The Ultimate Guide to Business Continuity Planning

A key output of the business continuity planning process, plans are documented steps that help companies respond to and recover from a business disruption.

business continuity plan types

What is a Business Continuity Plan?

In most business continuity programs, there are five major types of plans:

This article focuses on the fifth of the plan types, business continuity plans.

What is the Purpose of a Business Continuity Plan?

The purpose of a  business continuity program is to prevent disruption and respond efficiently and effectively when one occurs. As such, business continuity plans typically serve three main purposes:

There’s a US military quote that’s often cited when it comes to “plans” (with many people receiving credit for it). It goes something like this: “Plans are only useful as evidence that planning took place.”

When it comes to business continuity plans, that is partially true.  Business continuity plans must remain flexible to changing circumstances, but also include procedures that outline how to implement recovery strategies addressing a loss of people, the workplace, equipment, information technology services and data, and suppliers/third parties.

What is the Best Approach to Writing a Business Continuity Plan – Resource-Loss vs. Threat-based Planning?

Over the years, business continuity professionals debated two major schools of thought on the approach to planning: resource-loss based planning and threat-based planning. Castellan strongly recommends the former, resource-loss based planning.

Several years ago, the business continuity industry focused on completing threat-based plans. These plans focused on an organization’s response to very specific events: snowstorms, fires, floods, pipe bursts, tornados, and acts of terrorism. There are two key issues with threat-based planning:

Also, should any of these threats occur, the result is the same – a loss of people, the workplace, equipment, information technology services and data, and suppliers/third parties.  So why not keep it simple and streamline the planning effort?

This is where resource-loss based planning came into place.

When creating business continuity plans (typically, one plan each for a function or department), Castellan focuses on four main resource types: people, workplace/equipment, information technology, and supplier / third parties. When documenting business continuity procedures, Castellan first works to identify the best strategies to address each resource loss for each department or function, and then documents how to implement each strategy following the onset of a disruption and as necessary, how to operate differently until returning to normal.

Before covering the business continuity plan creation process in more detail, it’s important to point out one more detail.  There is a place for some threat-based procedures.  For example, procedures to address preparation for hurricane, or if a public health emergency is imminent, how to prepare staff for a period of absenteeism.

Get The Department Recovery Plan Template

How to Write a Business Continuity Plan?

Plan documentation is the fourth phase in Castellan’s  Business Continuity Operating System  (BCOS). Prior to documenting plans, it is necessary to complete the Startup, Analysis, and Strategy phases to scope the business continuity program, understand key activities as they relate to the organization’s key products and services, identify activity dependencies (resource requirements), and determine the  strategies to recover each dependency .

After completing the first three BCOS phases, it is time to document the business continuity plans. Creating business continuity plans involves four steps:

1. Planning Approach Determination

As discussed earlier, there are five types of business continuity plans: crisis management, crisis communications, emergency response, IT disaster recovery, and business continuity. However, some organizations may combine plans into a single document.  This decision is often based on organizational size, complexity, sector, and structure.

The most common planning approach that we see organizations use looks like this:

business continuity plan types

With this planning approach, individual teams (and their respective plans) can be triggered into action in response to a disruption impacting their respective function/department or resource dependency.

For crises or disasters that have the potential to disrupt the entire organization, the crisis management team (supplemented by the crisis communications team) would be triggered into action. This group, or groups, would provide strategic direction and address issues from individual functions/departments that were escalated, along with approving spend to acquire required resources for recovery. This group would also manage internal and external communications. Using this approach, other members of the organization’s executive leadership team that aren’t actively participating (or don’t have a specific role), aids and provides resources to the crisis management team on as “as needed” basis.

However, this approach does not make sense for all organizations. Some common examples of when a different structure is beneficial include:

2. Plan Development

Plan development addresses the creation of the plan, leveraging and summarizing information, conclusions and outcomes stemming from the Analysis and Strategy phases of the Business Continuity Operating System.

The first task is establishing the structure of each plan and clarifying the relationship among the plans.  Business continuity plans typically include the following sections/content:

Response and recovery procedures

Scope and Objectives

The business continuity plan scope and objectives section should summarize what the plan intends to accomplish. Additionally, the plan should define the scope of the response and recovery effort addressed by the plan.

Team Members and Contact Information

This section should outline the team members needed to manage the response and recovery effort and their  roles and responsibilities . Contact information for each team member should also be documented in the plan. In addition to the team’s contact information, any other individuals or organizations – internally or externally – that may need to be contacted during a disruption should be documented within the plan.

Response and Recovery Procedures

During the BCOS “Strategy” phase, decisions were made on how the organization would respond in general, and how to recover affected resources (people, workplace/equipment, information technology, and suppliers/third parties). During the planning process, it is important to document how to implement these strategies, and as necessary, how to operate differently when employing these strategies. Each procedure should be assigned to a team role to ensure that no steps are missed (thereby delaying the recovery effort). One more point regarding recovery strategies – business continuity plans should include information on how to use manual workarounds or alternate procedures, if known and possible.

3. Plan Review and Approval

Following the completion of an initial draft of each plan, it should be reviewed and approved by the members of the response or recovery team. Team members should validate that the procedures documented are accurate for their individual roles. Team members should be encouraged to add details and steps that accurately describe additional responsibilities or actions that they would perform during the response to a disruption. After the plan has been reviewed by members of the team, it should be approved by the plan owner, who is often the team leader.

