What Is A Business Continuity Plan? [+ Template & Examples]

I remember working at the office one day when the fire alarm suddenly went off. Everyone rushed to evacuate. Luckily, no damage was done, and everything was quickly brought under control. But the scare left me thinking: What if it hadn't been?

The critical need for preparedness is exactly what a business continuity plan is for. A business crisis can cost your company money and its reputation. I believe that customers aren't very forgiving, especially when the crisis stems from preventable mistakes within the company. That said, solid business continuity planning is required to uphold essential functions in the face of a crisis.

Let’s dive into what a business continuity plan is and examples of scenarios that would require a business continuity plan. I’ll also provide a template that you can use to create your own well-rounded continuity plan.

Table of Contents

• What Is a Business Continuity Plan?
• Types of Business Continuity
• Business Continuity vs. Disaster Recovery
• Business Continuity Plan Template
• How to Write a Business Continuity Plan
• How to Write a Business Continuity Plan
• Business Continuity Plan Examples
• Create a Business Continuity Plan Before Disaster Strikes

I like to think of business continuity planning as a tool to handle anything from minor disruptions to full-blown threats.

For example, imagine your business has to respond to a severe snowstorm. I would start by looking at the supply chain disruption contingencies from the previously prepared business continuity plan.

My goal would be to continue business by contacting emergency suppliers who would reroute deliveries from separate warehouses. Simultaneously, I would also inform customers about potential delays. If business continuity planning for unavoidable situations like these has been done ahead of time, my business stays afloat.

I recommend thinking about business continuity in terms of the essential functions your business requires to operate. Mitigate and plan for specific risks within those functions.

Crisis Communication and Management Kit

Manage, plan for, and communicate during your corporate crises with these crisis management plan templates.

• Free Crisis Management Plan Template
• 12 Crisis Communication Templates
• Post-Crisis Performance Grading Template
• Additional Crisis Best Management Practices

Get Your Free Templates Learn more Get Your Free Templates

Download Free

All fields are required.

You're all set!

Click this link to access this resource at any time.

Download Now

Business continuity planning is a process.

Business continuity planning is the process of creating a plan to address a crisis. While planning, consider the variety of crises that could potentially affect the company and prepare a resolution for each.

Why is a business continuity plan important?

A business continuity plan is important because regular operations will need to continue in the event of a crisis — and sometimes, especially during a crisis. 89% of business leaders have resilience among the top in the list of strategic organizational priorities. Business continuity planning helps build that resilience.

I believe having a business continuity plan is not only about maintaining your operations. It’s about the well-being of your workers. It’s about ensuring swift recovery. It’s about maintaining client expectations. It’s about successfully executing your crisis communication plan. It’s about complying with regulations. It’s also about your profitability.

What is the role of business continuity management?

Business continuity management oversees a business's continuity plan and makes necessary changes to it when needed. This type of management determines the potential threats to a company and how each of these threats might impact business functions.

In other words, business continuity management is how you are able to tweak the company's continuity plan to address any new potential hazards.

I believe the biggest responsibility of business continuity management teams is to plan for disaster recovery — a component of the business continuity plan that specifically focuses on product issues. Business continuity management also includes crisis management, contingency planning, and emergency management.

Regularly test and adjust your plan as time goes on to make sure it‘s still effective and addresses your company’s needs.

Next, I‘ll go over different types of business continuity that could impact your organization. These will set the foundation for the business continuity examples and templates I’ll share later on.

Types of Business Continuity

1. Operational

Operational continuity means that the systems and processes your business relies on are able to continue functioning without disruption.

I like to include all processes related to warehousing, suppliers, and product back-ups in my plan. In case disruption occurs, mitigation plans for these three bases are sufficient to minimize revenue loss.

2. Technological

It’s obvious that organizations rely on technology to ensure the integrity and continuity of systems — but I would caution against any over-reliance.

For example, while the functionality of Google Drive is not within your realm of control, there are many internal systems that you'll want to maintain and mitigate. I believe including processes for having an offline file storage system to access important documents should be the top priority.

