What's Your Question?

Making a Risk Management Plan for Your Business

It’s impossible to eliminate all business risk. Therefore, it’s essential for having a plan for its management. You’ll be developing one covering compliance, environmental, financial, operational and reputation risk management. These guidelines are for making a risk management plan for your business.

Developing Your Executive Summary

When you start the risk management plan with an executive summary, you’re breaking apart what it will be compromised of into easy to understand chunks. Even though this summary is the project’s high-level overview, the goal is describing the risk management plan’s approach and scope. In doing so, you’re informing all stakeholders regarding what to expect when they’re reviewing these plans so that they can set their expectations appropriately.

Who Are the Stakeholders and What Potential Problems Need Identifying?

During this phase of making the risk management plan, you’re going to need to have a team meeting. Every member of the team must be vocal regarding what they believe could be potential problems or risks. Stakeholders should also be involved in this meeting as well to help you collect ideas regarding what could become a potential risk. All who are participating should look at past projects, what went wrong, what is going wrong in current projects and what everyone hopes to achieve from what they learned from these experiences. During this session, you’ll be creating a sample risk management plan that begins to outline risk management standards and risk management strategies.

Evaluate the Potential Risks Identified

A myriad of internal and external sources can pose as risks including commercial, management and technical, for example. When you’re identifying what these potential risks are and have your list complete, the next step is organizing it according to importance and likelihood. Categorize each risk according to how it could impact your project. For example, does the risk threaten to throw off timelines or budgets? Using a risk breakdown structure is an effective way to help ensure all potential risks are effectively categorized and considered. Use of this risk management plan template keeps everything organized and paints a clear picture of everything you’re identifying.

Assign Ownership and Create Responses

It’s essential to ensure a team member is overseeing each potential risk. That way, they can jump into action should an issue occur. Those who are assigned a risk, as well as the project manager, should work as a team to develop responses before problems arise. That way, if there are issues, the person overseeing the risk can refer to the response that was predetermined.

Have a System for Monitoring

Having effective risk management companies plans includes having a system for monitoring. It’s not wise to develop a security risk management or compliance risk management plan, for example, without having a system for monitoring. What this means is there’s a system for monitoring in place to ensure risk doesn’t occur until the project is finished. In doing so, you’re ensuring no new risks will potentially surface. If one does, like during the IT risk management process, for example, your team will know how to react.


what should a business continuity plan look like

Our Network

How to create an effective business continuity plan

A business continuity plan outlines procedures and instructions an organization must follow in the face of disaster, whether fire, flood or cyberattack. Here's how to create one that gives your business the best chance of surviving such an event.

business planning

We rarely get advance notice that a disaster is ready to strike. Even with some lead time, though, multiple things can go wrong; every incident is unique and unfolds in unexpected ways.

This is where a business continuity plan comes into play. To give your organization the best shot at success during a disaster, you need to put a current, tested plan in the hands of all personnel responsible for carrying out any part of that plan. The lack of a plan doesn’t just mean your organization will take longer than necessary to recover from an event or incident. You could go out of business for good.

What is business continuity?

Business continuity refers to maintaining business functions or quickly resuming them in the event of a major disruption, whether caused by a fire, flood or malicious attack by cybercriminals. A business continuity plan outlines procedures and instructions an organization must follow in the face of such disasters; it covers business processes, assets, human resources, business partners and more.

Many people think a disaster recovery plan is the same as a business continuity plan, but a disaster recovery plan focuses mainly on restoring an IT infrastructure and operations after a crisis. It’s actually just one part of a complete business continuity plan, as a business continuity plan looks at the continuity of the entire organization.

Do you have a way to get HR, manufacturing and sales and support functionally up and running so the company can continue to make money right after a disaster? For example, if the building that houses your customer service representatives is flattened by a tornado, do you know how those reps can handle customer calls? Will they work from home temporarily, or from an alternate location? The BC plan addresses these types of concerns.

Note that a business impact analysis is another part of a business continuity plan. A business impact analysis identifies the impact of a sudden loss of business functions, usually quantified in a cost. Such analysis also helps you evaluate whether you should outsource non-core activities in your business continuity plan, which can come with its own risks. The business impact analysis essentially helps you look at your entire organization’s processes and determine which are most important.

Why business continuity planning matters

Whether you operate a small business or a large corporation, you strive to remain competitive. It’s vital to retain current customers while increasing your customer base — and there’s no better test of your capability to do so than right after an adverse event.

Because restoring IT is critical for most companies, numerous disaster recovery solutions are available. You can rely on IT to implement those solutions. But what about the rest of your business functions? Your company’s future depends on your people and processes. Being able to handle any incident effectively can have a positive effect on your company’s reputation and market value, and it can increase customer confidence.

“There’s an increase in consumer and regulatory expectations for security today,” says Lorraine O’Donnell, global head of business continuity at Experian. “Organizations must understand the processes within the business and the impact of the loss of these processes over time. These losses can be financial, legal, reputational and regulatory. The risk of having an organization’s “license to operate” withdrawn by a regulator or having conditions applied (retrospectively or prospectively) can adversely affect market value and consumer confidence. Build your recovery strategy around the allowable downtime for these processes.”

Anatomy of a business continuity plan

If your organization doesn’t have a business continuity plan in place, start by assessing your business processes, determining which areas are vulnerable, and the potential losses if those processes go down for a day, a few days or a week. This is essentially a business impact analysis.

Next, develop a plan. This involves six general steps:

One common business continuity planning tool is a checklist that includes supplies and equipment, the location of data backups and backup sites, where the plan is available and who should have it, and contact information for emergency responders, key personnel and backup site providers.

Remember that the disaster recovery plan is part of the business continuity plan, so developing a disaster recovery plan if you don’t already have one should be part of your process. And if you do already have a disaster recovery plan, don’t assume that all requirements have been factored in, O’Donnell warns. You need to be sure that restoration time is defined and “make sure it aligns with business expectations.”

