- Search Search Please fill out this field.
- Business Continuity Plan Basics
- Understanding BCPs
- Benefits of BCPs
- How to Create a BCP
- BCP & Impact Analysis
- BCP vs. Disaster Recovery Plan
Frequently Asked Questions
- Business Continuity Plan FAQs
The Bottom Line
What is a business continuity plan (bcp), and how does it work.
Pete Rathburn is a copy editor and fact-checker with expertise in economics and personal finance and over twenty years of experience in the classroom.
Investopedia / Ryan Oakley
What Is a Business Continuity Plan (BCP)?
A business continuity plan (BCP) is a system of prevention and recovery from potential threats to a company. The plan ensures that personnel and assets are protected and are able to function quickly in the event of a disaster.
- Business continuity plans (BCPs) are prevention and recovery systems for potential threats, such as natural disasters or cyber-attacks.
- BCP is designed to protect personnel and assets and make sure they can function quickly when disaster strikes.
- BCPs should be tested to ensure there are no weaknesses, which can be identified and corrected.
Understanding Business Continuity Plans (BCPs)
BCP involves defining any and all risks that can affect the company's operations, making it an important part of the organization's risk management strategy. Risks may include natural disasters—fire, flood, or weather-related events—and cyber-attacks . Once the risks are identified, the plan should also include:
- Determining how those risks will affect operations
- Implementing safeguards and procedures to mitigate the risks
- Testing procedures to ensure they work
- Reviewing the process to make sure that it is up to date
BCPs are an important part of any business. Threats and disruptions mean a loss of revenue and higher costs, which leads to a drop in profitability. And businesses can't rely on insurance alone because it doesn't cover all the costs and the customers who move to the competition. It is generally conceived in advance and involves input from key stakeholders and personnel.
Business impact analysis, recovery, organization, and training are all steps corporations need to follow when creating a Business Continuity Plan.
Benefits of a Business Continuity Plan
Businesses are prone to a host of disasters that vary in degree from minor to catastrophic. Business continuity planning is typically meant to help a company continue operating in the event of major disasters such as fires. BCPs are different from a disaster recovery plan, which focuses on the recovery of a company's IT system after a crisis.
Consider a finance company based in a major city. It may put a BCP in place by taking steps including backing up its computer and client files offsite. If something were to happen to the company's corporate office, its satellite offices would still have access to important information.
An important point to note is that BCP may not be as effective if a large portion of the population is affected, as in the case of a disease outbreak. Nonetheless, BCPs can improve risk management—preventing disruptions from spreading. They can also help mitigate downtime of networks or technology, saving the company money.
How to Create a Business Continuity Plan
There are several steps many companies must follow to develop a solid BCP. They include:
- Business Impact Analysis : Here, the business will identify functions and related resources that are time-sensitive. (More on this below.)
- Recovery : In this portion, the business must identify and implement steps to recover critical business functions.
- Organization : A continuity team must be created. This team will devise a plan to manage the disruption.
- Training : The continuity team must be trained and tested. Members of the team should also complete exercises that go over the plan and strategies.
Companies may also find it useful to come up with a checklist that includes key details such as emergency contact information, a list of resources the continuity team may need, where backup data and other required information are housed or stored, and other important personnel.
Along with testing the continuity team, the company should also test the BCP itself. It should be tested several times to ensure it can be applied to many different risk scenarios . This will help identify any weaknesses in the plan which can then be identified and corrected.
In order for a business continuity plan to be successful, all employees—even those who aren't on the continuity team—must be aware of the plan.
Business Continuity Impact Analysis
An important part of developing a BCP is a business continuity impact analysis. It identifies the effects of disruption of business functions and processes. It also uses the information to make decisions about recovery priorities and strategies.
FEMA provides an operational and financial impact worksheet to help run a business continuity analysis. The worksheet should be completed by business function and process managers who are well acquainted with the business. These worksheets will summarize the following:
- The impacts—both financial and operational—that stem from the loss of individual business functions and process
- Identifying when the loss of a function or process would result in the identified business impacts
Completing the analysis can help companies identify and prioritize the processes that have the most impact on the business's financial and operational functions. The point at which they must be recovered is generally known as the “recovery time objective.”
Business Continuity Plan vs. Disaster Recovery Plan
BCPs and disaster recovery plans are similar in nature, the latter focuses on technology and information technology (IT) infrastructure. BCPs are more encompassing—focusing on the entire organization, such as customer service and supply chain.
BCPs focus on reducing overall costs or losses, while disaster recovery plans look only at technology downtimes and related costs. Disaster recovery plans tend to involve only IT personnel—which create and manage the policy. However, BCPs tend to have more personnel trained on the potential processes.
Why Is Business Continuity Plan (BCP) Important?
Businesses are prone to a host of disasters that vary in degree from minor to catastrophic and business continuity plans (BCPs) are an important part of any business. BCP is typically meant to help a company continue operating in the event of threats and disruptions. This could result in a loss of revenue and higher costs, which leads to a drop in profitability. And businesses can't rely on insurance alone because it doesn't cover all the costs and the customers who move to the competition.
What Should a Business Continuity Plan (BCP) Include?
Business continuity plans involve identifying any and all risks that can affect the company's operations. The plan should also determine how those risks will affect operations and implement safeguards and procedures to mitigate the risks. There should also be testing procedures to ensure these safeguards and procedures work. Finally, there should be a review process to make sure that the plan is up to date.
What Is Business Continuity Impact Analysis?
An important part of developing a BCP is a business continuity impact analysis which identifies the effects of disruption of business functions and processes. It also uses the information to make decisions about recovery priorities and strategies.
FEMA provides an operational and financial impact worksheet to help run a business continuity analysis.
These worksheets summarize the impacts—both financial and operational—that stem from the loss of individual business functions and processes. They also identify when the loss of a function or process would result in the identified business impacts.
Business continuity plans (BCPs) are created to help speed up the recovery of an organization filling a threat or disaster. The plan puts in place mechanisms and functions to allow personnel and assets to minimize company downtime. BCPs cover all organizational risks should a disaster happen, such as flood or fire.
Federal Emergency Management Agency. " Business Process Analysis and Business Impact Analysis User Guide ," Pages 15 - 17. Accessed Sept. 5, 2021.
- Terms of Service
- Editorial Policy
- Your Privacy Choices
By clicking “Accept All Cookies”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts.
- Gartner client? Log in for personalized search results.
Business continuity planning (bcp).
Business continuity planning (BCP) is a broad disaster recovery approach whereby enterprises plan for recovery of the entire business process. This includes a plan for workspaces, telephones, workstations, servers, applications, network connections and any other resources required in the business process.
Recommended Content for You
2023 Technology Adoption Roadmap for Security and Risk Management
3 Must-Haves in Your Cybersecurity Incident Response
Use Gartner Cybersecurity Research & Insights to Develop Your Ideal Security Strategy
Protect Your Business Assets With a Roadmap for a Maturing Cybersecurity Program
Smash 3 Cybersecurity Myths to Improve Employees’ Behavior
Use Behavioral Economics to Influence Security Behavior and Individual Decisions
Experience IT Security and Risk Management conferences
Join your peers for the unveiling of the latest insights at Gartner conferences.
Expert insights and strategies to address your priorities and solve your most pressing challenges.
Recommended Webinars for You
Gartner 100 data & analytics predictions through 2028.
November 27 | 9:00 a.m. CST
The Innovators Reshaping the Communication Industry in 2023
November 27 | 10:00 a.m. CST
Apply Zero-Trust Principles to Improve Your Security and Risk Posture for Federal Government
November 28 | 12:00 p.m. CST
Sign up for the latest insights, delivered right to your inbox.
All fields are required.
Please provide the consent below
I have read, understood and accepted Gartner Separate Consent Letter , whereby I agree (1) to provide Gartner with my personal information, and understand that information will be transferred outside of mainland China and processed by Gartner group companies and other legitimate processing parties and (2) to be contacted by Gartner group companies via internet, mobile/telephone and email, for the purposes of sales, marketing and research.
This is a potential security issue, you are being redirected to https://csrc.nist.gov .
Official websites use .gov A .gov website belongs to an official government organization in the United States.
- Drafts for Public Comment
- All Public Drafts
- NIST Special Publications (SPs)
- NIST interagency/internal reports (NISTIRs)
- ITL Bulletins
- White Papers
- Journal Articles
- Conference Papers
- Security & Privacy
- Laws & Regulations
- Activities & Products
- News & Updates
- Cryptographic Technology
- Secure Systems and Applications
- Security Components and Mechanisms
- Security Engineering and Risk Management
- Security Testing, Validation, and Measurement
- Cybersecurity and Privacy Applications
- National Cybersecurity Center of Excellence (NCCoE)
- National Initiative for Cybersecurity Education (NICE)
business continuity plan (BCP)
BCP show sources hide sources CNSSI 4009-2015 , NIST SP 800-30 Rev. 1 , NIST SP 800-82 Rev. 2
The documentation of a predetermined set of instructions or procedures that describe how an organization’s mission/business processes will be sustained during and after a significant disruption. Sources: CNSSI 4009-2015 from NIST SP 800-34 Rev. 1 NIST SP 800-34 Rev. 1 under Business Continuity Plan (BCP)
Comments about specific definitions should be sent to the authors of the linked Source publication. For NIST publications, an email is usually found within the document.
Comments about the glossary's presentation and functionality should be sent to [email protected] .
See NISTIR 7298 Rev. 3 for additional details.
Today’s Multi-Cloud Reality: Cloud Chaos
87% of enterprises use two or more cloud environments to run their applications. multi-cloud accelerates digital transformation, but also introduces complexity and risk, resulting in a chaotic reality for many organizations., conquer cloud chaos with vmware cross-cloud services.
VMware is addressing cloud chaos with our portfolio of multi-cloud services, VMware Cross-Cloud services, which enable you to build, run, manage, secure, and access applications consistently across cloud environments. With VMware Cross-Cloud services, you can address cloud chaos and shift to a cloud smart approach – one where you can choose the best environment for every application, without multiplying your complexity.
Access Any App on Any Device Securely
Build and Operate Cloud Native Apps
Cloud & Edge Infrastructure
Run Enterprise Apps Anywhere
- Telco Cloud
Automate and Optimize Apps and Clouds
Manage apps in a local virtualization sandbox
- Fusion for Mac
- Workstation Player
- Workstation Pro
Security & Networking
Connect and Secure Apps and Clouds
Run VMware on any Cloud. Any Environment. Anywhere.
On public & hybrid clouds.
On Private & Local Clouds
Anywhere Workspace Access Any App on Any Device Securely
App platform build and operate cloud native apps, cloud infrastructure run enterprise apps anywhere, cloud management automate and optimize apps and clouds, edge infrastructure enable the multi-cloud edge, networking enable connectivity for apps and clouds, security secure apps and clouds, by industry.
- Communications Service Providers
- Department of Defense
- Federal Government
- Financial Services
- Healthcare Providers
- State and Local Government
VMware AI Solutions
Accelerate and ensure the success of your generative AI initiatives with multi-cloud flexibility, choice, privacy and control.
- Find a Cloud Provider
- Find a Partner
- VMware Marketplace
- Work with a Partner
- Become a Cloud Provider
- Cloud Partner Navigator
- Get Cloud Verified
- Learning and Selling Resources
- Partner Connect Login
- Partner Executive Edge
- Technology Partner Hub
- Work with VMware
Working Together with Partners for Customer Success
See how we work with a global partner to help companies prepare for multi-cloud.