3. Economic

Economic continuity is the ability of your business to continue being profitable during possible disruptions. What I would do in my business continuity planning is map out all the negative scenarios that could hit my bottom line.

If I’m brainstorming with team members, I’ll deploy the “Yes, and” strategy to come up with all possible scenarios. Then, I’ll think of the best mitigation solution for each case. Voila! My organization is successfully future-proofed.

4. Workforce

Workforce continuity means that you'll always have enough staff to handle the work that comes through your doors. In my business continuity plan, I will also focus on having the staff necessary for times of crisis.

Classifying workers according to their skill set will come in handy. In times of crisis, it is an asset to know which of my employee’s personalities is best suited to lead others, which person is the most proactive, etc. In fact, 57% of organizations believe that upskilling their leaders is an important element for building future-proofing resilience.

5. Safety

Workforce continuity goes beyond planning the right roles and staffing the right people to fill them. In order for staff to show up every day and perform well, they must feel safe to do so.

Create a comfortable work environment. Ensure that, even during a crisis, people have the tools they need to succeed. The value of feeling supported in a workplace cannot be overstated.

6. Environmental

Environmental continuity means that your team is able to operate effectively and safely in their work environment. For instance, if the production center is in a coastal region likely to be affected by tsunamis or hurricanes, I would develop plans of action in my business continuity planning if these environmental hazards occur.

7. Security

You want your employees to be safe. You also want your employees and business assets to be secure as well. Security breaches can cause major harm to your operations, safety, and reputation.

I like to develop my plan of action presuming that the information has been compromised. This way, I am able to give top priority to employee security and safety of important business information.

8. Reputation

Customer satisfaction and a good reputation can fuel your flywheel and result in increased revenue. The flip side of this coin, however, is that a tarnished reputation can cause great harm.

Ensure reputation management is a top priority by actively monitoring conversations about your brand or business. Prioritize customer satisfaction. I also recommend coming up with action plans for rectifying situations if your reputation is called into question.

Business Continuity vs. Disaster Recovery

Disaster recovery plans are technical plans focused specifically on recovering from failures. On the other hand, business continuity plans manage relationships during a crisis. Disaster recovery plans are created as part of an overarching business continuity plan.

For instance, if my company goes through a large crisis — like our building being flooded — some of my IT services may be lost. So, in my larger business continuity plan I would include one or more disaster recovery instructions that would focus specifically on recovering those IT services.

Below I'll go over the process of writing a business continuity plan, starting with a free template you can use to follow along.

Business Continuity Plan Template

The business continuity plan template here suits most companies. Keep in mind that some sections might not be relevant to your business, so add or remove them accordingly.

Image Source

Name of Organization

Date

I. Program Administration

1. [Purpose of the plan]

2. [Objectives of the plan]

3. [Budget]

4. [Timeline]

For this section, jot down the primary goals for the business continuity plan, such as reducing impact and ensuring continuity of operations.

Uncover all the necessary information that helps you understand why the plan is necessary for your business. I would divide the plan according to the departments and the conditions that would trigger the business continuity planning.

This section is essentially the background information for your plan. It needs to be comprehensive. So, I would take anywhere from 1-2 weeks for the gathering process.

Crisis Communication and Management Kit

Manage, plan for, and communicate during your corporate crises with these crisis management plan templates.

• Free Crisis Management Plan Template
• 12 Crisis Communication Templates
• Post-Crisis Performance Grading Template
• Additional Crisis Best Management Practices

Get Your Free Templates Learn more Get Your Free Templates

Download Free

All fields are required.

You're all set!

Click this link to access this resource at any time.

Download Now

II. Governance

1. [Members of the business continuity team with their roles and contact information]

2. [Other stakeholders with their contact information]

In this section, I write down necessary information such as phone numbers. I also assign responsibilities such as a person responsible to maintain contact with employees, a person responsible for alerting authorities and so on.

Write complete contact details. Create messaging that can be used by response teams. Basically, include any information that ensures a swift, coordinated response.