4. Plan Refresh

Business continuity best practices  recommend that documentation is reviewed, updated, and approved, at a minimum, on an annual basis. As such, Castellan recommends that on an annual basis (or more frequently if the organization covered by the plan changes materially) organizations review their business continuity plans. Team members, roles and responsibilities, and strategies/procedures are key areas that should be reviewed and refreshed. Considerations include:

Common Challenges When Creating Business Continuity Plans

Organizations face many challenges when documenting business continuity plans. A few of the most common challenges include:

Reliance on Templates

Business continuity plan templates can ensure a higher level of quality through consistency of structure, and also efficiency by centrally creating content applicable to all plans.  However, just like anything, a template only can do so much. Where a plan template can provide a great starting point, it alone will not suffice if your organization wants to be truly prepared for an incident if the template is not updated to describe how to response and recover using selected strategies.  Templates are a great start, but plan customization is where your organization will gain the most from the planning process.

Plans Lack Focus

One of the most common questions we hear when discussing the plan documentation process with plan owners is “What am I supposed to do when something happens?” The answer to this question and the focus of any plan should be very simple: the plan is used to guide the response to and recovery from the disruption. To do so, plans must document the answers to a few simple questions, notably:

The results from the business impact analysis (BIA) should establish business continuity requirements, enabling the strategy determination and plan documentation effort.  The BIA should define what activities need to be resumed, how soon these activities need to be resumed, to what performance level, and what resources are needed. If a plan doesn’t address BIA results in a concise manner, the plan will lack focus and will likely be ineffective.

Plan Activities and Tasks are Too Generic or Irrelevant

This ties in with our point about using plan templates!

Strategy development must occur before documenting business continuity plans. Too often, practitioners forget that the key function of a plan is to document the steps necessary to recover and describe how to operate in “recovery mode.” To ensure that plans are relevant and make sense, plan owners and those that use the plans must work together to identify strategies in the event of a resource loss. Once plan owners are aware of approved response and recovery strategies specific to their business activities, plan documentation typically becomes significantly simpler. Imagine trying to document the steps necessary to relocate operations to a new facility without knowing where that location is, how many employees can go there, and what resources are available.

Plan Content Is Not Developed for the Right Audience

All managers delegate, and when done right, delegation is often a good thing, especially when managers can leverage subject-matter experts (SME) to assist in the planning process. However, business continuity practitioners always need to work with managers to ensure that plans are written at the appropriate level and provide actionable steps for the recovery team, which usually consists of managers and SMEs. If the new summer intern isn’t familiar with business operations, he or she is probably not the best person to develop the function or department’s business continuity plan. Business continuity professionals can work with business owners to ensure appropriate buy-in and further set expectations for plan owners during the strategy and plan development process to ensure proper ownership and review prior to approval.

What is the Difference Between an IT Disaster Recovery Plan and a Business Continuity Plan?

As mentioned earlier, there are five types of plans. Two of these plans that often get confused are IT disaster recovery plans and business continuity plans. Both types of plans focus on how an organization can respond to and recover from a disruption. That said, business continuity plans focus on the continuation and/or recovery of business activities, whereas IT disaster recovery plans focus on recovering IT infrastructure, applications and data.

Business continuity plans focus on four loss scenarios (people, suppliers, technology, and facilities/equipment) and the business’ response to a disruption of each. As introduced previously, plans are typically created at either the business unit, department, or site level.  On the other hand, IT disaster recovery plans focus on the technical requirements that go into recovering an organization’s IT services and associated infrastructure. There are usually several plans created as part of an IT disaster recovery program:

Frequently Asked Questions

Based on industry standards, Castellan recommends updating and performing planning activities on an annual basis (more frequently based on organizational change). In general, this determination should be made based on the speed in which your organization is changing and evolving. If an organization experiences significant changes often (i.e. the scope of each department, leadership, strategic initiatives, dependency shifts), it may be beneficial to review plans on a more frequent basis than if an organization remains largely stagnant in terms of departments, activities, risks, and dependencies.

Different individuals and groups are required during different steps of the planning process. First, the business continuity steering committee, program sponsor, and program manager should work collectively to determine the planning approach. This group should identify the type and number of plans that will be created (i.e. crisis management, IT disaster recovery, emergency response, and business continuity plans). From there, plan owners and team members should be chosen for each plan. These individuals should have the knowledge necessary to recover key activities and resources, as well as the respect and authority to make required decisions for the in-scope activities and resources.

Business continuity plan templates are a great start! They provide a structure, shared content, and standard roles and responsibilities. However, these plans do not provide the detail necessary or the organization-specific information that value-adding plan includes. A plan template will not include HOW to employ chosen strategies to recover as well as unique roles and responsibilities that are required to drive toward a successful recovery.

The first step in completing a business continuity plan is determining what plans are needed. This step should be completed by the organization’s steering committee and program manager. Considerations should include the scope of the business continuity program, size and complexity of the organization, dependencies that are used by in-scope departments/sites, and leadership required to recover from an incident.