Tools & Training
- VMware Customer Connect
- VMware Trust Center
- Learning & Certification
- Product Downloads
- Product Trials
- Cloud Services Engagement Platform
- Hands-on Labs
- Professional Services
- Customer Success
- Support Offerings
- Support Customer Welcome Center
- Cloud Marketplace
- VMware Video Library
- VMware Explore Video Library
Blogs & Communities
- News & Stories
- Customer Stories
- VMware Explore
- All Events & Webcasts
- VMware Glossary
- Business Continuity Plan
What is a Business Continuity Plan (BCP)?
A Business Continuity Plan (BCP) is a detailed strategy and set of systems for ensuring an organization’s ability to prevent or rapidly recover from a significant disruption to its operations. The plan is essentially a playbook for how any type of organization—such as a private-sector company, a government agency or a school—will continue its day-to-day business during a disaster scenario or otherwise abnormal conditions.
Examples of such disruptions include a fire, a major earthquake or other a natural disaster, a disease outbreak, a cyberattack and many other scenarios that could upend “business as usual.” When such events significantly disrupt an organization’s normal routines, it turns to its business continuity plan for instructions, processes and tools it needs to continue to operate or to quickly recover from downtime.
The Virtual Floorplan: New Rules for a New Era of Work
Hindsight is 2020 - The Pandemic Provides a Wakeup Call
Why is a business continuity plan important.
Risks can be managed, but they can’t be eliminated. Business continuity planning is critical because without it, an organization faces downtime and other problems that could damage its financial health. In major disasters, a lack of a business continuity plan could cause irreparable financial harm that might ultimately force a company to permanently close.
How to create a Business Continuity Plan?
There are many frameworks for creating an effective business continuity plan. Most of them cover three overlapping phases:
- Analysis : In this phase, you identify and evaluate the various functions of your business and its operations. Then, you determine how those different functions will be affected by a disaster. This phase usually entails prioritizing different areas or departments in terms of how important they are to your operation, so that your plan ultimately ensures the continuity of your most critical functions first. Business continuity professionals often conduct a Business Impact Analysis (BIA) at the outset of developing a new plan. A BIA estimates the consequences of different disaster scenarios in terms of lost revenue and other business-specific metrics.
- Planning : Once an initial analysis is complete, the next phase entails all facets of developing an actual plan for continuing to operate in a disaster, or rapidly recovering from a disruption to normal operations. During the planning phase, organizations:
- Develop protocols for potential needs such as a rapid relocation or shift to remote work .
- Strategize temporary staffing changes or needs.
- Implement IT disaster recovery tools to ensure continuity of critical systems.
A key part of this phase is to name a continuity or crisis management team, comprised of executives and stakeholders who will lead the plan’s implementation if necessary.
- Training and Testing : Even the most robust BCP must be put through regular testing to ensure it will work if needed. This includes educating employees on their roles and responsibilities in these scenarios, as well as conducting trials of various elements of the plan. An example would include a short-term rollout of a remote work scenario to identify issues and opportunities for optimization.
Key features of a business continuity plan
Some features of a BCP will be industry or business-specific, but there are components that are common to almost any plan:
People : A BCP will clearly define roles and responsibilities, not just for the crisis management leadership team, but also for any units responsible for implementing different pieces of the plan in a disaster scenario. Some BCPs will also define “essential personnel”—for example, people whose job requires them to report to work even in periods of heightened risk.
Technology : Almost all modern business continuity plans will also clearly outline the role that information technology will play in ensuring critical data, applications and services remain available or are quickly restored after an interruption. These include:
- Data backup and recovery tools
- Cloud computing infrastructure and services
- Remote work platforms
Service Delivery : A BCP should also describe which services are most critical and how they will continue to be delivered to customers, employees, partners, the public and other stakeholders.
Health & Safety : Finally, a strong business continuity program will include criteria and guidelines for ensuring the health and safety of all people involved—employees, customers, partners—as the plan is implemented and managed.
Business Continuity Plan checklist
Many organizations create a checklist as part of their business continuity planning. This is a list of all of the key steps in the BCP. It can be used in two ways:
- Conception : First, it can be used as part of the initial creation of the plan. In this context, the BCP checklist would describe in detail the steps necessary to develop the plan, from analysis through testing.
- Implementation : Second, a BCP checklist can be used for testing and/or actually implementing the plan. In this context, the BCP or crisis management team would use the checklist to ensure that it addresses all of the plan’s tools and processes and communicates them effectively throughout the organization.
Business Continuity and Disaster Recovery Planning
Business continuity planning and disaster recovery planning are often mentioned in similar contexts, but they are not interchangeable terms. A business continuity plan is an overarching strategy for operating in disaster scenarios or recovering from a major disruption.
A disaster recovery (DR) plan refers more specifically to the IT processes and tools you can rely on to retain or restore access to mission-critical data, applications, and services in these scenarios. A DR plan would detail, for example, how you could restore access to a revenue-generating web application in the event of a flood in the data center that powers that service.
How often should a Business Continuity Plan be reviewed?
Most experts recommend that business continuity plans be reviewed regularly and updated as needed. This helps ensure that the plan will still meet the organization’s needs in the face of evolving risks and threats.
The frequency with which you review a business continuity plan depends on many factors, including the nature of the organization, its industry and its particular risks. As a general rule of thumb, such plans should be reviewed annually or at least every other year. However, there are multiple scenarios where an organization may want to consider more frequent reviews, including:
- Significant changes to the business or its operations
- Location in a region at greater risk for natural disasters or other potentially disruptive events
- Any organization or agency that provides essential services to the public
Recommended for You
- Business Continuity
- Business Mobility
- Disaster Recovery
- Business Continuity Application
Related Solutions and Products
Remote work solutions.
Connect Your Distributed Workforce with Remote Work Solutions
Anywhere Workspace Solutions
Enable employees to work from anywhere with secure, frictionless experiences.
Assure Experience & Productivity
Support an agile, remote workforce with seamless and secure access.
- What is Disaster Recovery? - Definition & Benefits
- What is Business Continuity?
- What is Business Continuity Application?
5 Step Guide to Business Continuity Planning (BCP) in 2021
A business continuity plan provides a concrete plan to maintain business cohesion in challenging circumstances. Click here for the key steps that can help you formulate a formidable BCP.
A business continuity plan (BCP) is defined as a protocol of preventing and recovering from potentially large threats to the company’s business continuity. This article explains what a business continuity plan is today, its key benefits, and a step-by-step guide to creating a formidable plan.
Table of Contents
What is a business continuity plan (bcp), key benefits of having a business continuity plan, step-by-step guide to building a formidable business continuity plan (bcp) in 2021.
A business continuity plan (BCP) is a protocol of preventing and recovering from potentially large threats to the company’s business continuity. Such a plan often aims to address the need for updated business norms and operational standards in unpredictable circumstances such as natural disasters, data breach/ exposures, large scale system failures etc. The goal of such a plan is to ensure continuity of business with no or little damage to regular working environments, including job security for its employees.
It covers everything from business processes, human resources details, and more. Essentially a BCP provides a concrete plan to the organization to maintain business continuity even in challenging circumstances.
Below are key reasons why businesses need to have a BCP today:
- BCP’s relevance has gone up considerably after the outbreak of the COVID-19 pandemic and was also a major testing time for organizations that did have such a plan in place. The organizations which had a business continuity plan in place were better able to cope during these unprecedented circumstances better than those who did not have any such plans.
- The recorded number of natural disasters has increased from 375 in 2016 to 409 in 2019 Opens a new window . Globally, the loss because of natural disasters was $232 billion in 2019, according to a study by Aon Opens a new window .
- The number of cyberattacks has also increased in all geographies and all business verticals. MonsterCloud reported that cyberattacks have skyrocketed during the COVID-19 pandemic. All this means that the organizations have to be better prepared to fight disasters. The importance of BCP can hardly be exaggerated in this context. Preparing a BCP is imperative for any enterprise, big or small, today.
The end goal of a BCP is to ensure that the essential services continue to run in the event of an incident. For instance, if there is an earthquake where your customer service representatives operate from, your BCP will be able to tell you who will handle customer calls until the original office is restored.
Also Read: What Is Disaster Recovery? Definition, Cloud and On-premise, Benefits and Best Practices
Difference between a business continuity plan (BCP) and disaster recovery plan (DCP)
A BCP is often confused with a disaster recovery (DR) plan. While a DR plan is primarily focused on restoring the IT systems and infrastructure, a BCP is much more than that. It covers all areas and departments of the organization, including HR, marketing and sales, support functions.
The underlying thought behind BCP is that IT systems can hardly work in silos. Other departments also need to be restored to cater to the client or for meeting the business demands.
“Many people think a disaster recovery plan (DRP) is the same as a business continuity plan, but a DRP is only a small, yet essential, a portion of a full BCP. A DRP focuses solely on restoring an organization’s IT infrastructure while minimizing data loss. On the other hand, a BCP is a comprehensive guide on how to continue the mission and business-critical operations during a time of an unplanned disruption (natural disasters, pandemics, or malware),” says Caleb Pipkin, a security expert at Logically .
Whether a business is small, big, or medium-sized, it needs a ‘plan B’ to recover quickly in the event of a natural disaster or a crisis and can survive the disruption. BCP helps you dust yourself and get back to business quickly and easily. It means that the enterprise will be better placed to address their customers’ needs even in the wake of a disaster.
On the other hand, the lack of a plan means that your organization will take longer to recover from an event or incident. It could also lead to loss of business or clients. Let’s look at some key benefits of BCP.
1. It is a roadmap to act in a disaster
A well-defined business continuity plan is like a roadmap during a disruption. It allows the firms to react swiftly and effectively and maintain business continuity. In turn, this leads to a faster and complete recovery of the enterprise in the shortest possible timeframe. It brings down the business downtime and outlines the steps to be taken before, during, and after a crisis and thus helps maintain its financial viability.
2. Offers a competitive edge
Fast reaction and business continuity during a disruption allow organizations to gain a competitive edge over its business rivals. It can translate into a significant competitive advantage in the long run. Further, your clients will be more confident in your ability to perform in adverse circumstances allowing you to build a long and sustainable relationship with your business partners.
Developing competence to act and handle any unfavorable event effectively has a positive effect on the company’s reputation and market value. It goes a long way in enhancing customer confidence.
Also Read: Top 8 Disaster Recovery Software Companies in 2021
3. Cuts down losses
Disasters have a considerable impact on all types of business, whether big or small. Business disruption can lead to financial, legal, and reputational losses. Failure to plan could be disastrous for businesses. You may lose your customers while trying to get your business on track. In the worst circumstances, you may not be able to recover at all. A well-defined business continuity strategy minimizes the damage to an organization and allows you to bring down these losses as much as possible.
4. Enables employment continuity and protects livelihoods
One of the most significant consequences of a disaster is the loss of employment. The loss of livelihood can be curtailed to an extent if the business continues to function in the event of a disaster. It leads to greater confidence in the workforce that their jobs might not be at risk, and the management is taking steps to protect their jobs. It helps build confidence in senior management’s ability to respond to the business disruption in a planned manner.