III. Business Impact Analysis

1. [Business Impact Analysis]

This section is a full assessment of how a crisis will affect your business.

I would start by analyzing multiple different types of scenarios that may be encountered. Then, I would analyze how each one will affect my business. Each area of my business will be affected differently.

My aim is to minimize downtime for each department.

To achieve this, I will collaborate with the relevant teams and stakeholders that will be involved in enacting my plan in case of a crisis. To accurately assess the possible scenarios and impacts they will have on the business, I will spend around 1-2 weeks conducting the actual analysis.

Pro tip: Give a number to the priority level of each impact. I like to rate it on a scale of 1-5, with 5 being the highest priority. Quantifying the impact minimizes the downtime as each department knows what action to take first in each scenario.

IV. Strategies and Requirements

1. [Proactive strategies to prevent crises]

2. [Reactive strategies to immediately respond to crises]

3. [Reactive strategies for long-term recovery from the crises]

After conducting your business impact analysis, the next step is to understand how your business will need to respond to crises when they arise in order to come out on top.

For this section, I would normally plan the mitigation strategies according to each risk type. For instance, for a malware attack, my mitigation strategy would involve training the team and conducting stricter security audits.

Pro tip: Spend a week or so crafting the strategies that will make up your continuity plan. Collaborate with relevant stakeholders to do risk assessments.

V. Training and Testing

1. [Training schedule for employees]

2. [Testing schedule]

It‘s best to test and iterate on your plan multiple times a year to ensure that it’s up-to-date with your business needs. Run through the plan once a quarter to ensure that everyone is on the same page.

Ideally, I would like new hires to have the chance to learn along with their experienced peers. Doing scenario run-throughs twice a year will also suffice.

How to Write a Business Continuity Plan

1. Select a business continuity team.

Before you begin strategizing, assemble a management team to be in charge. Ideally, this group should include people who are detail-oriented and organized. Some of the roles on the team are:

• Executive manager. The person who leads the writing process and is the link between company executives and the rest of the business continuity team.
• Program coordinator. The team leader who coordinates all activities related to the plan, such as budgeting and development of recovery procedures.
• Information officer. The person responsible for accessing and sharing data related to the business continuity plan.

2. Define plan objectives.

What are you trying to achieve with this plan?

Know the end goal. It can be resuming business processes as normal. It can also be improving the organization's reputation.

When laying out the objectives, consider your budget to get a sense of the resources that you're going to be working with.

3. Schedule interviews with key players in your departments.

Executives and upper management have a great bird‘s eye view of an organization, but business continuity issues happen at all levels of an organization. For an analysis that’s truly comprehensive (and, in effect, valuable), I recommend interviewing key team members in various departments of your organization.

Choose individuals who know the ins and outs of their department's operations and understand the importance of its functionality within the grander scheme of the organization. Ask questions such as:

• What are your top 5 most important processes?
• What systems or applications are needed to support your operations?
• How does [X department] depend on your work in this area?
• In your opinion, what's our biggest blind spot?
• What would happen if [worst case scenario]?
• Who would be impacted if [worst case scenario] and how?

4. Identify critical functions and types of threats.

The above questions are a guide to help give you insight into the areas of your business that require the greatest degree of business continuity. Prioritize the business functions and threats that are the most critical according to:

• The likelihood of it happening.
• The extent of the loss based on impact.

5. Conduct risk assessments across each area identified.

The idea here is to quantify the information you received during the interviews:

• How long would it take to recover from a critical situation in this area?
• How much revenue would be lost during that time?
• How much productivity would be lost during that time within that department?
• How much productivity would be lost for other departments as a result?
• How many customers and/or stakeholder confidence will be lost?
• Will there be additional costs to get it resolved?
• Will there be additional liability costs?
• How much does it cost to implement prevention measures?

6. Conduct a business impact analysis.

Start by gathering information across disparate processes. Next, compile that information into a format that reflects the broader business.

A business impact analysis (BIA) analyzes the main operations of an organization, the major resources it uses, how its operations relate to one another — aka when one function goes down, how does it affect other operations — and how long each function generally takes to complete.

