definition of business continuity plan (bcp)

Search Search Please fill out this field.
Business Continuity Plan Basics
Understanding BCPs
Benefits of BCPs
How to Create a BCP
BCP & Impact Analysis
BCP vs. Disaster Recovery Plan

Frequently Asked Questions

Business Continuity Plan FAQs

The Bottom Line

What is a business continuity plan (bcp), and how does it work.

definition of business continuity plan (bcp)

Pete Rathburn is a copy editor and fact-checker with expertise in economics and personal finance and over twenty years of experience in the classroom.

Investopedia / Ryan Oakley

What Is a Business Continuity Plan (BCP)?

A business continuity plan (BCP) is a system of prevention and recovery from potential threats to a company. The plan ensures that personnel and assets are protected and are able to function quickly in the event of a disaster.

Key Takeaways

Business continuity plans (BCPs) are prevention and recovery systems for potential threats, such as natural disasters or cyber-attacks.
BCP is designed to protect personnel and assets and make sure they can function quickly when disaster strikes.
BCPs should be tested to ensure there are no weaknesses, which can be identified and corrected.

Understanding Business Continuity Plans (BCPs)

BCP involves defining any and all risks that can affect the company's operations, making it an important part of the organization's risk management strategy. Risks may include natural disasters—fire, flood, or weather-related events—and cyber-attacks . Once the risks are identified, the plan should also include:

Determining how those risks will affect operations
Implementing safeguards and procedures to mitigate the risks
Testing procedures to ensure they work
Reviewing the process to make sure that it is up to date

BCPs are an important part of any business. Threats and disruptions mean a loss of revenue and higher costs, which leads to a drop in profitability. And businesses can't rely on insurance alone because it doesn't cover all the costs and the customers who move to the competition. It is generally conceived in advance and involves input from key stakeholders and personnel.

Business impact analysis, recovery, organization, and training are all steps corporations need to follow when creating a Business Continuity Plan.

Benefits of a Business Continuity Plan

Businesses are prone to a host of disasters that vary in degree from minor to catastrophic. Business continuity planning is typically meant to help a company continue operating in the event of major disasters such as fires. BCPs are different from a disaster recovery plan, which focuses on the recovery of a company's IT system after a crisis.

Consider a finance company based in a major city. It may put a BCP in place by taking steps including backing up its computer and client files offsite. If something were to happen to the company's corporate office, its satellite offices would still have access to important information.

An important point to note is that BCP may not be as effective if a large portion of the population is affected, as in the case of a disease outbreak. Nonetheless, BCPs can improve risk management—preventing disruptions from spreading. They can also help mitigate downtime of networks or technology, saving the company money.

How to Create a Business Continuity Plan

There are several steps many companies must follow to develop a solid BCP. They include:

Business Impact Analysis : Here, the business will identify functions and related resources that are time-sensitive. (More on this below.)
Recovery : In this portion, the business must identify and implement steps to recover critical business functions.
Organization : A continuity team must be created. This team will devise a plan to manage the disruption.
Training : The continuity team must be trained and tested. Members of the team should also complete exercises that go over the plan and strategies.

Companies may also find it useful to come up with a checklist that includes key details such as emergency contact information, a list of resources the continuity team may need, where backup data and other required information are housed or stored, and other important personnel.

Along with testing the continuity team, the company should also test the BCP itself. It should be tested several times to ensure it can be applied to many different risk scenarios . This will help identify any weaknesses in the plan which can then be identified and corrected.

In order for a business continuity plan to be successful, all employees—even those who aren't on the continuity team—must be aware of the plan.

Business Continuity Impact Analysis

An important part of developing a BCP is a business continuity impact analysis. It identifies the effects of disruption of business functions and processes. It also uses the information to make decisions about recovery priorities and strategies.

FEMA provides an operational and financial impact worksheet to help run a business continuity analysis. The worksheet should be completed by business function and process managers who are well acquainted with the business. These worksheets will summarize the following:

The impacts—both financial and operational—that stem from the loss of individual business functions and process
Identifying when the loss of a function or process would result in the identified business impacts

Completing the analysis can help companies identify and prioritize the processes that have the most impact on the business's financial and operational functions. The point at which they must be recovered is generally known as the “recovery time objective.”

Business Continuity Plan vs. Disaster Recovery Plan

BCPs and disaster recovery plans are similar in nature, the latter focuses on technology and information technology (IT) infrastructure. BCPs are more encompassing—focusing on the entire organization, such as customer service and supply chain.

BCPs focus on reducing overall costs or losses, while disaster recovery plans look only at technology downtimes and related costs. Disaster recovery plans tend to involve only IT personnel—which create and manage the policy. However, BCPs tend to have more personnel trained on the potential processes.

Why Is Business Continuity Plan (BCP) Important?

Businesses are prone to a host of disasters that vary in degree from minor to catastrophic and business continuity plans (BCPs) are an important part of any business. BCP is typically meant to help a company continue operating in the event of threats and disruptions. This could result in a loss of revenue and higher costs, which leads to a drop in profitability. And businesses can't rely on insurance alone because it doesn't cover all the costs and the customers who move to the competition.

What Should a Business Continuity Plan (BCP) Include?

Business continuity plans involve identifying any and all risks that can affect the company's operations. The plan should also determine how those risks will affect operations and implement safeguards and procedures to mitigate the risks. There should also be testing procedures to ensure these safeguards and procedures work. Finally, there should be a review process to make sure that the plan is up to date.

What Is Business Continuity Impact Analysis?

An important part of developing a BCP is a business continuity impact analysis which identifies the effects of disruption of business functions and processes. It also uses the information to make decisions about recovery priorities and strategies.

FEMA provides an operational and financial impact worksheet to help run a business continuity analysis.

These worksheets summarize the impacts—both financial and operational—that stem from the loss of individual business functions and processes. They also identify when the loss of a function or process would result in the identified business impacts.

Business continuity plans (BCPs) are created to help speed up the recovery of an organization filling a threat or disaster. The plan puts in place mechanisms and functions to allow personnel and assets to minimize company downtime. BCPs cover all organizational risks should a disaster happen, such as flood or fire.

Federal Emergency Management Agency. " Business Process Analysis and Business Impact Analysis User Guide ," Pages 15 - 17. Accessed Sept. 5, 2021.

Terms of Service
Editorial Policy
Privacy Policy
Your Privacy Choices

By clicking “Accept All Cookies”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts.

Gartner client? Log in for personalized search results.

Information Technology

Gartner Glossary

Business continuity planning (bcp).

Business continuity planning (BCP) is a broad disaster recovery approach whereby enterprises plan for recovery of the entire business process. This includes a plan for workspaces, telephones, workstations, servers, applications, network connections and any other resources required in the business process.

2023 Technology Adoption Roadmap for Security and Risk Management

Download Research

3 Must-Haves in Your Cybersecurity Incident Response

Download eBook

Use Gartner Cybersecurity Research & Insights to Develop Your Ideal Security Strategy

Protect Your Business Assets With a Roadmap for a Maturing Cybersecurity Program

Smash 3 Cybersecurity Myths to Improve Employees’ Behavior

Use Behavioral Economics to Influence Security Behavior and Individual Decisions

Experience IT Security and Risk Management conferences

Join your peers for the unveiling of the latest insights at Gartner conferences.

Gartner Webinars

Expert insights and strategies to address your priorities and solve your most pressing challenges.

Recommended Webinars for You

Gartner 100 data & analytics predictions through 2028.

November 27 | 9:00 a.m. CST

November 27

The Innovators Reshaping the Communication Industry in 2023

November 27 | 10:00 a.m. CST

Apply Zero-Trust Principles to Improve Your Security and Risk Posture for Federal Government

November 28 | 12:00 p.m. CST

November 28

Related Terms

By clicking the "Continue" button, you are agreeing to the Gartner Terms of Use and Privacy Policy.

Contact Information

All fields are required.

Please provide the consent below

I have read, understood and accepted Gartner Separate Consent Letter , whereby I agree (1) to provide Gartner with my personal information, and understand that information will be transferred outside of mainland China and processed by Gartner group companies and other legitimate processing parties and (2) to be contacted by Gartner group companies via internet, mobile/telephone and email, for the purposes of sales, marketing and research.

By clicking the "Submit" button, you are agreeing to the Gartner Terms of Use and Privacy Policy.

By clicking the "" button, you are agreeing to the Gartner Terms of Use and Privacy Policy.

This is a potential security issue, you are being redirected to https://csrc.nist.gov .

You have JavaScript disabled. This site requires JavaScript to be enabled for complete site functionality.

Official websites use .gov A .gov website belongs to an official government organization in the United States.

Drafts for Public Comment
All Public Drafts
NIST Special Publications (SPs)
NIST interagency/internal reports (NISTIRs)
ITL Bulletins
White Papers
Journal Articles
Conference Papers
Security & Privacy
Applications
Technologies
Laws & Regulations
Activities & Products
News & Updates
Cryptographic Technology
Secure Systems and Applications
Security Components and Mechanisms
Security Engineering and Risk Management
Security Testing, Validation, and Measurement
Cybersecurity and Privacy Applications
National Cybersecurity Center of Excellence (NCCoE)
National Initiative for Cybersecurity Education (NICE)

business continuity plan (BCP)

BCP show sources hide sources CNSSI 4009-2015 , NIST SP 800-30 Rev. 1 , NIST SP 800-82 Rev. 2

The documentation of a predetermined set of instructions or procedures that describe how an organization’s mission/business processes will be sustained during and after a significant disruption. Sources: CNSSI 4009-2015 from NIST SP 800-34 Rev. 1 NIST SP 800-34 Rev. 1 under Business Continuity Plan (BCP)

Glossary Comments

Comments about specific definitions should be sent to the authors of the linked Source publication. For NIST publications, an email is usually found within the document.

Comments about the glossary's presentation and functionality should be sent to [email protected] .

See NISTIR 7298 Rev. 3 for additional details.

Today’s Multi-Cloud Reality: Cloud Chaos

87% of enterprises use two or more cloud environments to run their applications. multi-cloud accelerates digital transformation, but also introduces complexity and risk, resulting in a chaotic reality for many organizations., conquer cloud chaos with vmware cross-cloud services.

VMware is addressing cloud chaos with our portfolio of multi-cloud services, VMware Cross-Cloud services, which enable you to build, run, manage, secure, and access applications consistently across cloud environments. With VMware Cross-Cloud services, you can address cloud chaos and shift to a cloud smart approach – one where you can choose the best environment for every application, without multiplying your complexity.

Anywhere Workspace

Access Any App on Any Device Securely

App Platform

Build and Operate Cloud Native Apps

Cloud & Edge Infrastructure

Run Enterprise Apps Anywhere

Telco Cloud

Cloud Management

Automate and Optimize Apps and Clouds

Desktop Hypervisor

Manage apps in a local virtualization sandbox

Fusion for Mac
Workstation Player
Workstation Pro

Security & Networking

Connect and Secure Apps and Clouds

Run VMware on any Cloud. Any Environment. Anywhere.

On public & hybrid clouds.

On Private & Local Clouds

Anywhere Workspace Access Any App on Any Device Securely

App platform build and operate cloud native apps, cloud infrastructure run enterprise apps anywhere, cloud management automate and optimize apps and clouds, edge infrastructure enable the multi-cloud edge, networking enable connectivity for apps and clouds, security secure apps and clouds, by industry.

Communications Service Providers
Department of Defense
Federal Government
Financial Services
Healthcare Providers
State and Local Government

VMware AI Solutions

Accelerate and ensure the success of your generative AI initiatives with multi-cloud flexibility, choice, privacy and control.

