when should a business continuity plan be reviewed

• Reputation Risk Management
• Critical Event Management
• Security Risk Management
• Workplace Safety Management
• In Case of Crisis 365 Platform Overview
• Threat Intelligence & Social Listening
• Issues & Incident Management
• Role-based & Actionable Playbooks
• Microsoft Teams Integration
• News and Events

How Often Should a Business Continuity Plan Be Reviewed?

Reviewing and testing the plan are steps you absolutely can’t skip. Business continuity planning must be a process—not a one-time task. Today, many organizations recognize this: A 2015 survey found that 52.5 percent of organizations expected to incorporate small changes to their BC plan that year; nearly 33 percent anticipated significant changes.

With the dynamic nature of BC in mind, how often should your organization review its business continuity plan? The answer depends on several factors:

The size of your organization.

Larger businesses are naturally going to have more complex BC plans because they will involve more employees and facilities, often spread over broader geographic areas. While small and mid-sized organizations can also have complex plans, they typically require less frequent review.

The nature of your business.

Of course, the type of work your organization does will also impact business continuity planning. For example, companies with a complex supply chain or locations in foreign countries will probably require a more frequent and robust management and review process than those without.

The BC systems you have in place.

How your organization administers its BC functions can also impact review frequency. Many newer business continuity innovations, such as a mobile crisis app with actionable and role-based digital playbooks, help streamline and automate certain BC tasks, which ensures that plans stay up to date and relevant over time. With these types of systems in place, the review process can be much easier and faster, reserving resources for other key BC duties.  

A Recommended Schedule

With the above factors in mind, you can begin to develop a schedule for reviewing your BC plan. The review process should be continual, with different aspects being appraised and using various methods at least a few times a year.

Many organizations strive for a schedule that includes the following:

Checklist review: Twice a year

The BC team conducts a high-level check on each element of the plan, ensuring that all objectives are still being met.

Emergency drills: Once a year

A key part of business continuity is ensuring that all stakeholders know what to do before, during, and after an emergency situation . Hold annual emergency drills to keep their skills sharp and ensure BC plans account for all facets of a potential business-impacting event.

Tabletop review: Every other year

In this type of review, you’ll gather all key stakeholders, including the BC owner and steering committee, to do a verbal walk-through of the plan. This type of review is helpful because it doesn’t require much time or many resources but can often reveal gaps, inconsistencies, or outdated information in the plan.

Comprehensive review: Every other year

This stage should include a close look at the organization’s risk assessments, business impact analysis, and recovery protocol. This is also an opportunity to update the BC plan to reflect any recent changes to the company’s structure, business, operations, or location.

Mock recovery test: Every two or three years

Larger organizations will also benefit from the occasional recovery simulation, in which the BC plan is fully tested. This active review identifies any gaps in your plan and helps employees and other stakeholders feel prepared and comfortable with their roles.

How often does your business review its business continuity plan? Do you feel that this frequency should be increased?

Crisis Management Pillars: Building Alignment With Stakeholders

Use a Risk Assessment to Prioritize the Issues you Need to Manage

Build a Crisis Management Plan Using These 4 Key Steps

You Don’t Need Just a Plan

• In Case of Crisis 365 Overview

• Terms of Service
• Privacy Policy

How Often Should A BCP [Business Continuity Plan] Be Reviewed? [And When Should It Be Tested?]

Last Updated: September 19, 2023

The process of developing, finalizing, and communicating your initial business continuity plan (BCP) is no small feat. However, ongoing monitoring and reviewing of your BCP is critical to account for both internal and external changes that may impact your business. So how often should your BCP be reviewed? This blog post will dive into the answer to that question, as well as the results you’ll see from an effective business continuity program, the benefits of conducting business continuity planning, how to improve your organization’s business continuity planning process and more.

How Often Should A BCP Be Reviewed & Tested?

As a best practice, your BCP (business continuity plan) should have a scheduled review annually at a minimum, as well conducting a business review whenever something in your business changes (e.g. a process, product, service, etc.) or there is an external factor impacting your business (e.g. environmental changes, new regulations, an acquisition, etc.).

What are the results of an effective business continuity program?

Having an effective business continuity plan review process can impact your business in many ways:

Better resource planning

With a complete profile of business unit information mapped out within your business continuity plan, you can identify critical functions and analyze the impact they have on your organization. As a result, you’ll be able to better allocate the necessary resources and ensure that backup strategies are in place to maintain basic operations following a loss or outage.

Added insights Gain insight into which business units are most critical to business operations, which are prepared for a business continuity event, and which need to be reevaluated. Housing everything in one centralized program allows you to quickly and easily navigate to the right resources amidst an emergency event.

Reduced losses Having an effective business continuity plan allows you to create various scenarios and recovery strategies for recovering in the case of any losses. 

This enables you to take a proactive, risk-based approach to your organization’s recovery and get back up and running sooner, reducing losses.

What are the benefits of conducting business continuity planning?

Having a formalized process in place for business continuity planning yields a variety of benefits for your organization. Let’s dive into a few of them:

Overcome challenges more quickly

Relying on reactive efforts following a business continuity event leads to higher probability of missteps that could only catastrophize the problem at hand. If you’ve actively invested time and energy into preparing for any potential risk before it manifests, if and when it does, your BCP will direct you to the necessary resources to return to business as usual. This approach results in less collateral damage and shorter downtime periods.

Identify critical areas of improvement

Building a business continuity plan with an enterprise-wide approach empowers your frontline employees to identify dependencies across your organization. This offers better insight to improve your plans; by looking at common risk factors across all departments, you’ll be better enabled to identify unique risks on a function-by-function basis, see which risks are specific to certain teams and which are prevalent throughout the entire organization.

Increase stakeholder confidence

Investing resources into developing a strong BCP assures vendors, investors, customers, employees, and regulators alike that your organization is being run properly. Mitigating risks before they happen is good governance, and that demonstrates corporate responsibility and fosters a positive corporate culture.

Related Post: We compare business continuity and disaster recovery here

How can I improve my organization’s business continuity planning?

Depending on how mature your business continuity management program currently is, there are several ways to improve. First and foremost, without software streamlining your business continuity planning process, reviewing and optimizing your BCP for success can be extremely difficult.

That’s because your business continuity plan is inherently central to being prepared for potential disruptions and solidifying trust with external parties such as vendors, clients, or potential shareholders.

Your organization has multiple business units, functions, teams, and products to keep track of, and lacking insight into which aspects are critical for internal operations and which provide critical services to your downstream dependencies will hinder you from being able to properly allocate resources and lengthen the time of delays.

Here’s a step-by-step outline for improving your business continuity planning process using risk-based software:

• Start by identifying your most critical processes. When a business continuity event occurs, ERM software enables you to understand what the most critical processes to your organization are that need to be prioritized first to get back up and running to minimize any impacts.
• Assess the various risks your organization faces. By evaluating all of the various types of risks that a business continuity event could bring up – such as financial, reputational, customer, legal or strategic impact – you’re able to adequately determine which steps must be included in your BCP to minimize those impacts.
• Mitigate with purpose. Building a business continuity plan through a risk-based lens empowers you to design more effective policies, procedures, and other controls that simultaneously minimize the impact of the disruption at hand.
• Monitor the effectiveness of your plan over time. Continually monitor the effectiveness of your mitigating efforts using automated software to ensure that your BCP is directly aligned with your most up-to-date risks.
• Connect your departments. Your business continuity plan does not exist in a vacuum. Using integrated software allows you to identify interdependencies that must be known if an event occurs to ensure all steps are taken.
• Report historical data. Reporting is a key step in any risk-based approach, as it reveals patterns over time so that you can improve your BCP where needed and keep your organization protected from any future disruption.

Conclusion: Why Complete A Business Continuity Plan Review

When calamity strikes, it shouldn’t be a scramble to get your business back up and running.

Ensuring consistent updating of your BCP as well as having reliable disaster recovery plans helps ensure that no matter how much stress your business is put under, you have steps in place that eliminate uncertainty and minimize downtime.

This means including everything in your BCP that you need and knowing which functions of your business are the most critical, which resources employees use to keep crucial processes functioning, and the recovery steps for getting those functions and resources back online should havoc come to visit.