I am of the view that a BIA is a key part of the final business continuity plan. Because I summarize my findings regarding costs against benefits here, I am able to underscore what gets prioritized.

Crisis Communication and Management Kit

Manage, plan for, and communicate during your corporate crises with these crisis management plan templates.

• Free Crisis Management Plan Template
• 12 Crisis Communication Templates
• Post-Crisis Performance Grading Template
• Additional Crisis Best Management Practices

Get Your Free Templates Learn more Get Your Free Templates

Download Free

All fields are required.

You're all set!

Click this link to access this resource at any time.

Download Now

7. Draft the plan.

Once I have a good idea of what to include in my plan, I start by composing a first draft that can serve as a baseline. Typically, I include the following aspects in the draft to ensure a well-rounded, actionable plan:

• The purpose, objectives, budget, and timeline of the plan.
• The members of the business continuity team and their roles.
• All of the important stakeholders who are involved in the business continuity plan.
• The business impact analysis.
• Proactive strategies that will be put into place to prevent crises.
• Reactive strategies that will immediately respond to crises.
• Long-term recovery efforts.
• Training and testing schedules for proactive preparation.

8. Test the plan for gaps.

Of course, my next action is to immediately test my plan.

I start by communicating with those who play a critical role in the business continuity plan. After they know what their involvement is in the plan, I conduct a mock recovery test to put the plan into action. This helps me note any gaps that arise during this process.

9. Revise based on your findings.

After testing is complete, I correct any flaws that I uncover throughout the process. I usually continue testing and implementing changes until I'm satisfied with the outcomes.

Keep in mind that business changes will likely require updating the plans you have. To be properly prepared for any type of crisis, your business continuity planning needs to be up-to-date with your company’s needs.

How often should a business continuity plan be tested?

Your business continuity plan should be reviewed at least twice per year. The idea is to test the plan to make sure it‘s up-to-date with your current business processes. The larger your organization is, the more complex your systems are going to be, meaning you’ll want to review your business continuity plan more frequently to ensure there aren't any gaps.

As you add new systems, departments, leaders, and technology to your business, make it a part of your standard operating procedure to update the business continuity plan as well so that all the bases are covered.

I recommend using the following schedule to maximize the reliability and validity of your plan. It will also minimize the amount of time you have to put into plan review.

1. Review your checklist twice a year.

Review the elements of your business continuity plan bi-annually to make sure all the responses still apply to your current status. I believe it is important to ensure that each response aligns with your desired business goals.

2. Conduct emergency drills once a year.

Just like schools have fire drills, I think every organization should also have emergency drills to prepare staff for the steps that are laid out in the business continuity plan. When a real crisis occurs, the already rehearsed steps become easier to follow.

3. Hold tabletop reviews every other year.

All stakeholders that are involved in your business continuity plan should meet every other year to discuss it. In my opinion, the review doesn‘t need to take too much time and doesn’t require physically running through the steps. It will suffice if you just uncover red flags that may otherwise go unnoticed without testing.

4. Conduct a comprehensive review every other year.

Unlike the tabletop review, the comprehensive review takes a deep dive into the plan. I believe looking closely at cost-benefit analyses as well as recovery procedures ensures everything is up-to-date with current business operations.

5. Mock recovery test every two to three years.

This is an in-depth test in which your continuity plan is put into motion to test for any weaknesses or mishaps. Because this test is time-consuming, I think doing it once every two years is sufficient to ensure all internal stakeholders are confident in the plan.

I like to consider not only all the possible threats of a crisis, but also all the recovery actions. The latter can’t be mapped out properly unless I have all the resource requirements and recovery time objectives. Once I have the actions in my business continuity planning, tackling difficult or unexpected situations in the mock test becomes simple.

Next, I will go over some examples of scenarios that would require a business continuity plan that will help you understand why your business needs one.

