Skip to content

The Basics of Business Continuity Planning

Business Continuity and IT Disaster Recovery Blog

The Basics of Business Continuity Planning

In the last few years, there has been a consistent push within companies to formulate a Business Continuity Plan (BCP). These plans are essential to ensuring that a business can come out the other side of a disaster intact. Whether that disaster is something like a natural disaster, such as a flood or a wildfire, or a man-made creation, such as a break-in or a hacking incident, being prepared is essential. It is too easy for a company to operate without a sound business continuity plan.

Today, it is suggested that any company – regardless of size or industry – has a sound business continuity plan. Before such a plan is put into place, though, the basics must be covered. While many BCPs tend to evolve beyond these basic foundations, these are seen as non-negotiable functions.

The BCP will likely fail without the following basics. What, then, are some of the foundations required?

The Basics Of A Business Continuity Plan: What Must Be Included?

Key Partners Involved

The first step of any business continuity planning will involve making sure you break down the following:

  • Who is responsible for running and operating each sector of your business?
  • Who provides the essential services to your business?
  • Who are the primary suppliers for your business?
  • What regulations does your business need to meet to operate safely?
  • What is your typical distribution process, and how can it be temporarily adapted?
  • What are the services and functions that your business cannot operate without?
  • When can you expect a resumption of normality?
  • Which members of your staff does your business need to function?
  • Which areas of your business are prioritized, and what is secondary?

Having these key definitions in place will go a long way to ensuring your business can continue operating in some function even during loss of service and functionality. As your business grows and evolves, return to these questions and provide your previous answers still apply.

The Most Likely Risks

While the most thorough business continuity plans will solve every eventuality, more basic planning is less extreme. In the basics of any business continuity plan, though, there should be a clear identification of the most likely risks to your business.

For example, a business that relies solely on eCommerce and communicating with clients and suppliers online would see protecting internet connectivity as the most serious risk. However, a company based in an area with extreme weather and the risk of storms and wildfires might make environmental safeguards the BCP priority.

The Reality Of Risks

The next part of any useful business continuity plan will be to determine what each typical issue could cause to your business. For example, how much would loss of internet connectivity stop your business from operating? What kind of delays or issues would a supply chain breakdown cause? Would an environmental issue in the area limit or prevent your business from operating properly?

Your BCP should focus on what problems each typical risk might pose to your business.

A List Of Safeguards

Any business continuity plan worth using will also include a list of ideas regarding what can be done to minimize risk. For example, suppose your main issue is internet connectivity. How easy is it to have backup connectivity that is still fast enough to operate and secure enough to be used without risk?

Each of the risks you have recognized as the most likely problems to your business operating normally will have a safeguard. These should be identified and implemented immediately to reduce the impact should something go wrong.

Steps For Recovery

The next key element will be ensuring that your business continuity plan has a list of steps to restore functionality. If something goes wrong, BCPs must be implemented quickly and with a set range of steps. This will reduce the risk of panic and ensure that staff have a ‘handbook’ to follow in restoring operations.

These steps should then be thoroughly tested to ensure that these steps work. Be sure to test out-of-hours so you do not impact your business operations during working hours.

Regular Maintenance

Also, should ensure that your business continuity plan has a clear, up-to-date one. The world moves at a breakneck pace, and a BCP that is even a few years old could be seen as outdated. Please update this plan regularly to use the best functions and solutions available.

For example, if cybersecurity is a priority in your BCP, you should ensure your cybersecurity practices and recovery methods are modern. Cybercrime moves quicker than most industries, so ensuring you have robust security measures that work will be critical to the success of your plan.

Plans For Business Resumption

The final step of any basic business continuity plan will be ensuring you have a clear plan to get everything back in order. Determining how quickly you can get essential services and functions back in place is critical to a sound BCP.

This is not so much about how to get your business back up and running after an incident; it is about making sure your business can prioritize the essential functions that ensure you can do business at some level. The sooner your business continuity plan allows your business to start trading again, the better.

Why A Business Continuity Plan Is Essential, Not Recommended

A business can fail for all manner of reasons. Most of the time, these failings are caused by something like:

  • Loss of essential functions and utilities such as electricity or internet connectivity
  • Extreme environmental issues causing loss of service output, such as a hurricane or a storm
  • Construction-related issues such as a collapsed building or parts of the building not being safe
  • A cyber-related crime that brings down your company’s key IT infrastructure and capabilities
  • A breakdown in the supply chain, meaning a loss to key goods and services you rely upon
  • Loss of a crucial employee who was key to the foundations of your business operating soundly

This small list is a quick but firm example of why having business continuity planning in place is so important. At one stage, almost every business will have to face an issue such as the above. Without a solid and robust BCP that at least focuses on the above basics, your business could be in trouble.

BRCCI – Business Resilience Certification Consortium International (

We are thankful to the author for allowing us to post this insightful article on our website. BRCCI provides a comprehensive training and certification program in business resiliency, continuity and IT disaster recovery planning:

1. 3-day CBRM (Certified Business Resilience Manager) is a comprehensive, all-in-one, 3-day Business Continuity Planning and Management Training and Certification course which is designed to teach practical methods to develop, test, and maintain a business continuity plan and establish a business continuity program.

2. 3-day CBRITP (Certified Business Resilience IT Professional) is a comprehensive training on how to assess, develop, test, and maintain an information technology (IT) Disaster Recovery Plan for recovering IT and telecommunications systems and infrastructure in the event of a disaster or business disruption. The training provides a step-by-step methodology to ensure a reliable and effective IT disaster recovery and continuity plan consistent with the industry’s standards and best practices.

3. 2-day CBRA (Certified Business Resilience Auditor) It provides 2 days of intensive, Business Continuity Audit training to enable students to determine the effectiveness, adequacy, quality and reliability of an organization’s Business Continuity Program. Students will learn an audit methodology to evaluate compliance of Business Continuity and IT Disaster Recovery Programs with the current industry’s best practices and standards including:

  • ISO 22301: Business Continuity Management Systems – Requirements
  • NFPA: Standard on Disaster/Emergency Management and Business Continuity Programs
  • ITIL: Information Technology Infrastructure Library

For information on the above program, please contact BRCCI (, 1-888-962-7224).

On Key

Related Posts

ICR Standard

ICR Standard Author: Dr. Akhtar Syed Download PDF Section 1.0 – Introduction The Integrated Continuous Resiliency (ICR) standard, developed by BRCCI (, is a comprehensive

What is ISO 22301 standard?

What is ISO 22301 standard? Author: Andrea Patricia Sanchez Dominguez Download PDF 1. Introduction The Standard ISO 22301 was proposed in 2012 as a new