For Customers

Find a Cloud Provider
Find a Partner
VMware Marketplace
Work with a Partner

Working Together with Partners for Customer Success

See how we work with a global partner to help companies prepare for multi-cloud.

Tools & Training

VMware Customer Connect
VMware Trust Center
Learning & Certification
Product Downloads
Product Trials
Cloud Services Engagement Platform
Hands-on Labs
Professional Services
Customer Success
Support Offerings
Support Customer Welcome Center

Marketplace

Cloud Marketplace
VMware Video Library
VMware Explore Video Library

Blogs & Communities

News & Stories
Communities
Customer Stories
VMware Explore
All Events & Webcasts
Topics
VMware Glossary
Content
Business Continuity Plan

What is a Business Continuity Plan (BCP)?

A Business Continuity Plan (BCP) is a detailed strategy and set of systems for ensuring an organization’s ability to prevent or rapidly recover from a significant disruption to its operations. The plan is essentially a playbook for how any type of organization—such as a private-sector company, a government agency or a school—will continue its day-to-day business during a disaster scenario or otherwise abnormal conditions.

Examples of such disruptions include a fire, a major earthquake or other a natural disaster, a disease outbreak, a cyberattack and many other scenarios that could upend “business as usual.” When such events significantly disrupt an organization’s normal routines, it turns to its business continuity plan for instructions, processes and tools it needs to continue to operate or to quickly recover from downtime.

The Virtual Floorplan: New Rules for a New Era of Work

Hindsight is 2020 - The Pandemic Provides a Wakeup Call

Why is a business continuity plan important.

Risks can be managed, but they can’t be eliminated. Business continuity planning is critical because without it, an organization faces downtime and other problems that could damage its financial health. In major disasters, a lack of a business continuity plan could cause irreparable financial harm that might ultimately force a company to permanently close.

How to create a Business Continuity Plan?

There are many frameworks for creating an effective business continuity plan. Most of them cover three overlapping phases:

Analysis : In this phase, you identify and evaluate the various functions of your business and its operations. Then, you determine how those different functions will be affected by a disaster. This phase usually entails prioritizing different areas or departments in terms of how important they are to your operation, so that your plan ultimately ensures the continuity of your most critical functions first. Business continuity professionals often conduct a Business Impact Analysis (BIA) at the outset of developing a new plan. A BIA estimates the consequences of different disaster scenarios in terms of lost revenue and other business-specific metrics.
Planning : Once an initial analysis is complete, the next phase entails all facets of developing an actual plan for continuing to operate in a disaster, or rapidly recovering from a disruption to normal operations. During the planning phase, organizations:
Develop protocols for potential needs such as a rapid relocation or shift to remote work .
Strategize temporary staffing changes or needs.
Implement IT disaster recovery tools to ensure continuity of critical systems.

A key part of this phase is to name a continuity or crisis management team, comprised of executives and stakeholders who will lead the plan’s implementation if necessary.

Training and Testing : Even the most robust BCP must be put through regular testing to ensure it will work if needed. This includes educating employees on their roles and responsibilities in these scenarios, as well as conducting trials of various elements of the plan. An example would include a short-term rollout of a remote work scenario to identify issues and opportunities for optimization.

Key features of a business continuity plan

Some features of a BCP will be industry or business-specific, but there are components that are common to almost any plan:

People : A BCP will clearly define roles and responsibilities, not just for the crisis management leadership team, but also for any units responsible for implementing different pieces of the plan in a disaster scenario. Some BCPs will also define “essential personnel”—for example, people whose job requires them to report to work even in periods of heightened risk.

Technology : Almost all modern business continuity plans will also clearly outline the role that information technology will play in ensuring critical data, applications and services remain available or are quickly restored after an interruption. These include:

Data backup and recovery tools
Cloud computing infrastructure and services
Remote work platforms

Service Delivery : A BCP should also describe which services are most critical and how they will continue to be delivered to customers, employees, partners, the public and other stakeholders.

Health & Safety : Finally, a strong business continuity program will include criteria and guidelines for ensuring the health and safety of all people involved—employees, customers, partners—as the plan is implemented and managed.

Business Continuity Plan checklist

Many organizations create a checklist as part of their business continuity planning. This is a list of all of the key steps in the BCP. It can be used in two ways:

Conception : First, it can be used as part of the initial creation of the plan. In this context, the BCP checklist would describe in detail the steps necessary to develop the plan, from analysis through testing.
Implementation : Second, a BCP checklist can be used for testing and/or actually implementing the plan. In this context, the BCP or crisis management team would use the checklist to ensure that it addresses all of the plan’s tools and processes and communicates them effectively throughout the organization.

Business Continuity and Disaster Recovery Planning

Business continuity planning and disaster recovery planning are often mentioned in similar contexts, but they are not interchangeable terms. A business continuity plan is an overarching strategy for operating in disaster scenarios or recovering from a major disruption.

A disaster recovery (DR) plan refers more specifically to the IT processes and tools you can rely on to retain or restore access to mission-critical data, applications, and services in these scenarios. A DR plan would detail, for example, how you could restore access to a revenue-generating web application in the event of a flood in the data center that powers that service.

How often should a Business Continuity Plan be reviewed?

Most experts recommend that business continuity plans be reviewed regularly and updated as needed. This helps ensure that the plan will still meet the organization’s needs in the face of evolving risks and threats.

The frequency with which you review a business continuity plan depends on many factors, including the nature of the organization, its industry and its particular risks. As a general rule of thumb, such plans should be reviewed annually or at least every other year. However, there are multiple scenarios where an organization may want to consider more frequent reviews, including:

Significant changes to the business or its operations
Location in a region at greater risk for natural disasters or other potentially disruptive events
Any organization or agency that provides essential services to the public

Recommended for You

Business Continuity
Business Mobility
Disaster Recovery
Business Continuity Application

Anywhere Workspace Solutions

Enable employees to work from anywhere with secure, frictionless experiences.

Assure Experience & Productivity

Support an agile, remote workforce with seamless and secure access.

What is Disaster Recovery? - Definition & Benefits
What is Business Continuity?
What is Business Continuity Application?

5 Step Guide to Business Continuity Planning (BCP) in 2021

A business continuity plan provides a concrete plan to maintain business cohesion in challenging circumstances. Click here for the key steps that can help you formulate a formidable BCP.

A business continuity plan (BCP) is defined as a protocol of preventing and recovering from potentially large threats to the company’s business continuity. This article explains what a business continuity plan is today, its key benefits, and a step-by-step guide to creating a formidable plan.

What is a business continuity plan (bcp), key benefits of having a business continuity plan, step-by-step guide to building a formidable business continuity plan (bcp) in 2021.

A business continuity plan (BCP) is a protocol of preventing and recovering from potentially large threats to the company’s business continuity. Such a plan often aims to address the need for updated business norms and operational standards in unpredictable circumstances such as natural disasters, data breach/ exposures, large scale system failures etc. The goal of such a plan is to ensure continuity of business with no or little damage to regular working environments, including job security for its employees.

It covers everything from business processes, human resources details, and more. Essentially a BCP provides a concrete plan to the organization to maintain business continuity even in challenging circumstances.

Below are key reasons why businesses need to have a BCP today:

BCP’s relevance has gone up considerably after the outbreak of the COVID-19 pandemic and was also a major testing time for organizations that did have such a plan in place. The organizations which had a business continuity plan in place were better able to cope during these unprecedented circumstances better than those who did not have any such plans.
The recorded number of natural disasters has increased from 375 in 2016 to 409 in 2019 Opens a new window . Globally, the loss because of natural disasters was $232 billion in 2019, according to a study by Aon Opens a new window .
The number of cyberattacks has also increased in all geographies and all business verticals. MonsterCloud reported that cyberattacks have skyrocketed during the COVID-19 pandemic. All this means that the organizations have to be better prepared to fight disasters. The importance of BCP can hardly be exaggerated in this context. Preparing a BCP is imperative for any enterprise, big or small, today.

The end goal of a BCP is to ensure that the essential services continue to run in the event of an incident. For instance, if there is an earthquake where your customer service representatives operate from, your BCP will be able to tell you who will handle customer calls until the original office is restored.

Also Read: What Is Disaster Recovery? Definition, Cloud and On-premise, Benefits and Best Practices

Difference between a business continuity plan (BCP) and disaster recovery plan (DCP)

A BCP is often confused with a disaster recovery (DR) plan. While a DR plan is primarily focused on restoring the IT systems and infrastructure, a BCP is much more than that. It covers all areas and departments of the organization, including HR, marketing and sales, support functions.

The underlying thought behind BCP is that IT systems can hardly work in silos. Other departments also need to be restored to cater to the client or for meeting the business demands.

“Many people think a disaster recovery plan (DRP) is the same as a business continuity plan, but a DRP is only a small, yet essential, a portion of a full BCP. A DRP focuses solely on restoring an organization’s IT infrastructure while minimizing data loss. On the other hand, a BCP is a comprehensive guide on how to continue the mission and business-critical operations during a time of an unplanned disruption (natural disasters, pandemics, or malware),” says Caleb Pipkin, a security expert at Logically .

Whether a business is small, big, or medium-sized, it needs a ‘plan B’ to recover quickly in the event of a natural disaster or a crisis and can survive the disruption. BCP helps you dust yourself and get back to business quickly and easily. It means that the enterprise will be better placed to address their customers’ needs even in the wake of a disaster.

On the other hand, the lack of a plan means that your organization will take longer to recover from an event or incident. It could also lead to loss of business or clients. Let’s look at some key benefits of BCP.

1. It is a roadmap to act in a disaster

A well-defined business continuity plan is like a roadmap during a disruption. It allows the firms to react swiftly and effectively and maintain business continuity. In turn, this leads to a faster and complete recovery of the enterprise in the shortest possible timeframe. It brings down the business downtime and outlines the steps to be taken before, during, and after a crisis and thus helps maintain its financial viability.

2. Offers a competitive edge

Fast reaction and business continuity during a disruption allow organizations to gain a competitive edge over its business rivals. It can translate into a significant competitive advantage in the long run. Further, your clients will be more confident in your ability to perform in adverse circumstances allowing you to build a long and sustainable relationship with your business partners.

Developing competence to act and handle any unfavorable event effectively has a positive effect on the company’s reputation and market value. It goes a long way in enhancing customer confidence.

Also Read: Top 8 Disaster Recovery Software Companies in 2021

3. Cuts down losses

Disasters have a considerable impact on all types of business, whether big or small. Business disruption can lead to financial, legal, and reputational losses. Failure to plan could be disastrous for businesses. You may lose your customers while trying to get your business on track. In the worst circumstances, you may not be able to recover at all. A well-defined business continuity strategy minimizes the damage to an organization and allows you to bring down these losses as much as possible.

4. Enables employment continuity and protects livelihoods

One of the most significant consequences of a disaster is the loss of employment. The loss of livelihood can be curtailed to an extent if the business continues to function in the event of a disaster. It leads to greater confidence in the workforce that their jobs might not be at risk, and the management is taking steps to protect their jobs. It helps build confidence in senior management’s ability to respond to the business disruption in a planned manner.

5. Can be life-saving

A regularly tested and updated BCP can potentially help save the lives of the employees and the customers during a disaster. For instance, if the BCP plan for fire is regularly tested, the speed with which the workforce acts can help save lives.

6. Preserves brand value and develops resilience

Possibly the biggest asset of an organization is its brand. Being able to perform in uncertain times helps build goodwill and maintain its brand value and may even help mitigate financial and reputational loss during a disaster.