5. Can be life-saving
A regularly tested and updated BCP can potentially help save the lives of the employees and the customers during a disaster. For instance, if the BCP plan for fire is regularly tested, the speed with which the workforce acts can help save lives.
6. Preserves brand value and develops resilience
Possibly the biggest asset of an organization is its brand. Being able to perform in uncertain times helps build goodwill and maintain its brand value and may even help mitigate financial and reputational loss during a disaster.
BCP curtails the damage to the company’s brand and finances because of a disaster event. This helps bring down the cost of any incident and thus help the company be more resilient.
Also Read: 10 Best Practices for Disaster Recovery Planning (DRP)
7. Enables adherence to compliance requirements
Having a BCP allows organizations to have additional benefits of complying with regulatory requirements. It is a legal requirement in several countries.
8. Helps in supply chain security
A precise BCP goes a long way in protecting the supply chain from damage. It ensures continuity in delivering products and services by being able to perform critical activities.
9. Enhances operational efficiency
One of BCP’s lesser-known benefits is that it helps identify areas of operational efficiency in the organization. Developing BCP calls for an in-depth evaluation of the company’s processes. This can potentially reveal the areas of improvement. Essentially, it gathers information that can benefit in enhancing the effectiveness of the processes and operations.
Also Read: 7 Ways to Build an Effective Disaster Recovery and Business Continuity Plan
The COVID-19 pandemic has put the spotlight on preparing for a disaster like never before. We make the job easier for you by listing out the key steps in building a formidable business continuity plan:
How to Build a Business Continuity Plan
Step 1: Risk assessment
This phase involves asking crucial questions to evaluate the risks faced by the company. What are the likely business threats and disruptions which are most likely to occur? What is the most profitable activity of your organization? It is vital to prioritize key risks and operations, which will help mitigate the damage in the event of a disaster.
Step 2: Business impact analysis
The second step involves a thorough and in-depth assessment of your business processes to determine the vulnerable areas and the potential losses if those processes are disrupted. This is also known as Business Impact Analysis .
Essentially, Business impact analysis (BIA) is a process that helps the organization define the impact if critical business operations are interrupted because of a disaster, accident, or emergency. It helps in identifying the most crucial elements of the business processes. For instance, maintaining a supply chain might be more critical during a crisis than public relations.
While there is no formal standard for a BIA, it typically involves the following steps:
- Collating information: As a first step, a questionnaire is prepared to find out critical business processes and resources that will help in the proper assessment of the impact of a disruptive event. One-on-one sessions with key management members may be conducted further to gain insights into the organization’s processes and workings.
- Analysis: This is followed by analyzing the collected information. A manual or computer-assisted analysis is conducted. The analysis is based on an interruption in which crucial activities or resources are not available. Typically it works on the assumption of the worst-case scenario, even when the chances of a risk likelihood are low. This approach is followed to zero in on the systems that, when disrupted or interrupted, threaten the organization’s very survival. This way, these processes are prioritized in the business continuity plan.
The analysis phase helps identify the minimum staff and resources required for running the organization in the event of a crisis. This also allows the organizations to assess the impact on the revenue if the business is unable to run for a day, a week, or more. There might be contractual penalties, regulatory fines, and workforce-related expenditure which need to be taken into account while finding out the impact on the business. Further, there might be specific vulnerabilities of the firm, and they need to be considered in the BIA.
- Preparing a report: The next step is preparing a BIA report, which is assessed by the senior management. The report is a thorough analysis of the gathered information along with findings. It also gives recommendations on the procedure that should be followed in the event of a business disruption. The BIA report also shares the impact on the revenue, supply chain, and customer delivery to the business in a specific time frame.
The business impact analysis report may also include a checklist of all the resources, such as the names of key personnel, data backup , contact information, emergency responders, and more.
- Presenting the report: Usually, this report goes through several amendments before being cleared by the senior management. The involvement of senior management is crucial to the success of the business continuity plan. It sends out a strong signal in the organization that it is a serious initiative.
Also Read: Will Extreme Weather Events Affect Your Business? Lessons From the Texas Winter Storm
Step 3: BCP Testing
Several testing methods are available to test the effectiveness of the BCP. Here are a few common ones:
- TableTop test: As the name suggests, the identified executives go through the plan in detail to evaluate whether it will work on not. Different disaster types and the response to them are discussed at length. This type of testing is designed to make all the key personnel aware of their role in the event of a disaster. The response procedure is reviewed, and responsibilities are outlined, so everybody knows their roles.
- Walk through: In this type of testing, the team members go through their part in the plan with a specific disaster in mind. Drills or a simulated response and disaster role-playing are part of this. This is a more thorough form of testing and likely to reveal the shortcoming in the plan. Any vulnerabilities discovered should be used to update the BCP accordingly.
- Disaster simulation testing: In this type of testing, an environment that simulates an actual disaster is created. This is the closest to the actual event and gives the best case scenario about the plan’s workability. It will help the team find gaps that might be overlooked in the other types of tests. Document the results of your testing so you can compare the improvement from the previous tests. It will help you in strengthening your business continuity plan.
Frequency of testing – Typically, organizations test BCP at least twice a year. At the same time, it depends on the size of your organization and the business vertical you operate in.
Step 4: Maintenance
A business continuity plan should not be treated as a one-time exercise. It needs to be maintained , so the organization’s structural and people changes are updated regularly. The key personnel might move on from the firm, and this would need to be updated in the Business Impact Analysis and BCP. The process for regular updating of the documentation should be followed to ensure that the organization is not caught on the wrong foot in case of a business disruption.
Also Read: Offsite Data Replication: A Great Way To Meet Recovery Time Objectives
Step 5: Communication
Sometimes executives tend to ignore communication while preparing a BCP. It is a crucial aspect, and your BCP should clearly define who will maintain the communication channels with the employees, regulators, business partners, and partners during the crisis. The contact information of the key people should be readily accessible for the BCP to work without any trouble.
In the end, the organizations should accept that despite preparing a formidable business continuity plan, several factors beyond your control may still affect its success or failure. The key executives might not be available in the event of a crisis; both the primary and the alternate data recovery sites might have been affected by the event; the communications network might be damaged, and so on. Such factors are common during a natural disaster and may lead to the limited success of the business continuity plan.
The success of a business depends on it acting swiftly and efficiently when confronted with an unanticipated crisis. Any failure to do so results in a financial and reputational loss, which takes up a long time to recover. It can be avoided if the organization quickly gathers itself during a disaster. A business continuity plan is then of paramount importance for a business of any size. At the same time, it is crucial to ensure that the BCP is not a one-time exercise. It needs to be continuously evaluated, tested, amended, and maintained so it doesn’t let you down when you need it the most.
Did you enjoy reading this article? Comment below or let us know on LinkedIn Opens a new window , Twitter Opens a new window , or Facebook Opens a new window . We’d love to hear from you!
Share This Article:
CISOs Beware of The Rising Risk of Supply Chain Attacks
How Our Need for Interpersonal Connection Can Put Us at Risk
The Global Scampocalypse – Fraud Rules the Day
Software Supply Chain Risks Loom Over Elections Systems
Ransomware: The Pros and Cons of Paying Demands
What Is a Security Operations Center (SOC)? Meaning, Components, Setup, and Benefits
- Ironstream for Splunk®
- Ironstream for ServiceNow®
- Automate Evolve
- Automate Studio
- Assure Security
- Assure MIMIX
- Assure MIMIX for AIX®
- Assure QuickEDD
- Assure iTERA
- Syncsort MFX
- Syncsort Optimize IMS
- Syncsort Optimize DB2
- Syncsort Optimize IDMS
- Syncsort Network Management
- Syncsort Capacity Management
- Spectrum Context Graph
- Spectrum Discovery
- Spectrum Global Addressing
- Spectrum Quality
- Trillium Discovery
- Trillium Geolocation
- Trillium Quality
- Data360 Analyze
- Data360 DQ+
- Data360 Govern
- Precisely EnterWorks
- Spectrum Spatial
- Spectrum Spatial Routing
- Spectrum Spatial Insights
- Spectrum Global Geocoding
- Spectrum Enterprise Tax
- MapInfo Pro
- Precisely Addresses
- Precisely Boundaries
- Precisely Demographics
- Precisely Points of Interest
- Precisely Streets
- EngageOne Communicate
- EngageOne Digital Self-Service
- EngageOne Vault
- EngageOne Compose
- EngageOne Enrichment
- Precisely Data Experience
- Customer engagement
- Digital self-service
- Digital archiving
- Email and SMS
- Print to digital
- Data enrichment
- Data integrity
- Data integration
- Security Information and Event Management
- Real-time CDC and ETL
- IT Operations Analytics
- IT Operations Management
- Cloud data warehousing
- Data governance
- Data catalog
- Data quality
- Data quality & enrichment as a service
- Data matching & entity resolution
- Customer 360
- Application data management
- Address validation/standardization
- Spatial analytics
- Geocoding and data enrichment
- Master data management
- Process automation
- Compliance with security regulations
- Security monitoring and reporting
- High availability and disaster recovery
- Data privacy
- Access control
- IBM mainframe
- Sort optimization
- Microsoft Azure
- SAP process automation
- Excel to SAP automation
- SAP master data management
- SAP finance automation
- Financial services
- Precisely Strategic Services
- Professional services
- Analyst reports
- Customer stories
- Product demos
- Solution sheets
- White papers
- IBM i security
- Location intelligence
- Financial service and banking
- Supply Chain
- Find support by product
- Create a customer case
- Create a partner case
- Legacy Syncsort License keys
- Online forums
- Precisely U
- Software Maintenance Handbook
- Location Intelligence Product Downloads
- Precisely APIs
- MapInfo Marketplace
- Contact Support
- Global offices
- Careers and Culture
- Diversity and Inclusion
- Press releases
- In the news
- Get in touch
Business continuity plan (bcp), what is a business continuity plan, precisely offers high availability and disaster recovery for ibm i and aix power systems.
A Business Continuity Plan (BCP) is a document that outlines how a business will continue operating during an unplanned disruption in service. The BCP defines any and all risks that can affect the company's operations, including natural disasters—such as fire, flood, or weather-related events—and cyber attacks, and how they will be managed. The BCP is generally conceived in advance and involves input from key stakeholders and personnel.
A Business Continuity Plan is different from a disaster recovery plan, which focuses on the recovery of a company's IT system after a crisis. A full Business Continuity Plan should address all business-critical areas, such as communication, supply chain disruption, labor supply and training, physical site access, decision making continuity and IT continuity.
Developing a Business Continuity Plan
There are several steps many companies must follow to develop a solid Business Continuity Plan. They include:
- Performing a business impact analysis of all potential risks to the business and how they affect time-sensitive functions and resources.
- Identifying the steps necessary to recover critical business functions.
- Creation of a continuity team for the organization that will develop a plan for managing disruptions.
- Training of the continuity team and continuous simulations to test the plan.
The BCP document should include key details such as emergency contact information so that team members can contact each other and make plans for resuming operations, on-site if possible, or at home offices and offsite locations. This includes use of data backup and disaster recovery plans.
The BCP should be tested several times to ensure it can be applied to many different risk scenarios. This will help identify any weaknesses in the plan which can then be identified and corrected.