While doing all of this for disaster recovery may deem you a superhero, superheroes are only as good as their sidekicks. Consider LogicManager’s business continuity planning software as your new sidekick:

• Easily access, review and update all of your business continuity and disaster recovery plans (like business processes and related assets) within one centralized framework.
• Manage your responsibilities and track the status of your projects with easily accessible to-do lists.
• Improve coordination between business continuity, disaster recovery, and crisis response teams with automated tasks, alerts, and reminders.
• Ensure the BCP you have in place is operational and effective with automated testing.
• Link risks and controls directly to the business continuity plans they relate to with our taxonomy technology.
• Evaluate the criticality of each business process with pre-built, intuitive business impact analysis templates.
• Track business continuity events when they occur, identify the gaps in your plans, and determine follow-up improvements to your procedures with our intuitive incident templates.
• Prove BCP compliance to auditors and BCP effectiveness to senior management with highly configurable reports and compliance checklists.

With your business continuity planning process improved, you can focus on going beyond the call of duty. At its core, our business continuity planning software is designed to help you align strategic goals with operational objectives.

By giving you an enterprise-wide view of your risk and a risk rating at all times, LogicManager’s business continuity management program not only drastically reduces the time and money you spend on business continuity management, but it also helps you prove your invaluable impact on your company’s success with a comprehensive review to reduce internal and external factors threatening your organization.

Complimentary Download: BCP Checklist

Download our free BCP checklist to ensure that you are on the right track with your business continuity planning.

Share This Post

Related content.

Your Content Goes [...]

Your Content Goes Here [...]

COMPLIMENTARY DOWNLOAD: BCP CHECKLIST

Download our free BCP checklist to learn how to protect your organization in the long term.

My Favorites List

Submit your Favorites List and our experts will reach out to you with more information. You will also receive this list as an e-mail which you can share with others. Here are the solutions you've added to your list so far:

• Español (LATAM)
• Português (LATAM)
• English (APAC)

How to Ensure Your Business Continuity Plan Review Is a Success

Disruption was a common theme in 2020, and if early indicators are correct, 2021 isn’t going to be particularly stable, either. So far, we’ve experienced significant supply chain issues , whiplash-inducing changes to public health and safety recommendations, and a spate of ransomware attacks on technology giants and critical infrastructure providers —and we’re barely halfway through the year.

One positive thing that came out of the chaos that was 2020 is the increased awareness of how critical a comprehensive, well-tested business continuity plan is to the success—and, sometimes, survival—of an organization. For example, some companies that thought they had planned for all contingencies found they hadn’t addressed continuity for a 100 percent virtual workplace, which, as it turns out, was a critical oversight.

Why Business Continuity Plan Reviews Are a Must 

A business continuity plan is your company’s roadmap for how to keep the business running after a disaster or unplanned outage. The plan should document very specific details about getting critical business operations back online and functioning as quickly as possible to minimize loss of data, revenue, and productivity . 

In theory, your business continuity plan will cover all possible scenarios and provide a fast path back to normalcy. But if the plan isn’t reviewed frequently and thoroughly, a crucial component of the plan could be missing or no longer valid, and you wouldn’t know until it’s too late.

Regularly scheduled reviews let you evaluate the continuity and recovery capabilities for critical processes and identify shortcomings and gaps in the continuity plan that may interfere with resuming business operations. The review is also the perfect opportunity to update, revise, and adjust the plan as needed to address any major staffing, threat, or technology changes that occurred since the last review.

When to Review Your Business Continuity Plan

Although thoroughly testing the plan regularly may sound daunting, the good news is that not every review needs to be an end-to-end assessment. Here are the generally accepted guidelines for which parts of your business continuity plan to test and how often to test each: 

• Every six months: Conduct a checklist test to determine whether the objectives are still being met and update the plan as needed.
• Annually: Stage an emergency drill to evaluate authentic employee response to a disaster. 
• Every other year: Schedule a tabletop review with leadership and stakeholders to update business objectives and address gaps.
• Every other year: Run a comprehensive review to reassess risks and conduct a new impact assessment.
• Every 2-3 years: Initiate a full end-to-end recovery simulation test to measure the effectiveness of your business continuity plan.

Following these frequency guidelines will help ensure that all of the business-critical systems and their dependencies are recoverable in a crisis, the business objectives aren’t obsolete, and everyone in the organization knows their role in implementing the business continuity plan.

How to Ensure Your Business Continuity Plan Review Goes Smoothly

Plan reviews should not be conducted ad hoc. Instead, establish and document a repeatable process with defined objectives to ensure accurate results, no matter who is leading the review.

Additionally, your team should break down the review process into three distinct sets of activities that occur before, during, or after the review.

1. Before the Review

Preparation is key to getting the most out of your business continuity review. Set your organization up for success by following a few pre-review best practices:

• Schedule testing to minimize disruptions: Be aware of other departments’ commitments and plan accordingly. For example, accounting won’t be fully engaged in a review scheduled during their end-of-quarter closeout.
• Walk through the tests with staff in advance: Unless the goal is to gauge staff reaction to an unplanned review, be clear about what the review is assessing and how so employees know what to expect.
• Establish the review objectives upfront: Transparency is crucial to establishing an effective business continuity plan. Be sure all employees and stakeholders know what success looks like. 
• Re-evaluate plan review objectives as needed: Business processes, technology, and risk factors are constantly changing. Don’t be shy about adjusting review objectives before getting started, so the results reflect the current reality.

2. During the Review

Your business continuity plan review should focus on two main factors: 1) how well prepared critical areas of the business are to bounce back from a crisis, and 2) the effectiveness of each phase of the continuity plan.

During the review, assess the following systems and elements for business continuity preparedness. Be sure to note whether there have been any changes to equipment, resources, or policies since the last review.

• Contact lists
• Communication channels
• Supply chain
• Essential personnel
• Data backup and restoration

The business continuity plan review should evaluate the three main phases of the plan to determine how well continuity is supported in the event of a crisis.

• Initial response: This step will be specific to the type of disruption you are dealing with, but at a high level, this is the time to assess the severity of the damage, identify which systems are affected, and determine whether any data has been lost or corrupted. 
• Mobilization/relocation of resources and staff: Many organizations were ill-prepared for a wholesale shift to virtual business operations and a remote workplace at the outset of the coronavirus pandemic. However, with more than a year of lessons learned and infrastructure upgrades, many businesses now have the flexibility to shift between physical and virtual operations fairly quickly.
• Recovery and restoration: Once the immediate threat or disruption is resolved, your business continuity plan should kick in and begin the process of restoring operations almost immediately. If it doesn’t, find out why.

3. After the Review

Once the business continuity plan review is complete, the final stage is to evaluate the results and update the plan as needed to address gaps, inconsistencies, and changes to the systems, technology, policies, and processes.

The results should also be compiled into a report and presented to leadership and stakeholders along with the updated plan.

When to Initiate an Impromptu Plan Review

Occasionally, circumstances may dictate the need for an unscheduled review to address any significant changes. If your organization undergoes one or more of the following events, schedule a thorough review and update: 

• Major system outage
• Ransomware attack or another security event
• Major staffing change
• Major technology change
• Merger or acquisition

Smart Strategies for Business Continuity

Business continuity is too important to leave to chance. Organizations must have a solid strategy to quickly recover business operations after a security event or major disruption. Download Smart Strategies for Business Continuity for additional tips on how to disaster-proof your business. 

• Business Continuity

You May Also Like

7 crucial questions to ask your disaster recovery as a service provider: business continuity matters most, arcserve wins hardware solution of the year and one to watch security at computing security awards 2023, webinar: deploying comprehensive, affordable unified data protection and disaster recovery with arcserve and wasabi.

An official website of the United States government

Here’s how you know

Official websites use .gov A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS A lock ( Lock A locked padlock ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Business Continuity Planning

Organize a business continuity team and compile a  business continuity plan  to manage a business disruption. Learn more about how to put together and test a business continuity plan with the videos below.

Business Continuity Plan Supporting Resources

• Business Continuity Plan Situation Manual
• Business Continuity Plan Test Exercise Planner Instructions
• Business Continuity Plan Test Facilitator and Evaluator Handbook

Business Continuity Training Videos

The Business Continuity Planning Suite is no longer supported or available for download.