Yes and no. Small programs may find it possible to manage a business continuity program/business continuity plans without software (by small, typically organizations with less than 10 or 15 functions/departments and less than 1,000 employees). However, software makes it significantly easier to manage a program and to automate elements of the analytic effort (and to drive program continual improvement with workflow functionality).  For larger organizations, software is almost essential as the automation alone can replace the costs associated with one or more FTEs.  For example, software allows a program manager to eliminate the need to manually seek plan owner reviews and approvals. Additionally, software can be used to streamline the response and recovery by providing a “live” version of plans and a single-source repository to provide response updates. With the time savings, the program manager can focus on stakeholder engagement and improving the organization’s ability to respond and recover. Obviously, we’re partial to  Castellan Business Continuity Software.

Resource-loss based planning is an “all-hazards” approach to business continuity planning. Rather than creating individual plan documents that focuses on the wide variety of threats that could impact an organization (i.e. tornado, snowstorm, power outage), resource-loss based planning focuses on four key loss scenarios: the loss of personnel, technology, suppliers, or facilities. Resource-loss based planning is easier to document and maintain. Whether the organization is impacted by a tornado, fire, or power outage, a “loss of facility” strategy and procedures can help the organization effectively respond.

Like insurance, we hope that you never have to use your business continuity plan! However, selecting strategies and documenting plans ensures that, if a disruption does occur, you are ready to respond in an efficient and effective manner.

business continuity plan types

Type of Plans

business continuity plan types

Navigation menu

Personal tools.

Chinese Glossary (S)

Bahasa glossary (m).


ISO Glossary

Bcm glossary.

Powered by MediaWiki

ERM Software Logo

What Does a Business Continuity Plan Typically Include? [Complete Guide]

what does a business continuity plan typically include main image


A business continuity plan (BCP) is your first line of defense against any challenge that threatens the core functionalities of your organization’s operations. When disaster strikes, your BCP should be there to reduce the time it takes to get things back up and running as usual again – as quickly as possible.

If you’re not able to react quickly to these types of incidents, your company could suffer physical harm, monetary losses, reputational damage, data integrity loss, litigation and much more.

Designing a BCP can feel overwhelming, as it’s such a critical document; where should you start? Who should be involved in the process? How should it be disseminated? These are all questions we’ll answer in this guide, including what is typically included in a BCP.

Bonus Material: Free BCP Checklist

How to Create a Business Continuity Plan

It’s important to actively invest time and energy into preparing for any potential risk before a potential event of a disaster so that if or when it does, your BCP directs you to the necessary resources to return to business as usual. That’s why creating and developing your BCP needs to involve a great deal of strategy and intention.

Taking a risk-based approach is the best way to go about developing your business continuity plan and avoid the need to use implement a disaster recovery plan. Through a risk-based approach, you follow the following steps: identify, assess, mitigate, monitor, connect and report. Here’s how to apply each of these steps during the lifecycle of your BCP:

What Should my Business Continuity Plan Include?

Your BCP should include:

Examples of Potential Unforeseen Risks

Naturally, your BCP will include risks that you deem a threat to your business. It can be difficult to begin writing that list when you’re not sure exactly what should be on it. In Risk Management, it’s important to consider potential risks that others may not have ever predicted to become reality (many people today say they never imagined in their lifetime that they would experience a pandemic).

Here is a list of potential unforeseen risks that pose a threat to business continuity:

BCP Best Practices

Like we mentioned earlier in this guide, it’s important to take a risk-based approach when creating your BCP. This will help you better preserve your business reputation, build up customer confidence and allow you to gain a competitive advantage. It will also ensure that you can avoid situations of disaster recovery. (Read our full guide on Business Continuity vs. Disaster Recovery )

To receive these benefits, it’s best practice to leverage robust business continuity planning software . This enables you to inherently take a risk-based approach and demonstrates to customers and stakeholders that you are prioritizing business continuity planning. This is especially true today amidst our ever-evolving disruptive business environment and the See-Through Economy.

Your business continuity plan will be different from anyone else’s, which is why it’s important to dedicate time and resources to creating one that fits your unique needs and risk factors. Working with a professional risk consultant is just one added benefit that’s included with your partnership with LogicManager. With their help, you’ll be able to better leverage the tools and resources included in our integrated ERM software, as well as our solution package for business continuity development .


Download our free BCP checklist to ensure that you are on the right track with your business continuity planning.

Related Posts

An alarmed man looks at a calendar

How Often Should A BCP Be Reviewed?

business continuity plan types

Business Continuity vs. Disaster Recovery: What Is The Difference?

return to school covid 19 plan

Return To School Covid 19 Plan: Lessons In Pragmatic Risk Management as School Reopening Begins

business continuity plan types

Covid-19 Second Wave Risk Mitigation: Return To Work Negligence Waiting to Happen

business continuity plan types

My Favorites List

Submit your Favorites List and our experts will reach out to you with more information. You will also receive this list as an e-mail which you can share with others. Here are the solutions you've added to your list so far:

business continuity plan types

business continuity plan (BCP)

Vicki-Lynn Brunskill

What is a business continuity plan (BCP)?

A business continuity plan (BCP) is a document that consists of the critical information an organization needs to continue operating during an unplanned event.

The BCP states the essential functions of the business, identifies which systems and processes must be sustained, and details how to maintain them. It should consider any possible business disruption.

A BCP covers risks including cyber attacks , pandemics, natural disasters and human error. The array of possible risks makes it vital for an organization to have a business continuity plan to preserve its health and reputation. A proper BCP decreases the chance of a costly power outage or IT outage.