The role of high availability and disaster recovery solutions
Precisely offers IBM i and IBM AIX high availability and disaster recovery solutions , key elements of a full Business Continuity plan. With high availability or disaster recovery software from Precisely, companies can protect their business from downtime and data loss by maintaining a real-time copy of production servers and their data at a remote location. In the event of a disruption, a failover can be performed to move production operations to the recovery server with minimal business disruption, or data can be recovered from that replica.
- Skip to content
- Skip to search
- Skip to footer
What Is Business Continuity?
Business continuity is an organization's ability to maintain or quickly resume acceptable levels of product or service delivery following a short-term event that disrupts normal operations. Examples of disruptions range from natural disasters to power outages.
- Watch video (1:14)
- Business continuity
- Get a call from Sales
- US/CAN | 5am-5pm PT
- Product / Technical Support
- Training & Certification
Is business continuity the same as business resilience or disaster recovery?
Business continuity, disaster recovery, and business resilience are not the same, but they are related.
- Business continuity is a process-driven approach to maintaining operations in the event of an unplanned disruption such as a cyber attack or natural disaster. Business continuity planning covers the entire business—processes, assets, workers, and more. It isn't focused solely on IT infrastructure and business systems.
- Business resilience encompasses crisis management and business continuity. It requires a response to all types of risk that an organization may face. An organization that is business resilient is essentially in a constant state of "expecting the unexpected." It means continuously preparing to meet disruptions head-on, including events of extended duration that may affect more than one facility or region.
- Disaster recovery focuses specifically on how to restore an enterprise's IT infrastructure and business systems following a disruption. It is considered an element of business continuity. A business continuity plan (BCP) might contain several disaster recovery plans, for example.
What is a business continuity strategy?
A business continuity strategy is a summary of the mitigation, crisis, and recovery plans to be implemented after a disruption to resume normal operations. "Business continuity strategy" is often used interchangeably with "business continuity plan." Both consider the broader goals, legal and regulatory requirements, personnel, and even the business's clients and partners.
What does a business continuity plan mitigate?
A relevant and well-tested BCP can help ease the negative impacts of an unexpected business disruption in many ways.
- Financial impact: Disruptions to product supply chains and critical services to customers can directly affect sales and revenue. Downtime caused by unplanned disruptions can also result in higher costs for a business as it looks to repair operations and mitigate previously unidentified threats.
- Reputation and brand impact: Failure to resume operations quickly and supply customers with the products or services they expect can prompt customer defections and tarnish the brand. Damage to reputation can in turn cause investors and capital sources to pull back funding, exacerbating the financial impact of a business disruption.
- Regulatory impact: Customers and vendors are likely to complain when businesses fail to respond appropriately to disruptions, which may result in regulatory scrutiny or even censure. In highly-regulated industries, such as energy and financial services, business continuity planning is mandatory to ensure regulatory compliance.
Business continuity planning activities
A well-crafted and tested BCP can go a long way toward helping a business recover swiftly from a disruption. These are key steps a business may want to take.
Identifying critical business areas and functions
Business continuity planning begins with identifying an organization's key business areas and the critical functions within those areas. A business needs to determine and document the acceptable downtime for each area and function considered vital to operations. Then a plan to restore operations can be established, documented, and communicated.
Analyzing risks, threats, and potential impacts
Creating appropriate response scenarios requires knowing what disruptions the business could experience. An upfront analysis of risks and threats is necessary in order to prepare contingency responses to events. Organizations can also conduct a back-end analysis after an event to gather metrics and assess lessons learned. This information can drive improvements in how the business responds to disruptions.
Outlining and assigning responsibilities
A BCP details which personnel will be responsible for implementing specific aspects of the plan. It also identifies key decision-makers and a chain of command. The plan should include alternative options in case primary personnel are incapacitated or unavailable to respond to the disruption.
Defining and documenting alternatives
A business continuity plan should define and document alternative communication strategies in case telephone services or the internet are down. Enterprises should also have alternatives for mission-critical spaces such as data centers or manufacturing facilities in case buildings are damaged.
Assessing the need for critical backups
Essential equipment may be damaged or unavailable during a disruptive event. A business should consider whether it has access to backup equipment and uninterruptible power supplies (UPS) during extended power outages. Business-critical data needs to be backed up regularly, and is mandatory in many regulated industries.
Testing, training, and communication
Business continuity plans need to be tested to ensure they will be effective. (Disaster recovery plans should be tested as well.) A best practice is to conduct a plan review at least quarterly with leadership and key team members who are responsible for executing the plan.
Many companies use role-playing sessions, simulations, and other types of exercises several times per year to test their BCPs. This approach helps to identify gaps, develop strategies for improvement, and determine if more resources are needed. Targeted staff training and communicating to the whole workforce the benefits of having a business continuity plan are also vital to its success.
Related products and solutions
- Cisco Webex Contact Center
- Virtual Desktop Infrastructure (VDI)
- Cisco Intersight Workload Optimizer
- AppDynamics Application Performance Management
- ThousandEyes End User Monitoring
- ThousandEyes Endpoint Agents
You may also like…
- Cisco’s Business Resiliency Strategy
- Business Continuity Blogs
- Business Continuity Planning
An official website of the United States government
Here’s how you know
Official websites use .gov A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS A lock ( Lock A locked padlock ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
Manufacturing Extension Partnership (MEP)
Business continuity planning.
Business continuity planning enables you to create an easy-to-use, actionable business continuity planning solution to prepare for the impact of a broad range of threats including natural disasters, disease outbreaks, accidents and terrorism. In addition business continuity planning can help when you face technology-related hazards like the failure of systems, equipment or software. MEP Centers can assist you in developing a plan unique to your needs.
If your company needs to create or tweak a business continuity plan, I highly suggest reaching out to Purdue MEP!
—Doug Ellington, Director of Finance, Estes Design and Manufacturing Read the Success Story
Illuminating Possibilities to Achieve ISO Certification
Business Continuity Plans: Lessons Learned From Puerto Rico
For more information or assistance with business continuity planning, please contact your local MEP Center .
If you would like someone to contact you about business continuity planning , please complete the form below.
For General Information
- MEP Headquarters [email protected] (301) 975-5020 100 Bureau Drive, M/S 4800 Gaithersburg, MD 20899-4800
Business Continuity Plan (BCP)
Table of contents, what does business continuity plan (bcp) mean, safeopedia explains business continuity plan (bcp).
A business continuity plan (BCP) is a plan that describes how a company will continue to function in the event of some kind of emergency, disaster, or incident.
It outlines the necessary steps and ongoing management processes that need to be applied to identify and protect business processes required to maintain an acceptable level of operations during a crisis.
A BCP is put in place so that a business can continue running even in the event of a sudden, unexpected, or foreseeable interruption of regular day-to-day processes and supporting resources.
Disruptive events may constitute a serious health risk or adversely impact the overall reputation, profitability, or viability of the organization, which is why the business continuity plan outlines the ongoing management process to ensure continuity of core business processes during such events.
A BCP typically relies on a framework for incident response and recovery procedures to define alternatives for continuing critical services and organizational priorities and time frames.
Share this Term
- Health and Safety Plan
- Safety Alternative methods
- Risk Management
- Process Safety Management
- Standardized Emergency Management System
- Business Standards International
- Core Competencies
- Emergency Preparedness and Response Plans
- How to Look After Your Business’ Safety Reputation
- Best Practices in Crisis Management Planning
- Building a Business Case for Safety
- How to Improve Your Company's Risk Culture
Exploring Safer, Sustainable Alternatives to Hazardous Chemicals
Safety Symbols and Their Meanings
12 Types of Hand Protection Gloves (and How to Choose the Right One)
What Are the Levels of HAZMAT and What Are They Used For?
5 Dangerous Misconceptions About Fall Protection
Let's Make Workplaces Safer!
Subscribe to the Safeopedia newsletter to stay on top of current industry trends and up-to-date know-how from subject matter authorities. Our comprehensive online resources are dedicated to safety professionals and decision makers like you.
By: Jack Shaw | Writer & Editor
What the New Cannabis Legislations Mean for Your Workplace Drug Policy
By: Ken Fichtler | Founder and CEO
How to Get More Value From Your Sustainability Report
By: Karoly Ban Matei | HR and Safety Manager
Building an Effective Safety Leadership Team for EHS Management
By: Addison Moore | Director of Marketing
Home > Learning Center > Business continuity planning (BCP)
Business continuity planning (bcp), what is business continuity.
In an IT context, business continuity is the capability of your enterprise to stay online and deliver products and services during disruptive events, such as natural disasters, cyberattacks and communication failures.
The core of this concept is the business continuity plan — a defined strategy that includes every facet of your organization and details procedures for maintaining business availability.
Start with a business continuity plan
Business continuity management starts with planning how to maintain your critical functions (e.g., IT, sales and support) during and after a disruption.
A business continuity plan (BCP) should comprise the following element
1. Threat Analysis
The identification of potential disruptions, along with potential damage they can cause to affected resources. Examples include:
2. Role assignment
Every organization needs a well-defined chain of command and substitute plan to deal with absence of staff in a crisis scenario. Employees must be cross-trained on their responsibilities so as to be able to fill in for one another.
Internal departments (e.g., marketing, IT, human resources) should be broken down into teams based on their skills and responsibilities. Team leaders can then assign roles and duties to individuals according to your organization’s threat analysis.
A communications strategy details how information is disseminated immediately following and during a disruptive event, as well as after it has been resolved.
Your strategy should include:
- Methods of communication (e.g., phone, email, text messages)
- Established points of contact (e.g., managers, team leaders, human resources) responsible for communicating with employees
- Means of contacting employee family members, media, government regulators, etc.
From electrical power to communications and data, every critical business component must have an adequate backup plan that includes:
- Data backups to be stored in different locations. This prevents the destruction of both the original and backup copies at the same time. If necessary, offline copies should be kept as well.
- Backup power sources, such as generators and inverters that are provisioned to deal with power outages.
- Backup communications (e.g., mobile phones and text messaging to replace land lines) and backup services (e.g., cloud email services to replace on-premise servers).
Load balancing business continuity
Load balancing maintains business continuity by distributing incoming requests across multiple backend servers in your data center. This provides redundancy in the event of a server failure, ensuring continuous application uptime.
In contrast to the reactive measures used in failover and disaster recovery (described below) load balancing is a preventative measure. Health monitoring tracks server availability, ensuring accurate load distribution at all times—including during disruptive events.
Disaster recovery plan (DCP) – Your second line of defense
Even the most carefully thought out business continuity plan is never completely foolproof. Despite your best efforts, some disasters simply cannot be mitigated. A disaster recovery plan (DCP) is a second line of defense that enables you to bounce back from the worst disruptions with minimal damage.
As the name implies, a disaster recovery plan deals with the restoration of operations after a major disruption. It’s defined by two factors: RTO and RPO .
- Recovery time objective (RTO) – The acceptable downtime for critical functions and components, i.e., the maximum time it should take to restore services. A different RTO should be assigned to each of your business components according to their importance (e.g., ten minutes for network servers, an hour for phone systems).
- Recovery point objective (RPO) – The point to which your state of operations must be restored following a disruption. In relation to backup data, this is the oldest age and level of staleness it can have. For example, network servers updated hourly should have a maximum RPO of 59 minutes to avoid data loss.