Business Continuity Plan Examples

1. Business Continuity Plan Example for External Product Outage

Image Source

Type: Operational

Let's say that your entire workforce accesses, creates, and manages necessary files in Google Drive throughout the day. What happens if Google Drive has an unplanned product outage? Do you have a backup plan in place for your team to access files, or will there be a major loss of productivity until the issue is resolved?

In this case, identifying essential operational functions can help you quickly mitigate risks. I recommend using interviews to make your data gathering process effective.

Examples of operational failure may include:

• Departmental bottlenecks and human error.
• Data breaches.
• Disruptions in your supply chain.
• Outages with essential suppliers or services.
• Product failure.

The operational continuity plan shown above provides a great starting point for crafting your own foolproof continuity plan.

2. Business Continuity Plan Example for Unplanned Internet or Telecom Outages

Image Source

Type: Technological

Say your network goes down in the middle of the day and employees are unable to access the internet or dial out with their phones.

I would ask myself: Does my company have an information technology department that’s able to diagnose this issue quickly? If not, do I know the numbers of our ISP provider? If yes, I’ll use my best contact method to resolve the issue.

Of course, I can't always anticipate unexpected errors. What I can do is establish a process to handle them swiftly and effectively. The table above is an example of a backup strategy that businesses can use in a crisis.

Tech-related business continuity issues can come in the form of:

• Unplanned internet or telecom outages.
• Hardware/software failures.
• Loss of important data.

Crisis Communication and Management Kit

Manage, plan for, and communicate during your corporate crises with these crisis management plan templates.

• Free Crisis Management Plan Template
• 12 Crisis Communication Templates
• Post-Crisis Performance Grading Template
• Additional Crisis Best Management Practices

Get Your Free Templates Learn more Get Your Free Templates

Download Free

All fields are required.

You're all set!

Click this link to access this resource at any time.

Download Now

3. Business Continuity Plan Example for Revenue Loss

Image Source

Type: Economic

Suppose my company’s biggest client goes out of business. My company’s annual recurring revenue gets slashed by a huge amount.

Assuming this client made up the majority of our revenue, I believe the worst thing would be to not insulate ourselves against this loss with other sources of income. In this plan, I will include the ways I will adjust to the revenue loss, where I will cut the budget (if any), and create a concrete plan to protect against workforce layoffs.

Markets change, client attrition happens, economies ebb and flow. So, remember it’s important to understand how your organization can weather these events.

Here are some examples:

• Financial loss.
• Recession.
• Market changes or disruption.

Creating a chart similar to the one above can help you determine how much of a risk certain economic factors are for your business and how to address them.

4. Business Continuity Plan Example for Turnover of Critical Employees

Image Source

Type: Workforce

Every company has a rockstar (or rockstars) on their teams. I believe that performance is directly related to opportunity. Naturally, this rockstar in my team will definitely get better opportunities. There’s nothing wrong in preparing for the moment when they might decide to leave our organization to pursue employment elsewhere.

In fact, by planning ahead I’ll be able to identify critical business functions that only this employee knows how to do. I’ll figure out if there’s a cross-functional team that can take on the work should they decide to leave.

Additionally, I’ll plan how this change will impact the workflow of the company. Preparing early comes in handy especially if it takes time to fill the role with someone else. Essentially, it all comes down to resource management and making sure that I can adapt to workforce changes in an agile way.

However, this is often easier said than done, and here are some examples of threats to your workforce continuity:

• Staffing issues.
• The turnover of a critical employee.
• Work stoppages and/or strikes.
• Interpersonal conflict.
• Not scaling and formalizing your systems and processes.

The chart above outlines how you can help your company prepare for employee departures by having a successor plan in place ahead of time.

5. Business Continuity Plan Example for Workplace Emergencies

Image Source

Type: Safety

A fire broke out in the break room. Do you have a fire alarm that alerts employees it's time to vacate? Do your employees know where the fire extinguishers are located in the building? Do they know where to evacuate to? What plans do you have in place post-fire in case the worst is realized for your physical office?

I like to think of it this way: Threats can’t be avoided. Ultimately, the idea is to create an environment where employees can do their best work instead of worrying about threats. The image above is an example of how employers can help their employees prepare for both family emergencies as well as business ones.