As you create your plan, consider interviewing key personnel in organizations who have gone through a disaster successfully. People generally like to share “war stories” and the steps and techniques (or clever ideas) that saved the day. Their insights could prove incredibly valuable in helping you to craft a solid plan.

The importance of testing your business continuity plan

Testing a plan is the only way to truly know it will work, says O’Donnell. “Obviously, a real incident is a true test and the best way to understand if something works. However, a controlled testing strategy is much more comfortable and provides an opportunity to identify gaps and improve.”

You have to rigorously test a plan to know if it’s complete and will fulfill its intended purpose. In fact, O’Donnell suggests you try to break it. “Don’t go for an easy scenario; always make it credible but challenging. This is the only way to improve. Also, ensure the objectives are measurable and stretching. Doing the minimum and ‘getting away with it’ just leads to a weak plan and no confidence in a real incident.”

Many organizations test a business continuity plan two to four times a year. The schedule depends on your type of organization, the amount of turnover of key personnel and the number of business processes and IT changes that have occurred since the last round of testing.

Common tests include tabletop exercises , structured walk-throughs and simulations. Test teams are usually composed of the recovery coordinator and members from each functional unit.

A tabletop exercise usually occurs in a conference room with the team poring over the plan, looking for gaps and ensuring that all business units are represented therein.

In a structured walk-through, each team member walks through his or her components of the plan in detail to identify weaknesses. Often, the team works through the test with a specific disaster in mind. Some organizations incorporate drills and disaster role-playing into the structured walk-through. Any weaknesses should be corrected and an updated plan distributed to all pertinent staff.

It’s also a good idea to conduct a full emergency evacuation drill at least once a year. This type of test lets you determine if you need to make special arrangements to evacuate staff members who have physical limitations.

Lastly, disaster simulation testing can be quite involved and should be performed annually. For this test, create an environment that simulates an actual disaster, with all the equipment, supplies and personnel (including business partners and vendors) who would be needed. The purpose of a simulation is to determine if you can carry out critical business functions during the event.

During each phase of business continuity plan testing, include some new employees on the test team. “Fresh eyes” might detect gaps or lapses of information that experienced team members could overlook.

Review and improve your business continuity plan

Much effort goes into creating and initially testing a business continuity plan. Once that job is complete, some organizations let the plan sit while other, more critical tasks get attention. When this happens, plans go stale and are of no use when needed.

Technology evolves, and people come and go, so the plan needs to be updated, too. Bring key personnel together at least annually to review the plan and discuss any areas that must be modified.

Prior to the review, solicit feedback from staff to incorporate into the plan. Ask all departments or business units to review the plan, including branch locations or other remote units. If you’ve had the misfortune of facing a disaster and had to put the plan into action, be sure to incorporate lessons learned. Many organizations conduct a review in tandem with a table-top exercise or structured walk-through.

How to ensure business continuity plan support, awareness

One way to ensure your plan is not successful is to adopt a casual attitude toward its importance. Every business continuity plan must be supported from the top down. That means senior management must be represented when creating and updating the plan; no one can delegate that responsibility to subordinates. In addition, the plan is likely to remain fresh and viable if senior management makes it a priority by dedicating time for adequate review and testing.

Management is also key to promoting user awareness. If employees don’t know about the plan, how will they be able to react appropriately when every minute counts? Although plan distribution and training can be conducted by business unit managers or HR staff, have someone from the top kick off training and punctuate its significance. It’ll have a greater impact on all employees, giving the plan more credibility and urgency.

Related content

Ai value begins with managing the c-suite conversation, sports venues advance goals, enhance fan experience with data analytics, mulesoft, tableau uptake fuels salesforce growth spurt, macquarie government: providing australia’s federal agencies with the cloud and security solutions they need to safeguard the most sensitive data, from our editors straight to your inbox, show me more, the 10 most in-demand tech jobs for 2023 — and how to hire for them.


United Airlines gives employees the digital tools to make customers happy


Top 9 challenges IT leaders will face in 2023


PureGym’s new CIO Andy Caddy plans for international expansion


CIO Leadership Live with George Eapen, Group Chief Information Officer at Petrofac


Sponsored Links

Oh no! We couldn't find anything like that.

Try another search, and we'll give it our best shot.

What Is A Business Continuity Plan? [+ Template & Examples]

Swetha Amaresan

Published: December 30, 2022

When a business crisis occurs, the last thing you want to do is panic.

executives discussing business continuity plan

The second-to-last thing you want to do is be unprepared. Crises typically arise without warning. While you shouldn't start every day expecting the worst, you should be relatively prepared for anything to happen.

A business crisis can cost your company a lot of money and ruin your reputation if you don't have a business continuity plan in place. Customers aren't very forgiving, especially when a crisis is influenced by accidents within the company or other preventable mistakes. If you want your company to be able to maintain its business continuity in the face of a crisis, then you'll need to come up with this type of plan to uphold its essential functions.

Free Download: Crisis Management Plan & Communication Templates

In this post, we'll explain what a business continuity plan is, give examples of scenarios that would require a business continuity plan, and provide a template that you can use to create a well-rounded program for your business.

Table of Contents:

What is a business continuity plan?

Business Continuity Plan Template

How to write a business continuity plan.

A business continuity plan outlines directions and procedures that your company will follow when faced with a crisis. These plans include business procedures, names of assets and partners, human resource functions, and other helpful information that can help maintain your brand's relationships with relevant stakeholders. The goal of a business continuity plan is to handle anything from minor disruptions to full-blown threats.

For example, one crisis that your business may have to respond to is a severe snowstorm. Your team may be wondering, "If a snowstorm disrupted our supply chain, how would we resume business?" Planning contingencies ahead of time for situations like these can help your business stay afloat when you're faced with an unavoidable crisis.

When you think about business continuity in terms of the essential functions your business requires to operate, you can begin to mitigate and plan for specific risks within those functions.