Deciding on specific RTOs and RPOs helps clearly show the technical solutions needed to achieve your recovery goals. In most cases the decision is going to boil down to choosing the right failover solution.
See how Imperva Load Balancer can help you with business continuity planning.
Choosing the right failover solutions
Failover is the switching between primary and backup systems in the event of failure, outage or downtime. It’s the key component of your disaster recovery and business continuity plans.
A failover system should address both RTO and RPO goals by keeping backup infrastructure and data at the ready. Ideally, your failover solution should seamlessly kick in to insulate end users from any service degradation.
When choosing a solution, the two most important aspects to consider are its technological prowess and its service level agreement (SLA). The latter is often a reflection of the former.
For an IT organization charged with the business continuity of a website or web application, there are three failover options:
- Hardware solutions – A separate set of servers, set up and maintained internally, are kept on-premise to come online in the event of failure. However, note that keeping such servers at the same location makes them potentially susceptible to being taken down by the same disaster/disturbance.
- DNS services – DNS services are often used in conjunction with hardware solutions to redirect traffic to a backup server(s) at an external data center. A downside of this setup includes TTL-related delays that can prevent seamless disaster recovery. Additionally, managing both DNS and internal data center hardware failover solutions is time consuming and complicated.
- On-edge services – On-edge failover is a managed solution operating from off-prem (e.g., from the CDN layer). Such solutions are more affordable and, most importantly, have no TTL reliance, resulting in near-instant failover that allows you to meet the most aggressive RTO goals.
- Regulation & Compliance
Protect Against Business Logic Abuse
Identify key capabilities to prevent attacks targeting your business logic
The 10th Annual Bad Bot Report
The evolution of malicious automation over the last decade
The State of Security Within eCommerce in 2022
Learn how automated threats and API attacks on retailers are increasing
Prevoty is now part of the Imperva Runtime Protection
Protection against zero-day attacks
No tuning, highly-accurate out-of-the-box
Effective against OWASP top 10 vulnerabilities
An Imperva security specialist will contact you shortly.
Top 3 US Retailer
- Advisera Home
ISO 22301 Documentation Toolkits
Iso 22301 training.
- Documentation Toolkits
- White Papers
- Templates & Tools
- ISO in General
New AI Tool
- Live Consultations
- Consultant Directory
- For Consultants
- Get Started
ISO 27001 & ISO 22301 Knowledge base
Business continuity plan: how to structure it according to iso 22301.
In my experience, companies usually find two things in their business continuity or information security management to be the most difficult: risk assessment, and business continuity planning. Here I’ll give you some tips on business continuity plans (BCP).
ISO 22301 business continuity plan should include Purpose, scope and users, Reference documents, Assumptions, Roles and responsibilities, Key contacts, Plan activation and deactivation, Communication, Incident response, Physical sites and transportation, Order of recovery for activities, Recovery plans for activities, Disaster recovery plan, Required resources, and Restoring and resuming activities from temporary measures.
What is a business continuity plan?
According to ISO 22301 , business continuity plan is defined as “documented procedures that guide organizations to respond, recover, resume, and restore to a pre-defined level of operation following disruption.” (clause 3.5)
This basically means that BCP focuses on developing plans/procedures, but it doesn’t include the analysis that forms the basis of such planning, nor the means of maintaining such plans – all these are required elements of business continuity management that are necessary for enabling successful contingency planning.
To read more about analysis, see Five Tips for Successful Business Impact Analysis , and to find out how to interpret the analysis, read Can business continuity strategy save your money? .
Business continuity plan example
Here’s what I found to be the optimal structure for the business continuity plan for smaller and midsize companies, and what each section should include:
Purpose, scope and users – why this plan is developed, its objectives, which parts of the organization it covers, and who should read it.
Reference documents – to which documents does this plan relate? Normally, these are Business Continuity Policy, Business Impact Analysis, Business Continuity Strategy, etc.
Assumptions – the prerequisites that need to exist in order for this plan to be effective.
Roles and responsibilities – who will be responsible for managing the disruptive incident, and who is authorized to perform certain activities in case of a disruptive incident – e.g. activation of the plans, urgent purchases, communication with media, etc.
Key contacts – contact details for persons who will participate in the execution of the business continuity plan – this is usually one of the annexes of the plan.
Plan activation and deactivation – in which cases can the plan be activated, and the method of activation; which conditions need to exist to deactivate the plan. Communication – which communication means will be used between different teams and with other interested parties during the disruptive incident. Who is in charge of communicating with each interested party, and the special rules of communication with media and government agencies.
Incident response – how to react initially to an incident in order to reduce the damage – this is very often an annex to the main plan.
Physical sites and transportation – which are the primary and alternative sites, where the assembly points are, and how to get from primary to alternative sites.
Order of recovery for activities – list of all the activities, with precise Recovery Time Objective (RTO) for each.
Recovery plans for activities – description of step-by-step actions and responsibilities for recovering manpower, facilities, infrastructure, software, information, and processes, including interdependencies and interactions with other activities and external interested parties – these are very often annexes to the main plan. To read more about them, see How to write business continuity plans?
Disaster recovery plan – this is normally a type of recovery plan that focuses on recovering the information and communication technology infrastructure. To read more about the relationship between disaster recovery and business continuity, see Disaster recovery vs business continuity .
Required resources – a list of all the employees, third-party services, facilities, infrastructure, information, equipment, etc. that are necessary to perform the recovery, and who is responsible to provide each of them.
Restoring and resuming activities from temporary measures – how to restore business activities back to business-as-usual once the disruptive incident has been resolved.
What I like about ISO 22301 is that it requires all the elements that are necessary for this plan to be useful in case of a disaster (or any other disruption in a company’s activities). However, no standard can help you unless you understand this task seriously – a properly written and comprehensive plan can save your company in tough times, while a superficially written plan will only make things worse.
Click here to see a sample Business Continuity Plan .
Writing a business continuity plan according to ISO 22301
Free webinar explains the basics about business continuity plans and how to structure them
You may unsubscribe at any time. For more information, please see our privacy notice .
Business Continuity Planning: Definition, Examples and How to Write One
The COVID-19 crisis caught organizations around the world by surprise and left companies scrambling to figure out how to keep their operations running while simultaneously supporting an entirely remote workforce and new business processes. A recent Business Continuity Survey by industry research firm Gartner showed that only 12% of organizations felt highly prepared for the impact of coronavirus. “This lack of confidence shows that many organizations approach risk management in an outdated and ineffective manner,” said Matt Shinkman, vice president in the Gartner Risk and Audit practice. “The best-prepared organizations will manage the disruption caused by the coronavirus far better than their less-prepared peers.”
Catastrophic events like the coronavirus pandemic are impossible to predict, so your organization must be prepared with a business continuity plan in advance. Not only does a business continuity plan help mitigate risks in a catastrophic event, but it also protects your employees and assets, ensuring that your business recovers as quickly as possible. Being ill-prepared for a crisis can be extremely costly to a company. Gartner estimates, on average, businesses lose $5,600 every minute during downtime , which equates to a range of $140,000–$540,000 per hour. In this blog, we explain the rationale for having a current and tested business continuity plan and provide tips for creating a business continuity program that protects your company in the event of a crisis.
What Is a Business Continuity Plan?
A business continuity plan (BCP) is a document that outlines procedures for maintaining operations, or quickly resuming operations, during an unplanned disruption, disaster or crisis. A BCP typically identifies key emergency responders and contains detailed instructions an organization must follow in the event of significant disruption.
Why You Need a Plan: 5 Types of Crises Your Business Could Face
A crisis can be any unforeseen occurrence that causes an unstable and dangerous situation for a company. Sooner or later, no matter the size or industry, all organizations will encounter some sort of crisis. Below are the five most common types of crises a business could face.
1. Financial crisis
A financial crisis occurs when a business loses value in its assets and the company owes significantly more money than it can reasonably pay. Typically, this occurs when there is a sudden shift in the market or a dramatic drop in demand for the company’s product or service. For example, a competitor that comes out with a similar but superior product with a cheaper base cost could cause the demand for your product to significantly drop, resulting in a considerable financial loss for your company. Financial crises directly result in a loss of value for a company and can undermine company confidence among employees, investors and customers.
2. System outages or downtime
Information technology (IT), as well as essential business applications and systems, are critical to day-to-day operations and keeping businesses running smoothly. Technological failures, cyberattacks, outages or security breaches can greatly hinder or completely shut down a company’s operations, resulting in enormous losses for the organization. Frequent news stories about data breaches illustrate how this type of risk is a growing concern for enterprise companies. IT outages and breaches can also result in a major hit to the product’s or service’s reputation.
3. Unplanned loss of key personnel
A personnel crisis occurs when an employee or a key individual who’s associated with an organization abruptly leaves the company due to health, misconduct or other unforeseen circumstances. The unplanned loss of key employees, particularly those in leadership roles, often has a lasting and negative impact on business performance. Additionally, if the employee’s departure is due to misconduct, the company may experience backlash and reputational damage if the offense is perceived as a reflection of the company’s culture. Social media has amplified the speed and scope of negative publicity from personnel misconduct.
4. Organizational misdeeds
An organizational misdeed occurs when a company’s management willingly and knowingly behaves in a manner that results in negative consequences for its shareholders, employees or customers. This type of crisis may include a company withholding vital information, exploiting employees, adopting misleading policies, abusing managerial powers or misrepresenting the company’s products or services. An automobile manufacturer that sells their latest model car with faulty brakes is an example of a company committing an organizational misdeed. Whether this misdeed was unintentional or planned, public knowledge of the misdeed will almost certainly result in reputational or financial damage for the company.
5. Natural disasters
A natural disaster is any cataclysmic phenomenon that negatively impacts a company, such as a volcano, an earthquake, flooding, a hurricane, a tornado, or an outbreak of a virus. Damages caused by these calamities are typically large in scale and may affect an entire area or industry or even the global economy. The recent COVID-19 pandemic is an example of a natural disaster that negatively affected economies, employees, and organizations around the world.
How to Write a Business Continuity Plan in 5 Steps
Creating a business continuity plan helps protect your assets and personnel and gives you the best chance of successfully navigating an unanticipated crisis. While no one is able to predict when and how devastating events will negatively impact their business, crisis management, is important as it helps you prepare for them in advance.
To begin brainstorming and drafting your business continuity plan, form a team composed of staff with in-depth knowledge of your business functions and processes. It’s especially important to include cross-functional representatives spanning IT, Human Resources and finance to determine what strategies and plans are viable.
For those who haven’t yet created a business continuity plan, you can follow the step-by-step instructions below. You may also want to use a business continuity plan template to help guide you in the drafting process.
Step 1: Conduct a business impact analysis
The first step in developing an organization-wide business continuity plan is conducting a business impact analysis and risk assessment exercise. The initial review will identify threats to your organization and determine how each crisis will impact your business. Try to come up with an exhaustive list that includes obvious risks — like physical damage to your building due to extreme weather or a sudden shift in the market — as well as obscure threats, like an outbreak of a contagious virus. When determining operational time lost or delays due to a disaster or crisis, it’s important to account for the best- and worst-case scenarios. Once completed, you will want to quantify the financial impact each event could potentially have on your business so you can plan accordingly.