BCP curtails the damage to the company’s brand and finances because of a disaster event. This helps bring down the cost of any incident and thus help the company be more resilient.

Also Read: 10 Best Practices for Disaster Recovery Planning (DRP)

7. Enables adherence to compliance requirements

Having a BCP allows organizations to have additional benefits of complying with regulatory requirements. It is a legal requirement in several countries.

8. Helps in supply chain security

A precise BCP goes a long way in protecting the supply chain from damage. It ensures continuity in delivering products and services by being able to perform critical activities.

9. Enhances operational efficiency

One of BCP’s lesser-known benefits is that it helps identify areas of operational efficiency in the organization. Developing BCP calls for an in-depth evaluation of the company’s processes. This can potentially reveal the areas of improvement. Essentially, it gathers information that can benefit in enhancing the effectiveness of the processes and operations.

Also Read: 7 Ways to Build an Effective Disaster Recovery and Business Continuity Plan

The COVID-19 pandemic has put the spotlight on preparing for a disaster like never before. We make the job easier for you by listing out the key steps in building a formidable business continuity plan:

How to Build a Business Continuity Plan

Step 1: Risk assessment

This phase involves asking crucial questions to evaluate the risks faced by the company. What are the likely business threats and disruptions which are most likely to occur? What is the most profitable activity of your organization? It is vital to prioritize key risks and operations, which will help mitigate the damage in the event of a disaster.

Step 2: Business impact analysis

The second step involves a thorough and in-depth assessment of your business processes to determine the vulnerable areas and the potential losses if those processes are disrupted. This is also known as Business Impact Analysis .

Essentially, Business impact analysis (BIA) is a process that helps the organization define the impact if critical business operations are interrupted because of a disaster, accident, or emergency. It helps in identifying the most crucial elements of the business processes. For instance, maintaining a supply chain might be more critical during a crisis than public relations.

While there is no formal standard for a BIA, it typically involves the following steps:

Collating information: As a first step, a questionnaire is prepared to find out critical business processes and resources that will help in the proper assessment of the impact of a disruptive event. One-on-one sessions with key management members may be conducted further to gain insights into the organization’s processes and workings.
Analysis: This is followed by analyzing the collected information. A manual or computer-assisted analysis is conducted. The analysis is based on an interruption in which crucial activities or resources are not available. Typically it works on the assumption of the worst-case scenario, even when the chances of a risk likelihood are low. This approach is followed to zero in on the systems that, when disrupted or interrupted, threaten the organization’s very survival. This way, these processes are prioritized in the business continuity plan.

The analysis phase helps identify the minimum staff and resources required for running the organization in the event of a crisis. This also allows the organizations to assess the impact on the revenue if the business is unable to run for a day, a week, or more. There might be contractual penalties, regulatory fines, and workforce-related expenditure which need to be taken into account while finding out the impact on the business. Further, there might be specific vulnerabilities of the firm, and they need to be considered in the BIA.

Preparing a report: The next step is preparing a BIA report, which is assessed by the senior management. The report is a thorough analysis of the gathered information along with findings. It also gives recommendations on the procedure that should be followed in the event of a business disruption. The BIA report also shares the impact on the revenue, supply chain, and customer delivery to the business in a specific time frame.

The business impact analysis report may also include a checklist of all the resources, such as the names of key personnel, data backup , contact information, emergency responders, and more.

Presenting the report: Usually, this report goes through several amendments before being cleared by the senior management. The involvement of senior management is crucial to the success of the business continuity plan. It sends out a strong signal in the organization that it is a serious initiative.

Also Read: Will Extreme Weather Events Affect Your Business? Lessons From the Texas Winter Storm

Step 3: BCP Testing

Several testing methods are available to test the effectiveness of the BCP. Here are a few common ones:

TableTop test: As the name suggests, the identified executives go through the plan in detail to evaluate whether it will work on not. Different disaster types and the response to them are discussed at length. This type of testing is designed to make all the key personnel aware of their role in the event of a disaster. The response procedure is reviewed, and responsibilities are outlined, so everybody knows their roles.
Walk through: In this type of testing, the team members go through their part in the plan with a specific disaster in mind. Drills or a simulated response and disaster role-playing are part of this. This is a more thorough form of testing and likely to reveal the shortcoming in the plan. Any vulnerabilities discovered should be used to update the BCP accordingly.
Disaster simulation testing: In this type of testing, an environment that simulates an actual disaster is created. This is the closest to the actual event and gives the best case scenario about the plan’s workability. It will help the team find gaps that might be overlooked in the other types of tests. Document the results of your testing so you can compare the improvement from the previous tests. It will help you in strengthening your business continuity plan.

Frequency of testing – Typically, organizations test BCP at least twice a year. At the same time, it depends on the size of your organization and the business vertical you operate in.

Step 4: Maintenance

A business continuity plan should not be treated as a one-time exercise. It needs to be maintained , so the organization’s structural and people changes are updated regularly. The key personnel might move on from the firm, and this would need to be updated in the Business Impact Analysis and BCP. The process for regular updating of the documentation should be followed to ensure that the organization is not caught on the wrong foot in case of a business disruption.

Also Read: Offsite Data Replication: A Great Way To Meet Recovery Time Objectives

Step 5: Communication

Sometimes executives tend to ignore communication while preparing a BCP. It is a crucial aspect, and your BCP should clearly define who will maintain the communication channels with the employees, regulators, business partners, and partners during the crisis. The contact information of the key people should be readily accessible for the BCP to work without any trouble.

In the end, the organizations should accept that despite preparing a formidable business continuity plan, several factors beyond your control may still affect its success or failure. The key executives might not be available in the event of a crisis; both the primary and the alternate data recovery sites might have been affected by the event; the communications network might be damaged, and so on. Such factors are common during a natural disaster and may lead to the limited success of the business continuity plan.

The success of a business depends on it acting swiftly and efficiently when confronted with an unanticipated crisis. Any failure to do so results in a financial and reputational loss, which takes up a long time to recover. It can be avoided if the organization quickly gathers itself during a disaster. A business continuity plan is then of paramount importance for a business of any size. At the same time, it is crucial to ensure that the BCP is not a one-time exercise. It needs to be continuously evaluated, tested, amended, and maintained so it doesn’t let you down when you need it the most.

Did you enjoy reading this article? Comment below or let us know on LinkedIn Opens a new window , Twitter Opens a new window , or Facebook Opens a new window . We’d love to hear from you!

Share This Article:

CISOs Beware of The Rising Risk of Supply Chain Attacks

How Our Need for Interpersonal Connection Can Put Us at Risk

The Global Scampocalypse – Fraud Rules the Day

Software Supply Chain Risks Loom Over Elections Systems

Ransomware: The Pros and Cons of Paying Demands

What Is a Security Operations Center (SOC)? Meaning, Components, Setup, and Benefits

Ironstream for Splunk®
Ironstream for ServiceNow®
Automate Evolve
Automate Studio
Assure Security
Assure MIMIX
Assure MIMIX for AIX®
Assure QuickEDD
Assure iTERA
Syncsort MFX
Syncsort Optimize IMS
Syncsort Optimize DB2
Syncsort Optimize IDMS
Syncsort Network Management
Syncsort Capacity Management
Spectrum Context Graph
Spectrum Discovery
Spectrum Global Addressing
Spectrum Quality
Trillium Discovery
Trillium Geolocation
Trillium Quality
Data360 Analyze
Data360 DQ+
Data360 Govern
Precisely EnterWorks
Spectrum Spatial
Spectrum Spatial Routing
Spectrum Spatial Insights
Spectrum Global Geocoding
Spectrum Enterprise Tax
MapInfo Pro
Precisely Addresses
Precisely Boundaries
Precisely Demographics
Precisely Points of Interest
Precisely Streets
EngageOne Communicate
EngageOne Digital Self-Service
EngageOne Vault
EngageOne Compose
EngageOne Enrichment
Precisely Data Experience
Customer engagement
Digital self-service
Digital archiving
Email and SMS
Print to digital
Data enrichment
Data integrity
Data integration
Security Information and Event Management
Real-time CDC and ETL
IT Operations Analytics
IT Operations Management
Cloud data warehousing
Data governance
Data catalog
Data quality
Data quality & enrichment as a service
Data matching & entity resolution
Customer 360
Application data management
Address validation/standardization
Spatial analytics
Geocoding and data enrichment
Master data management
Process automation
Compliance with security regulations
Security monitoring and reporting
High availability and disaster recovery
Data privacy
Access control
IBM mainframe
Sort optimization
Microsoft Azure
SAP process automation
Excel to SAP automation
SAP master data management
SAP finance automation
Financial services
Telecommunications
Precisely Strategic Services
Professional services
Analyst reports
Customer stories
Infographics
Product demos
Solution sheets
White papers
IBM i security
Location intelligence
Financial service and banking
Supply Chain
Find support by product
Create a customer case
Create a partner case
Legacy Syncsort License keys
Online forums
Precisely U
Software Maintenance Handbook
Location Intelligence Product Downloads
Precisely APIs
MapInfo Marketplace
Contact Support
Global offices
Careers and Culture
Diversity and Inclusion
Press releases
In the news
Get in touch

Privacy Policy

Business continuity plan (bcp), what is a business continuity plan, precisely offers high availability and disaster recovery for ibm i and aix power systems.

A Business Continuity Plan (BCP) is a document that outlines how a business will continue operating during an unplanned disruption in service. The BCP defines any and all risks that can affect the company's operations, including natural disasters—such as fire, flood, or weather-related events—and cyber attacks, and how they will be managed. The BCP is generally conceived in advance and involves input from key stakeholders and personnel.

A Business Continuity Plan is different from a disaster recovery plan, which focuses on the recovery of a company's IT system after a crisis. A full Business Continuity Plan should address all business-critical areas, such as communication, supply chain disruption, labor supply and training, physical site access, decision making continuity and IT continuity.

Developing a Business Continuity Plan

There are several steps many companies must follow to develop a solid Business Continuity Plan. They include:

Performing a business impact analysis of all potential risks to the business and how they affect time-sensitive functions and resources.
Identifying the steps necessary to recover critical business functions.
Creation of a continuity team for the organization that will develop a plan for managing disruptions.
Training of the continuity team and continuous simulations to test the plan.

The BCP document should include key details such as emergency contact information so that team members can contact each other and make plans for resuming operations, on-site if possible, or at home offices and offsite locations. This includes use of data backup and disaster recovery plans.

The BCP should be tested several times to ensure it can be applied to many different risk scenarios. This will help identify any weaknesses in the plan which can then be identified and corrected.

The role of high availability and disaster recovery solutions

Precisely offers IBM i and IBM AIX high availability and disaster recovery solutions , key elements of a full Business Continuity plan. With high availability or disaster recovery software from Precisely, companies can protect their business from downtime and data loss by maintaining a real-time copy of production servers and their data at a remote location. In the event of a disruption, a failover can be performed to move production operations to the recovery server with minimal business disruption, or data can be recovered from that replica.

Skip to content
Skip to search
Skip to footer

What Is Business Continuity?

Business continuity is an organization's ability to maintain or quickly resume acceptable levels of product or service delivery following a short-term event that disrupts normal operations. Examples of disruptions range from natural disasters to power outages.

Watch video (1:14)
Business continuity

Contact Cisco

Get a call from Sales

Call Sales:

1-800-553-6387
US/CAN | 5am-5pm PT
Product / Technical Support
Training & Certification

Is business continuity the same as business resilience or disaster recovery?

Business continuity, disaster recovery, and business resilience are not the same, but they are related.