Business Continuity Training Introduction

An overview of the concepts detailed within this training. Also, included is a humorous, short video that introduces viewers to the concept of business continuity planning and highlights the benefits of having a plan. Two men in an elevator experience a spectrum of disasters from a loss of power, to rain, fire, and a human threat. One man is prepared for each disaster and the other is not.

View on YouTube

Business Continuity Training Part 1: What is Business Continuity Planning?

An explanation of what business continuity planning means and what it entails to create a business continuity plan. This segment also incorporates an interview with a company that has successfully implemented a business continuity plan and includes a discussion about what business continuity planning means to them.

Business Continuity Training Part 2: Why is Business Continuity Planning Important?

An examination of the value a business continuity plan can bring to an organization. This segment also incorporates an interview with a company that has successfully implemented a business continuity plan and includes a discussion about how business continuity planning has been valuable to them.

Business Continuity Training Part 3: What's the Business Continuity Planning Process?

An overview of the business continuity planning process. This segment also incorporates an interview with a company about its process of successfully implementing a business continuity plan.

Business Continuity Training Part 3: Planning Process Step 1

The first of six steps addressed in this Business Continuity Training, which detail the process of building a business continuity plan. This step addresses how organizations should “prepare” to create a business continuity plan.

Business Continuity Training Part 3: Planning Process Step 2

The second of six steps addressed in this Business Continuity Training, which detail the process of building a business continuity plan. This step addresses how organizations should “define” their business continuity plan objectives.

Business Continuity Training Part 3: Planning Process Step 3

The third of six steps addressed in this Business Continuity Training, which detail the process of building a business continuity plan. This step addresses how organizations should “identify” and prioritize potential risks and impacts.

Business Continuity Training Part 3: Planning Process Step 4

The fourth of six steps addressed in this Business Continuity Training, which detail the process of building a business continuity plan. This step addresses how organizations should “develop” business continuity strategies.

Business Continuity Training Part 3: Planning Process Step 5

The fifth of six steps addressed in this Business Continuity Training, which detail the process of building a business continuity plan. This step addresses how organizations should define their “teams” and tasks.

Business Continuity Training Part 3: Planning Process Step 6

The sixth of six steps addressed in this Business Continuity Training, which detail the process of building a business continuity plan. This step addresses how organizations should “test” their business continuity plans.

Last Updated: 11/08/2023

Return to top

What Is A Business Continuity Plan? [+ Template & Examples]

Published: December 30, 2022

When a business crisis occurs, the last thing you want to do is panic.

The second-to-last thing you want to do is be unprepared. Crises typically arise without warning. While you shouldn't start every day expecting the worst, you should be relatively prepared for anything to happen.

A business crisis can cost your company a lot of money and ruin your reputation if you don't have a business continuity plan in place. Customers aren't very forgiving, especially when a crisis is influenced by accidents within the company or other preventable mistakes. If you want your company to be able to maintain its business continuity in the face of a crisis, then you'll need to come up with this type of plan to uphold its essential functions.

In this post, we'll explain what a business continuity plan is, give examples of scenarios that would require a business continuity plan, and provide a template that you can use to create a well-rounded program for your business.

Table of Contents:

What is a business continuity plan?

• Business Continuity Types
• Business Continuity vs Disaster Recovery

Business Continuity Plan Template

How to write a business continuity plan.

• Business Continuity Examples

A business continuity plan outlines directions and procedures that your company will follow when faced with a crisis. These plans include business procedures, names of assets and partners, human resource functions, and other helpful information that can help maintain your brand's relationships with relevant stakeholders. The goal of a business continuity plan is to handle anything from minor disruptions to full-blown threats.

For example, one crisis that your business may have to respond to is a severe snowstorm. Your team may be wondering, "If a snowstorm disrupted our supply chain, how would we resume business?" Planning contingencies ahead of time for situations like these can help your business stay afloat when you're faced with an unavoidable crisis.

When you think about business continuity in terms of the essential functions your business requires to operate, you can begin to mitigate and plan for specific risks within those functions.

Business Continuity Planning

Business continuity planning is the process of creating a plan to address a crisis. When writing out a business continuity plan, it's important to consider the variety of crises that could potentially affect the company and prepare a resolution for each.

Type: Reputation

Do you have a plan in place to manage your reputation, and do you know the biggest risks for negative publicity in your space? The example plan above outlines the steps for handling a media or reputation crisis.

Once you create a business continuity plan, your work isn't over. Continue to iterate on the plan and identify new risks that become possible over time and/or with increased experience.

Business continuity planning isn't a one-time feat. Your plans need to be constantly reassessed if you want to adequately prepare for every situation. Consider adopting a business continuity management team to oversee your continuity plans and keep them up-to-date.

Here are examples of reputation issues that can affect business continuity:

• Negative publicity
• Company layoffs
• Negative reviews

Create a Business Continuity Plan Before Disaster Strikes

The more time you put into your business continuity plan, the better it's going to be. The more often you test, the stronger your plan will be, as you'll be able to quickly identify problem areas and correct them before you're forced to deal with them during a crisis.

Editor's note: This post was originally published in March 2019 and has been updated for comprehensiveness.

Don't forget to share this post!

Related articles.

Social Media Crisis Management: Your Complete Guide [Free Template]

De-Escalation Techniques: 19 Best Ways to De-Escalate [Top Tips + Data]

Situational Crisis Communication Theory and How It Helps a Business

What Southwest’s Travel Disruption Taught Us About Customer Service

Showcasing Your Crisis Management Skills on Your Resume

What Is Contingency Planning? [+ Examples]

What Is Reputational Risk? [+ Real Life Examples]

10 Crisis Communication Plan Examples (and How to Write Your Own)

Top Tips for Working in a Call Center (According to Customer Service Reps)

Top 5 Crisis Management Skills for Business Leaders (& How to Apply Them)

Manage, plan for, and communicate during a corporate crisis.

Today’s Multi-Cloud Reality: Cloud Chaos

87% of enterprises use two or more cloud environments to run their applications. multi-cloud accelerates digital transformation, but also introduces complexity and risk, resulting in a chaotic reality for many organizations., conquer cloud chaos with vmware cross-cloud services.

VMware is addressing cloud chaos with our portfolio of multi-cloud services, VMware Cross-Cloud services, which enable you to build, run, manage, secure, and access applications consistently across cloud environments. With VMware Cross-Cloud services, you can address cloud chaos and shift to a cloud smart approach – one where you can choose the best environment for every application, without multiplying your complexity.

Anywhere Workspace

Access Any App on Any Device Securely

App Platform

Build and Operate Cloud Native Apps

Cloud & Edge Infrastructure

Run Enterprise Apps Anywhere

Cloud Management

Automate and Optimize Apps and Clouds

Desktop Hypervisor

Manage apps in a local virtualization sandbox

Security & Networking

Connect and Secure Apps and Clouds

Run VMware on any Cloud. Any Environment. Anywhere.

On public & hybrid clouds.

On Private & Local Clouds

Anywhere Workspace Access Any App on Any Device Securely

App platform build and operate cloud native apps, cloud infrastructure run enterprise apps anywhere, cloud management automate and optimize apps and clouds, edge infrastructure enable the multi-cloud edge, networking enable connectivity for apps and clouds, security secure apps and clouds, by industry, vmware ai solutions.

Accelerate and ensure the success of your generative AI initiatives with multi-cloud flexibility, choice, privacy and control.

For Customers

For partners, working together with partners for customer success.

See how we work with a global partner to help companies prepare for multi-cloud.

Tools & Training

Marketplace, blogs & communities.

• Topics 
• VMware Glossary 
• Content 
• Business Continuity Plan

What is a Business Continuity Plan (BCP)?

A  Business Continuity Plan (BCP)  is a detailed strategy and set of systems for ensuring an organization’s ability to prevent or rapidly recover from a significant disruption to its operations. The plan is essentially a playbook for how any type of organization—such as a private-sector company, a government agency or a school—will continue its day-to-day business during a disaster scenario or otherwise abnormal conditions.  

Examples of such disruptions include a fire, a major earthquake or other a natural disaster, a disease outbreak, a cyberattack and many other scenarios that could upend “business as usual.” When such events significantly disrupt an organization’s normal routines, it turns to its business continuity plan for instructions, processes and tools it needs to continue to operate or to quickly recover from downtime. 

The Virtual Floorplan: New Rules for a New Era of Work

Hindsight is 2020 - The Pandemic Provides a Wakeup Call

Why is a business continuity plan important.