Step 2: Discuss recovery options
Your team should now discuss strategies for recovering from a crisis and the best way to restore business operations for each scenario. Include the required resources needed to execute an emergency response, each recovery option and how those resources should function. For damage to your physical buildings or to reduce the spread of a virus, implement a tech stack and IT strategy that can support a remote workforce and keep your operations running outside the office.
Additionally, many third-party companies support business continuity and information technology recovery strategies for critical business functions. For IT outages and breaches, you may consider contracting a vendor specializing in data loss prevention services in advance. Depending upon the size of your organization and available resources, there may be many different recovery options that can be explored for each event.
Step 3: Refine your continuity plan
Now it’s time to map each crisis scenario with your recovery plans to narrow down the list to the best options. Decide which strategies will help your business recover as quickly as possible while keeping your employees and assets safe. While you’ll want to have plans for best- and worst-case scenarios, it’s essential to simplify the plans with easy-to-understand instructions. Remember, emergency responders and employees may need to implement these plans with just a moment’s notice when disaster strikes.
Step 4: Train your team
A great plan is only as good as its execution. That’s why it’s crucial that you educate and train your staff on how to respond to crises. First, identify key personnel who will be the first to assist and follow the business continuity plan in the event of an emergency. These employees should know their specific responsibilities and roles in the plan. While your designated emergency responders will need the most training, you should get your whole staff involved with the BCP, even if they are not directly affected. Embed continuity training into your company culture so all employees know how to respond to various scenarios and whom they should contact in an emergency.
Discussing the need for a business continuity culture, MHA Consulting’s Richard Long writes , “When an organization has a continuity culture, its employees constantly ask themselves the question: How do we ensure that this process, application or function will remain available (even in a degraded state) in case of a disaster?”
Step 5: Map out the transitional phase
Finally, map out the transitional phase to ease back into normal operations and work postcrisis. Determine what requirements need to be met before business operations can resume. If your physical building was damaged, what steps need to be completed before employees can safely return to the office? If a key individual who’s associated with your organization abruptly leaves due to misconduct, how will you communicate this with your employees and help them transition back into a normal workflow? The effects of some events may be extremely personal for your staff and extend far beyond the initial shock. It’s important to plan out different scenarios of how and when business operations can return to normal after a crisis.
Business Continuity Plan in the COVID-19 Era
The COVID-19 pandemic presents a serious threat to individuals, businesses and entire economies around the world. Many companies implemented mandatory work-from-home policies for their entire workforces to slow the spread of the virus. With the ongoing uncertainty surrounding coronavirus, organizations are now faced with a new challenge: how and when to return employees to the workplace safely. While your initial focus may be getting your employees back in the office, you must keep your employees’ safety, comfort and well-being in mind. Here are our five recommendations for business continuity management planning in the COVID-19 era.
1. Work toward a work-from-home + office hybrid model
Not all employees will be ready to return to the office after COVID-19 is suppressed. Some will need to continue to work from home for medical or personal reasons and therefore needs to be accounted for in your planning process. Other employees will be ready and eager to return to office life full-time or may want to continue to work remotely but commute into the office a few days every week. Consider instituting a hybrid work model with some employees working from the office and others working from home on either a permanent or rotating basis. This gives your staff the flexibility to work from wherever they are most comfortable and keeps everyone productive and engaged during this transitional phase. Decide what the business recovery point objective is and decide what works best for your team members; fully remote, hybrid work model, or the traditional office setting.
2. Build a tech stack that supports remote work
To support a distributed workforce made up of remote and in-office employees, you must invest in tools that enable seamless work and collaboration regardless of your employees’ locations. Cloud-based technology allows employees to effectively work from anywhere they can connect to the internet. Productivity and collaboration no longer happen at a single office location. Delivered via the cloud, video conferencing , messaging apps and project management tools make it easier than ever before for distributed team members to meet, share ideas and seamlessly work together, even if they are not physically together.
3. Create a video-first culture
Employee satisfaction and happiness go hand in hand with a collaborative and inclusive culture. This is especially important when transitioning into a hybrid work model made up of remote and in-office workers. Remote employees should feel just as informed and included as their in-office colleagues. Create a video-first culture that places a priority on using video conferencing tools for all team meetings, as opposed to audio-only conference calls or text-based tools. The face-to-face interactions help teams with remote workers stay engaged during meetings and build collaborative and authentic relationships.
4. Reduce coronavirus transmission in the office
The best way to stop the spread of the virus in the workplace is to keep the germs out of the office in the first place. This starts with educating your workforce on the signs and symptoms of COVID-19 and encouraging employees to stay home if they feel sick. Additionally, employees should follow CDC guidelines for social distancing in the office and practice good hygiene by thoroughly washing their hands throughout the day. Workstations will need to be properly spaced apart and thoroughly disinfected and cleaned every day to reduce the spread of the virus.
5. Create a contingency strategy
Your business continuity plan for returning to work post-COVID-19 should include a contingency strategy in case there is an outbreak of the virus in the office. The key to a solid contingency strategy that quickly stops the spread of the virus is preparation and communication. Reach out to your staff immediately if an employee tests positive for the virus or comes into contact with an infected person. Employees should be able to start working remotely with short notice. This means employees will need to take their laptops and work home with them on a daily basis.
We rarely get advance notice that a catastrophic event is about to occur. Even with some lead time, multiple things can go wrong as the events unfold in unexpected ways. An effective business continuity plan is the best safety net for an organization facing a crisis. Even though costs and time are involved in creating the plan, a BCP is invaluable to your company. Well-thought-out and executed plans give your company the best chance of keeping your employees and assets safe while maintaining or restoring operations in a timely matter during a crisis.
Get stories like this in your inbox.
Improving the Video Conferencing Experience in the Era of Remote Work
In case you’ve been living under a rock for the past six months, it’s clear that remote work and distributed teams are here to stay, even after the pandemic recedes. While some workers will gradually find their way back to in-person (office or otherwise) workplace settings, this is just the on-ramp to the highway of working from anywhere for many others.
Continuity of Operations (COOP)/ Business Continuity Planning Topic Collection August 18, 2023
Topic Collection: Continuity of Operations (COOP)/ Business Continuity Planning
- Technical Resources
- Recovery and COOP
- Continuity of Operations (COOP)/ Business Continuity Planning
Disasters and public health emergencies can have a significant impact on healthcare personnel and facilities. Plans and mitigation efforts that allow medical facilities and providers to sustain their mission, core essential functions, and services for patients already receiving care, as well as respond to potential surges in patients with space, staffing (including leadership), and equipment/supply issues are required. The goal is to ensure continuity of operations and facilitate operational and financial recovery.
Continuity of Operations Planning (COOP) is the term favored by public and government entities for mitigation and planning strategies that create resilience and allow services to continue to be provided in the face of a range of challenges. Business Continuity Planning (BCP) is a similar term more often used in the private sector that focuses on both maintaining service delivery and receiving payment for those services provided. BCP in the past often referred to computer systems but now applies to all vulnerable resources. The resources that follow highlight selected plans and planning guidance, lessons learned, tools, and promising practices for healthcare facility BCP. Additional related resources may be found in the Hazard Vulnerability/Risk Assessment , Cybersecurity , Electronic Health Records , Recovery , and Utility Failures Topic Collections.
Each resource in this Topic Collection is placed into one or more of the following categories (click on the category name to be taken directly to that set of resources). Resources marked with an asterisk (*) appear in more than one category.
- This item doesn't have any comments
- Emma Poon This is a better link for FEMA's most current continuity guidance: https://www.fema.gov/continuity-resource-toolkit 7/1/2020 9:33:51 AM
- J Warren Billett This link is broken. 7/11/2022 2:29:15 PM
Education and Training
Event-specific lessons learned, general information, guidance/guidelines, information technology (it) and utility issues.
- bob johnson This response missed RPO as part of the discussion and cost factor. 11/26/2019 1:26:39 AM
Non-Hospital Setting Continuity Planning
Plans, tools, and templates.
- Mike Staley Template not available 4/27/2017 2:04:00 PM
Agencies and Organizations
This ASPR TRACIE Topic Collection was refreshed and comprehensively reviewed in August 2019 by the following subject matter experts (listed in alphabetical order): Eric Alberts , EM, CHS-V, FPEM, FPEM-HC, CDP-1, CHPP, CHEP, SEM, CFRP, FABCHS, Manager, Emergency Preparedness, Orlando Health, Inc. (Hospital System); Peter Brewster , U.S. Department of Veterans Affairs, Program Manager, Education and Training; John Hick , MD, HHS ASPR and Hennepin County Medical Center; Onora Lien , Executive Director, Northwest Healthcare Response Network; Mary Massey , BSN, MA, PHN, VP, Emergency Management, California Hospital Association; and Mary Russell , EdD, MSN, Healthcare Emergency Response Coalition, Palm Beach County Florida.
I t was comprehensively reviewed in August 2015 by the following subject matter experts (listed in alphabetical order): Eric Alberts , BS, FPEM, CHS-V, CDP-1, CHPP, CHEP, SEM, CFRP, FABCHS, Manager, Emergency Preparedness, Orlando Health, Inc. (Hospital System); Peter Brewster , U.S. Department of Veterans Affairs, Director, Education and Training; Benjamin Dauksewicz , MA, CEM, Mount Sinai St. Luke’s–Roosevelt; Natalie N. Grant , MPH, Program Analyst, HHS ASPR, Office of Emergency Management (OEM), Recovery, and Hurricane Sandy Health & Social Services Recovery Support Function Field Coordinator; John Hick , MD, U.S. Department of Health and Human Services, Office of the Assistant Secretary for Preparedness and Response (HHS ASPR) and Hennepin County Medical Center; Carol Jacobsen , RN, Director, Public Health Programs, Ohio Hospital Association; Bill Mangieri , CBCP, CHEP, Field Project Officer Region VI, National Healthcare Preparedness Program, HHS ASPR, OEM; Mary Russell , EdD, MSN, Emergency Services, Boca Raton Regional Hospital; and Matthew L. Smith , Chief, Continuity of Operations Branch, HHS ASPR, OEM, Division of Resilience.
The Disaster Available Supplies in Hospitals (DASH) Tool
COVID-19 Resources Page
COVID-19 Workforce Virtual Toolkit
CDC's Coronavirus (COVID-19) Page
ASPR's 2019 Novel Coronavirus Disease Page
Subscribe to the ASPR TRACIE Listserv.
Enter your email address to receive important announcements and updates through the ASPR TRACIE Listserv.
- Other Threats
- Security Tips
- Identity Protection
- Digital Life
- Privacy Tips
- Performance Tips
Business Continuity Plan (BCP): What Is It and How to Make One
A business continuity plan is a key step for ensuring that businesses can minimize the losses relating to a data breach, cyberattack, or other disasters. This article looks at why business continuity planning matters, how to develop a BCP, and how to improve and review your plan.
What is a business continuity plan?
A business continuity plan (BCP) outlines a process to prevent and recover from a range of potential threats in the event of an unexpected incident such as a cyberattack, identity theft , or a data breach . It allows a quick reaction, and minimizes impact and recovery times.
This Article Contains:
See all Security articles
In order for it to be effective, a BCP should be extremely detailed with short-term and long-term planning, covering every area of the business that could be affected. This should include assets, personnel, business processes, and partners/customers.
As disaster recovery planning’s main focus is on IT recovery, it should be included as part of the BCP and provide a clear roadmap for maintaining operations in multiple scenarios.