Business continuity is a process-driven approach to maintaining operations in the event of an unplanned disruption such as a cyber attack or natural disaster. Business continuity planning covers the entire business—processes, assets, workers, and more. It isn't focused solely on IT infrastructure and business systems.
Business resilience encompasses crisis management and business continuity. It requires a response to all types of risk that an organization may face. An organization that is business resilient is essentially in a constant state of "expecting the unexpected." It means continuously preparing to meet disruptions head-on, including events of extended duration that may affect more than one facility or region.
Disaster recovery focuses specifically on how to restore an enterprise's IT infrastructure and business systems following a disruption. It is considered an element of business continuity. A business continuity plan (BCP) might contain several disaster recovery plans, for example.

What is a business continuity strategy?

A business continuity strategy is a summary of the mitigation, crisis, and recovery plans to be implemented after a disruption to resume normal operations. "Business continuity strategy" is often used interchangeably with "business continuity plan." Both consider the broader goals, legal and regulatory requirements, personnel, and even the business's clients and partners.

What does a business continuity plan mitigate?

A relevant and well-tested BCP can help ease the negative impacts of an unexpected business disruption in many ways.

Financial impact: Disruptions to product supply chains and critical services to customers can directly affect sales and revenue. Downtime caused by unplanned disruptions can also result in higher costs for a business as it looks to repair operations and mitigate previously unidentified threats.
Reputation and brand impact: Failure to resume operations quickly and supply customers with the products or services they expect can prompt customer defections and tarnish the brand. Damage to reputation can in turn cause investors and capital sources to pull back funding, exacerbating the financial impact of a business disruption.
Regulatory impact: Customers and vendors are likely to complain when businesses fail to respond appropriately to disruptions, which may result in regulatory scrutiny or even censure. In highly-regulated industries, such as energy and financial services, business continuity planning is mandatory to ensure regulatory compliance.

Business continuity planning activities

A well-crafted and tested BCP can go a long way toward helping a business recover swiftly from a disruption. These are key steps a business may want to take.

Identifying critical business areas and functions

Business continuity planning begins with identifying an organization's key business areas and the critical functions within those areas. A business needs to determine and document the acceptable downtime for each area and function considered vital to operations. Then a plan to restore operations can be established, documented, and communicated.

Analyzing risks, threats, and potential impacts

Creating appropriate response scenarios requires knowing what disruptions the business could experience. An upfront analysis of risks and threats is necessary in order to prepare contingency responses to events. Organizations can also conduct a back-end analysis after an event to gather metrics and assess lessons learned. This information can drive improvements in how the business responds to disruptions.

Outlining and assigning responsibilities

A BCP details which personnel will be responsible for implementing specific aspects of the plan. It also identifies key decision-makers and a chain of command. The plan should include alternative options in case primary personnel are incapacitated or unavailable to respond to the disruption.

Defining and documenting alternatives

A business continuity plan should define and document alternative communication strategies in case telephone services or the internet are down. Enterprises should also have alternatives for mission-critical spaces such as data centers or manufacturing facilities in case buildings are damaged.

Assessing the need for critical backups

Essential equipment may be damaged or unavailable during a disruptive event. A business should consider whether it has access to backup equipment and uninterruptible power supplies (UPS) during extended power outages. Business-critical data needs to be backed up regularly, and is mandatory in many regulated industries.

Testing, training, and communication

Business continuity plans need to be tested to ensure they will be effective. (Disaster recovery plans should be tested as well.) A best practice is to conduct a plan review at least quarterly with leadership and key team members who are responsible for executing the plan.

Many companies use role-playing sessions, simulations, and other types of exercises several times per year to test their BCPs. This approach helps to identify gaps, develop strategies for improvement, and determine if more resources are needed. Targeted staff training and communicating to the whole workforce the benefits of having a business continuity plan are also vital to its success.

Manufacturing Extension Partnership (MEP)

Business continuity planning.

Business continuity planning enables you to create an easy-to-use, actionable business continuity planning solution to prepare for the impact of a broad range of threats including natural disasters, disease outbreaks, accidents and terrorism. In addition business continuity planning can help when you face technology-related hazards like the failure of systems, equipment or software. MEP Centers can assist you in developing a plan unique to your needs.

If your company needs to create or tweak a business continuity plan, I highly suggest reaching out to Purdue MEP!

—Doug Ellington, Director of Finance, Estes Design and Manufacturing Read the Success Story

Businessman holding tablet and showing the best quality assurance with golden five stars

Illuminating Possibilities to Achieve ISO Certification

Business Continuity Plans: Lessons Learned From Puerto Rico

For more information or assistance with business continuity planning, please contact your local MEP Center .

If you would like someone to contact you about business continuity planning , please complete the form below.

For General Information

MEP Headquarters [email protected] (301) 975-5020 100 Bureau Drive, M/S 4800 Gaithersburg, MD 20899-4800

Business Continuity Plan (BCP)

Table of contents, what does business continuity plan (bcp) mean, safeopedia explains business continuity plan (bcp).

A business continuity plan (BCP) is a plan that describes how a company will continue to function in the event of some kind of emergency, disaster, or incident.

It outlines the necessary steps and ongoing management processes that need to be applied to identify and protect business processes required to maintain an acceptable level of operations during a crisis.

A BCP is put in place so that a business can continue running even in the event of a sudden, unexpected, or foreseeable interruption of regular day-to-day processes and supporting resources.

Disruptive events may constitute a serious health risk or adversely impact the overall reputation, profitability, or viability of the organization, which is why the business continuity plan outlines the ongoing management process to ensure continuity of core business processes during such events.

A BCP typically relies on a framework for incident response and recovery procedures to define alternatives for continuing critical services and organizational priorities and time frames.

Share this Term

Related Terms

Health and Safety Plan
Safety Alternative methods
Risk Management
Process Safety Management
Standardized Emergency Management System
Business Standards International
Core Competencies

Exploring Safer, Sustainable Alternatives to Hazardous Chemicals

Safety Symbols and Their Meanings

12 Types of Hand Protection Gloves (and How to Choose the Right One)

What Are the Levels of HAZMAT and What Are They Used For?

5 Dangerous Misconceptions About Fall Protection

Let's Make Workplaces Safer!

Subscribe to the Safeopedia newsletter to stay on top of current industry trends and up-to-date know-how from subject matter authorities. Our comprehensive online resources are dedicated to safety professionals and decision makers like you.

What the New Cannabis Legislations Mean for Your Workplace Drug Policy

By: Ken Fichtler | Founder and CEO

How to Get More Value From Your Sustainability Report

By: Karoly Ban Matei | HR and Safety Manager

Building an Effective Safety Leadership Team for EHS Management

By: Addison Moore | Director of Marketing

Home > Learning Center > Business continuity planning (BCP)

Article's content

Business continuity planning (bcp), what is business continuity.

In an IT context, business continuity is the capability of your enterprise to stay online and deliver products and services during disruptive events, such as natural disasters, cyberattacks and communication failures.

The core of this concept is the business continuity plan — a defined strategy that includes every facet of your organization and details procedures for maintaining business availability.

Start with a business continuity plan

Business continuity management starts with planning how to maintain your critical functions (e.g., IT, sales and support) during and after a disruption.

A business continuity plan (BCP) should comprise the following element

1. Threat Analysis

The identification of potential disruptions, along with potential damage they can cause to affected resources. Examples include:

2. Role assignment

Every organization needs a well-defined chain of command and substitute plan to deal with absence of staff in a crisis scenario. Employees must be cross-trained on their responsibilities so as to be able to fill in for one another.

Internal departments (e.g., marketing, IT, human resources) should be broken down into teams based on their skills and responsibilities. Team leaders can then assign roles and duties to individuals according to your organization’s threat analysis.

3. Communications

A communications strategy details how information is disseminated immediately following and during a disruptive event, as well as after it has been resolved.

Your strategy should include:

Methods of communication (e.g., phone, email, text messages)
Established points of contact (e.g., managers, team leaders, human resources) responsible for communicating with employees
Means of contacting employee family members, media, government regulators, etc.

From electrical power to communications and data, every critical business component must have an adequate backup plan that includes:

Data backups to be stored in different locations. This prevents the destruction of both the original and backup copies at the same time. If necessary, offline copies should be kept as well.
Backup power sources, such as generators and inverters that are provisioned to deal with power outages.
Backup communications (e.g., mobile phones and text messaging to replace land lines) and backup services (e.g., cloud email services to replace on-premise servers).

Load balancing business continuity

Load balancing maintains business continuity by distributing incoming requests across multiple backend servers in your data center. This provides redundancy in the event of a server failure, ensuring continuous application uptime.

In contrast to the reactive measures used in failover and disaster recovery (described below) load balancing is a preventative measure. Health monitoring tracks server availability, ensuring accurate load distribution at all times—including during disruptive events.

Disaster recovery plan (DCP) – Your second line of defense

Even the most carefully thought out business continuity plan is never completely foolproof. Despite your best efforts, some disasters simply cannot be mitigated. A disaster recovery plan (DCP) is a second line of defense that enables you to bounce back from the worst disruptions with minimal damage.

As the name implies, a disaster recovery plan deals with the restoration of operations after a major disruption. It’s defined by two factors: RTO and RPO .

Recovery time objective (RTO) – The acceptable downtime for critical functions and components, i.e., the maximum time it should take to restore services. A different RTO should be assigned to each of your business components according to their importance (e.g., ten minutes for network servers, an hour for phone systems).
Recovery point objective (RPO) – The point to which your state of operations must be restored following a disruption. In relation to backup data, this is the oldest age and level of staleness it can have. For example, network servers updated hourly should have a maximum RPO of 59 minutes to avoid data loss.

Deciding on specific RTOs and RPOs helps clearly show the technical solutions needed to achieve your recovery goals. In most cases the decision is going to boil down to choosing the right failover solution.

See how Imperva Load Balancer can help you with business continuity planning.

Choosing the right failover solutions

Failover is the switching between primary and backup systems in the event of failure, outage or downtime. It’s the key component of your disaster recovery and business continuity plans.

A failover system should address both RTO and RPO goals by keeping backup infrastructure and data at the ready. Ideally, your failover solution should seamlessly kick in to insulate end users from any service degradation.

When choosing a solution, the two most important aspects to consider are its technological prowess and its service level agreement (SLA). The latter is often a reflection of the former.

For an IT organization charged with the business continuity of a website or web application, there are three failover options:

Hardware solutions – A separate set of servers, set up and maintained internally, are kept on-premise to come online in the event of failure. However, note that keeping such servers at the same location makes them potentially susceptible to being taken down by the same disaster/disturbance.
DNS services – DNS services are often used in conjunction with hardware solutions to redirect traffic to a backup server(s) at an external data center. A downside of this setup includes TTL-related delays that can prevent seamless disaster recovery. Additionally, managing both DNS and internal data center hardware failover solutions is time consuming and complicated.
On-edge services – On-edge failover is a managed solution operating from off-prem (e.g., from the CDN layer). Such solutions are more affordable and, most importantly, have no TTL reliance, resulting in near-instant failover that allows you to meet the most aggressive RTO goals.

Latest Articles

Regulation & Compliance

578.2k Views

179.2k Views

142.6k Views

140.6k Views

120.7k Views

115.4k Views

110.5k Views

109.8k Views

Protect Against Business Logic Abuse

Identify key capabilities to prevent attacks targeting your business logic

The 10th Annual Bad Bot Report

The evolution of malicious automation over the last decade

The State of Security Within eCommerce in 2022

Learn how automated threats and API attacks on retailers are increasing

Prevoty is now part of the Imperva Runtime Protection

Protection against zero-day attacks

No tuning, highly-accurate out-of-the-box

Effective against OWASP top 10 vulnerabilities

An Imperva security specialist will contact you shortly.