IT administrators often create the plan. However, the executive staff participate in the process, providing knowledge of the company and oversight. They also ensure the BCP is regularly updated.

This article is part of

What is BCDR? Business continuity and disaster recovery guide

Download this entire guide for FREE now!

Importance of business continuity planning

Business continuity planning is a proactive business process that lets a company understand potential threats, vulnerabilities and weaknesses to its organization in times of crisis. The creation of a business continuity program ensures company leaders can react quickly and efficiently to business interruption .

A BCP enables a company to continue to serve customers during a crisis and minimize the likelihood of customers going to competitors. These plans decrease business downtime and outline the steps to be taken -- before, during and after an emergency -- to maintain the company's financial viability.

Elements of a business continuity plan

According to business continuity consultant Paul Kirvan, a BCP should contain the following items:

In the book Business Continuity and Disaster Recovery Planning for IT Professionals , Susan Snedaker recommends asking the following questions:

Business continuity planning steps

The business continuity planning lifecycle contains these five steps:

The business continuity plan lifecycle.

BCP implementation

Once the business has started the planning process, it launches the BIA and RA processes to collect important data. The BIA defines the critical functions that must continue during a crisis and the resources needed to maintain those operations. The RA details the potential internal and external risks and threats, the likelihood of them happening, and the possible damage they could cause.

The next step determines the best ways to deal with the risks and threats outlined in the BIA and RA, and how to limit damage from an event. A successful business continuity plan defines step-by-step procedures for response.

The BCP should not be overly complex and does not need to be hundreds of pages long; it should contain just the right amount of information to keep the business running. Small businesses can use a one-page plan with all the necessary details. That can be more helpful than a long plan that is difficult to use. Those details should include the following:

Key implementation steps

The four steps involved in implementing a BCP are the following:

BCP testing

An organization's technology, processes, staff and facilities constantly change. Therefore, regular testing, reviewing and updating of a BCP is critical. Plan testing should be undertaken using tabletop exercises, walk-throughs, practice crisis management communications and emergency enactments to test the viability of the plan and to see how employees and executives react under stress.

Regular testing and maintenance ensure the BCP is current and accurate. A simple test of a business continuity plan might involve talking through it. A complex test requires a full run-through of what will happen in the event of a business disruption.

The test can be planned in advance or it can be done spur of the moment to better simulate an unplanned event. If issues arise during testing, the plan should be corrected accordingly during the maintenance phase. Maintenance also includes a review of the critical functions outlined in the BIA and the risks described in the RA, as well as plan updating if necessary.

A business continuity plan must be continually improved; updates should not wait for a crisis. Staff members involved in the plan must get regular updates and business continuity training . An internal or external business continuity plan audit should be used to evaluate the effectiveness of the BCP and highlight areas for improvement.

List of business continuity plan audit requirements.

For specific BCP testing steps, download the guide Business continuity and disaster recovery testing templates .

Business continuity planning software, tools and trends

There is help available to guide organizations through the business continuity planning process, from consultants to tools to full software. Which approach an organization should take depends on the complexity of the business continuity planning task, the amount of time and personnel available, and the budget. Before making a purchase, it is advisable to research both products and vendors, evaluate demos, and talk to other users.

For more complicated functions, business continuity planning software uses databases and modules for specific exercises. The U.S. Department of Homeland Security, through its website, offers software in its Business Continuity Planning Suite. Other business continuity software vendors include Castellan, formed from the merger of Assurance, Avalution and ClearView in 2020; CLDigital, formerly Continuity Logic; Fusion Risk Management; Quantivate; and Sungard Availability Services.

The Federal Financial Institutions Examination Council's Business Continuity Management booklet contains guidance on plan development, testing, standards and training for both financial and nonfinancial organizations.

Free download of BCP template

The role of the business continuity professional has changed and continues to evolve. As IT administrators are increasingly asked to do more with less, it is advisable for business continuity professionals to be well versed in technology, security, risk management, emergency management and strategic planning.

Business continuity planning must also take into account emerging and growing technologies, such as the cloud and virtualization , as well as new threats, such as cyber attacks like ransomware .

One resource that combines all these elements is SearchDisasterRecovery's free, downloadable business continuity plan template . It provides guidance and insight for creating a successful BCP.

Business continuity planning standards

Business continuity planning standards provide a starting point.

The International Organization for Standardization (ISO) 22301:2019 standard is regarded as the global standard for business continuity management . ISO 22301 is often complemented by other standards, such as the following:

Other standards include the following:

Emergency management and disaster recovery plans

An emergency management plan is a document that helps to lessen the damage of a hazardous event. Proper business continuity planning includes emergency management as an important component. The appointed emergency management team takes the lead during a business disruption.

An emergency management plan, like a BCP, should be reviewed, tested and updated regularly. It should be fairly simple and provide the steps needed to get through an event. The plan also should be flexible, because situations are often fluid. Teams involved in the event of a disaster should communicate frequently during the incident.

Diagram of how disaster recovery and business continuity plans are related.

Disaster recovery (DR) and business continuity planning are often linked, but they are different. A DR plan is reactive, as it details how an organization recovers after a business disruption. A business continuity plan is a proactive approach that describes how an organization can maintain business operations during an emergency.

Learn more about responding to unplanned emergencies in this complete guide to managing crises .