Risks can be managed, but they can’t be eliminated. Business continuity planning is critical because without it, an organization faces downtime and other problems that could damage its financial health. In major disasters, a lack of a business continuity plan could cause irreparable financial harm that might ultimately force a company to permanently close. 

How to create a Business Continuity Plan?

There are many frameworks for creating an effective business continuity plan. Most of them cover three overlapping phases: 

• Analysis : In this phase, you identify and evaluate the various functions of your business and its operations. Then, you determine how those different functions will be affected by a disaster. This phase usually entails prioritizing different areas or departments in terms of how important they are to your operation, so that your plan ultimately ensures the continuity of your most critical functions first. Business continuity  professionals often conduct a Business Impact Analysis (BIA) at the outset of developing a new plan. A BIA estimates the consequences of different disaster scenarios in terms of lost revenue and other business-specific metrics.
• Planning : Once an initial analysis is complete, the next phase entails all facets of developing an actual plan for continuing to operate in a disaster, or rapidly recovering from a disruption to normal operations. During the planning phase, organizations:  
• Develop protocols for potential needs such as a rapid relocation or shift to  remote work . 
• Strategize temporary staffing changes or needs. 
• Implement  IT disaster recovery  tools to ensure continuity of critical systems. 

A key part of this phase is to name a continuity or crisis management team, comprised of executives and stakeholders who will lead the plan’s implementation if necessary. 

• Training and Testing : Even the most robust BCP must be put through regular testing to ensure it will work if needed. This includes educating employees on their roles and responsibilities in these scenarios, as well as conducting trials of various elements of the plan. An example would include a short-term rollout of a remote work scenario to identify issues and opportunities for optimization.  

Key features of a business continuity plan

Some features of a BCP will be industry or business-specific, but there are components that are common to almost any plan: 

People : A BCP will clearly define roles and responsibilities, not just for the crisis management leadership team, but also for any units responsible for implementing different pieces of the plan in a disaster scenario. Some BCPs will also define “essential personnel”—for example, people whose job requires them to report to work even in periods of heightened risk. 

Technology : Almost all modern business continuity plans will also clearly outline the role that information technology will play in ensuring critical data, applications and services remain available or are quickly restored after an interruption. These include: 

• Data backup and recovery tools 
• Cloud computing infrastructure  and services 
• Remote work platforms

Service Delivery : A BCP should also describe which services are most critical and how they will continue to be delivered to customers, employees, partners, the public and other stakeholders. 

Health & Safety : Finally, a strong business continuity program will include criteria and guidelines for ensuring the health and safety of all people involved—employees, customers, partners—as the plan is implemented and managed. 

Business Continuity Plan checklist

Many organizations create a checklist as part of their business continuity planning. This is a list of all of the key steps in the BCP. It can be used in two ways:  

• Conception : First, it can be used as part of the initial creation of the plan. In this context, the BCP checklist would describe in detail the steps necessary to develop the plan, from analysis through testing.  
• Implementation : Second, a BCP checklist can be used for testing and/or actually implementing the plan. In this context, the BCP or crisis management team would use the checklist to ensure that it addresses all of the plan’s tools and processes and communicates them effectively throughout the organization. 

Business Continuity and Disaster Recovery Planning

Business continuity planning and disaster recovery planning are often mentioned in similar contexts, but they are not interchangeable terms. A business continuity plan is an overarching strategy for operating in disaster scenarios or recovering from a major disruption. 

A disaster recovery (DR) plan refers more specifically to the IT processes and tools you can rely on to retain or restore access to mission-critical data, applications, and services in these scenarios. A DR plan would detail, for example, how you could restore access to a revenue-generating web application in the event of a flood in the data center that powers that service. 

How often should a Business Continuity Plan be reviewed?

Most experts recommend that business continuity plans be reviewed regularly and updated as needed. This helps ensure that the plan will still meet the organization’s needs in the face of evolving risks and threats. 

The frequency with which you review a business continuity plan depends on many factors, including the nature of the organization, its industry and its particular risks. As a general rule of thumb, such plans should be reviewed annually or at least every other year. However, there are multiple scenarios where an organization may want to consider more frequent reviews, including: 

• Significant changes to the business or its operations 
• Location in a region at greater risk for natural disasters or other potentially disruptive events 
• Any organization or agency that provides essential services to the public 

Recommended for You

• Business Continuity
• Business Mobility
• Disaster Recovery
• Business Continuity Application

Related Solutions and Products

Remote work solutions.

Connect Your Distributed Workforce with Remote Work Solutions

Anywhere Workspace Solutions

Enable employees to work from anywhere with secure, frictionless experiences.

Assure Experience & Productivity

Support an agile, remote workforce with seamless and secure access.

• Submit Press Release
• Issue Archives
• Virtual Issue Archives
• Special Sections
• About / Sign Up
• NJB News Now
• Sponsored Content
• Banking / Financial
• Coronavirus
• Economic Development
• Environment
• General Business
• Infrastructure
• Meeting Places
• Real Estate
• Science & Technology
• Small Business
• Workforce Development
• Upcoming Opportunities
• Media Kit Request
• File Upload
• MagHub Login
• Awards for Excellence Nomination
• 2023 New Good Neighbor Nomination Form
• NJB Magazine

Is It Time to Review Your Business Continuity Plan?

The more you review, the better the execution in times of crises..

Any business – regardless of size – would be impacted by an unplanned disruption. That is why it is important to have a Business Continuity Plan (BCP) in place, and that you review it regularly.

The BCP is intended to identify the impact of significant disruptions to your business as well as evaluate the processes that are in place to minimize loss and document recovery procedures. While you can’t control many of the events that could cause a business disruption, you can ensure that your plan is as current and effective as possible to help mitigate their effects.

As a best practice, you should conduct a review of your plan annually; however, more frequent reviews are recommended.

When looking at your BCP, you should also evaluate your emergency response, crisis communication, and information technology data center recovery procedures.

As you conduct your BCP assessment, here are some questions you should be asking:

• Have all critical business processes, systems, applications, employees and resources been identified and updated?
• Have specific teams and responsibilities been established and updated in your plan, so that everyone understands what to do in an emergency? Does your plan clearly indicate who is responsible to activate the plan and do all employees understand that process?
• Is the plan information secured and readily accessible for all essential management personnel to access quickly in an emergency? If your facility is unavailable for any reason, do employees know the alternate procedures or where they might temporarily relocate?
• Does it include all potential risks of interruption to your business?
• Does each department have an emergency call tree so that it knows whom to contact in an emergency? Does the personnel information include multiple phone numbers and personal e-mails, so that your company has a better chance of reaching its employees?
• Have you introduced any new products, services or technologies that need to be addressed in your plan? Also, does your plan have updated information that reflects any changes with your suppliers or vendors?

Your BCP is a living document. It’s only as good as the information in it. Regular exercises, tests and drills are critically important to gauge the level of your BCP teams’ preparedness. You should test all manual, automated and backup procedures to ensure they are effective.

The worst time to prepare for a crisis is when it’s happening. The more frequently you plan, review and drill for a possible event, the less likely there will be gaps in your BCP and the better your chances will be for a smooth and safe execution.

About the Author: Steve Mancia is manager of business continuity for NJM Insurance Group. 

• business continuity
• Business Continuity Plan
• NJM Insurance Group
• Steve Mancia

Trenton Mayor Announces Formation of Economic Development Partnership

Regional Partnerships Empower NJM’s Commitment to Teen Driver Safety

NJM Insurance Expanding to Ohio

• Life Sciences
• Manufacturing
• New Hire/Promotion
• Philanthropy

• Search Search Please fill out this field.
• Business Continuity Plan Basics
• Understanding BCPs
• Benefits of BCPs
• How to Create a BCP
• BCP & Impact Analysis
• BCP vs. Disaster Recovery Plan

Frequently Asked Questions

• Business Continuity Plan FAQs

The Bottom Line

What is a business continuity plan (bcp), and how does it work.

Pete Rathburn is a copy editor and fact-checker with expertise in economics and personal finance and over twenty years of experience in the classroom.

Investopedia / Ryan Oakley

What Is a Business Continuity Plan (BCP)? 