Business Continuity Planning

Business continuity planning is the process of creating a plan to address a crisis. When writing out a business continuity plan, it's important to consider the variety of crises that could potentially affect the company and prepare a resolution for each.

Business Continuity Plan

Don't forget to share this post!

Related articles.

Situational Crisis Communication Theory and How It Helps a Business

Situational Crisis Communication Theory and How It Helps a Business

What Southwest’s Travel Disruption Taught Us About Customer Service

What Southwest’s Travel Disruption Taught Us About Customer Service

Showcasing Your Crisis Management Skills on Your Resume

Showcasing Your Crisis Management Skills on Your Resume

What Is Contingency Planning? [+ Examples]

What Is Contingency Planning? [+ Examples]

What Is A Business Continuity Plan? [+ Template & Examples]

What Is Reputational Risk? [+ Real Life Examples]

10 Crisis Communication Plan Examples (and How to Write Your Own)

10 Crisis Communication Plan Examples (and How to Write Your Own)

Top Tips for Working in a Call Center (According to Customer Service Reps)

Top Tips for Working in a Call Center (According to Customer Service Reps)

How to Create a Social Media Crisis Management Plan [Free Template]

How to Create a Social Media Crisis Management Plan [Free Template]

Service Reps on the Most Powerful De-Escalation Techniques [Expert Tips + Consumer Data]

Service Reps on the Most Powerful De-Escalation Techniques [Expert Tips + Consumer Data]

Manage, plan for, and communicate during a corporate crisis.

2-minute read

Whether it's a natural disaster such as an ice storm, or a serious accident in an industrial plant, an unforeseen event can disrupt business operations at any company.

After all, in an emergency situation, your employees may not be able to come to work. Your suppliers may face a shortage of the materials you need to continue your business activities, or demand for your services may simply decline.

The key benefits of a business continuity plan

No one can predict the future; however, you can be ready with a sound business continuity plan. Getting a plan in place shows your employees, shareholders and customers that you are a proactive organization; it improves overall efficiency in your company and helps you allocate the right financial and human resources to keep your firm up and running during a serious disruption.

Here are 8 basic steps to keep in mind when putting together your plan. Click on the link in each step to find more information and useful templates from BDC's complete Business Continuity Guide .

Download templates

It is a good idea to clearly assign the responsibility for emergency preparedness to a team. Select a few managers/individuals or an existing committee to take charge of the project.

It is advisable to assign one person to lead the planning process. You should also ensure that this "emergency manager" has the authority to get things done.

As with other business aspects, planning for an emergency relies on the following:

What are the key roles and responsibilities for your Emergency Preparedness team?

Planning and implementation.

Policies, procedures, organization


Use the Planning Team for Business Continuity in an Emergency form (DOC) to clearly identify the team members and coordinator who will create your BCP for emergencies, along with their respective contact information.

During an emergency, your business may experience a disruption in your operations due to:

Objective of the business continuity planning process

Determine how your organization will maintain essential services/functions in the event of an emergency.

What are essential services

This means that your business may be forced to modify, reduce, or even eliminate specific services/functions to cope with the impacts of the emergency. These impacts may be felt across the organization or localized to specific business units.

As you begin discussions, you may find that you have existing resources that you can use to extract information about essential services in your organization (e.g., pandemic influenza plans, Y2K plan, etc.)

How to determine and prioritize your essential services

1. complete the essential services ranking template.

This will help you create your list of essential services by department or business unit. You then need to rate the degree to which it will negatively impact the various key areas such as financial, employees, customers etc.

2. Prioritize and categorize, use the Essential Services Criticalness Factor template

For each essential service, assign a "degree of criticalness" (Priority A, B or C). Rate the impact on each service such as staff absenteeism, unavailability of critical supplies, or disruptions to essential systems.

As part of your business continuity planning process, you'll need to identify the number of staff and skills required to perform and maintain the essential services/functions.

Use the Essential Services Criticalness Factor template to help you capture the information necessary to develop your plan.

Try to identify any special requirements necessary to perform the essential services/functions (for example, license to operate heavy machinery).

You may also wish to prepare a list of special tasks and skills required in emergency situations and assign them to appropriate employees, e.g. crisis management team, employee support, IT backup, defining security perimeters etc.

Additional sites with useful information:

Discuss what will happen if you have to reduce, modify or eliminate essential services or functions. Document the following points:

Strategies and action plans

Use the Action Plan Template for Maintaining Essential Service (DOC) to write your plans for each essential service or function. This should include:

Key Contacts

Use the supplied templates to create lists of all your key contacts along with their contact information.

Being proactive in contacting important customers can go a long way in mitigating losses. Use the Action Plan Template for Key Customers (DOC) to list customers who would need and expect personal notification from you, or who would be offended or take their business elsewhere if they were not contacted.

Include the following information in your list:

Suppliers and sub-contractors

Use the Action Plan Template for Critical Suppliers (DOC) to list essential information on your key suppliers. The information should be the same as that described for Key Customers, above.

Business partners and support providers

This main is for important partners who do not fall into the earlier categories, but that you would need to contact in the event of an emergency:

Use the Action Plan Template for Business partners (DOC) to list essential information about these other partners. The information should be the same as that described for Key Customers above.

Review your Business Continuity Plan to make sure that all issues have been addressed, and identify any areas in which you may need additional documentation.

The "Business Continuity Plan Checklist" (DOC) provided by Capital Health was developed to ensure that you've covered most aspects of your plan.

Impact on your business

Impact on your employees and customers, establishing policies to be implemented during an emergency.

Communicating with employees

Coordinating with external organizations and helping your community.

Allocating resources to protect your employees and customers during an emergency

You should present a draft of the Business Continuity Plan to your emergency preparedness team for review and/or comment. Since the committee will have an understanding of the overall corporate impact of an emergency, they should review to ensure that your plan:

The committee should also be in charge of monitoring the progress of the initiative .