Top 3 US Retailer

Advisera Home

Partner Panel

ISO 22301 Documentation Toolkits

Iso 22301 training.

Documentation Toolkits
White Papers
Templates & Tools

By Standard

ISO in General

New AI Tool

Live Consultations
Consultant Directory
For Consultants

Dejan Kosutic

Get Started

ISO 27001 & ISO 22301 Knowledge base

Business continuity plan: how to structure it according to iso 22301.

In my experience, companies usually find two things in their business continuity or information security management to be the most difficult: risk assessment, and business continuity planning. Here I’ll give you some tips on business continuity plans (BCP).

ISO 22301 business continuity plan should include Purpose, scope and users, Reference documents, Assumptions, Roles and responsibilities, Key contacts, Plan activation and deactivation, Communication, Incident response, Physical sites and transportation, Order of recovery for activities, Recovery plans for activities, Disaster recovery plan, Required resources, and Restoring and resuming activities from temporary measures.

What is a business continuity plan?

According to ISO 22301 , business continuity plan is defined as “documented procedures that guide organizations to respond, recover, resume, and restore to a pre-defined level of operation following disruption.” (clause 3.5)

This basically means that BCP focuses on developing plans/procedures, but it doesn’t include the analysis that forms the basis of such planning, nor the means of maintaining such plans – all these are required elements of business continuity management that are necessary for enabling successful contingency planning.

To read more about analysis, see Five Tips for Successful Business Impact Analysis , and to find out how to interpret the analysis, read Can business continuity strategy save your money? .

Business continuity plan example

Here’s what I found to be the optimal structure for the business continuity plan for smaller and midsize companies, and what each section should include:

Purpose, scope and users – why this plan is developed, its objectives, which parts of the organization it covers, and who should read it.

Reference documents – to which documents does this plan relate? Normally, these are Business Continuity Policy, Business Impact Analysis, Business Continuity Strategy, etc.

Assumptions – the prerequisites that need to exist in order for this plan to be effective.

Roles and responsibilities – who will be responsible for managing the disruptive incident, and who is authorized to perform certain activities in case of a disruptive incident – e.g. activation of the plans, urgent purchases, communication with media, etc.

Key contacts – contact details for persons who will participate in the execution of the business continuity plan – this is usually one of the annexes of the plan.

Business Continuity Plan (BCP) Structure According to ISO 22301

Plan activation and deactivation – in which cases can the plan be activated, and the method of activation; which conditions need to exist to deactivate the plan. Communication – which communication means will be used between different teams and with other interested parties during the disruptive incident. Who is in charge of communicating with each interested party, and the special rules of communication with media and government agencies.

Incident response – how to react initially to an incident in order to reduce the damage – this is very often an annex to the main plan.

Physical sites and transportation – which are the primary and alternative sites, where the assembly points are, and how to get from primary to alternative sites.

Order of recovery for activities – list of all the activities, with precise Recovery Time Objective (RTO) for each.

Recovery plans for activities – description of step-by-step actions and responsibilities for recovering manpower, facilities, infrastructure, software, information, and processes, including interdependencies and interactions with other activities and external interested parties – these are very often annexes to the main plan. To read more about them, see How to write business continuity plans?

Disaster recovery plan – this is normally a type of recovery plan that focuses on recovering the information and communication technology infrastructure. To read more about the relationship between disaster recovery and business continuity, see Disaster recovery vs business continuity .

Required resources – a list of all the employees, third-party services, facilities, infrastructure, information, equipment, etc. that are necessary to perform the recovery, and who is responsible to provide each of them.

Restoring and resuming activities from temporary measures – how to restore business activities back to business-as-usual once the disruptive incident has been resolved.

What I like about ISO 22301 is that it requires all the elements that are necessary for this plan to be useful in case of a disaster (or any other disruption in a company’s activities). However, no standard can help you unless you understand this task seriously – a properly written and comprehensive plan can save your company in tough times, while a superficially written plan will only make things worse.

Click here to see a sample Business Continuity Plan .

Writing a business continuity plan according to ISO 22301

Free webinar explains the basics about business continuity plans and how to structure them

You may unsubscribe at any time. For more information, please see our privacy notice .

+1 512-347-9300

Business Continuity Planning: Definition, Examples and How to Write One

The COVID-19 crisis caught organizations around the world by surprise and left companies scrambling to figure out how to keep their operations running while simultaneously supporting an entirely remote workforce and new business processes. A recent Business Continuity Survey by industry research firm Gartner showed that only 12% of organizations felt highly prepared for the impact of coronavirus. “This lack of confidence shows that many organizations approach risk management in an outdated and ineffective manner,” said Matt Shinkman, vice president in the Gartner Risk and Audit practice. “The best-prepared organizations will manage the disruption caused by the coronavirus far better than their less-prepared peers.”

Catastrophic events like the coronavirus pandemic are impossible to predict, so your organization must be prepared with a business continuity plan in advance. Not only does a business continuity plan help mitigate risks in a catastrophic event, but it also protects your employees and assets, ensuring that your business recovers as quickly as possible. Being ill-prepared for a crisis can be extremely costly to a company. Gartner estimates, on average, businesses lose $5,600 every minute during downtime , which equates to a range of $140,000–$540,000 per hour. In this blog, we explain the rationale for having a current and tested business continuity plan and provide tips for creating a business continuity program that protects your company in the event of a crisis.

What Is a Business Continuity Plan?

A business continuity plan (BCP) is a document that outlines procedures for maintaining operations, or quickly resuming operations, during an unplanned disruption, disaster or crisis. A BCP typically identifies key emergency responders and contains detailed instructions an organization must follow in the event of significant disruption.

Why You Need a Plan: 5 Types of Crises Your Business Could Face

A crisis can be any unforeseen occurrence that causes an unstable and dangerous situation for a company. Sooner or later, no matter the size or industry, all organizations will encounter some sort of crisis. Below are the five most common types of crises a business could face.

1. Financial crisis

A financial crisis occurs when a business loses value in its assets and the company owes significantly more money than it can reasonably pay. Typically, this occurs when there is a sudden shift in the market or a dramatic drop in demand for the company’s product or service. For example, a competitor that comes out with a similar but superior product with a cheaper base cost could cause the demand for your product to significantly drop, resulting in a considerable financial loss for your company. Financial crises directly result in a loss of value for a company and can undermine company confidence among employees, investors and customers.

2. System outages or downtime

Information technology (IT), as well as essential business applications and systems, are critical to day-to-day operations and keeping businesses running smoothly. Technological failures, cyberattacks, outages or security breaches can greatly hinder or completely shut down a company’s operations, resulting in enormous losses for the organization. Frequent news stories about data breaches illustrate how this type of risk is a growing concern for enterprise companies. IT outages and breaches can also result in a major hit to the product’s or service’s reputation.

3. Unplanned loss of key personnel

A personnel crisis occurs when an employee or a key individual who’s associated with an organization abruptly leaves the company due to health, misconduct or other unforeseen circumstances. The unplanned loss of key employees, particularly those in leadership roles, often has a lasting and negative impact on business performance. Additionally, if the employee’s departure is due to misconduct, the company may experience backlash and reputational damage if the offense is perceived as a reflection of the company’s culture. Social media has amplified the speed and scope of negative publicity from personnel misconduct.

4. Organizational misdeeds

An organizational misdeed occurs when a company’s management willingly and knowingly behaves in a manner that results in negative consequences for its shareholders, employees or customers. This type of crisis may include a company withholding vital information, exploiting employees, adopting misleading policies, abusing managerial powers or misrepresenting the company’s products or services. An automobile manufacturer that sells their latest model car with faulty brakes is an example of a company committing an organizational misdeed. Whether this misdeed was unintentional or planned, public knowledge of the misdeed will almost certainly result in reputational or financial damage for the company.

5. Natural disasters

A natural disaster is any cataclysmic phenomenon that negatively impacts a company, such as a volcano, an earthquake, flooding, a hurricane, a tornado, or an outbreak of a virus. Damages caused by these calamities are typically large in scale and may affect an entire area or industry or even the global economy. The recent COVID-19 pandemic is an example of a natural disaster that negatively affected economies, employees, and organizations around the world.

How to Write a Business Continuity Plan in 5 Steps

Creating a business continuity plan helps protect your assets and personnel and gives you the best chance of successfully navigating an unanticipated crisis. While no one is able to predict when and how devastating events will negatively impact their business, crisis management, is important as it helps you prepare for them in advance.

To begin brainstorming and drafting your business continuity plan, form a team composed of staff with in-depth knowledge of your business functions and processes. It’s especially important to include cross-functional representatives spanning IT, Human Resources and finance to determine what strategies and plans are viable.

For those who haven’t yet created a business continuity plan, you can follow the step-by-step instructions below. You may also want to use a business continuity plan template to help guide you in the drafting process.

Step 1: Conduct a business impact analysis

The first step in developing an organization-wide business continuity plan is conducting a business impact analysis and risk assessment exercise. The initial review will identify threats to your organization and determine how each crisis will impact your business. Try to come up with an exhaustive list that includes obvious risks — like physical damage to your building due to extreme weather or a sudden shift in the market — as well as obscure threats, like an outbreak of a contagious virus. When determining operational time lost or delays due to a disaster or crisis, it’s important to account for the best- and worst-case scenarios. Once completed, you will want to quantify the financial impact each event could potentially have on your business so you can plan accordingly.

Step 2: Discuss recovery options

Your team should now discuss strategies for recovering from a crisis and the best way to restore business operations for each scenario. Include the required resources needed to execute an emergency response, each recovery option and how those resources should function. For damage to your physical buildings or to reduce the spread of a virus, implement a tech stack and IT strategy that can support a remote workforce and keep your operations running outside the office.

Additionally, many third-party companies support business continuity and information technology recovery strategies for critical business functions. For IT outages and breaches, you may consider contracting a vendor specializing in data loss prevention services in advance. Depending upon the size of your organization and available resources, there may be many different recovery options that can be explored for each event.

Step 3: Refine your continuity plan

Now it’s time to map each crisis scenario with your recovery plans to narrow down the list to the best options. Decide which strategies will help your business recover as quickly as possible while keeping your employees and assets safe. While you’ll want to have plans for best- and worst-case scenarios, it’s essential to simplify the plans with easy-to-understand instructions. Remember, emergency responders and employees may need to implement these plans with just a moment’s notice when disaster strikes.

Step 4: Train your team

A great plan is only as good as its execution. That’s why it’s crucial that you educate and train your staff on how to respond to crises. First, identify key personnel who will be the first to assist and follow the business continuity plan in the event of an emergency. These employees should know their specific responsibilities and roles in the plan. While your designated emergency responders will need the most training, you should get your whole staff involved with the BCP, even if they are not directly affected. Embed continuity training into your company culture so all employees know how to respond to various scenarios and whom they should contact in an emergency.

Discussing the need for a business continuity culture, MHA Consulting’s Richard Long writes , “When an organization has a continuity culture, its employees constantly ask themselves the question: How do we ensure that this process, application or function will remain available (even in a degraded state) in case of a disaster?”

Step 5: Map out the transitional phase

Finally, map out the transitional phase to ease back into normal operations and work postcrisis. Determine what requirements need to be met before business operations can resume. If your physical building was damaged, what steps need to be completed before employees can safely return to the office? If a key individual who’s associated with your organization abruptly leaves due to misconduct, how will you communicate this with your employees and help them transition back into a normal workflow? The effects of some events may be extremely personal for your staff and extend far beyond the initial shock. It’s important to plan out different scenarios of how and when business operations can return to normal after a crisis.