A business continuity plan (BCP) is a system of prevention and recovery from potential threats to a company. The plan ensures that personnel and assets are protected and are able to function quickly in the event of a disaster.

Key Takeaways

• Business continuity plans (BCPs) are prevention and recovery systems for potential threats, such as natural disasters or cyber-attacks.
• BCP is designed to protect personnel and assets and make sure they can function quickly when disaster strikes.
• BCPs should be tested to ensure there are no weaknesses, which can be identified and corrected.

Understanding Business Continuity Plans (BCPs)

BCP involves defining any and all risks that can affect the company's operations, making it an important part of the organization's risk management strategy. Risks may include natural disasters—fire, flood, or weather-related events—and cyber-attacks . Once the risks are identified, the plan should also include:

• Determining how those risks will affect operations
• Implementing safeguards and procedures to mitigate the risks
• Testing procedures to ensure they work
• Reviewing the process to make sure that it is up to date

BCPs are an important part of any business. Threats and disruptions mean a loss of revenue and higher costs, which leads to a drop in profitability. And businesses can't rely on insurance alone because it doesn't cover all the costs and the customers who move to the competition. It is generally conceived in advance and involves input from key stakeholders and personnel.

Business impact analysis, recovery, organization, and training are all steps corporations need to follow when creating a Business Continuity Plan.

Benefits of a Business Continuity Plan

Businesses are prone to a host of disasters that vary in degree from minor to catastrophic. Business continuity planning is typically meant to help a company continue operating in the event of major disasters such as fires. BCPs are different from a disaster recovery plan, which focuses on the recovery of a company's IT system after a crisis.

Consider a finance company based in a major city. It may put a BCP in place by taking steps including backing up its computer and client files offsite. If something were to happen to the company's corporate office, its satellite offices would still have access to important information.

An important point to note is that BCP may not be as effective if a large portion of the population is affected, as in the case of a disease outbreak. Nonetheless, BCPs can improve risk management—preventing disruptions from spreading. They can also help mitigate downtime of networks or technology, saving the company money.

How to Create a Business Continuity Plan

There are several steps many companies must follow to develop a solid BCP. They include:

• Business Impact Analysis : Here, the business will identify functions and related resources that are time-sensitive. (More on this below.)
• Recovery : In this portion, the business must identify and implement steps to recover critical business functions.
• Organization : A continuity team must be created. This team will devise a plan to manage the disruption.
• Training : The continuity team must be trained and tested. Members of the team should also complete exercises that go over the plan and strategies.

Companies may also find it useful to come up with a checklist that includes key details such as emergency contact information, a list of resources the continuity team may need, where backup data and other required information are housed or stored, and other important personnel.

Along with testing the continuity team, the company should also test the BCP itself. It should be tested several times to ensure it can be applied to many different risk scenarios . This will help identify any weaknesses in the plan which can then be identified and corrected.

In order for a business continuity plan to be successful, all employees—even those who aren't on the continuity team—must be aware of the plan.

Business Continuity Impact Analysis

An important part of developing a BCP is a business continuity impact analysis. It identifies the effects of disruption of business functions and processes. It also uses the information to make decisions about recovery priorities and strategies.

FEMA provides an operational and financial impact worksheet to help run a business continuity analysis. The worksheet should be completed by business function and process managers who are well acquainted with the business. These worksheets will summarize the following:

• The impacts—both financial and operational—that stem from the loss of individual business functions and process
• Identifying when the loss of a function or process would result in the identified business impacts

Completing the analysis can help companies identify and prioritize the processes that have the most impact on the business's financial and operational functions. The point at which they must be recovered is generally known as the “recovery time objective.”

Business Continuity Plan vs. Disaster Recovery Plan

BCPs and disaster recovery plans are similar in nature, the latter focuses on technology and information technology (IT) infrastructure. BCPs are more encompassing—focusing on the entire organization, such as customer service and supply chain. 

BCPs focus on reducing overall costs or losses, while disaster recovery plans look only at technology downtimes and related costs. Disaster recovery plans tend to involve only IT personnel—which create and manage the policy. However, BCPs tend to have more personnel trained on the potential processes. 

Why Is Business Continuity Plan (BCP) Important?

Businesses are prone to a host of disasters that vary in degree from minor to catastrophic and business continuity plans (BCPs) are an important part of any business. BCP is typically meant to help a company continue operating in the event of threats and disruptions. This could result in a loss of revenue and higher costs, which leads to a drop in profitability. And businesses can't rely on insurance alone because it doesn't cover all the costs and the customers who move to the competition.

What Should a Business Continuity Plan (BCP) Include?

Business continuity plans involve identifying any and all risks that can affect the company's operations. The plan should also determine how those risks will affect operations and implement safeguards and procedures to mitigate the risks. There should also be testing procedures to ensure these safeguards and procedures work. Finally, there should be a review process to make sure that the plan is up to date.

What Is Business Continuity Impact Analysis?

An important part of developing a BCP is a business continuity impact analysis which identifies the effects of disruption of business functions and processes. It also uses the information to make decisions about recovery priorities and strategies.

FEMA provides an operational and financial impact worksheet to help run a business continuity analysis.

These worksheets summarize the impacts—both financial and operational—that stem from the loss of individual business functions and processes. They also identify when the loss of a function or process would result in the identified business impacts.

Business continuity plans (BCPs) are created to help speed up the recovery of an organization filling a threat or disaster. The plan puts in place mechanisms and functions to allow personnel and assets to minimize company downtime. BCPs cover all organizational risks should a disaster happen, such as flood or fire.  

Federal Emergency Management Agency. " Business Process Analysis and Business Impact Analysis User Guide ," Pages 15 - 17. Accessed Sept. 5, 2021.

• Terms of Service
• Editorial Policy
• Privacy Policy
• Your Privacy Choices

By clicking “Accept All Cookies”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts.

How Often Should a Business Continuity Plan Be Tested?

Author Alan Bianco

Posted Sep 1, 2022

A business continuity plan should be tested at least once a year, and more often if the company experiences changes that could affect its ability to continue operating. The goal of testing is to make sure the plan is comprehensive and will work as intended. The test should be conducted by someone who is not familiar with the plan, so that they can provide an unbiased evaluation.

What are some of the benefits of testing a business continuity plan?

What are some of the risks of not testing a business continuity plan, what are some of the key components of a business continuity plan.

The test should include a review of the company's policies and procedures, as well as a mock disaster scenario. The scenario should be designed to test all aspects of the plan, including its ability to keep the company running during an extended outage . The results of the test should be reviewed and any necessary changes made to the plan.

Once the business continuity plan is in place, it is important to periodically review and update it. Changes in the company, such as new products or services, changes in the workforce, or new locations, can all impact the plan. By testing the plan on a regular basis, companies can ensure that it will be effective when it is needed most.

A business continuity plan (BCP) is a document that outlines how a business will continue to function during and after an disruptive event. Testing a BCP is an essential step in the development and implementation process, and offers numerous benefits to businesses.

Perhaps the most obvious benefit of testing a BCP is that it allows businesses to identify and rectify any shortcomings in their plan. By running through different scenarios and testing various components of the plan, businesses can identify any areas that need improvement. This is vitally important, as a well-tested and perfected BCP can mean the difference between a business being able to weather a storm and being forced to close its doors.

In addition to identifying problems, testing a BCP also allows businesses to gain a better understanding of the plan as a whole. This can be extremely helpful when it comes to training employees on the plan, as they will have a clear understanding of what needs to be done and when. Furthermore, by testing the plan, businesses can also ensure that all employees know their roles and responsibilities in the event of an incident.

Finally, testing a BCP also allows businesses to build confidence in their ability to maintain operations during and after a disruptive event. This is particularly important for small businesses, who may not have the resources of larger organizations. By testing their BCP, small businesses can prove to themselves and to their customers that they are prepared for anything.

In conclusion, there are many benefits to testing a business continuity plan. By doing so, businesses can identify problems, ensure employees are properly trained, and build confidence in their ability to weather any storm.

There are a few risks associated with not testing a business continuity plan. The first is that the plan may not work as intended. If the plan is not tested, there is no way to know if it will actually work when it is needed. This can lead to a lot of problems if the plan is needed and it does not work. Another risk is that employees may not be familiar with the plan. If the plan is not tested, employees may not know what to do or how to use it when the time comes. This can lead to a lot of confusion and delay in getting the business back up and running. Finally, not testing the plan can give a false sense of security. If the plan is not tested, it is possible that people will think that it is better than it actually is. This can lead to complacency and a feeling that the plan is not needed. Testing the plan is the best way to ensure that it is effective and that employees are familiar with it.