Be proactive: put your plan to the test by performing trial runs. This will help you identify any missing aspects or weaknesses.

what should a business continuity plan look like

5 Essential Steps to Business Continuity Planning

Man and woman looking at a computer together

While over half of small and midsize business owners say it would take at least three months to recover from downtime,  60% don't have an emergency response plan . However, according to  Gartner , the average cost of downtime can climb up to $5,600 per minute. 

When it comes to business continuity planning, there are several critical issues leaders should be addressing. You must lay out the steps you will take to react to business shocks now, but also entirely reshape your business continuity plan.

Now is the time to create an active recovery plan if your organization doesn't have one. It takes effort, but you will give your business the best chance at survival after (and during) an unexpected event. 

Keep reading to learn the steps to effective business continuity planning.

What Is Business Continuity Planning?

Business Continuity Planning focuses on maintaining business functions or efficiently resuming them in the event of a major disaster. A major disaster can be anything from a flood, fire, malicious cybercriminal to a pandemic.

A business continuity plan (BCP) outlines the procedures your organization will follow in the face of such disasters. It covers crisis communication strategy, assets, business partners, human resources, and more. 

You've likely heard of a disaster recovery plan that focuses on restoring IT infrastructure and operations after a disaster. However, disaster recovery is one small part of a complete BCP, as it seeks to ensure the continuity of the entire organization. 

As time passes and the COVID-19 pandemic is controlled, organizations must review and renew business continuity plans. You will need to assess how your current BCPs are working—if you have any. 

The best way to locate any gaps is  through business continuity testing . If you spot deficiencies, you must highlight them and identify the root causes, whether it's external environmental issues, lack of infrastructure, or timeliness of action.

Agility Planner is an intuitive business continuity planning and preparation tool that streamlines, simplifies, and supports your BC management process. Agility Planner has been developed to help your business go from reactive to proactive with its business continuity planning.

Then, outline new procedures based on lessons learned, and contingency plans to build resilience and adequately respond to future disasters.

COVID-19 is unlike anything our economy has ever experienced, so it was  impossible to prepare for with traditional wisdom  and forecasting tools. However, you should view this disaster as something to learn from and carry the  lessons learned forward once the pandemic has passed , and you've had time to analyze your response. 

Top Threats to Your Organization's Continuity

Depending on your industry and level of risk, every organization will have different primary threats to daily business. Risk assessments before creating a BCP is helpful for this reason. You don't need to have a plan for every possible scenario, but you should watch out for the following common disruptors.

Global Pandemics

You've likely experienced  how a global pandemic  can throw a wrench in the best of business plans, from all angles. 

Many employees must work from home, demand for specific items grows, and supplies decrease due to disturbances across the supply chain.

When considering how your organization will respond to a global pandemic, put in place a solid disaster communication plan. You'll need to envision how your employees will work together and conduct necessary business offsite. 

It's also necessary to consider alternate suppliers and products to avoid a single point of failure.

Use what's happening now to determine what is and isn't working for your business, then plan for how you will handle similar scenarios in the future.

Power Outages

Imagine the disruption to your "business as usual" that would be caused by a loss of communication lines, power generation, or water shutoffs. 

Unexpected utility outages can also potentially damage physical assets, causing a loss of productivity and downtime.

Power outages have been on the rise in the past couple of years . Particularly, the region that got affected the most was the state of California, with  hundreds of thousands of customers being affected in April alone . A single power outage event can devastate an organization's revenue, productivity, capacity, and labor. Increasingly, utilities are practicing planned de-energization events, or Public Safety Power Shutoffs (PSPSs). As a last resort to prevent power lines from starting wildfires and putting human lives in danger, planned power outages are scheduled to take place during hot, dry days.

Natural Disasters

A natural disaster describes any weather-related disaster, such as hurricanes, tornadoes, ad tsunamis. It also refers to natural phenomena such as earthquakes, volcanic eruptions, and wildfires. 

The worst disasters happen in an instant and are impossible to predict. Any business could experience grave damage to its physical structures and assets. 

Natural disasters also disrupt supply chains in affected areas, causing a lack of supply for in-demand items. 


A cyberattack is a malicious computer-based attack on a technical asset. 

Cyberattacks include data theft, ransomware attacks, SQL injections, and  distributed denial of services  (DDoS) attacks. 

If you have the right security measures in place, you may only experience limited IT functionality until the issue is resolved. If you don't have data backup or recovery, you could potentially lose access to valuable business data. We have developed  a brief and actionable cybersecurity checklist  to help your organization take the first steps to check for any signs that may lead to a data breach or a cyberattack at your organization and develop preventative measures to safeguard your operations.

Steps to Creating a Business Continuity Plan

While creating an effective BCP is a lot of work, it's a critical piece of operating a resilient business. 

You, your appointed business continuity team, and your staff must take continuity planning seriously. Here are five steps to help you get started.

Step 1: Assemble a Business Continuity Management Team

 The makeup of your team depends on your continuity objectives and the size of your company.

A good BCP should detail what your staff needs to do in the event of a disaster, what communication methods are required, and the timeframe in which critical IT services need to be available.

This team will prepare standards for the project and train additional team members. They will also identify clear processes to improve project flow.

Step 2: Ensure the Safety and Wellbeing of Your Employees

Reimagining your usual business environment while minimizing disruptions requires a delicate balance. In some situations, telecommuting and flexible work arrangements aren't possible. In scenarios during which you'll have workers in direct contact with customers, you must prepare to provide personal protective equipment. 

Step 3: Understand the Risks to Your Company

Once your business continuity management team is assembled, you must conduct a  business impact analysis  (BIA). 

This type of analysis will help you identify specific threats to financial performance, operations, supply chains, reputation, employees. It can serve as a starting point when identifying risks.

You and your team should brainstorm a list of threats and potential risks to your business. Then discuss how the risks mentioned above could affect business operations. 

Don't undermine the importance of this step—or how long it could take. A proper BIA will typically involve a comprehensive questionnaire to gather the breadth of information you will need. BCP production tools such as Agility Planner help get started with creating a BCP or a BIA and provide access to historical data and ready-to-use templates.