Continue Reading About business continuity plan (BCP)

Related Terms

Dig deeper on disaster recovery planning and management.

business continuity plan types

6 reasons a business impact analysis is important


Free business impact analysis (BIA) template with instructions


business impact analysis (BIA)


Asigra's forthcoming SaaSBackup platform lets Asigra data protection technology protect SaaS backups. MSPs will be able to sell ...

A new SaaS backup specialist emerges from stealth to protect data in apps such as Trello, GitHub and GitLab, which CEO Rob ...

A growing number of enterprise Kubernetes users presents an opportunity for CloudCasa, currently a division of Catalogic, with ...

Pure Storage expanded its storage offerings with FlashBlade//E designed for the unstructured data market with an acquisition cost...

Data governance manages the availability, usability, integrity and security of data. Follow these best practices for governance ...

Vast Data Universal Storage brought out data services, including set performance, metadata cataloging, better security, container...

A coordinated law enforcement effort last week resulted in raids and arrest warrants against 'core members' of the infamous ...

Working from an incident response playbook can speed organizations' responses to cyber attacks. Find out how to build repeatable ...

An incident response program ensures security events are addressed quickly and effectively as soon as they occur. These best ...

While the EU is considering new cryptocurrency regulation, the U.S. Securities and Exchange Commission is focused on heightening ...

Policymakers want federal data privacy legislation limiting businesses' ability to collect data on individuals and banning ...

Public, private, hybrid or consortium, each blockchain network has distinct pluses and minuses that largely drive its ideal uses ...

Frequently Asked Questions

The Bottom Line

What Is a Business Continuity Plan (BCP), and How Does It Work?

business continuity plan types

Pete Rathburn is a copy editor and fact-checker with expertise in economics and personal finance and over twenty years of experience in the classroom.

business continuity plan types

Investopedia / Ryan Oakley

What Is a Business Continuity Plan (BCP)? 

A business continuity plan (BCP) is a system of prevention and recovery from potential threats to a company. The plan ensures that personnel and assets are protected and are able to function quickly in the event of a disaster.

Key Takeaways

Understanding Business Continuity Plans (BCPs)

BCP involves defining any and all risks that can affect the company's operations, making it an important part of the organization's risk management strategy. Risks may include natural disasters—fire, flood, or weather-related events—and cyber-attacks . Once the risks are identified, the plan should also include:

BCPs are an important part of any business. Threats and disruptions mean a loss of revenue and higher costs, which leads to a drop in profitability. And businesses can't rely on insurance alone because it doesn't cover all the costs and the customers who move to the competition. It is generally conceived in advance and involves input from key stakeholders and personnel.

Business impact analysis, recovery, organization, and training are all steps corporations need to follow when creating a Business Continuity Plan.

Benefits of a Business Continuity Plan

Businesses are prone to a host of disasters that vary in degree from minor to catastrophic. Business continuity planning is typically meant to help a company continue operating in the event of major disasters such as fires. BCPs are different from a disaster recovery plan, which focuses on the recovery of a company's IT system after a crisis.

Consider a finance company based in a major city. It may put a BCP in place by taking steps including backing up its computer and client files offsite. If something were to happen to the company's corporate office, its satellite offices would still have access to important information.

An important point to note is that BCP may not be as effective if a large portion of the population is affected, as in the case of a disease outbreak. Nonetheless, BCPs can improve risk management—preventing disruptions from spreading. They can also help mitigate downtime of networks or technology, saving the company money.

How to Create a Business Continuity Plan

There are several steps many companies must follow to develop a solid BCP. They include:

Companies may also find it useful to come up with a checklist that includes key details such as emergency contact information, a list of resources the continuity team may need, where backup data and other required information are housed or stored, and other important personnel.

Along with testing the continuity team, the company should also test the BCP itself. It should be tested several times to ensure it can be applied to many different risk scenarios . This will help identify any weaknesses in the plan which can then be identified and corrected.

In order for a business continuity plan to be successful, all employees—even those who aren't on the continuity team—must be aware of the plan.

Business Continuity Impact Analysis

An important part of developing a BCP is a business continuity impact analysis. It identifies the effects of disruption of business functions and processes. It also uses the information to make decisions about recovery priorities and strategies.

FEMA provides an operational and financial impact worksheet to help run a business continuity analysis. The worksheet should be completed by business function and process managers who are well acquainted with the business. These worksheets will summarize the following:

Completing the analysis can help companies identify and prioritize the processes that have the most impact on the business's financial and operational functions. The point at which they must be recovered is generally known as the “recovery time objective.”

Business Continuity Plan vs. Disaster Recovery Plan

BCPs and disaster recovery plans are similar in nature, the latter focuses on technology and information technology (IT) infrastructure. BCPs are more encompassing—focusing on the entire organization, such as customer service and supply chain. 

BCPs focus on reducing overall costs or losses, while disaster recovery plans look only at technology downtimes and related costs. Disaster recovery plans tend to involve only IT personnel—which create and manage the policy. However, BCPs tend to have more personnel trained on the potential processes. 

Why Is Business Continuity Plan (BCP) Important?

Businesses are prone to a host of disasters that vary in degree from minor to catastrophic and business continuity plans (BCPs) are an important part of any business. BCP is typically meant to help a company continue operating in the event of threats and disruptions. This could result in a loss of revenue and higher costs, which leads to a drop in profitability. And businesses can't rely on insurance alone because it doesn't cover all the costs and the customers who move to the competition.