Why does business continuity planning matter?
Having a plan means you can respond quickly and decisively, minimizing disruption — which is key to maintaining customer confidence in the face of a crisis. For this reason, business continuity planning is vital to businesses of all sizes.
Disruptions of any kind, from software failures to fires, will severely impact productivity and increase costs. If best practices are not followed by all members of staff, cybersecurity threats from IoT , spoofing and weak passwords also have the potential to cause significant disruption.
While the financial loss will be higher for larger businesses, the impact on companies with smaller margins could be catastrophic, as the cumulative cost of fines or penalties, recovery expenses, and loss of business could rapidly add up. For both, losing customer trust must be avoided wherever possible — some losses cannot be covered by insurance.
While a business continuity plan cannot anticipate events, a holistic approach can ensure that there is clear guidance to keep things moving, protect sensitive data, and retain customers during a crisis of any type.
How to develop your business continuity plan
Before producing a business continuity plan, it is important to assess your business and its processes. From a security perspective, identifying vulnerabilities will help you to make existing security measures more robust as well as identify which threats are most likely to occur. Similarly, taking the time to review existing processes could help to identify new efficiencies.
Implementing an OPSEC (operational security) process at this point can help to identify weak points in data security and inform the creation of your BCP.
What should be included in a business continuity plan?
While the requirements will vary between organizations, the key components of an effective business continuity plan are as follows:
1. Create a planning team
The size of the team will depend on your organization’s scale but should include managers from every department. In addition, leaders should be identified for key aspects such as IT, facilities, finance, and HR.
The team’s tasks will be to develop the plan, provide clear direction and training to staff, and test and review, ensuring that the measures outlined remain the most effective strategy.
2. Identify risks
The first task of the team is to conduct a business impact analysis (BIA). This analysis provides an ideal starting point as it will help you to identify and prioritize specific risks to security, finances, operations, etc.
Conducting a BIA can be a complicated process, but the result will be a valuable document that identifies the key risks to your business and how they would be impacted by a range of potential disruptions.
3. Mitigate risks
Having identified the risks, the next step is to review existing processes to identify changes that can be made to reduce the impact of an issue. This could include:
Reviewing fire safety
Implementing revised IT backup processes and cloud security
Increasing staff training
Preparing contingency suppliers
Updating cybersecurity policy and tools
4. Create continuity strategies
Simply knowing about risks is not enough. If disaster strikes, swift and decisive action will be required to minimize the impact and expedite recovery.
Continuity strategies should provide clear guidance on how to ensure operations can continue at an acceptable level during the recovery period. Key questions should be answered with specific instructions and information to ensure there is clarity in the approach. These should include:
Are there clear instructions for accessing data backups?
Is the contact information for key personnel and suppliers up to date?
Which tasks could be outsourced?
Is there an effective WFH policy?
Are manual processes in place if internet access is unavailable?
5. Implement and train
The continuity plan will evolve alongside the business and must remain a live document that is regularly updated. To identify where improvements are required, you should ensure regular testing of processing and systems.
Staff should be trained on general processes, with individuals assigned key roles — in the same way that you identify fire marshals or first-aiders.
While the level of detail will vary depending on the size of the company and the departments involved, the following example shows the steps that need to be taken in the case of a data breach:
Confirm the nature of the attack
Inform all staff immediately
Identify what has been compromised
Urgently prevent further damage
Change affected passwords and remove access permissions
Repair data and restore from backups
Call in external support
Identify how the breach happened
Notify customers and clients as required
Determine the impact and cost of the breach
Evaluate and strengthen security as required
Review response and adjust BCP
Provide updated training for staff
All of these steps should have specific guidance in the BCP.
How to test your business continuity plan
Don’t wait until disaster strikes to find out if your BCP is adequate. The best way to know if it will be effective is to implement regular and rigorous testing. Objectives should be measured and compared against previous tests to identify and fix weak spots that could be vulnerable to ransomware or zero-day attacks.
The frequency of testing varies, but many companies will test their business continuity plans up to four times per year. Due to the broad and detailed nature of a BCP, there are multiple ways to test. The most simple testing method is for the planning team to analyse the existing plan, identifying weak points and areas that require updates due to company changes (contact details, suppliers, etc.).
As part of this, the person responsible for a certain aspect, such as cybersecurity, can present the elements of their plan to the team for critical review before being re-assessed, using a selection of the most pertinent disaster scenarios.
Simulation tests should also be performed on an annual basis to determine how well the plans hold up in a real-world scenario. This could include evacuation drills and exercises to build confidence in the continuity processes. Simulations should include staff from outside the planning team to bring in fresh eyes to identify areas that require more clarity or other aspects that might otherwise have been overlooked.
Improving and reviewing your business continuity plan
In addition to the revisions made during the testing process, feedback from each department will help to strengthen your overall plan by providing a specialized perspective on policies and processes. Depending on the company structure, this stage could be conducted following the periodic testing or be implemented during the review process.
For a business continuity plan to be effective long-term, it has to be supported. If it becomes a quarterly task for department heads, it will not be adopted correctly and could fail to provide continuity of service should a crisis occur.
Instead, all members of staff should be trained to understand their role and the importance of rapid response to limiting the impact. Through familiarity with emergency processes, staff will feel safer and more able to respond positively and proactively to any situation.
Keep your business secure
Protect against an unexpected cyberattack using next-gen business antivirus by Avast Business — providing proactive solutions to protect against advanced cyberattacks and ransomware.
Get Next-gen Business Antivirus
Manage the security of your business, all from one platform. Get Avast’s next-gen business antivirus for tailored business security.
All related articles
You might also like....
- What Is Spyware, Who Can Be Attacked, and How to Prevent It
- What Is Malware and How to Protect Against Malware Attacks?
- What Is Scareware? Detection, Prevention, and Removal
- What Is Pegasus Spyware and Is Your Phone Infected with Pegasus?
- How to Detect and Remove Spyware From an iPhone
- What Is the Mirai Botnet?
- The Zeus Trojan: What it is, How it Works, and How to Stay Safe
- How to Remove a Virus From Your Router
- What Is Trojan Malware? The Ultimate Guide
- What Are Keyloggers and How Do They Work?
- What Is a Botnet?
- What Is a Rootkit and How to Remove It?
- What Is Malvertising and How Do I Stop it?
- What Is a Logic Bomb? How to Prevent Logic Bomb Attacks
- What Is a Computer Worm?
- What is Adware and How Can You Prevent it?
- Malware vs. Viruses: What’s the Difference?
- Can Macs Get Viruses?
- What Is a Computer Virus and How Does It Work?
- Stuxnet: What Is It & How Does It Work?
- Macro Virus: What Is It and How to Remove It
- Worm vs. Virus: What's the Difference and Does It Matter?
- Can Your iPhone or Android Phone Get a Virus?
- The Essential Guide to Ransomware
- What Is Ryuk Ransomware?
- The Destructive Reality of Ransomware Attacks
- How to Remove Ransomware from Android Devices
- How to Remove Ransomware from Your iPhone or iPad
- What is CryptoLocker Ransomware and How to Remove it
- Cerber Ransomware: Everything You Need to Know
- What is WannaCry?
- How to Prevent Ransomware
- What is Locky Ransomware?
- What is Petya Ransomware, and Why is it so Dangerous?
- How to Remove Ransomware from a Mac
- How to Remove Ransomware from Windows 10, 8 or 7
- How to Spot and Prevent IP Spoofing
- How to Spot Amazon Phishing Emails and Beat Scammers
- What Is Pharming and How to Protect Against It
- Spear Phishing: What Is It and How Can You Avoid It?
- What Is Phone Number Spoofing and How to Stop It
- What Is Spoofing and How Can I Prevent it?
- How to Identify and Prevent Apple ID Phishing Scams
- How to Avoid Common Venmo Scams & Stay Safe Online
- 10 Cash App Scams: How to Spot the Signs and Send Money Safely
- What Is a SIM Swap Attack and How Can You Prevent It?
- How to Identify a Fake Text Message: Tips and Examples
- How to Block Spam Calls on Your Phone
- How to Avoid Amazon Scams
- Is PayPal Safe? How to Spot and Avoid PayPal Scams
- Instagram Phishing Scams — How to Spot & Avoid Scammers
- How to Spot and Avoid Gift Card Scams
- What Are Romance Scams and How to Avoid Them
- How to Identify & Prevent Tech Support Scams
- How to Report Online Scams and Fraud
- What Is a Scam: The Essential Guide to Staying Scam-Free
- Has My Amazon Account Been Hacked?
- Can Someone Hack Your Phone by Calling or Texting You?
- Packet Sniffing Explained: Definition, Types, and Protection
- Has My PayPal Account Been Hacked?
- What to Do If Your Spotify Account Gets Hacked
- How to Know If Your Phone Has Been Hacked
- What Is an Evil Twin Attack and How Does It Work?
- Hacker Types: Black Hat, White Hat, and Gray Hat Hackers
- ATM Skimming: What Is It and How to Spot a Skimmer
- What Is a Distributed Denial of Service (DDoS) Attack and How Does It Work?
- What Is a Brute Force Attack?
- What Is a Zero-Day Attack?
- How to Protect Yourself Against Router Hacking
- Exploits: What You Need to Know
- SQL Injection: What Is It, How Does It Work, and How to Stay Safe?
- What Are Meltdown and Spectre?
- What is Cracking? It’s Hacking, but Evil
- What Is Cross-Site Scripting (XSS)?
- What Is Hacking?
- What Is EternalBlue and Why Is the MS17-010 Exploit Still Relevant?
- Webcam Security: How to Stop Your Camera from Being Hacked
- Protect Yourself from Cryptojacking
- Has My Twitter Account Been Hacked?
- A Guide to APKPure: Is It Legal and Is It Safe?
- Cyber Warfare: Types, Examples, and How to Stay Safe
- What Is a Decentralized Autonomous Organization (DAO)?
- How to Find Out an Unknown Caller’s Number
- How to Freeze or Unfreeze Your Credit
- Top Internet Safety Tips for Everyone
- How to Spot a USPS Text Scam
- How to See Sensitive Content on Twitter
- An IRS Identity Protection PIN: What Is It & How to Get It?
- What Are NFTs and How Do NFTs Work?
- What Is Catfishing and How Do You Spot a Catfisher?
- What to Do If Your Instagram Account Is Hacked
- How to Avoid Sugar Daddy Scams
- What Is a Security Breach?
- What Is Cyberstalking and How to Stop It
- What is Cybercrime and How Can You Prevent It?
- Cyberbullying: What You Need to Know
- The Essential Guide to Phishing: How It Works and How to Defend Against It
- How to View Saved Passwords in Chrome: Step-by-Step Guide
- How Does Two-Factor Authentication (2FA) Work?
- Step-by-Step Guide to Password Protect a File or Folder in Windows
- How to Choose the Best Password Manager
- How to Create a Strong Password
- The Top Password Cracking Techniques Used by Hackers
- Windows Password Recovery: How to Reset Forgotten Windows Passwords
What is cybersecurity?
IT Disaster Recovery Plans
What Is a Wildcard Certificate and How Does It Work?
OPSEC: What Is It and How Does It Work?
- What Is the Cyber Kill Chain and How Does It Work?
- How to Keep Your Facebook Business Page Secure
- What Is a Data Breach?