Business Continuity Plan in the COVID-19 Era

The COVID-19 pandemic presents a serious threat to individuals, businesses and entire economies around the world. Many companies implemented mandatory work-from-home policies for their entire workforces to slow the spread of the virus. With the ongoing uncertainty surrounding coronavirus, organizations are now faced with a new challenge: how and when to return employees to the workplace safely. While your initial focus may be getting your employees back in the office, you must keep your employees’ safety, comfort and well-being in mind. Here are our five recommendations for business continuity management planning in the COVID-19 era.

1. Work toward a work-from-home + office hybrid model

Not all employees will be ready to return to the office after COVID-19 is suppressed. Some will need to continue to work from home for medical or personal reasons and therefore needs to be accounted for in your planning process. Other employees will be ready and eager to return to office life full-time or may want to continue to work remotely but commute into the office a few days every week. Consider instituting a hybrid work model with some employees working from the office and others working from home on either a permanent or rotating basis. This gives your staff the flexibility to work from wherever they are most comfortable and keeps everyone productive and engaged during this transitional phase. Decide what the business recovery point objective is and decide what works best for your team members; fully remote, hybrid work model, or the traditional office setting.

2. Build a tech stack that supports remote work

To support a distributed workforce made up of remote and in-office employees, you must invest in tools that enable seamless work and collaboration regardless of your employees’ locations. Cloud-based technology allows employees to effectively work from anywhere they can connect to the internet. Productivity and collaboration no longer happen at a single office location. Delivered via the cloud, video conferencing , messaging apps and project management tools make it easier than ever before for distributed team members to meet, share ideas and seamlessly work together, even if they are not physically together.

3. Create a video-first culture

Employee satisfaction and happiness go hand in hand with a collaborative and inclusive culture. This is especially important when transitioning into a hybrid work model made up of remote and in-office workers. Remote employees should feel just as informed and included as their in-office colleagues. Create a video-first culture that places a priority on using video conferencing tools for all team meetings, as opposed to audio-only conference calls or text-based tools. The face-to-face interactions help teams with remote workers stay engaged during meetings and build collaborative and authentic relationships.

4. Reduce coronavirus transmission in the office

The best way to stop the spread of the virus in the workplace is to keep the germs out of the office in the first place. This starts with educating your workforce on the signs and symptoms of COVID-19 and encouraging employees to stay home if they feel sick. Additionally, employees should follow CDC guidelines for social distancing in the office and practice good hygiene by thoroughly washing their hands throughout the day. Workstations will need to be properly spaced apart and thoroughly disinfected and cleaned every day to reduce the spread of the virus.

5. Create a contingency strategy

Your business continuity plan for returning to work post-COVID-19 should include a contingency strategy in case there is an outbreak of the virus in the office. The key to a solid contingency strategy that quickly stops the spread of the virus is preparation and communication. Reach out to your staff immediately if an employee tests positive for the virus or comes into contact with an infected person. Employees should be able to start working remotely with short notice. This means employees will need to take their laptops and work home with them on a daily basis.

We rarely get advance notice that a catastrophic event is about to occur. Even with some lead time, multiple things can go wrong as the events unfold in unexpected ways. An effective business continuity plan is the best safety net for an organization facing a crisis. Even though costs and time are involved in creating the plan, a BCP is invaluable to your company. Well-thought-out and executed plans give your company the best chance of keeping your employees and assets safe while maintaining or restoring operations in a timely matter during a crisis.

Get stories like this in your inbox.

Digital Adoption and Globalization: How Video Conferencing Can Increase Productivity and Profit

Improving the Video Conferencing Experience in the Era of Remote Work

In case you’ve been living under a rock for the past six months, it’s clear that remote work and distributed teams are here to stay, even after the pandemic recedes. While some workers will gradually find their way back to in-person (office or otherwise) workplace settings, this is just the on-ramp to the highway of working from anywhere for many others.

Continuity of Operations (COOP)/ Business Continuity Planning Topic Collection August 18, 2023

Topic Collection: Continuity of Operations (COOP)/ Business Continuity Planning

Technical Resources
Recovery and COOP
Continuity of Operations (COOP)/ Business Continuity Planning

Disasters and public health emergencies can have a significant impact on healthcare personnel and facilities. Plans and mitigation efforts that allow medical facilities and providers to sustain their mission, core essential functions, and services for patients already receiving care, as well as respond to potential surges in patients with space, staffing (including leadership), and equipment/supply issues are required. The goal is to ensure continuity of operations and facilitate operational and financial recovery.

Continuity of Operations Planning (COOP) is the term favored by public and government entities for mitigation and planning strategies that create resilience and allow services to continue to be provided in the face of a range of challenges. Business Continuity Planning (BCP) is a similar term more often used in the private sector that focuses on both maintaining service delivery and receiving payment for those services provided. BCP in the past often referred to computer systems but now applies to all vulnerable resources. The resources that follow highlight selected plans and planning guidance, lessons learned, tools, and promising practices for healthcare facility BCP. Additional related resources may be found in the Hazard Vulnerability/Risk Assessment , Cybersecurity , Electronic Health Records , Recovery , and Utility Failures Topic Collections.

Each resource in this Topic Collection is placed into one or more of the following categories (click on the category name to be taken directly to that set of resources). Resources marked with an asterisk (*) appear in more than one category.

Sections Navigation

Section navigation.

This item doesn't have any comments
Emma Poon This is a better link for FEMA's most current continuity guidance: https://www.fema.gov/continuity-resource-toolkit 7/1/2020 9:33:51 AM
J Warren Billett This link is broken. 7/11/2022 2:29:15 PM

Education and Training

Event-specific lessons learned, general information, guidance/guidelines, information technology (it) and utility issues.

bob johnson This response missed RPO as part of the discussion and cost factor. 11/26/2019 1:26:39 AM

Non-Hospital Setting Continuity Planning

Plans, tools, and templates.

Mike Staley Template not available 4/27/2017 2:04:00 PM

Agencies and Organizations

This ASPR TRACIE Topic Collection was refreshed and comprehensively reviewed in August 2019 by the following subject matter experts (listed in alphabetical order): Eric Alberts , EM, CHS-V, FPEM, FPEM-HC, CDP-1, CHPP, CHEP, SEM, CFRP, FABCHS, Manager, Emergency Preparedness, Orlando Health, Inc. (Hospital System); Peter Brewster , U.S. Department of Veterans Affairs, Program Manager, Education and Training; John Hick , MD, HHS ASPR and Hennepin County Medical Center; Onora Lien , Executive Director, Northwest Healthcare Response Network; Mary Massey , BSN, MA, PHN, VP, Emergency Management, California Hospital Association; and Mary Russell , EdD, MSN, Healthcare Emergency Response Coalition, Palm Beach County Florida.

I t was comprehensively reviewed in August 2015 by the following subject matter experts (listed in alphabetical order): Eric Alberts , BS, FPEM, CHS-V, CDP-1, CHPP, CHEP, SEM, CFRP, FABCHS, Manager, Emergency Preparedness, Orlando Health, Inc. (Hospital System); Peter Brewster , U.S. Department of Veterans Affairs, Director, Education and Training; Benjamin Dauksewicz , MA, CEM, Mount Sinai St. Luke’s–Roosevelt; Natalie N. Grant , MPH, Program Analyst, HHS ASPR, Office of Emergency Management (OEM), Recovery, and Hurricane Sandy Health & Social Services Recovery Support Function Field Coordinator; John Hick , MD, U.S. Department of Health and Human Services, Office of the Assistant Secretary for Preparedness and Response (HHS ASPR) and Hennepin County Medical Center; Carol Jacobsen , RN, Director, Public Health Programs, Ohio Hospital Association; Bill Mangieri , CBCP, CHEP, Field Project Officer Region VI, National Healthcare Preparedness Program, HHS ASPR, OEM; Mary Russell , EdD, MSN, Emergency Services, Boca Raton Regional Hospital; and Matthew L. Smith , Chief, Continuity of Operations Branch, HHS ASPR, OEM, Division of Resilience.

Featured Resources

The Disaster Available Supplies in Hospitals (DASH) Tool

Monkeypox Resources

COVID-19 Resources Page

COVID-19 Workforce Virtual Toolkit

CDC's Coronavirus (COVID-19) Page

ASPR's 2019 Novel Coronavirus Disease Page

Subscribe to the ASPR TRACIE Listserv.

Enter your email address to receive important announcements and updates through the ASPR TRACIE Listserv.

Other Threats
Security Tips
Identity Protection
Digital Life
Privacy Tips
Performance Tips

Business Continuity Plan (BCP): What Is It and How to Make One

A business continuity plan is a key step for ensuring that businesses can minimize the losses relating to a data breach, cyberattack, or other disasters. This article looks at why business continuity planning matters, how to develop a BCP, and how to improve and review your plan.

What is a business continuity plan?

A business continuity plan (BCP) outlines a process to prevent and recover from a range of potential threats in the event of an unexpected incident such as a cyberattack, identity theft , or a data breach . It allows a quick reaction, and minimizes impact and recovery times.

This Article Contains:

See all Security articles

In order for it to be effective, a BCP should be extremely detailed with short-term and long-term planning, covering every area of the business that could be affected. This should include assets, personnel, business processes, and partners/customers.

As disaster recovery planning’s main focus is on IT recovery, it should be included as part of the BCP and provide a clear roadmap for maintaining operations in multiple scenarios.

Why does business continuity planning matter?

Having a plan means you can respond quickly and decisively, minimizing disruption — which is key to maintaining customer confidence in the face of a crisis. For this reason, business continuity planning is vital to businesses of all sizes.

Disruptions of any kind, from software failures to fires, will severely impact productivity and increase costs. If best practices are not followed by all members of staff, cybersecurity threats from IoT , spoofing and weak passwords also have the potential to cause significant disruption.

While the financial loss will be higher for larger businesses, the impact on companies with smaller margins could be catastrophic, as the cumulative cost of fines or penalties, recovery expenses, and loss of business could rapidly add up. For both, losing customer trust must be avoided wherever possible — some losses cannot be covered by insurance.

While a business continuity plan cannot anticipate events, a holistic approach can ensure that there is clear guidance to keep things moving, protect sensitive data, and retain customers during a crisis of any type.

How to develop your business continuity plan

Before producing a business continuity plan, it is important to assess your business and its processes. From a security perspective, identifying vulnerabilities will help you to make existing security measures more robust as well as identify which threats are most likely to occur. Similarly, taking the time to review existing processes could help to identify new efficiencies.

Implementing an OPSEC (operational security) process at this point can help to identify weak points in data security and inform the creation of your BCP.

Illustration of a business continuity plan document with connecting lines to various technologies and processes.

What should be included in a business continuity plan?

While the requirements will vary between organizations, the key components of an effective business continuity plan are as follows:

1. Create a planning team

The size of the team will depend on your organization’s scale but should include managers from every department. In addition, leaders should be identified for key aspects such as IT, facilities, finance, and HR.

The team’s tasks will be to develop the plan, provide clear direction and training to staff, and test and review, ensuring that the measures outlined remain the most effective strategy.

2. Identify risks

The first task of the team is to conduct a business impact analysis (BIA). This analysis provides an ideal starting point as it will help you to identify and prioritize specific risks to security, finances, operations, etc.

Conducting a BIA can be a complicated process, but the result will be a valuable document that identifies the key risks to your business and how they would be impacted by a range of potential disruptions.