Step 4: Implement Recovery Strategies

Once a disaster occurs, and financial losses begin to grow, it can be challenging to get back on track without a BCP in place. Consider the following questions as you discuss options with your team:

You'll address concerns like these and more in your business continuity plan.

Address Every Business Function

It's essential not to leave any business function out of your plan. Be sure to address the following:

Set realistic timelines and intentions across your company's resilience journey to ensure you reach your goals and exceed expectations.

As you work through your plan, develop relevant reports to share with all stakeholders. Use highly visual reports to highlight areas that need attention and show progress. 

Step 5: Test, Test Again and Make Improvements

No matter how long you spend perfecting it, a business continuity plan is never truly finished—just as the risks and requirements of your industry are never set in stone.

Testing your business continuity plan allows you to validate it as you manage risks. While 88% of companies test their strategies to identify gaps, 63% of them do so to validate their plans. 

The result of this testing is not "pass or fail," yet continuous improvement by identifying findings through a live exercise. Prepare your organization for success by using this  checklist for business continuity  testing.

Prepare for Disruption with a Business Continuity Solution

While you may never encounter a significant disruption to your business, nothing is ever certain. The chances are that you'll have your fair share of hurdles.

Identify risks and what you need to do to keep your business in motion. Planning will give you a competitive edge and help alleviate any financial risk involved.

Sleep easier at night by knowing you have a plan to reduce the impact of business disruptions before, during, and after a disaster occurs.  Request a demo today  to learn how Agility Central can help your organization remain resilient.

Discover Agility's Software Suite

Agility offers business continuity tools to help you plan, train, and respond to disruptive incidents.


Subscribe to Our Newsletter

Get the latest business continuity news and insights

Central bc platform.

See how Agility is helping more than 4,000 businesses of all sizes across various industries plan, train, test, alert, and recover–all in one central platform.

Related Content

Disaster Recovery

Best Practices to Effectively Respond & Recover from Disasters

BIA Checklist

BIA Checklist for Critical Processes

Power lines

How Power Loss Threatens Business Continuity

Get the Latest Business Continuity Insights

By clicking the "Subscribe" button you agree to the  Terms of Use  and  Privacy Policy

ERM Software Logo

What Does a Business Continuity Plan Typically Include? [Complete Guide]

what does a business continuity plan typically include main image


A business continuity plan (BCP) is your first line of defense against any challenge that threatens the core functionalities of your organization’s operations. When disaster strikes, your BCP should be there to reduce the time it takes to get things back up and running as usual again – as quickly as possible.

If you’re not able to react quickly to these types of incidents, your company could suffer physical harm, monetary losses, reputational damage, data integrity loss, litigation and much more.

Designing a BCP can feel overwhelming, as it’s such a critical document; where should you start? Who should be involved in the process? How should it be disseminated? These are all questions we’ll answer in this guide, including what is typically included in a BCP.

Bonus Material: Free BCP Checklist

How to Create a Business Continuity Plan

It’s important to actively invest time and energy into preparing for any potential risk before a potential event of a disaster so that if or when it does, your BCP directs you to the necessary resources to return to business as usual. That’s why creating and developing your BCP needs to involve a great deal of strategy and intention.

Taking a risk-based approach is the best way to go about developing your business continuity plan and avoid the need to use implement a disaster recovery plan. Through a risk-based approach, you follow the following steps: identify, assess, mitigate, monitor, connect and report. Here’s how to apply each of these steps during the lifecycle of your BCP:

What Should my Business Continuity Plan Include?

Your BCP should include:

Examples of Potential Unforeseen Risks

Naturally, your BCP will include risks that you deem a threat to your business. It can be difficult to begin writing that list when you’re not sure exactly what should be on it. In Risk Management, it’s important to consider potential risks that others may not have ever predicted to become reality (many people today say they never imagined in their lifetime that they would experience a pandemic).

Here is a list of potential unforeseen risks that pose a threat to business continuity:

BCP Best Practices

Like we mentioned earlier in this guide, it’s important to take a risk-based approach when creating your BCP. This will help you better preserve your business reputation, build up customer confidence and allow you to gain a competitive advantage. It will also ensure that you can avoid situations of disaster recovery. (Read our full guide on Business Continuity vs. Disaster Recovery )

To receive these benefits, it’s best practice to leverage robust business continuity planning software . This enables you to inherently take a risk-based approach and demonstrates to customers and stakeholders that you are prioritizing business continuity planning. This is especially true today amidst our ever-evolving disruptive business environment and the See-Through Economy.

Your business continuity plan will be different from anyone else’s, which is why it’s important to dedicate time and resources to creating one that fits your unique needs and risk factors. Working with a professional risk consultant is just one added benefit that’s included with your partnership with LogicManager. With their help, you’ll be able to better leverage the tools and resources included in our integrated ERM software, as well as our solution package for business continuity development .


Download our free BCP checklist to ensure that you are on the right track with your business continuity planning.

Related Posts

An alarmed man looks at a calendar

How Often Should A BCP Be Reviewed?

what should a business continuity plan look like

Business Continuity vs. Disaster Recovery: What Is The Difference?

return to school covid 19 plan

Return To School Covid 19 Plan: Lessons In Pragmatic Risk Management as School Reopening Begins

what should a business continuity plan look like

Covid-19 Second Wave Risk Mitigation: Return To Work Negligence Waiting to Happen

what should a business continuity plan look like

My Favorites List

Submit your Favorites List and our experts will reach out to you with more information. You will also receive this list as an e-mail which you can share with others. Here are the solutions you've added to your list so far:

U.S. flag

An official website of the United States government

Here’s how you know

Official websites use .gov A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS A lock ( Lock A locked padlock ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

what should a business continuity plan look like

Business Continuity Plan

world globe

Business Continuity Planning Process Diagram - Text Version

When business is disrupted, it can cost money. Lost revenues plus extra expenses means reduced profits. Insurance does not cover all costs and cannot replace customers that defect to the competition. A business continuity plan to continue business is essential. Development of a business continuity plan includes four steps:

Information technology (IT) includes many components such as networks, servers, desktop and laptop computers and wireless devices. The ability to run both office productivity and enterprise software is critical. Therefore, recovery strategies for information technology should be developed so technology can be restored in time to meet the needs of the business. Manual workarounds should be part of the IT plan so business can continue while computer systems are being restored.