What Should a Business Continuity Plan (BCP) Include?

Business continuity plans involve identifying any and all risks that can affect the company's operations. The plan should also determine how those risks will affect operations and implement safeguards and procedures to mitigate the risks. There should also be testing procedures to ensure these safeguards and procedures work. Finally, there should be a review process to make sure that the plan is up to date.

What Is Business Continuity Impact Analysis?

An important part of developing a BCP is a business continuity impact analysis which identifies the effects of disruption of business functions and processes. It also uses the information to make decisions about recovery priorities and strategies.

FEMA provides an operational and financial impact worksheet to help run a business continuity analysis.

These worksheets summarize the impacts—both financial and operational—that stem from the loss of individual business functions and processes. They also identify when the loss of a function or process would result in the identified business impacts.

Business continuity plans (BCPs) are created to help speed up the recovery of an organization filling a threat or disaster. The plan puts in place mechanisms and functions to allow personnel and assets to minimize company downtime. BCPs cover all organizational risks should a disaster happen, such as flood or fire.  

Federal Emergency Management Agency. " Business Process Analysis and Business Impact Analysis User Guide ," Pages 15 - 17. Accessed Sept. 5, 2021.

Business Essentials

Government & Policy

Tech Companies

Stocks & Bond News


By clicking “Accept All Cookies”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts.



What Are the Types of Business Continuity Strategy?

This is a continuation of the previous article  Formulating Your Business Continuity Strategy .  This  second part of the BC Strategy phase of the "New BCM Manager" series provides the detailed elaboration of the three strategies for business continuity (BC) implementation.

Output of BC Strategy

The output of the business continuity (BC) strategy phase would generally include a strategy for mitigation, (crisis) response, and recovery.

(a) Mitigation Strategy

BCM Series Recovery Strategy Book

These threats must be identified and further attempts to lower the risk posed by them must be implemented with the objective to preventing any potential disruption. In addition, a mechanism must be in place to detect and sound the alarm should an threat materialize. These detection mechanisms could take the form of monitoring tools that captures and records abnormal changes in the environment or process.   

While it is always better to prevent a disaster from happening, it is impossible to say with one hundred percent certainty that one will never occur. In the unfortunate event that a disaster causes business operations to be disrupted, a strategy is required to ensure effective and timely recovery and resumption.

(b) Recovery Strategy

The recovery strategy should focus on re-gaining or re-establishing what has been lost in the disaster.

Alternatively, an organisation that does not or chooses not to own spare resource, could lease the resource. An example of leasing is to subscribe to a shared recovery space with a reputable service provider.  There is some minimal assurance that recovery seats are available; however, as with such a model, there is no guarantee - the seats are shared and the first caller activating the recovery seats will be given priority. Yet other organisations may choose to procure resources only when a disaster occurs. This model gives the least recovery assurance as the required resources may not be available when needed most.

In developing the recovery strategy, not only must one think about getting back resources needed to continue critical business operations, one must also keep in mind that the recovery must be done within the prescribed RTOs for these critical operations. If a resource cannot be recovered in this time, an alternative means or interim method of carrying on the critical operation must be found. These interim measures are often called Temporary Operating Procedures (TOP).

(c) Crisis Response Strategy

Where an organisation does not already have an incident management or response plan, the strategy might also include a response component that spells out the prioritized activities that the organisation would undertake in a disaster. These activities include emergency responses, like evacuation, situational assessment and modes of communication.

Typically the business continuity strategy outlines the structure of how to prevent, respond and recover from a disaster.

business continuity plan types

It approaches recovery at a macro level and does not dwell on details. This is often useful in providing an overview to management and allows them to see the “big picture” for organisational recovery. It is important to gain their approval before we proceed to decompose the strategy into detailed actionable steps in the plan development phase of the project.

Learn More About Business Continuity Management (BC-CM-CC-ITDR)

You may want to know more about business continuity management courses.

CTA KMA Know More About BCM



For our Singapore colleagues, funding are available under the  CITREP+ and WSQ program.

CITREP+ [BL-B-5] What Funding Is Available?

hbspt.cta._relativeUrls=true;hbspt.cta.load(3893111, '0ab1a8b7-14ce-444a-a632-b58a1e494344', {"useNewLoader":"true","region":"na1"}); hbspt.cta._relativeUrls=true;hbspt.cta.load(3893111, 'dc3955a2-1ceb-4902-9559-49f94948fc8a', {"useNewLoader":"true","region":"na1"}); hbspt.cta._relativeUrls=true;hbspt.cta.load(3893111, '6cd9625e-8a55-4266-88bb-49ecc436d642', {"useNewLoader":"true","region":"na1"});

New Call-to-action

Business Continuity Planning: What Is It All About?

There are numerous threats that can disrupt your business, and different scenarios of how these hostile events may unfold. A  study by Allianz found events like cyber incidents, business interruptions, changes in regulations and natural disasters are the top business risks in 2021.

Effective planning puts you in the driver’s seat when tackling response and recovery efforts after a disruption.  If your plan is sound, you can make it a repeatable approach to minimize downtime, so much so, it becomes almost second nature for your business.

To put it simply, a well-thought-out business continuity plan (BCP) prepares you for unexpected business disruptions.

What is a Business Continuity Plan?