3. Mitigate risks

Having identified the risks, the next step is to review existing processes to identify changes that can be made to reduce the impact of an issue. This could include:

Reviewing fire safety

Implementing revised IT backup processes and cloud security

Increasing staff training

Preparing contingency suppliers

Updating cybersecurity policy and tools

4. Create continuity strategies

Simply knowing about risks is not enough. If disaster strikes, swift and decisive action will be required to minimize the impact and expedite recovery.

Continuity strategies should provide clear guidance on how to ensure operations can continue at an acceptable level during the recovery period. Key questions should be answered with specific instructions and information to ensure there is clarity in the approach. These should include:

Are there clear instructions for accessing data backups?

Is the contact information for key personnel and suppliers up to date?

Which tasks could be outsourced?

Is there an effective WFH policy?

Are manual processes in place if internet access is unavailable?

5. Implement and train

The continuity plan will evolve alongside the business and must remain a live document that is regularly updated. To identify where improvements are required, you should ensure regular testing of processing and systems.

Staff should be trained on general processes, with individuals assigned key roles — in the same way that you identify fire marshals or first-aiders.

While the level of detail will vary depending on the size of the company and the departments involved, the following example shows the steps that need to be taken in the case of a data breach:

Confirm the nature of the attack

Inform all staff immediately

Identify what has been compromised

Urgently prevent further damage

Change affected passwords and remove access permissions

Repair data and restore from backups

Call in external support

Identify how the breach happened

Notify customers and clients as required

Determine the impact and cost of the breach

Evaluate and strengthen security as required

Review response and adjust BCP

Provide updated training for staff

All of these steps should have specific guidance in the BCP.

How to test your business continuity plan

Don’t wait until disaster strikes to find out if your BCP is adequate. The best way to know if it will be effective is to implement regular and rigorous testing. Objectives should be measured and compared against previous tests to identify and fix weak spots that could be vulnerable to ransomware or zero-day attacks.

The frequency of testing varies, but many companies will test their business continuity plans up to four times per year. Due to the broad and detailed nature of a BCP, there are multiple ways to test. The most simple testing method is for the planning team to analyse the existing plan, identifying weak points and areas that require updates due to company changes (contact details, suppliers, etc.).

As part of this, the person responsible for a certain aspect, such as cybersecurity, can present the elements of their plan to the team for critical review before being re-assessed, using a selection of the most pertinent disaster scenarios.

Simulation tests should also be performed on an annual basis to determine how well the plans hold up in a real-world scenario. This could include evacuation drills and exercises to build confidence in the continuity processes. Simulations should include staff from outside the planning team to bring in fresh eyes to identify areas that require more clarity or other aspects that might otherwise have been overlooked.

Improving and reviewing your business continuity plan

In addition to the revisions made during the testing process, feedback from each department will help to strengthen your overall plan by providing a specialized perspective on policies and processes. Depending on the company structure, this stage could be conducted following the periodic testing or be implemented during the review process.

For a business continuity plan to be effective long-term, it has to be supported. If it becomes a quarterly task for department heads, it will not be adopted correctly and could fail to provide continuity of service should a crisis occur.

Instead, all members of staff should be trained to understand their role and the importance of rapid response to limiting the impact. Through familiarity with emergency processes, staff will feel safer and more able to respond positively and proactively to any situation.

Keep your business secure

Protect against an unexpected cyberattack using next-gen business antivirus by Avast Business — providing proactive solutions to protect against advanced cyberattacks and ransomware.

Get Next-gen Business Antivirus

Manage the security of your business, all from one platform. Get Avast’s next-gen business antivirus for tailored business security.

All related articles

Latest Security Articles

Latest Articles

Get tailored business security with Avast's next-gen business antivirus

Performance

For Business

Business support
Business products
Business partners
Business blog

The Business Continuity Plan: definition of EBRC's core business

Resilience is not only a matter of technologies but also of procedures and standards. As an expert in high availability, EBRC has developed a unique consulting business to help companies increase their resilience in an ever uncertain environment.

Why is it important to have a business continuity plan?

Rarely were businesses confronted to such complex times. In addition to the COVID-19 pandemic with its travel constraints and the subsequent economic downturn, CIOs had to deal with an unprecedented wave of computer attacks, particularly in the healthcare sector. This has led many companies to improve their BCP/DRP to counter the ever growing risks.

What is the definition of the Business Continuity Plan: the BCP goes far beyond the IT aspect

BCP (Business Continuity Plan) and DRP (Disaster Recovery Plan) projects are often approached as IT-only projects, but these approaches must cover all the activities and processes that make up the company’s business, from IT systems to energy suppliers, logistics and the premises where employees can return to work if the company's own are no longer available practicable. Both of these approaches, if combined, can help a company enter a continuous improvement Cyber-Resilience lifecycle from the preparation, identification, protection, detection, analysis, response and recovery steps.

A BCP tailored to each need and considered from a business perspective

Jean-Bernard Yata, Country Lead France - Risk & Business Advisory, EBRC

EBRC considers business continuity as it should be from a business perspective and not only from the IT side. "A business continuity plan is decided by the company's management and must encompass all the services delivered by the company to its customers. It is therefore not just a matter of responding to e-mails but of maintaining production and continuing to deliver customers." emphasises Jean-Bernard Yata, Expert Consultant – Country Lead France. "The BCP, depending on the business imperatives can be implemented to switch IT from one Data Center to another, to organise homeworking for the staff, or to open fully equipped office spaces to accommodate the staff in less than 2 hours. If the crisis is expected to last, a BCP can go as far as planning the distribution of a factory production to other production sites, or even transferring all of a bank's activities from one country to another because of a geopolitical risk such as an armed conflict."

The ISO 27001 and 22301 standards: the foundation to be relied on when defining a Business Continuity Plan

In this context, the preliminary risk assessment is a crucial stage during which all the real and potential risks the company is subject to are assessed. In this exercise, it is necessary to rely on existing tools, i.e. the standards, to set up the recovery processes. ISO 27001 standard provides a framework for information security and ISO 22301 already lists all the threats, risks and incidents that can occur and adversely affect a company. These standards are a real support in strengthening a company's resilience, but certification is only of value if it is applied, says Jean-Bernard Yata: "There is an administrative approach to certification and a much more operational approach. Rather than a purely theoretical approach to certification, it is necessary to adopt a pragmatic approach based on elements that are directly transposable to the company's day-to-day activities."

A BCMS portal: steering the business continuity plan to remain operational in all circumstances

For its internal needs, EBRC has developed an efficient and proven methodology that we can directly transpose to our clients, enriching it with the specificities of their business. Thus, EBRC offers its clients its own BCMS (Business Continuity Management System) tool, Cyber Resilience Portal, to help them manage their business continuity plan. "All action plans and indicators are set out in the tool. All relevant users can see the processes and action plans to be implemented in the event of an incident" adds Jean-Bernard Yata. "When the COVID-19 pandemic required containment, the EBRC pandemic plan prepared in 2009 for H1N1 was implemented, which allowed our teams to remain operational. This experience is now available to all EBRC clients."

EBRC offers a unique approach in the market that allows organizations and companies to reduce their exposure to risks through tailored consulting and the provision of "Trusted" services aligned with the highest standards and certifications, the only elements that guarantee resilience.

Consulting, EBRC’s differentiator in the hosting market

EBRC's business goes far beyond data hosting. It also has a consulting structure, Trusted Advisory Services , with around thirty certified consultants, which helps companies set up data protection services, as well as obtain ISO 22301 certification , to initiate the assessment of deviations from the target standard (Gap Assessment) or the BIA (Business Impact Assessment), which is a prerequisite for the implementation of a BCP. Above all, unlike other consulting firms, EBRC's consulting offer is based on its own experience and a resolutely pragmatic approach of the implementation of business continuity plans. This pragmatism is appreciated as much for the efficiency of the processes as for the solutions recommended for the implementation of BCPs.

EBRC’s resilient services

Specialised in resilience to ensure secure access to data and the continuous operation of IT applications, EBRC’s business is supported by three Tier IV certified Data Centres . TIER IV certification, issued by Uptime Institute, is the highest level of security and resilience certification a Data Centre can achieve. EBRC's facilities have had 100% availability, zero downtime, for... 21 years! In parallel, EBRC has two disaster recovery sites in Luxembourg, with a capacity of 800 fully equipped workstations, ready to welcome its clients' employees in case of an incident. These infrastructures and the ISO 22301 certified processes enable this European company to offer a full range of resilient services, including a disaster recovery plan with an SLA of only 2 hours, or the Trusted Backup Recovery Services offer.

Business Continuity is relevant to all structures

Jean-Louis Gillon, International Business Development Manager, EBRC

Jean-Louis Gillon , International Business Development Manager at EBRC : Business continuity and standards are not issues relevant for large companies only. The size of our structure and our responsiveness enable us to meet the needs and constraints of smaller companies. These companies see standards as a way of enhancing the value of their business for their major customers, but also for investors and shareholders. Standards are a lever, a differentiator for smaller companies.

Our pragmatic and responsive approach has enabled us to have several references with mid-sized and smaller companies of up to a dozen employees. But beyond this need for compliance, certification and the continuous improvement process are also tools to improve the company's sustainability and help it handle crises of all kinds and, in a way, give them also competitive differentiators."

EBRC, proven expertise certified to the highest industry standards

Founded in 2000, EBRC (an acronym for "European Business Reliance Centre") has positioned itself on the European market for data hosting services from Tier IV Data Centres operated in Europe. In this highly competitive market, EBRC's strategy has been to provide IT services that are both certified to the most demanding standards in the industry (ISO 27001, ISO 22301, ISO 20000 and ISO 27017) and offer services that meet regulatory requirements (PSF, HDS, PCI DSS). This strategy has enabled EBRC to position itself not only in the very dynamic Finance/ FinTech and RegTech markets , but also in the healthcare and life sciences sectors , international institutions , security, defence and space as well as online services and OES (Operators of Essential Services).

In addition to this purely technical business, EBRC has developed an important consulting business to help companies improve their data protection capabilities and more generally the resilience of their business. Jean-Louis Gillon, EBRC's International Business Development Manager in charge of the French market, explains this original positioning in the market: "Our approach differs from that of many hosting, data backup and cybersecurity players. Faced with the stress of a computer attack, each and every one offers highly technical solutions that only cover an isolated part of the overall problem. We prefer to promote continuity, from the Data Centres where the data is stored and where the processing is carried out to the other end of the chain, from the general management to the business users."

An official website of the United States government

Here’s how you know

Official websites use .gov A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS A lock ( Lock A locked padlock ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Business Continuity Planning

Organize a business continuity team and compile a business continuity plan to manage a business disruption. Learn more about how to put together and test a business continuity plan with the videos below.

Business Continuity Plan Supporting Resources

Business Continuity Plan Situation Manual
Business Continuity Plan Test Exercise Planner Instructions
Business Continuity Plan Test Facilitator and Evaluator Handbook

Business Continuity Training Videos

The Business Continuity Planning Suite is no longer supported or available for download.

Business Continuity Training Introduction

An overview of the concepts detailed within this training. Also, included is a humorous, short video that introduces viewers to the concept of business continuity planning and highlights the benefits of having a plan. Two men in an elevator experience a spectrum of disasters from a loss of power, to rain, fire, and a human threat. One man is prepared for each disaster and the other is not.

View on YouTube

Business Continuity Training Part 1: What is Business Continuity Planning?

An explanation of what business continuity planning means and what it entails to create a business continuity plan. This segment also incorporates an interview with a company that has successfully implemented a business continuity plan and includes a discussion about what business continuity planning means to them.

Business Continuity Training Part 2: Why is Business Continuity Planning Important?