- What Is Cloud Security?
- What Is Server Security - and Why Should You Care?
- TLS Explained: What Is Transport Layer Security and How Does It Work?
- NFTs for Beginners: How to Make Your Own NFT
- What Is Rooting? The Risks of Rooting Your Android Device
- What Is Jailbreaking and Is It Safe?
- How to Find a Lost or Stolen Android Phone
- The Best Internet Security Software in 2024
- What Is a Firewall and Why Do You Need One?
- Internet Security: What It Is and How to Protect Yourself Online
- What Is Penetration Testing? Stages, Methods, and Tools
- What Is Cryptography and How Does It Work?
- What Is a Remote Desktop?
- How to Remove a Virus From an iPhone and iPad
- The Best Kaspersky Antivirus Alternatives to Use in 2024
- What Is Endpoint Detection and Response and How Does It Work?
- Is Kaspersky Safe to Use in 2024?
- The Best Free Antivirus Software in 2024
- What Is the MD5 Hashing Algorithm and How Does It Work?
- How to Detect and Remove a Keylogger
- How to Remove Spigot From Your Mac
- How to Remove Viruses from an Android Phone
- The Best Privacy and Security Apps for iPhone
- How to Detect & Remove Spyware From an Android Phone
- How to Get Rid of Viruses and Other Malware From Your Computer
- How to Remove Spyware From a PC
- Is Windows Defender Good Enough?
- Mac Security: The Essential Guide
- How to Remove a Virus from a Mac
- Fake Apps: How to Spot Imposters Before it's Too Late
Latest Security Articles
Get tailored business security with Avast's next-gen business antivirus
- Business support
- Business products
- Business partners
- Business blog
- Mobile Carriers
- Press Center
- Research Participation
- Report vulnerability
- Contact security
- Modern Slavery Statement
- Do not sell my info
- Cookie Preferences
The Business Continuity Plan: definition of EBRC's core business
Resilience is not only a matter of technologies but also of procedures and standards. As an expert in high availability, EBRC has developed a unique consulting business to help companies increase their resilience in an ever uncertain environment.
Why is it important to have a business continuity plan?
Rarely were businesses confronted to such complex times. In addition to the COVID-19 pandemic with its travel constraints and the subsequent economic downturn, CIOs had to deal with an unprecedented wave of computer attacks, particularly in the healthcare sector. This has led many companies to improve their BCP/DRP to counter the ever growing risks.
What is the definition of the Business Continuity Plan: the BCP goes far beyond the IT aspect
BCP (Business Continuity Plan) and DRP (Disaster Recovery Plan) projects are often approached as IT-only projects, but these approaches must cover all the activities and processes that make up the company’s business, from IT systems to energy suppliers, logistics and the premises where employees can return to work if the company's own are no longer available practicable. Both of these approaches, if combined, can help a company enter a continuous improvement Cyber-Resilience lifecycle from the preparation, identification, protection, detection, analysis, response and recovery steps.
A BCP tailored to each need and considered from a business perspective
EBRC considers business continuity as it should be from a business perspective and not only from the IT side. "A business continuity plan is decided by the company's management and must encompass all the services delivered by the company to its customers. It is therefore not just a matter of responding to e-mails but of maintaining production and continuing to deliver customers." emphasises Jean-Bernard Yata, Expert Consultant – Country Lead France. "The BCP, depending on the business imperatives can be implemented to switch IT from one Data Center to another, to organise homeworking for the staff, or to open fully equipped office spaces to accommodate the staff in less than 2 hours. If the crisis is expected to last, a BCP can go as far as planning the distribution of a factory production to other production sites, or even transferring all of a bank's activities from one country to another because of a geopolitical risk such as an armed conflict."
The ISO 27001 and 22301 standards: the foundation to be relied on when defining a Business Continuity Plan
In this context, the preliminary risk assessment is a crucial stage during which all the real and potential risks the company is subject to are assessed. In this exercise, it is necessary to rely on existing tools, i.e. the standards, to set up the recovery processes. ISO 27001 standard provides a framework for information security and ISO 22301 already lists all the threats, risks and incidents that can occur and adversely affect a company. These standards are a real support in strengthening a company's resilience, but certification is only of value if it is applied, says Jean-Bernard Yata: "There is an administrative approach to certification and a much more operational approach. Rather than a purely theoretical approach to certification, it is necessary to adopt a pragmatic approach based on elements that are directly transposable to the company's day-to-day activities."
A BCMS portal: steering the business continuity plan to remain operational in all circumstances
For its internal needs, EBRC has developed an efficient and proven methodology that we can directly transpose to our clients, enriching it with the specificities of their business. Thus, EBRC offers its clients its own BCMS (Business Continuity Management System) tool, Cyber Resilience Portal, to help them manage their business continuity plan. "All action plans and indicators are set out in the tool. All relevant users can see the processes and action plans to be implemented in the event of an incident" adds Jean-Bernard Yata. "When the COVID-19 pandemic required containment, the EBRC pandemic plan prepared in 2009 for H1N1 was implemented, which allowed our teams to remain operational. This experience is now available to all EBRC clients."
EBRC offers a unique approach in the market that allows organizations and companies to reduce their exposure to risks through tailored consulting and the provision of "Trusted" services aligned with the highest standards and certifications, the only elements that guarantee resilience.
Consulting, EBRC’s differentiator in the hosting market
EBRC's business goes far beyond data hosting. It also has a consulting structure, Trusted Advisory Services , with around thirty certified consultants, which helps companies set up data protection services, as well as obtain ISO 22301 certification , to initiate the assessment of deviations from the target standard (Gap Assessment) or the BIA (Business Impact Assessment), which is a prerequisite for the implementation of a BCP. Above all, unlike other consulting firms, EBRC's consulting offer is based on its own experience and a resolutely pragmatic approach of the implementation of business continuity plans. This pragmatism is appreciated as much for the efficiency of the processes as for the solutions recommended for the implementation of BCPs.
EBRC’s resilient services
Specialised in resilience to ensure secure access to data and the continuous operation of IT applications, EBRC’s business is supported by three Tier IV certified Data Centres . TIER IV certification, issued by Uptime Institute, is the highest level of security and resilience certification a Data Centre can achieve. EBRC's facilities have had 100% availability, zero downtime, for... 21 years! In parallel, EBRC has two disaster recovery sites in Luxembourg, with a capacity of 800 fully equipped workstations, ready to welcome its clients' employees in case of an incident. These infrastructures and the ISO 22301 certified processes enable this European company to offer a full range of resilient services, including a disaster recovery plan with an SLA of only 2 hours, or the Trusted Backup Recovery Services offer.
Business Continuity is relevant to all structures
Jean-Louis Gillon , International Business Development Manager at EBRC : Business continuity and standards are not issues relevant for large companies only. The size of our structure and our responsiveness enable us to meet the needs and constraints of smaller companies. These companies see standards as a way of enhancing the value of their business for their major customers, but also for investors and shareholders. Standards are a lever, a differentiator for smaller companies.
Our pragmatic and responsive approach has enabled us to have several references with mid-sized and smaller companies of up to a dozen employees. But beyond this need for compliance, certification and the continuous improvement process are also tools to improve the company's sustainability and help it handle crises of all kinds and, in a way, give them also competitive differentiators."
EBRC, proven expertise certified to the highest industry standards
Founded in 2000, EBRC (an acronym for "European Business Reliance Centre") has positioned itself on the European market for data hosting services from Tier IV Data Centres operated in Europe. In this highly competitive market, EBRC's strategy has been to provide IT services that are both certified to the most demanding standards in the industry (ISO 27001, ISO 22301, ISO 20000 and ISO 27017) and offer services that meet regulatory requirements (PSF, HDS, PCI DSS). This strategy has enabled EBRC to position itself not only in the very dynamic Finance/ FinTech and RegTech markets , but also in the healthcare and life sciences sectors , international institutions , security, defence and space as well as online services and OES (Operators of Essential Services).
In addition to this purely technical business, EBRC has developed an important consulting business to help companies improve their data protection capabilities and more generally the resilience of their business. Jean-Louis Gillon, EBRC's International Business Development Manager in charge of the French market, explains this original positioning in the market: "Our approach differs from that of many hosting, data backup and cybersecurity players. Faced with the stress of a computer attack, each and every one offers highly technical solutions that only cover an isolated part of the overall problem. We prefer to promote continuity, from the Data Centres where the data is stored and where the processing is carried out to the other end of the chain, from the general management to the business users."
An official website of the United States government
Here’s how you know
Official websites use .gov A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS A lock ( Lock A locked padlock ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
Business Continuity Planning
Organize a business continuity team and compile a business continuity plan to manage a business disruption. Learn more about how to put together and test a business continuity plan with the videos below.
Business Continuity Plan Supporting Resources
- Business Continuity Plan Situation Manual
- Business Continuity Plan Test Exercise Planner Instructions
- Business Continuity Plan Test Facilitator and Evaluator Handbook
Business Continuity Training Videos
The Business Continuity Planning Suite is no longer supported or available for download.
Business Continuity Training Introduction
An overview of the concepts detailed within this training. Also, included is a humorous, short video that introduces viewers to the concept of business continuity planning and highlights the benefits of having a plan. Two men in an elevator experience a spectrum of disasters from a loss of power, to rain, fire, and a human threat. One man is prepared for each disaster and the other is not.
View on YouTube
Business Continuity Training Part 1: What is Business Continuity Planning?
An explanation of what business continuity planning means and what it entails to create a business continuity plan. This segment also incorporates an interview with a company that has successfully implemented a business continuity plan and includes a discussion about what business continuity planning means to them.
Business Continuity Training Part 2: Why is Business Continuity Planning Important?
An examination of the value a business continuity plan can bring to an organization. This segment also incorporates an interview with a company that has successfully implemented a business continuity plan and includes a discussion about how business continuity planning has been valuable to them.
Business Continuity Training Part 3: What's the Business Continuity Planning Process?
An overview of the business continuity planning process. This segment also incorporates an interview with a company about its process of successfully implementing a business continuity plan.
Business Continuity Training Part 3: Planning Process Step 1
The first of six steps addressed in this Business Continuity Training, which detail the process of building a business continuity plan. This step addresses how organizations should “prepare” to create a business continuity plan.
Business Continuity Training Part 3: Planning Process Step 2
The second of six steps addressed in this Business Continuity Training, which detail the process of building a business continuity plan. This step addresses how organizations should “define” their business continuity plan objectives.
Business Continuity Training Part 3: Planning Process Step 3
The third of six steps addressed in this Business Continuity Training, which detail the process of building a business continuity plan. This step addresses how organizations should “identify” and prioritize potential risks and impacts.
Business Continuity Training Part 3: Planning Process Step 4
The fourth of six steps addressed in this Business Continuity Training, which detail the process of building a business continuity plan. This step addresses how organizations should “develop” business continuity strategies.
Business Continuity Training Part 3: Planning Process Step 5
The fifth of six steps addressed in this Business Continuity Training, which detail the process of building a business continuity plan. This step addresses how organizations should define their “teams” and tasks.
Business Continuity Training Part 3: Planning Process Step 6
The sixth of six steps addressed in this Business Continuity Training, which detail the process of building a business continuity plan. This step addresses how organizations should “test” their business continuity plans.
Last Updated: 11/08/2023
Return to top