A business continuity plan (BCP) is a document that outlines a set of preventive strategies to ensure business continuity following any disruption caused due to cyberattacks, on-premise accidents, supply chain disruptions, natural disasters, and other operational failures.

BCP is essentially a hedging tool to reduce the risk associated with data loss and infrastructural downtime.

However, your BCP requires a coordinated effort across several departments. You need to build out a business continuity management (BCM) team that will be responsible for putting the business continuity plan in motion.

A good BCM team consists of:

Components of the Business Continuity Plan

BCPs vary based on the requirements of the organizations’ industry and the unique needs of the business. However, there several components every healthy BCP should have.

1. Recovery personnel

A dedicated individual should be assigned to manage the recovery process to get systems back up and running quickly. Ideally, at least one such person should be appointed from each department.

2. Recovery procedure

The recovery procedure outlines the strategies to restore key business functions and helps to prioritize assets critical to business operation. These assets include equipment, IT systems and contact lists. To protect critical assets, work with line of business leaders to classify them based on their criticality to the business and define recovery objectives such as Recovery Point Objective (RPO) and Recovery Time Objective (RTO). Identify risks and potential threats, and determine the right tools and techniques required of a system to guide you in recovering these assets in case of an unwelcoming event.

3. Data backup

Your BCP should clearly establish how to back up data, as well as the methods used for backup and recovery. Depending on RTO and RPO as well as the granularity of recoveries required (i.e., restoration of individual files), your methods may vary. Data backup tools may include the use of on-premise appliances, virtual appliances, cloud targets, SaaS backup, and direct-to-cloud backup.

The Benefits of Business Continuity Plan

Ambassadors of BCP tend to keep the conversation around what will happen to the business if there is no plan? Let’s switch tracks and talk about the benefits your business can enjoy if a business continuity plan is in place.

Business continuity on point

A comprehensive BCP ensures product and service continuity even during an ongoing crisis. It creates fodder for enhancing the operational effectiveness of the business; instead of painting a bleak picture in the wake of a disaster, consider an approach that highlights the advantage of resuming operations with minimal downtime. The BCP keeps revenue flowing. The quicker disruptions are resolved, the shorter the downtime, and the smaller your losses. In many cases, a BCP has prevented disruption from snowballing into destruction – often the potential losses from damages are far greater than the cost of developing a business continuity plan.

Resilience and reputation intact

A business continuity plan safeguards your business’ reputation. In many cases, the BCP outlines protocols for protecting priority customers or partner infrastructure. Meeting your obligations despite calamities puts your business in a favorable light among customers and partners. This vote of confidence ensures customer retention, protecting your market share while avoiding major financial losses.

Enable security on all fronts

Business disruptions can be manmade as well. Interestingly, human error is the leading cause of business data loss, not hardware failure or data corruption. A BCP addresses intentional or unintentional asset misuse as part of the risk assessment. As you evaluate and update your plan regularly, acknowledge your risk assessment findings and leverage them to realign systems and processes to tackle the security loopholes.

Watch the video to learn more about the benefits of a healthy business continuity plan.

Types of Continuity Plans

Let’s explore the different types of BCPs and their purpose within your overall business continuity strategy.

Business Continuity Plan

The ISO 22301 states that a BCP should typically focus on the implementation, maintenance, and management of a system designed to protect against disruptions should they arise as well as the recovery of resources, services and activities required to ensure the continuity of critical business functions.

In many ways, a successful recovery strategy may resemble a sequence of business continuity plans being initiated in a prioritized order, with ongoing reporting of their status to the crisis management team. The communication between the department-level recovery teams and crisis management team is critical in executing a successful recovery per the methodology in the BCP.

A BCP outlines the following:

Crisis Communications Plan

How do you communicate with stakeholders on the status of your business when a disruption occurs?

A crisis communication plan ensures businesses can promptly, accurately and confidently communicate with customers, employees and other stakeholders. It also includes legal implications associated with public statements and certain key points that could impact response and recovery. The goal is to minimize reputational damage resulting from poor communication.

A crisis communication plan outlines the following:

Crisis Management Plan

A crisis management plan is designed with higher-level managers in mind and provides a structured response to a disruption that could potentially threaten business survival. Typically, it does not deal with the recovery activities of a single business process, and instead focuses on the high-level tasks that will help the organization as a whole to respond and recover.

A crisis management plan outlines the following:

Disaster Recovery Plan (DR Plan)

A disaster recovery plan restores critical IT infrastructure in case of a disruption. DR is primarily concerned with restoring critical IT operations after a crisis. Unlike other aspects of the BCP, DR plans are typically run by IT managers responsible for restoring hardware and software.

A DR plan outlines the following:

Business Continuity Plan Testing

Testing is vital to the success of your business continuity plan. You don’t want to find out an aspect of the plan doesn’t work during a crisis. Testing identifies potential gaps, oversights, or vulnerabilities in the plan and, other than a real disaster incident, is the only way to truly know if your BCP works.

Controlled testing for your business continuity plan allows you to pick out the weaknesses in the plan, evaluate response to various kinds of disruption, and improve processes based on test results.

Testing frequency is dependent on the size, location and the rate at which the business goes through changes. For instance, businesses with rapid employee turnovers should test twice a year to ensure the plan is fresh in the minds of the employees. In cases where turnover isn’t that regular, test at least once a year.