Resources for Business Continuity Planning 

Business Continuity Impact Analysis

Business continuity impact analysis identifies the effects resulting from disruption of business functions and processes. It also uses information to make decisions about recovery priorities and strategies.

The Operational & Financial Impacts worksheet  can be used to capture this information as discussed in Business Impact Analysis . The worksheet should be completed by business function and process managers with sufficient knowledge of the business. Once all worksheets are completed, the worksheets can be tabulated to summarize:

Those functions or processes with the highest potential operational and financial impacts become priorities for restoration. The point in time when a function or process must be recovered, before unacceptable consequences could occur, is often referred to as the “Recovery Time Objective.”

Resource Required to Support Recovery Strategies

Recovery of a critical or time-sensitive process requires resources. The Business Continuity Resource Requirements worksheet should be completed by business function and process managers. Completed worksheets are used to determine the resource requirements for recovery strategies.

Following an incident that disrupts business operations, resources will be needed to carry out recovery strategies and to restore normal business operations. Resources can come from within the business or be provided by third parties. Resources include:

Since all resources cannot be replaced immediately following a loss, managers should estimate the resources that will be needed in the hours, days and weeks following an incident.

Conducting the Business Continuity Impact Analysis

The worksheets Operational and Financial Impacts  and Business Continuity Resource Requirements should be distributed to business process managers along with instructions about the process and how the information will be used. After all managers have completed their worksheets, information should be reviewed. Gaps or inconsistencies should be identified. Meetings with individual managers should be held to clarify information and obtain missing information.

After all worksheets have been completed and validated, the priorities for restoration of business processes should be identified. Primary and dependent resource requirements should also be identified. This information will be used to develop recovery strategies.

Recovery Strategies

If a facility is damaged, production machinery breaks down, a supplier fails to deliver or information technology is disrupted, business is impacted and the financial losses can begin to grow. Recovery strategies are alternate means to restore business operations to a minimum acceptable level following a business disruption and are prioritized by the recovery time objectives (RTO) developed during the business impact analysis .

Recovery strategies require resources including people, facilities, equipment, materials and information technology. An analysis of the resources required to execute recovery strategies should be conducted to identify gaps. For example, if a machine fails but other machines are readily available to make up lost production, then there is no resource gap. However, if all machines are lost due to a flood, and insufficient undamaged inventory is available to meet customer demand until production is restored, production might be made up by machines at another facility—whether owned or contracted.

Strategies may involve contracting with third parties, entering into partnership or reciprocal agreements or displacing other activities within the company. Staff with in-depth knowledge of business functions and processes are in the best position to determine what will work. Possible alternatives should be explored and presented to management for approval and to decide how much to spend.

Depending upon the size of the company and resources available, there may be many recovery strategies that can be explored.

Utilization of other owned or controlled facilities performing similar work is one option. Operations may be relocated to an alternate site - assuming both are not impacted by the same incident. This strategy also assumes that the surviving site has the resources and capacity to assume the work of the impacted site. Prioritization of production or service levels, providing additional staff and resources and other action would be needed if capacity at the second site is inadequate.

Telecommuting is a strategy employed when staff can work from home through remote connectivity. It can be used in combination with other strategies to reduce alternate site requirements. This strategy requires ensuring telecommuters have a suitable home work environment and are equipped with or have access to a computer with required applications and data, peripherals, and a secure broadband connection.

In an emergency, space at another facility can be put to use. Cafeterias, conference rooms and training rooms can be converted to office space or to other uses when needed. Equipping converted space with furnishings, equipment, power, connectivity and other resources would be required to meet the needs of workers.

Partnership or reciprocal agreements can be arranged with other businesses or organizations that can support each other in the event of a disaster. Assuming space is available, issues such as the capacity and connectivity of telecommunications and information technology, protection of privacy and intellectual property, the impacts to each other’s operation and allocating expenses must be addressed. Agreements should be negotiated in writing and documented in the business continuity plan. Periodic review of the agreement is needed to determine if there is a change in the ability of each party to support the other.

There are many vendors that support business continuity and information technology recovery strategies. External suppliers can provide a full business environment including office space and live data centers ready to be occupied. Other options include provision of technology equipped office trailers, replacement machinery and other equipment. The availability and cost of these options can be affected when a regional disaster results in competition for these resources.

There are multiple strategies for recovery of manufacturing operations. Many of these strategies include use of existing owned or leased facilities. Manufacturing strategies include:

There are many factors to consider in manufacturing recovery strategies:

Resources for Developing Recovery Strategies

Manual Workarounds

Telephones are ringing and customer service staff is busy talking with customers and keying orders into the computer system. The electronic order entry system checks available inventory, processes payments and routes orders to the distribution center for fulfillment. Suddenly the order entry system goes down. What should the customer service staff do now? If the staff is equipped with paper order forms, order processing can continue until the electronic system comes back up and no phone orders will be lost.

The order forms and procedures for using them are examples of “manual workarounds.” These workarounds are recovery strategies for use when information technology resources are not available.

Developing Manual Workarounds

Identify the steps in the automated process - creating a diagram of the process can help. Consider the following aspects of information and work flow:

Internal Interfaces (department, person, activity and resource requirements)

Create data collection forms to capture information and define processes for manual handling of the information collected. Establish control logs to document transactions and track their progress through the manual system.

Manual workarounds require manual labor, so you may need to reassign staff or bring in temporary assistance.

