of business functions and processes. It likewise utilizes the data to come to conclusions about recovery needs and strategies. FEMA gives an operational and financial impact worksheet to assist with running a business continuity analysis. These worksheets sum up the impacts — both financial and operational — that stem from the loss of individual business functions and processes. They likewise distinguish when the loss of a function or cycle would bring about the recognized business impacts.

What Should a Business Continuity Planning (BCP) Include?

Business continuity planning implies distinguishing all possible risks that can influence the company's operations. The plan ought to likewise decide what those risks will mean for operations and carry out protections and procedures to moderate the risks. There ought to likewise be testing procedures to guarantee these shields and procedures work. At last, there ought to be a survey cycle to ensure that the plan is cutting-edge.

Stock Insights | iOS & Android

IMAGES

  1. What is a Business Continuity Plan?

    business continuity planning wiki

  2. Building a Business Continuity Plan (BCP)

    business continuity planning wiki

  3. Business Continuity Planning (BCP)

    business continuity planning wiki

  4. Create a Business Continuity Plan

    business continuity planning wiki

  5. The Importance Of Business Continuity Plan And How To Make One

    business continuity planning wiki

  6. Business Continuity Plan Every Business Should Have

    business continuity planning wiki

VIDEO

  1. Business Continuity Planning

  2. Business continuity planning definition

  3. Business Continuity Planning

  4. Business Continuity Planning BCP

  5. Business Continuity Plan for the Cleaning Industry

COMMENTS

  1. Business continuity planning

    Business continuity may be defined as "the capability of an organization to continue the delivery of products or services at pre-defined acceptable levels following a disruptive incident", [1] and business continuity planning [2] [3] (or business continuity and resiliency planning) is the process of creating systems of prevention and recovery to...

  2. Business Continuity Planning (BCP)

    1. Project Initiation Define Business Continuity Objective and Scope of coverage. Establish a Business Continuity Steering Committee.

  3. What Is a Business Continuity Plan (BCP), and How Does It Work?

    Investopedia / Ryan Oakley What Is a Business Continuity Plan (BCP)? A business continuity plan (BCP) is a system of prevention and recovery from potential threats to a company. The...

  4. Business Continuity Plan (BCP)

    The Business Continuity Plan (BCP) is an essential part of any organization's response planning. It sets out how the business will operate following an incident and how it expects to return to 'business as usual' in the quickest possible time afterward. [1] The Need for a Business Continuity Plan [2]

  5. What Is Business Continuity?

    Business continuity planning covers the entire business—processes, assets, workers, and more. It isn't focused solely on IT infrastructure and business systems. Business resilience encompasses crisis management and business continuity. It requires a response to all types of risk that an organization may face.

  6. Understanding the Essentials of a Business Continuity Plan

    A business continuity plan is a document that outlines how a company can keep running during a crisis. It covers everything from backup systems, communication channels, emergency contacts, and recovery strategies. A good business continuity plan can help you avoid downtime, minimize losses, and protect your reputation. In this blog post, we'll show you how to create a business continuity ...

  7. Business Continuity Planning

    A Business Continuity Planning (BCP) methodology is used to produce a plan to enable an organization to continue in operation in the face of some kind of interruption to its normal operation. The methodology needs to be scalable for an organization of any size and complexity.

  8. 5 Step Guide to Business Continuity Planning (BCP) in 2021

    Step 4: Maintenance. A business continuity plan should not be treated as a one-time exercise. It needs to be maintained, so the organization's structural and people changes are updated regularly. The key personnel might move on from the firm, and this would need to be updated in the Business Impact Analysis and BCP.

  9. How to craft an effective business continuity plan

    Get the word out. Iterate and improve. 1. Analyze your company. In this phase you conduct an analysis to identify critical activities, determine which activities must continue, which can be temporarily paused, and which can operate at a reduced capacity. You then assess the financial impact of disruptions.

  10. Working Toward a Managed, Mature Business Continuity Plan

    This basic model can be expanded to fit the specific needs of an organization in the context of business continuity planning. Corporate Hierarchy. Before creating a business continuity plan, it is important to understand that there are different hierarchical levels within an organization's structure (figure 2). People at each level are trying ...