There is no standard definition of business continuity, making it difficult to identity the key components of a business continuity plan. crisis management plan, resiliency plan, or simply business continuity - are used interchangeably, yet each has a slightly different focus. Determining the key components of a business continuity plan begins with understanding the organization's goals for the plan.

The goal of business continuity planning is to minimize the impact of an interruption to business operations. The purpose of a business continuity plan is to ensure that the essential functions of an organization can continue during and after an event. A business continuity plan includes procedures and information related to the following:

- Alternate site locations - Arrangements with suppliers - Communications with employees, customers, and other stakeholders - Data backup and recovery - Employee training - Insurance

There are a few key components that are common to most business continuity plans:

1. Risk Assessment

The first step in any business continuity plan is to assess the risks that could potentially disrupt business operations. This assessment should identify the type of event (e.g., fire, flood, earthquake, cyber-attack), the probability of it occurring, and the potential impact on the organization.

2. Business Impact Analysis

Once the risks have been identified, the next step is to conduct a business impact analysis (BIA). This is a process of determining which business functions are critical to the organization and how long they can be disrupted before the impact is considered unacceptable.

3. Recovery Strategies

Based on the results of the risk assessment and BIA, the organization will develop recovery strategies for each of the critical business functions. These strategies should identify the resources needed to resume operations and the timeline for doing so.

4. Implementation

The final step is to implement the business continuity plan. This includes creating procedures for activating the plan, assigning roles and responsibilities, and testing the plan to ensure it is effective.

A business continuity plan is a critical part of any organization's risk management strategy. By identifying the key components and understanding the objectives of the plan, organizations can be better prepared to withstand disruptions and keep their business running.

How can businesses ensure that their business continuity plan is effective?

A business continuity plan is a plan that helps a business to continue operating during and after an emergency. The goal of a business continuity plan is to keep the business running, minimize disruption, and protect people and property.

There are many factors to consider when developing a business continuity plan, including:

1. The type of emergency that could happen 2. The impact of the emergency on the business 3. The resources and capabilities of the business 4. The business continuity goals of the organization

There are a number of steps that should be taken to ensure that a business continuity plan is effective. These steps include:

1. Conduct a business impact analysis: This will help to identify the potential impact of an emergency on the business.

2. Develop recovery strategies: This step will involve developing strategies to keep the business running in the event of an emergency.

3. Create a plan: The plan should be designed to meet the specific needs of the business. It should be clear, concise, and easy to use.

4. Test the plan: The plan should be tested on a regular basis to ensure that it is effective.

5. Review and update the plan: The plan should be reviewed and updated on a regular basis to ensure that it remains effective.

What are some of the common mistakes that businesses make when testing their business continuity plan?

There are a number of common mistakes that businesses make when testing their business continuity plan. One of the most common mistakes is not testing the plan regularly. Many businesses create their plan and then never test it again. This is a huge mistake. The business continuity plan should be tested at least once a year, and more often if possible. Another common mistake is not involving all of the stakeholders in the testing process. It is important to involve everyone who will be responsible for implementing the plan in the event of an emergency. This way, they can be sure that they understand the plan and are prepared to use it.

Another common mistake is not having a clear and concise plan. The plan should be easy to understand and follow. It should be clear what needs to be done in the event of an emergency. Many plans are too complicated and convoluted, which makes them difficult to follow in an emergency. This can lead to confusion and chaos, which can be disastrous.

Finally, many businesses make the mistake of not having a backup plan. This is a huge mistake. The business continuity plan is designed to keep the business running in the event of an emergency, but it is not foolproof. Things can and do go wrong, and having a backup plan in place can be the difference between weathering the storm and going under.

These are just some of the common mistakes that business es make when testing their business continuity plan. By avoiding these mistakes, businesses can ensure that their plan is effective and will work when it is needed most.

How can businesses make sure that their business continuity plan is up to date?

There are many factors to consider when ensuring that a business continuity plan is up to date. The first step is to conduct a risk assessment to identify potential disasters that could negatively impact the business. Once potential threats have been identified, the business can develop strategies to mitigate these risks. This may include creating backup systems, implementing security protocols, or investing in insurance.

It is important to regularly review the business continuity plan to ensure that it is still relevant and effective. This can be done by conducting periodic risk assessments and updating the plan as needed. Additionally, businesses should test their continuity plan regularly to ensure that it will work as intended in the event of an actual disaster.

By taking these steps, businesses can help to ensure that their business continuity plan is up to date and will be effective in the event of a disaster.

What are some of the challenges that businesses face when testing their business continuity plan?

There are a number of challenges that businesses face when testing their business continuity plan. One of the most significant challenges is ensuring that all employees are aware of the testing process and their role in it. Other challenges include ensuring that the testing process is conducted in a way that is realistic and effective, and that it does not disrupt the normal operations of the business.

Another significant challenge is ensuring that the business continuity plan is comprehensive and covers all potential scenarios. The plan must be designed to accommodate the specific needs of the business, and it must be tested regularly to ensure that it remains relevant and effective.

A further challenge is ensuring that the business continuity plan is properly implemented in the event of an actual emergency. This requires planning and coordination between all departments and personnel, and includes procedures for communication and decision-making.

Finally, it is important to review and update the business continuity plan on a regular basis . This ensures that it remains relevant and effective, and that any changes to the business or its operations are reflected in the plan.

What are some of the best practices for testing a business continuity plan?

There is no one-size-fits-all answer to this question, as the best practices for testing a business continuity plan will vary depending on the specific organization and its needs. However, there are some general best practices that can be followed in order to ensure that a business continuity plan is effective.

One of the most important best practices for testing a business continuity plan is to ensure that it is comprehensive and covers all potential scenarios. This means that the plan should be designed to address both major and minor disruptions, as well as both internal and external threats. The plan should also be designed to be scalable, so that it can be easily adapted to different size organizations and different types of disruptions.

Another important best practice for testing a business continuity plan is to ensure that it is regularly tested and updated. The plan should be tested on a regular basis, both in terms of individual components and in terms of the plan as a whole. This will help to identify any weaknesses or gaps in the plan, and to ensure that it remains relevant and up-to-date. The plan should also be updated on a regular basis to reflect any changes in the organization or its environment.

Finally, it is important to ensure that the business continuity plan is well-documented and easily accessible. This ensures that everyone in the organization is aware of the plan and knows how to access it. It also makes it easier to update and revise the plan as needed.

Frequently Asked Questions

Why is continuity testing important for your business.

Continuity testing is essential for two reasons. Firstly, it helps to ensure that your business’s plans are effective in the event of a disruption – by verifying that the systems and processes are still working as expected. Secondly, it allows you to identify any potential problems early, before they cause more serious damage. By testing your continuity plan regularly, you can ensure that it is always up to date and able to cope with any unforeseen events.

How often should you test your business plan?

There is no one specific answer to this question, as the frequency of testing will vary depending on the type of BCP that you have in place. However, most small businesses would likely need to test their plan at least once a year, while larger organisations may only need to test their plan every few months.

Do you need a business continuity exercise?

Business continuity exercises can provide valuable clarity and context around the organization's resilience to disruptions. In addition, conducting comprehensive exercises can help identify gaps in continuity planning and aid in remediation efforts. However, requiring a considerable number of people - many in senior roles - for a successful exercise can be challenging both in terms of coordinating the participants and the opportunity costs of their time. Whether or not you feel compelled to perform a business continuity exercise, it's important to ensure that your decision is based on sound rationale.

Why should you Test Your Business Continuity Plan?

Running a business continuity plan (BCP) helps ensure that your organization can continue to operate in the event of a disruption. By testing your BCP, you can identify any areas where improvements or updates are needed. Additionally, testing your BCP can help avoid potential problems before they occur. Testing your BCP can also help ensure that all elements of your plan are working as expected.

How can our business continuity consultants help you?