Last Updated: 05/26/2021

Return to top

6 Things Your Business Continuity Plan Should Include

June 11, 2021  |  by ThinkSecure Network

Downtime and disaster strike when we least expect it. The good news, however, is that there are steps you can take to prepare for the worst. That’s where business continuity planning comes in. Here’s what you need to know about business continuity planning, and 6 tips to prevent your business from becoming one of the 25% of SMBs that fail to reopen after a disaster.

What a business continuity plan is 

A business continuity plan outlines how you plan on keeping your business operational if there’s an unplanned or severe disruption to your usual services. 

The business continuity plan includes, for example, data recovery and backup procedures, strategies for resuming office productivity, and communication guidelines. This means, although a disaster recovery strategy is part of any good business continuity plan, it’s only one part of a much larger strategy for keeping things moving during times of operational difficulty. 

Why you should have a business continuity plan

Downtime costs businesses money. It’s estimated that the average infrastructure failure costs SMBs up to $100,000 an hour . Depending on how long the downtime persists, it may be impossible to recover. 

A business continuity plan is the only way to reduce the time you spend inactive after disaster strikes. 

What are some things that a business continuity plan needs?

A business continuity plan is only as good as its contents. Here are 6 things that you’ll find in every solid business continuity plan.  

The key contacts

You must have clear points of contact for your employees in the event of a disaster. This means appointing someone to oversee the business continuity plan and providing their contact details to every team member. You should also have a contingency plan in case your overseer is unreachable.

Communication guidelines

Know how you’ll communicate with staff, suppliers, and customers if the systems go down. Ensure you have a secondary line of communication in place to reach people and communicate vital messages.  

Threat analysis

Understand the threats that could affect your business, whether this is a natural disaster, major cybersecurity event, or employee error, and rank these threats based on:

Understanding the threat you’re dealing with, and its possible ramifications, tells you how to respond should the need arise. 

Suppliers and merchants

Have a means of contacting your utility suppliers, merchants, and landlord, and IT service providers should the systems fail. Knowing how you’ll contact these individuals in advance reduces the stress associated with disaster recovery.

Recovery phases

Understand what your critical business operations are, and prioritize getting them up and running again. This should be stage one of your recovery. Implement your system recovery in phases to reduce the risk of error, system malfunction, and miscommunication. 

Disaster planning 

Every business continuity plan needs a specific plan for handling natural disasters, such as hurricane or storm damage. Be aware of how likely it is that a natural disaster will affect your business and plan accordingly. You should also be aware of what you’ll do if, for example, a plumbing disaster floods the entire office and makes it uninhabitable. 

Protect your business today

Your business continuity plan is critical to keeping your company operational and your data secure if disaster strikes. By including these 6 things in your business continuity plan, you’ll reduce the chance of your SMB becoming another unfortunate statistic. For more information on how to design a business continuity plan that suits your particular business needs, contact us today.


Share this article

Share on Facebook

Experience the impact the right technology partner will have on your business.

Contact Us

Subscribe To Our Blog

Related blog articles, managed services, we are complexity management specialists.

Ecommerce Business Continuity Planning: 7 Steps to Assess Risk and Plan for the Unexpected


Get The Print Version

Tired of scrolling? Download a PDF version for easier offline reading and sharing with coworkers.

Share this article

Victoria Fryer

Alex Fullick

A business continuity plan is governed by a business continuity policy. You can learn more about creating a business continuity policy and find examples by reading our guide on developing an effective business continuity policy .

How to Create a Business Continuity Plan

Creating a business continuity plan (BCP) involves gathering a team, studying risks and key tasks, and choosing recovery activities. Then write the plan as a set of lists and guidelines, which may address risks such as fires, floods, pandemics, or data breaches.

According to Alex Fullick, your best bet is to create a simple plan. “I usually break everything down into three key categories: people, places, and things. If you focus on a couple of key pieces, you will be a lot more effective. That big binder of procedures is absolutely worthless. You need a bunch of guidelines to say what you do in a given situation: where are our triggers for deciding we’re in a crisis and we have to stop doing XYZ, and just focus on ABC.” 

“Post-pandemic, I think new managers will develop more policies and guidelines of all types than required, as a fear response,” cautions Michele Barry. 

Because every company is different, no two approaches to business continuity planning are the same. Tony Bombacino, Co-Founder and President of Real Food Blends , describes his company’s formal and informal business continuity approaches. “The first step in any crisis is for our nerve center to connect quickly, assess the situation, and then go into action,” he explains. 

Tony Bombacino

“Our sales manager and our marketing manager might discuss what’s going on, and say, ‘Are we going to say anything on social media? Do we need to reach out to any of our customers? The key things, like maintaining stock levels or what if somebody gets sick? What if there's a recall?’ Those plans we have laid out. But we're not a 5,000-person multi-billion-dollar company, so our business continuity plan is often in emails and Google Docs.” 

Mike Semel

“I've done planning literally for hundreds of businesses where we've just filled out basic forms,” says Mike Semel, President and Chief Compliance Officer of Semel Consulting . “For example, noting the insurance company's phone number — you know, on the back of your utility bill, which you never look at, there's an emergency number for if the power goes out or if the gas shuts off. We've helped people gather all that information and put it down. Even if there's no other plan, just having that information at their fingertips when they need it may be enough.”

You can also approach your business continuity planning as including three types of responses:

Quick-Start Guide Business Continuity Plan Template

Business Continuity Quick Start Guide and template

If you don’t already have a business continuity plan in place, but need to create one in short order to respond to a disruption, use this quick-start business continuity template. This template is available in Word and Google Docs formats, and it’s simply formatted so that you can focus on brainstorming and problem-solving. 

Download Quick-Start Guide Business Continuity Plan Template

Word | PDF | Google Docs | Smartsheet

For other most useful free, downloadable business continuity plan (BCP) templates please read our "Free Business Continuity Plan Templates" article.