  11. Business Continuity Management Planning (BCMP)

    Business continuity management planning (BCMP) software tools are the key tools used to manage business continuity management (BCM) programs. They provide risk assessment, business impact analysis, business process, vendor and IT dependency mapping, and plan management functionality. Some products also offer plan exercising capability, resource ...

  12. Business Continuity Planning

    Definitions. Business continuity planning supports an organization to continuing its operations after an incident or under adverse conditions, such as a natural disaster, disease pandemics, terrorist attacks, serious accidents, external hacker or other IT attacks, disruption of supply chains, and/or other abrupt and unexpected changes in ...

  13. BCMpedia. A Wiki Glossary for Business Continuity Management (BCM) and

    Business Continuity Management Institute (BCM Institute) Glossary in Wiki ( Version 1.0) or BCMpedia provides Business Continuity (BC), Crisis Management (CM), Crisis Communication (CC), Operational Resilience, BCM Audit, Disaster Recovery (DR) and Operational Resilience (OR), Professional with definitions that help to reduce confusion, thus pro...

  14. Business Continuity Planning

    Business Continuity Training Part 3: Planning Process Step 6. The sixth of six steps addressed in this Business Continuity Training, which detail the process of building a business continuity plan. This step addresses how organizations should "test" their business continuity plans. Organize a business continuity team and compile a business ...

  15. Business Continuity Planning (BCP)

    1. Business Continuity Planning or BCP is the process of developing prior arrangements and procedures that enable an organization to respond to an event in such a manner that critical business functions can continue within planned levels of disruption. The end result of BCP is the BC Plan . BL-B-5 Click to know more

  16. Business continuity planning

    Business continuity may be defined as "the capability of an organization to continue the delivery of products or services at pre-defined acceptable levels following a disruptive incident", and business continuity planning (or business continuity and resiliency planning) is the process of creating systems of prevention and recovery to deal with potential threats to a company.

  17. Business continuity and resilience management: A conceptual framework

    1 INTRODUCTION. Aspects of business continuity management (BCM) include planning, preparation and mitigation activities that aim to deal with potential threats to a company, reduce vulnerability and maintain operations after experiencing disturbing circumstances (ISO22301, 2019).A range of challenges has triggered research interest in the BCM field over the past decade.

  18. Disaster recovery

    Principles of backup sites Planning includes arranging for backup sites, whether they are "hot" (operating prior to a disaster), "warm" (ready to begin operating), or "cold" (requires substantial work to begin operating), and standby sites with hardware as needed for continuity.

  19. 事業継続計画

    事業継続計画 (じぎょうけいぞくけいかく、 英語: business continuity planning, BCP )とは、災害などの緊急事態が発生したときに、 企業 が損害を最小限に抑え、事業の継続や復旧を図るための計画 [1] [2] [3] 。 事業継続と復旧計画 ( Business Continuity & Resiliency Planning, BCRP )とも呼ばれる。 企業に対する潜在的な脅威に対処するための予防に加えて、 ディザスタリカバリ による事業の継続的な運用を可能にすることを目標とする [4] 。

  20. Business Continuity Planning

    Business continuity planning enables you to create an easy-to-use, actionable business continuity planning solution to prepare for the impact of a broad range of threats including natural disasters, disease outbreaks, accidents and terrorism. In addition business continuity planning can help when you face technology-related hazards like the ...

  21. Business Continuity Plan (BC Plan)

    1. A Business Continuity Plan or BC Plan comprises of clearly defined and documented procedures and information for use when a disaster occurs. BL-B-5 Click to know more Related Terms: Type of Plans, Business Continuity, Business Continuity Planning, Business Continuity Management System (BCMS)

  22. Business Continuity Planning Solutions: PwC

    PwC's business continuity planning solutions will help you develop operational resilience and business continuity that is scalable and that enables your company to prioritize investments. Some of our solutions include: BCP program assessment and design. Business impact analysis and interruption risk assessment.

  23. Business Continuity Planning (BCP)

    Business impact analysis, recovery, organization, and training are steps corporations need to follow while making a Business Continuity Plan. Fostering a Business Continuity Plan. There are several means many companies must follow to foster a strong BCP. They include: Business Impact Analysis: Here, the business will recognize functions and ...