An examination of the value a business continuity plan can bring to an organization. This segment also incorporates an interview with a company that has successfully implemented a business continuity plan and includes a discussion about how business continuity planning has been valuable to them.

Business Continuity Training Part 3: What's the Business Continuity Planning Process?

An overview of the business continuity planning process. This segment also incorporates an interview with a company about its process of successfully implementing a business continuity plan.

Business Continuity Training Part 3: Planning Process Step 1

The first of six steps addressed in this Business Continuity Training, which detail the process of building a business continuity plan. This step addresses how organizations should “prepare” to create a business continuity plan.

Business Continuity Training Part 3: Planning Process Step 2

The second of six steps addressed in this Business Continuity Training, which detail the process of building a business continuity plan. This step addresses how organizations should “define” their business continuity plan objectives.

Business Continuity Training Part 3: Planning Process Step 3

The third of six steps addressed in this Business Continuity Training, which detail the process of building a business continuity plan. This step addresses how organizations should “identify” and prioritize potential risks and impacts.

Business Continuity Training Part 3: Planning Process Step 4

The fourth of six steps addressed in this Business Continuity Training, which detail the process of building a business continuity plan. This step addresses how organizations should “develop” business continuity strategies.

Business Continuity Training Part 3: Planning Process Step 5

The fifth of six steps addressed in this Business Continuity Training, which detail the process of building a business continuity plan. This step addresses how organizations should define their “teams” and tasks.

Business Continuity Training Part 3: Planning Process Step 6

The sixth of six steps addressed in this Business Continuity Training, which detail the process of building a business continuity plan. This step addresses how organizations should “test” their business continuity plans.

Last Updated: 11/08/2023

Return to top

IMAGES

Building a Business Continuity Plan (BCP)
Business Continuity Planning: How To Create and Maintain BCPs
How to create an effective business continuity plan?
What’s in a Business Continuity Plan?
What Is A Business Continuity Plan?
The importance of Business Continuity Planning

VIDEO

Creating a business continuity plan with Kuali Ready
「ＢＣＰって何？」ＢＣＰあるなしの被災シミュレーション
Business Continuity Plan (BCP) Business Continuity Management (BCM)
Risk and response
KISSBCP S2E9
BCP（Business Continuity Plan：事業継続計画）は万全ですか？

COMMENTS

What Is a Business Continuity Plan (BCP), and How Does It Work?
Business continuity plans (BCPs) are prevention and recovery systems for potential threats, such as natural disasters or cyber-attacks. BCP is designed to protect personnel and assets and...
What is a Business Continuity Plan (BCP)?
A business continuity plan (BCP) is a document that consists of the critical information an organization needs to continue operating during an unplanned event. The BCP states the essential functions of the business, identifies which systems and processes must be sustained, and details how to maintain them.
Business continuity planning
Business continuity may be defined as "the capability of an organization to continue the delivery of products or services at pre-defined acceptable levels following a disruptive incident", [1] and business continuity planning [2] [3] (or business continuity and resiliency planning) is the process of creating systems of prevention and recovery to...
Definition of Business Continuity Planning (BCP)
Business continuity planning (BCP) is a broad disaster recovery approach whereby enterprises plan for recovery of the entire business process. This includes a plan for workspaces, telephones, workstations, servers, applications, network connections and any other resources required in the business process. Recommended Content for You Research
business continuity plan (BCP)
BCP show sources Definitions: The documentation of a predetermined set of instructions or procedures that describe how an organization's mission/business processes will be sustained during and after a significant disruption. Sources: CNSSI 4009-2015 from NIST SP 800-34 Rev. 1 NIST SP 800-34 Rev. 1 under Business Continuity Plan (BCP)
What is a Business Continuity Plan (BCP)?
A Business Continuity Plan (BCP) is a detailed strategy and set of systems for ensuring an organization's ability to prevent or rapidly recover from a significant disruption to its operations.
What is a Business Continuity Plan (BCP)?
A business continuity plan (BCP) is a plan to help ensure that business processes can continue during a time of emergency or disaster. Such emergencies or disasters might include a fire or any other case where business is not able to occur under normal conditions.
5 Step Guide to Business Continuity Planning (BCP) in 2021
A business continuity plan (BCP) is defined as a protocol of preventing and recovering from potentially large threats to the company's business continuity. This article explains what a business continuity plan is today, its key benefits, and a step-by-step guide to creating a formidable plan. ... Definition, Cloud and On-premise, Benefits and ...
Business Continuity Plan (BCP) Definition
A Business Continuity Plan (BCP) is a document that outlines how a business will continue operating during an unplanned disruption in service. The BCP defines any and all risks that can affect the company's operations, including natural disasters—such as fire, flood, or weather-related events—and cyber attacks, and how they will be managed.
What Is Business Continuity?
Business continuity is a process-driven approach to maintaining operations in the event of an unplanned disruption such as a cyber attack or natural disaster. Business continuity planning covers the entire business—processes, assets, workers, and more. It isn't focused solely on IT infrastructure and business systems.
What is business continuity and why is it important?
Business continuity planning establishes risk management processes and procedures that aim to prevent interruptions to mission-critical services and reestablish full day-to-day function to the organization as quickly and smoothly as possible.
Business Continuity Planning
Business continuity planning enables you to create an easy-to-use, actionable business continuity planning solution to prepare for the impact of a broad range of threats including natural disasters, disease outbreaks, accidents and terrorism. In addition business continuity planning can help when you face technology-related hazards like the ...
What is a Business Continuity Plan (BCP)?
A business continuity plan (BCP) is a plan that describes how a company will continue to function in the event of some kind of emergency, disaster, or incident. It outlines the necessary steps and ongoing management processes that need to be applied to identify and protect business processes required to maintain an acceptable level of ...
Business Continuity & Disaster Recovery Planning (BCP & DRP ...
In an IT context, business continuity is the capability of your enterprise to stay online and deliver products and services during disruptive events, such as natural disasters, cyberattacks and communication failures. The core of this concept is the business continuity plan — a defined strategy that includes every facet of your organization ...
Business Continuity Plan (BCP) Structure According to ISO 22301
According to ISO 22301, business continuity plan is defined as "documented procedures that guide organizations to respond, recover, resume, and restore to a pre-defined level of operation following disruption." (clause 3.5) This basically means that BCP focuses on developing plans/procedures, but it doesn't include the analysis that forms ...
Business Continuity Planning (BCP)
FINRA's Business Continuity Plan. FINRA's BCP specifies how we will respond to events that significantly disrupt our business and addresses safeguarding our employees and property; insuring data back up and recovery; restoring mission-critical systems as well as critical regulatory and operational activities; alternative communications with ...
Business Continuity Planning: Definition, Examples and How ...
A business continuity plan (BCP) is a document that outlines procedures for maintaining operations, or quickly resuming operations, during an unplanned disruption, disaster or crisis. A BCP typically identifies key emergency responders and contains detailed instructions an organization must follow in the event of significant disruption.
What is a Business Continuity Policy?
A business continuity policy is the set of standards and guidelines an organization enforces to ensure resilience and proper risk management. Business continuity policies vary by organization and industry and require periodic updates as technologies evolve and business risks change. The goal of a business continuity policy is to document what ...
Continuity of Operations (COOP)/ Business Continuity Planning
Business Continuity Planning (BCP) is a similar term more often used in the private sector that focuses on both maintaining service delivery and receiving payment for those services provided. BCP in the past often referred to computer systems but now applies to all vulnerable resources.
What Is a Business Continuity Plan (BCP)?
A business continuity plan is a key step for ensuring that businesses can minimize the losses relating to a data breach, cyberattack, or other disasters. This article looks at why business continuity planning matters, how to develop a BCP, and how to improve and review your plan. Written by Avast Business Team. Published on December 15, 2021.
Business Continuity Planning (BCP)
Business continuity planning (BCP) is a set of procedures and instructions to restore critical business processes in the event of disasters. It is a document, which contains information about managing business assets, such as human resources and supplies and equipment, data backups, business partners, key personnel, etc.
Business Continuity Plan (BCP): Definition & implementation
EBRC considers business continuity as it should be from a business perspective and not only from the IT side. "A business continuity plan is decided by the company's management and must encompass all the services delivered by the company to its customers. It is therefore not just a matter of responding to e-mails but of maintaining production ...
Business Continuity Planning
Business Continuity Training Part 3: Planning Process Step 1. The first of six steps addressed in this Business Continuity Training, which detail the process of building a business continuity plan. This step addresses how organizations should "prepare" to create a business continuity plan. View on YouTube.

Frequently Asked Questions

The Bottom Line

What Is a Business Continuity Plan (BCP)?

Key Takeaways

Understanding Business Continuity Plans (BCPs)

Benefits of a Business Continuity Plan

How to Create a Business Continuity Plan

Business Continuity Impact Analysis

Business Continuity Plan vs. Disaster Recovery Plan

Why Is Business Continuity Plan (BCP) Important?

What Should a Business Continuity Plan (BCP) Include?

What Is Business Continuity Impact Analysis?

Gartner Glossary

Recommended Content for You

2023 Technology Adoption Roadmap for Security and Risk Management

3 Must-Haves in Your Cybersecurity Incident Response

Use Gartner Cybersecurity Research & Insights to Develop Your Ideal Security Strategy

Protect Your Business Assets With a Roadmap for a Maturing Cybersecurity Program

Smash 3 Cybersecurity Myths to Improve Employees’ Behavior

Use Behavioral Economics to Influence Security Behavior and Individual Decisions

Experience IT Security and Risk Management conferences

Gartner Webinars

Recommended Webinars for You

The Innovators Reshaping the Communication Industry in 2023

Apply Zero-Trust Principles to Improve Your Security and Risk Posture for Federal Government

Related Terms

Contact Information

business continuity plan (BCP)

Glossary Comments

Today’s Multi-Cloud Reality: Cloud Chaos

Anywhere Workspace

App Platform

Cloud & Edge Infrastructure

Cloud Management

Desktop Hypervisor

Security & Networking

Run VMware on any Cloud. Any Environment. Anywhere.

On Private & Local Clouds

Anywhere Workspace Access Any App on Any Device Securely

VMware AI Solutions

For Customers

For Partners

Working Together with Partners for Customer Success

Tools & Training

Marketplace

Blogs & Communities

What is a Business Continuity Plan (BCP)?

The Virtual Floorplan: New Rules for a New Era of Work

Hindsight is 2020 - The Pandemic Provides a Wakeup Call

How to create a Business Continuity Plan?

Key features of a business continuity plan

Business Continuity Plan checklist

Business Continuity and Disaster Recovery Planning

How often should a Business Continuity Plan be reviewed?

Recommended for You

Related Solutions and Products

Anywhere Workspace Solutions

Assure Experience & Productivity

5 Step Guide to Business Continuity Planning (BCP) in 2021

Table of Contents

Difference between a business continuity plan (BCP) and disaster recovery plan (DCP)

1. It is a roadmap to act in a disaster

2. Offers a competitive edge

3. Cuts down losses

4. Enables employment continuity and protects livelihoods

5. Can be life-saving

6. Preserves brand value and develops resilience

7. Enables adherence to compliance requirements

8. Helps in supply chain security

9. Enhances operational efficiency

Step 1: Risk assessment

Step 2: Business impact analysis

Step 3: BCP Testing

Step 4: Maintenance

Step 5: Communication

Share This Article:

Recommended Reads

CISOs Beware of The Rising Risk of Supply Chain Attacks

How Our Need for Interpersonal Connection Can Put Us at Risk

The Global Scampocalypse – Fraud Rules the Day