Key Components of a Business Continuity Plan

Your company’s complete business continuity plan will have many details. Your plan may differ from other companies' plans based on industry and other factors. Each facility or business unit may also conduct an impact analysis and create disaster recovery and continuity plans . Consider adding these key components to your business plan:

Key Resources for Business Continuity

To fix problems, restore operations, or submit an insurance claim, you need readily available details of the human resources and other groups that can assist with business continuity. (Your organization's unique situation may also require specific types of resources.) Add this information to appendices at the back of your continuity plan.

Fullick suggests broadening the definition of human assets. "People are our employees, certainly. But we forget that the term ‘people’ includes executive management. Management doesn't escape pandemics or the flu or a car crash. Bad things can happen to them and around them, too." 

Use the following list as a prompt for recording important information about your organization. Your unique situation may require other types of information.

Activities to Complete Before Writing the Business Continuity Plan

Before you write your plan, take these preliminary steps to assemble a team and gather background information. 

Common Structure of a Business Continuity Plan

Knowing the common structure should help shape the plan — and frees you from thinking about form when you should be thinking about content. Here is an example of a BCP format:

Keep in mind that every business is different — no two BCPs look the same. Tailor your business continuity plan to your company, and make sure the document captures all the information you need to keep your business functioning. Having everything you need to know in an emergency is the most crucial part of a BCP.

Disruptive Incident Quick-Reference Card Template

Disruptive Incident Quick Reference Cad Template

Use this quick-reference card template to write the key steps that employees should take in case of an emergency. Customize this template for each business unit, department, or role. Describe what people should do immediately and in the following days and weeks to continue the business. Print PDFs and laminate them for workstations or wallets, or load the PDFs on your mobile phone. 

Download Disruptive Incident Quick-Reference Card Template 

Expert Disaster Preparation Checklist

Business continuity and disaster planning aren’t just about your buildings and cloud backup — it’s about people and their families. Based on a document by Mike Semel of Semel Consulting, this disaster checklist helps you prepare for the human needs of your staff and their families, including food, shelter, and other comforts.

Tips for Writing a Business Continuity Plan

With its many moving parts and considerations, a business continuity plan can seem intimidating. Follow these tips to help you write, track, and maintain a strong BCP:

Empower Your Teams to Build Business Continuity with Smartsheet

Empower your people to go above and beyond with a flexible platform designed to match the needs of your team — and adapt as those needs change. 

The Smartsheet platform makes it easy to plan, capture, manage, and report on work from anywhere, helping your team be more effective and get more done. Report on key metrics and get real-time visibility into work as it happens with roll-up reports, dashboards, and automated workflows built to keep your team connected and informed. 

When teams have clarity into the work getting done, there’s no telling how much more they can accomplish in the same amount of time.  Try Smartsheet for free, today.

Discover why over 90% of Fortune 100 companies trust Smartsheet to get work done.


  1. Improving Your Business Continuity Plan in 4 Steps

    what should a business continuity plan look like

  2. Business Continuity Plan

    what should a business continuity plan look like

  3. 😊 Business continutiy plan. 13 Business Continuity Plan Examples. 2019-02-14

    what should a business continuity plan look like

  4. FREE 12+ Sample Business Continuity Plan Templates in PDF

    what should a business continuity plan look like

  5. Business Continuity Plan Sample Fresh Free 13 Business Continuity Plan Templates In Free

    what should a business continuity plan look like

  6. How to create a business continuity plan

    what should a business continuity plan look like


  1. D&V Philippines

  2. What’s your winter practice plan look like? #golf #practice #teamaj

  3. Introduction to Business Continuity Planning


  5. Room Alert Environment Monitoring

  6. day 280


  1. How to Make a Financial Plan for Your Business

    Preparing a financial plan for your business is important if you plan to pursue business finance options such as loans, according to Inc. Business finance companies look at the short-term viability as well as the long-term potential of a bu...

  2. How to Make a Retirement Plan

    There are a few simple things you can do to make planning for the future easier. Things like establishing a savings habit, making it automatic, and calculating how much you’ll need.

  3. Making a Risk Management Plan for Your Business

    It’s impossible to eliminate all business risk. Therefore, it’s essential for having a plan for its management. You’ll be developing one covering compliance, environmental, financial, operational and reputation risk management.

  4. How to create an effective business continuity plan

    Anatomy of a business continuity plan · Identify the scope of the plan. · Identify key business areas. · Identify critical functions. · Identify dependencies

  5. What Is A Business Continuity Plan? [+ Template & Examples]

    What are your top 5 most important processes? What systems or applications are needed to support your operations? How does [X department] depend

  6. Business Continuity Plan (BCP) in 8 Steps, with Templates

    This should include: A description of the service or function; Individuals responsible for implementing the action plan; Backup individuals; Business impact

  7. 5 Essential Steps to Business Continuity Planning

    Steps to Creating a Business Continuity Plan · Step 1: Assemble a Business Continuity Management Team · Step 2: Ensure the Safety and Wellbeing of

  8. What Does a Business Continuity Plan Typically Include? [Complete

    What Should my Business Continuity Plan Include? · An analysis of all critical functions within your business. · A prioritized list of risks that

  9. Business Continuity Plan

    Resource Required to Support Recovery Strategies · Employees · Office space, furniture and equipment · Technology (computers, peripherals

  10. 6 Things Your Business Continuity Plan Should Include

    The business continuity plan includes, for example, data recovery and backup procedures, strategies for resuming office productivity, and communication

  11. FEMA Small Business Continuity Plan Template

    for businesses based on three types of disruptions that could occur individually

  12. 7 Steps For Creating a Business Continuity Plan

    Creating Your Ecommerce Business Continuity Plan · 1. Identify objectives and goals of the plan. · 2. Establish an emergency preparedness team. · 3. Perform a risk

  13. How to Write a Business Continuity Plan

    Creating a business continuity plan (BCP) involves gathering a team, studying risks and key tasks, and choosing recovery activities. Then write

  14. Where can I find a business continuity plan template?

    A business continuity plan is a written document outlining how a business will operate during an emergency. The Department of Homeland Security (DHS)