Here are examples of safety risks your business continuity plan should account for:

• Occupational hazards, injury, and death.
• Workplace emergencies such as gas leaks or fire.
• Health hazards such as a pandemic.
• Incidents of violence.

While doing business continuity planning for this particular case, I think it’s best to write a description of the risk, its impact, and the strategies to avoid it from happening.

6. Business Continuity Plan Example for Property Hazards

Image Source

Type: Environmental

For property hazards, let’s use the example of a pipe bursting in the bathroom and flooding out the building. Something like this makes the questions obvious:

What kind of threat will water damage pose to my office? What about the safety of employees? Is my technical equipment safe? The files? Will I lose anything irreplaceable? Do I know who to call for water damage and restoration? Lastly, do I have funds set aside for emergencies like this?

Next, jot down the answers using a table like the one above to help. Then, use them to determine the risk probability of natural disasters to further inform my continuity plan.

The office space is a business asset, but it can quickly become a liability if caught unprepared. Keep the following things in mind:

• Property hazards such as plumbing issues or gas leaks.
• Severe weather such as flooding or snow.
• Natural disasters such as earthquakes or tornadoes.

Pro tip: Write down your vulnerabilities and what your risk management covers in case of a disaster.

7. Business Continuity Plan Example for Cyberattacks

Image Source

Type: Security

For this case, let’s consider the example of a phishing company that chooses to target your employees' emails to gain access to your sensitive data. This time I’ll ask myself the following questions:

Do I have a strong spam filter that can reduce the number of emails employees receive? Are employees trained on email security, and will they recognize phishing attempts? If someone does accidentally buy into the scam, what protocols do I have in place to mitigate the damage from a breach?

A feeling of safety can come from having security procedures in place to mitigate risk as well as deal with issues as they arise.

Here are some examples of security risks to plan for and mitigate (both technological and physical):

• Cyberattacks and network breaches.
• Malware and viruses.
• Theft and vandalism.
• Phishing emails.

In your business continuity planning, I recommend implementing a multifaceted approach.

Maintain firewalls. Implement an Intrusion Detection System to block malicious network activity. Include access controls for sensitive areas. These are some examples of compensating controls that you can write in the risk assessment table above to address cyberattacks and other breaches.

8. Business Continuity Plan Example for Negative Publicity

Image Source

Type: Reputation

Negative words spread fast — likely because of our negativity bias — and I believe that the consequences of negative publicity can be truly detrimental for a company.

To create a business continuity plan to manage reputation, I would start by understanding the biggest risks for negative publicity in my space. Then, I’ll jot down a general draft of the company responses that can be tailored according to the situation. I’ll also assign someone to deal with the media.

Here are examples of reputation issues that can affect business continuity:

• Negative publicity.
• Company layoffs.
• Lawsuits.
• Negative reviews.

Using the example plan above, outline the steps for handling a media or reputation crisis.

Create a Business Continuity Plan Before Disaster Strikes

A business continuity plan allows you to quickly identify problem areas and correct them before you‘re forced to deal with them during a crisis. I believe the more time you put into your business continuity plan, the better it’s going to be. I also think that the more often you test it, the stronger your plan will be.

Once I create a business continuity plan, I don’t consider my work to be over. I’ll continue to iterate on the plan and identify new risks that become possible over time and/or with increased experience. Remember: Business continuity planning isn't a one-time feat. Your plans need to be constantly reassessed if you want to adequately prepare for every situation.

Editor's note: This post was originally published in March 2019 and has been updated for comprehensiveness.

Crisis Communication and Management Kit

Manage, plan for, and communicate during your corporate crises with these crisis management plan templates.

• Free Crisis Management Plan Template
• 12 Crisis Communication Templates
• Post-Crisis Performance Grading Template
• Additional Crisis Best Management Practices

Get Your Free Templates Learn more Get Your Free Templates

Download Free

All fields are required.

You're all set!

Click this link to access this resource at any time.

Download Now