At ACS, our business continuity consultants can help you with a variety of different things, including: Developing a business continuity plan tailored to your specific needs and requirements; Providing expert advice on Disaster Recovery planning and Preparedness ; Conducting a Gap Analysis Report and Business Impact Assessment to assess the impact of any potential disruptions or accidents; Helping to coordinate the recruitment and training of your team when necessary; and much more. To find out more about what we can offer, contact us today on 0207 408 5000 or send us an email at [email protected] .

Featured Images: pexels.com

Alan Bianco

Writer at CGAA

Alan Bianco is an accomplished article author and content creator with over 10 years of experience in the field. He has written extensively on a range of topics, from finance and business to technology and travel. After obtaining a degree in journalism, he pursued a career as a freelance writer, beginning his professional journey by contributing to various online magazines.

Uncovering the Hidden Costs: What Are Business Liabilities?

Start Your Candle Business: A Step-by-Step Guide

Choosing the Right Business Structure: A Guide

The importance of having a business continuity plan

When the world is chugging along as normal and business operations only have the usual risks to monitor, it can be easy to put aside business continuity planning. But, as we've all discovered in recent weeks, anything can happen at any time, and businesses must be ready to pivot operations quickly, efficiently and safely as and when needed. The quick global spread of COVID-19, colloquially known as coronavirus, has thrown the world into disarray. The markets are in a nosedive, governments are shutting down entire countries and most organizations are having to quickly embrace remote working to keep the lights on and keep clients serviced. Those who do not have the capability to support workers at home ' and that are not essential services such as healthcare or sanitation ' are currently going through a trial by fire, with operations stymied and revenue under threat. Businesses are rushing to set up work-from-home arrangements, or take out subscriptions for online meetings and cloud collaboration technology. Priorities are shifting dramatically as we enter uncharted territory. This lack of preparedness could well see many businesses going under ' but if those organizations had created a robust business continuity plan ahead of time, they would know exactly how to handle such a crisis and weather the storm.

What is a business continuity plan and why do you need one?

A business continuity plan, or BCP, refers to the process a company will take to prevent and recover from potential threats to the organization. It ensures personnel and assets are protected and able to function in the event of a disaster, and is generally part of overall risk management ' that is, best practice dictates that you consider your business continuity plan ahead of time, not when a crisis hits. Your business continuity plan considers what those risks may look like ' both physical threats such as fire or flood, and those threats that are harder to pin down, such as hacks and pandemics ' and then determines:

• How those risks will impact operations
• How you'll implement safeguards, procedures and policies to mitigate the risks
• How you'll test procedures to ensure that they work
• How you'll review the process to keep it up-to-date

It includes a summary of the most critical business processes and functions ' those aspects that, if they failed, your business would be unable to operate ' as well as internal and external communication strategies, clear instructions for accessing and restoring offsite recovery data, any potential temporary offices or locations, and a change log that summarizes any updates to the plan for version-control purposes. Without a business continuity plan, you risk your company and its people . Not only could the business fail, but you could also suffer financial loss, a tarnished reputation and lost productivity. A physical disaster could also impact your employees, potentially causing injury or death.

Ensure continued — and secure — access to systems

With COVID-19 playing havoc with how companies go about their day-to-day activities, the priority for organizations should be on building business resilience. This means being flexible enough to go with the flow while maintaining operations at as normal a level as possible, all while ensuring your employees can access the systems and processes they need to do their jobs. It also means keeping a close eye on matters of cybersecurity. Those companies that maintain on-premises systems have suddenly found themselves in a pickle, as workers are unable to come into the office with cities on lockdown. The question of how teams will access platforms is an essential part of business continuity planning, and something that smart risk managers had covered long before the pandemic hit. They had thought about how teams would access platforms, assessed what bandwidth they had available for that level of remote access, and had considered whether they needed a temporary increase in network capacity or licenses. The security question, though, doesn't just extend to moving to cloud-based operations; hackers and cyber threats will use any crisis to their advantage. Keep an eye out for phishing scams, DDoS attacks and malware being introduced by employees keen to learn the latest developments in the crisis and not closely examining the links they click on. Security postures should include a review of systems you have in place to stop phishing campaigns and other inbound threat vectors before they hit employees' inboxes, writes Jason Albuquerque for InformationWeek .

Creating a business continuity plan

While every organization's business continuity plan will be different, there are some common steps that companies should follow to develop a solid continuity plan. They include:

• Undertaking a business impact analysis to identify functions and related resources that are time-sensitive
• Identifying and implementing steps to recover critical business functions
• Creating a continuity team that will be tasked with devising a plan to manage the disruption
• Training and testing the continuity team, and ensuring they regularly go over the plan and strategies to mitigate risk and ensure they are kept up-to-date

By considering these things in advance, organizations can help to ensure business continuity when things get tough, protecting the business, its reputation, its people and its customers.

The importance of technology to business continuity for legal operations

Of course, the march toward cloud-based technology to run essential business systems and processes makes business continuity planning a little easier. Once upon a time, you had to be in the office and on the network to access things like entity management software; today, there is a plethora of cloud-based options for all aspects of legal operations, compliance, governance and risk management work. Best-in-class providers of these systems are supporting their clients through the current COVID-19/coronavirus crisis, helping them to make sense of the craziness by providing online support, guidance and tech triage. More than just a software provider, these organizations become an essential partner in times of crisis. Diligent is one such company, acting as a partner to more than half of the Fortune 1000. Through its cloud-based legal technology platforms, Diligent enables proactive governance to help mitigate the risks of modern business. We believe every business should have the necessary business continuity planning and management strategies, plans and procedures in place, fully tested at regular intervals, to drive the assurance that when disaster strikes, they'll be ready. The cost and impact of not being prepared is usually far greater than that of being proactive. Diligent works to enable business continuity planning by ensuring ongoing access to essential documents, contracts and entity data through:

• Diligent Entities , which helps organizations to centralize, manage and effectively structure their corporate record to improve entity governance and improve decision-making
• Diligent Boards , which empowers boards and executives with the tools, insights and analytics to securely access board materials, track company performance and gather real-time information
• Diligent Assurance , which helps organizations to confidently create, manage and report on the obligations relevant to their business, and always be audit-ready.

Get in touch and request a demo to see how Diligent's suite of cloud-based governance and compliance software can help drive your business continuity planning and ensure your organization can continue to operate, no matter what gets thrown your way.

Solutions Solutions

• Board Management
• Enterprise Risk Management
• Audit Management
• Market Intelligence

Resources Resources

• Research & Reports

Company Company

Your data matters.

Why You Need to Review, Update Your Business Continuity Plans

We often urge you to have a risk management plan in place so that you are prepared for the many eventualities that can affect your business. Your risk management plan should be part of a larger business continuity plan for keeping your organization going during periods of disruptions that are both large and small. The plan should be broad to cover prevention and response, and that can only be done with input from representatives of all your firm’s divisions.

Companies can spend considerable time putting together a risk management plan that is unique to their workplace and operations. But, after they have created and implemented their plan, many businesses fail to evaluate and update it on a regular basis. You will need to test, evaluate and update your risk management and business continuity plans regularly because risks can change as your business, your industry and the environment you operate in also change.

A prime example of a new risk is the cyber threat that continues to grow in significance, having cost many businesses millions of dollars in response, remediation and notification costs. If you have not included this eventuality in your business continuity plans, you should do so.

If you set aside time once or twice a year to review your plans, you can identify new risks and monitor the effectiveness of your current risk management strategies. This gives you an opportunity to modify or enhance your plan in response to those emerging or newly identified threats. As you did when you created your original plans, you should involve personnel from your various departments and also consider inviting key vendors or customers to the planning sessions. This will help bring different perspectives to the table, resulting in a more comprehensive overall plan.

The business continuity plan

Besides identifying and trying to mitigate for risks that you identify, your risk management plan should be part of a broader business continuity plan that includes strategies for responding to and recovering from incidents if they do happen. Business continuity planning has four steps:

• Prevention – This is essentially the risk management part of the plan, which is to prevent problems from occurring in the first place.

• Preparedness – This should be the fruits of your risk management plan, requiring to you have plans and resources in place to respond and recover from an incident. You should conduct a business impact analysis that identifies all of the resources, personnel and equipment critical to keeping your business running. Your plan should identify external stakeholders, the skills and knowledge necessary to run your business and how long your business can survive without performing these tasks.

• Resp onse – This part of the plan should cover what you do following an incident, such as containing, controlling and minimizing the effects. This should include details on when the plan would be activated, assembling an emergency kit, having evacuation procedures in place and a communication plan to implement during an event.

• Recovery – After the initial response to an incident you will want to ramp up to full operations again as quickly as possible. You need to map out strategies to recover your business activities in the quickest possible time. That entails a description of key resources, equipment and staff required to recover your operations – and a time objective.

Making sure your business continuity plan is reliable and up to date will help you resume operations quickly after an incident and reduce the effects on your business. While you may be able to predict and deal with a number of potential risks, there will be some that are unexpected or impossible to plan for. That’s why the last two parts of your business continuity plan – incident response and recovery – are important, as they can be used after both foreseeable and unforeseeable events. Also, depending on the size of your business, you may choose to have separate risk management, impact analysis, incident response and recovery plans, or a single plan incorporating all of the above elements – known as a business continuity plan. A business continuity plan is a practical blueprint for how your organization will recover or partially restore critical business activities after a change or interruption.

[su_button url=”https://coremarkins.com/reviewrequest/” style=”3d” background=”#33cbfc” color=”#1a1a1a” size=”5″ center=”yes” icon=”https://coremarkins.com/wp-content/uploads/2018/06/checklist-1622517_640.png” desc=”No Cost Review Of Your Business Continuity Plan” title=”Get the Guide”]REQUEST A REVIEW[/su_button]

Related Posts

Sprinkler Damage from a Quake Can Prove a Costly Business: Protect Your Assets

While you might expect cracks to the foundation of your business building during an earthquake, that is not the most ...

Construction Dual Wage Threshold Changes

For some construction classes, the Rating Bureau sets wage thresholds for which different rates apply due to significant differences claims ...

COVID-19 Emergency Workers’ Compensation Rating Changes on Tap

Emergency rules are being developed to guide workers’ compensation classification and claims for coronavirus-affected employers and their workers in California. ...

• Managed IT Services
• Personal Computer Support
• Cybersecurity
• Microsoft 365 and Google Workspace
• Backup and Business Continuity
• Virtual Workspace
• Regulation Compliance
• CMMC Compliance
• IT Outsourcing
• ITAR Compliance for Manufacturers
• Structural Cabling
• Contact Sales
• Pay Invoices
• Remote Support

Disaster Recovery/Business Continuity

How often should your business continuity plan (bcp) be reviewed & tested.

Let’s face it – Disaster can break your business if you’re not prepared with a business continuity plan (BCP). According to FEMA, around 90% of businesses fail and shut down within a year if they are unable to recover within 5 days after a disaster. With proper continuity planning, you can identify potential risks within your organization and create strategies to handle them.

It’s important for organizations to review their business continuity plans regularly because the business environment is always changing. If you’re wondering what “review regularly” means, this article explains how frequently you should review your BCP.

What Is a Business Continuity Plan?

A business continuity plan is a set of procedures, processes, and systems that help an organization prepare for potential business disruptions. It’s designed to ensure business operations are maintained during unexpected events or disasters. The goal of the BCP is to minimize business downtime and enable business recovery as quickly and efficiently as possible.

What’s Included in a Business Continuity Plan?

A BCP should include detailed steps for restoring business operations and guidelines for managing disruptions. These steps should include:

• Assess business processes, critical staff, and data.
• Identify and prioritize business risks
• Develop strategies to address business risks
• Create a business continuity team and assign tasks to each team member
• Designate resources for business recovery
• Test the plan regularly

Is Testing Your BCP Really Necessary?

Creating a business continuity plan is simply not enough. The plan should be tested to ensure it works and that there are no serious gaping vulnerabilities. After all, cybercriminals love to exploit vulnerabilities and natural disasters are great at catching business owners off-guard.

About 32% of businesses develop and test their BCP. Testing your plan is not only necessary but also important to make sure that the plan works as expected. Avoiding continuity testing can be a costly mistake and could put your business at risk.

How Often Should You Review and Test Your BCP?

The phrase “test regularly” is not very helpful. What is regular to one business may be different for another. The frequency of business continuity plan review depends on the size and complexity of the organization. Generally speaking, a BCP should be reviewed and tested at least once a year.

But if a business is complex or rapidly changing, such as in the case of technology businesses, it should be reviewed more often. Additionally, businesses that operate in high-risk or highly regulated industries should also review their BCP quarterly or bi-annually.

It’s also recommended to review and test business continuity plans after any major organizational changes such as staffing changes or business expansion. This way business owners can be sure that the continuity plan is up-to-date with the latest business information and strategies.

Be Prepared for Any Disaster with Simple Systems.

Proper continuity planning requires a dedicated team and resources to ensure that business operations are restored quickly after disaster strikes. With Simple Systems’ business continuity solutions , you can easily create and maintain an open business with minimal effort.

Our team of experts will help you identify business risks, develop strategies to address those risks, and create plans to ensure your business continues to stay open. We also offer business continuity testing services to make sure your plan works as expected.  

Contact us today to get peace of mind knowing that your business is prepared for any disaster.

Dan Lauritzen

Dan is the Founder and CEO of Simple Systems, an IT support company based in Salt Lake City, Utah providing Managed IT Services for a host of clients with all the services of a full-time IT staff without the expense. Our primary goal is to provide the same service to our clients that we expect from others. Our work gets done quickly – we tend to delight and surprise our clients by finishing before the deadline. Simple Systems (SS) first opened its doors in 2007. Over the past 9 years, we have enjoyed working closely with 100’s of small businesses and home users around the Salt Lake Valley. In 2009, SS was honored to be nominated in the Utah Student 25. We are proud of this distinction and look forward to continued growth. In 2012, we opened our retail location in Holladay, Utah to provide home PC customers a more cost effective way to have service and support.

Paid 7 Essential Factors for Crafting an Effective Business Continuity Plan

November 1, 2023   by Echelon Insurance

When it comes to a commercial business’ loss prevention strategy, the importance of having well-crafted tools designed to respond swiftly and effectively to unforeseen incidents cannot be overstated. One resource that may not get as much attention as it needs is a business interruption plan. Any loss, regardless of the severity or the cause, can potentially interrupt a commercial business. The scale and length of these interruptions can range from a full to partial shutdown, depending on the extent of the loss event.

As an integral part of an organization’s loss prevention strategy, a business continuity plan helps limit or mitigate downtime and the economic impact of disruptions after a loss. Whether fires, natural disasters, cyberattacks, or the breakdown of essential equipment, a well-structured business continuity plan ensures that a business can maintain essential functions during an unexpected event.

Not sure where to start? Whether you’re a broker looking to support your customer’s loss prevention journey, or a business owner interested in updating your existing continuity plan, consider the following key factors that contribute to building an effective business continuity plan:

• In determining the plan’s scope, create a formalized outline of key management personnel and their roles and responsibilities when a loss occurs, as well as the areas that can be impacted.

Consult with third parties, such as an insurer’s loss prevention experts, as needed to fully understand an organization’s exposure.

• Business continuity plans should be tested at regular intervals to ensure individuals know how to respond appropriately in their roles.

Practising a plan multiple times will make it more seamless and efficient should you suffer an actual loss.

• Outline upstream and downstream exposures and ensure the business has secondary suppliers for critical raw materials.
• Consider diversifying the business’ customer base. Business interruptions may cause some customers to look for alternative providers; broadening the customer base can help limit the loss.
• Equipment that is critical to operations may produce a bottleneck in the event of a loss. Ensure there is an appropriate amount of critical spare parts available and assess alternative manufacturing options if possible.
• Implement a regular backup process to protect electronic proprietary data and intellectual property. Ensuring your data is safe and redundant will help you resume operations quickly.
• Organize pre-arranged service contracts to allow for a prompt response in the event of utility failure (e.g., electrical, heating/cooling, etc.).

For more information and additional loss prevention resources, visit echeloninsurance.ca .

• Paid 7 Essential Factors for Crafting an Effective Business Continuity Plan" data-url="https://www.canadianunderwriter.ca/?p=1004239338" data-count="none" data-counturl="https://www.canadianunderwriter.ca/insurance/7-essential-factors-for-crafting-an-effective-business-continuity-plan-1004239338/">Tweet

We use cookies to make your website experience better. By accepting this notice and continuing to browse our website you confirm you accept our Terms of Use & Privacy Policy .

read more >>