Here are the different ways you can test your BCP:

Plan Review

The BCP team and the top-level management together review the plan. The components audited tend to be contact information, recovery coverage for desired business continuity, validity of recovery contracts and training material for new members of the BCP team.


A scenario-based, role-play exercise to ensure all BCP members are in sync with the latest processes. It consists of members sitting around a table and primarily reviewing the plan to identify shortcomings in the current process and how to improve them.

Walk-Through drill

A walkthrough drill is a more hands-on version of the tabletop. Team members physically demonstrate the steps expected during a disruption. This can include moving to the right backup location, choosing the communication methods mentioned in the plan and contacting the right personnel. The test records validation of team response and BCP processes.

Recovery systems are brought up to a state of operational readiness, required personnel are relocated to the recovery site, and recovery media is tested to see if they can perform actual business transactions to support key processes. During this test primary systems still carry the full production workload.

You can take the help of third-party companies that offer disaster recovery as service (DRaaS) solutions “sandbox” or partition virtual machines so testing can be performed without affecting production servers.

Full Interruption

The simulation reflects a real-life disaster and includes a complete testing process: running up the backup systems and processing data transactions. It has the potential to actually disrupt business operations and can be time-consuming. However, it’s extremely effective in identifying problems in your DR plans.

Peace of Mind with Automated Testing

It’s almost impossible for businesses to manually test DR processes with the frequency at which cyberattacks occur. As a result, businesses run the risk of unplanned downtime due to business disruptions or recovery failures.

Unitrends Recovery Assurance delivers automated recovery testing, both onsite and offsite, with the ability to set recovery objectives and SLA s ahead of time — giving you peace of mind when it comes to ensuring business continuity.

Want to know if Unitrends can help your business?

Request a demo

About Adam Marget

Adam Marget is a Product Marketing Manager at Unitrends, a leader in data center backup and disaster recovery solutions. An experienced technical marketing professional, Adam has been a member of the Unitrends team since 2016, during which time he’s held several roles. Driven by a love and curiosity for technology, Adam’s been delighted to have been afforded the opportunity to help both end users and channel partners solve challenges around disaster recovery and business continuity. Prior to joining Unitrends, Adam worked with national IT solutions provider CDW where he leveraged a variety of partner solutions to help his customers achieve their goals across backup, networking, security, power & cooling, endpoint, and data center technologies.

Related Posts

Backup strategy: what it is and how to create one.

Posted by Adam Marget on 09/27/22

In today’s threat-laden environment, having a solid data backup strategy is an absolute...

Secondary Storage: Definition, Devices and How It Can Support Your Backup Strategy

Posted by Adam Marget on 11/15/22

The modern world is a data-driven world. Data has become the currency that...

The Power of Data Copy Access: Everything You Need to Know

Posted by Adam Marget on 12/12/22

In today’s digital world, data is an omnipresent entity. It is as significant...

business continuity plan types

U.S. flag

An official website of the United States government

Here’s how you know

Official websites use .gov A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS A lock ( Lock A locked padlock ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

business continuity plan types

Business Continuity Plan

world globe

Business Continuity Planning Process Diagram - Text Version

When business is disrupted, it can cost money. Lost revenues plus extra expenses means reduced profits. Insurance does not cover all costs and cannot replace customers that defect to the competition. A business continuity plan to continue business is essential. Development of a business continuity plan includes four steps:

Information technology (IT) includes many components such as networks, servers, desktop and laptop computers and wireless devices. The ability to run both office productivity and enterprise software is critical. Therefore, recovery strategies for information technology should be developed so technology can be restored in time to meet the needs of the business. Manual workarounds should be part of the IT plan so business can continue while computer systems are being restored.

Resources for Business Continuity Planning 

Business Continuity Impact Analysis

Business continuity impact analysis identifies the effects resulting from disruption of business functions and processes. It also uses information to make decisions about recovery priorities and strategies.

The Operational & Financial Impacts worksheet  can be used to capture this information as discussed in Business Impact Analysis . The worksheet should be completed by business function and process managers with sufficient knowledge of the business. Once all worksheets are completed, the worksheets can be tabulated to summarize:

Those functions or processes with the highest potential operational and financial impacts become priorities for restoration. The point in time when a function or process must be recovered, before unacceptable consequences could occur, is often referred to as the “Recovery Time Objective.”

Resource Required to Support Recovery Strategies

Recovery of a critical or time-sensitive process requires resources. The Business Continuity Resource Requirements worksheet should be completed by business function and process managers. Completed worksheets are used to determine the resource requirements for recovery strategies.

Following an incident that disrupts business operations, resources will be needed to carry out recovery strategies and to restore normal business operations. Resources can come from within the business or be provided by third parties. Resources include:

Since all resources cannot be replaced immediately following a loss, managers should estimate the resources that will be needed in the hours, days and weeks following an incident.

Conducting the Business Continuity Impact Analysis

The worksheets Operational and Financial Impacts  and Business Continuity Resource Requirements should be distributed to business process managers along with instructions about the process and how the information will be used. After all managers have completed their worksheets, information should be reviewed. Gaps or inconsistencies should be identified. Meetings with individual managers should be held to clarify information and obtain missing information.

After all worksheets have been completed and validated, the priorities for restoration of business processes should be identified. Primary and dependent resource requirements should also be identified. This information will be used to develop recovery strategies.

Recovery Strategies

If a facility is damaged, production machinery breaks down, a supplier fails to deliver or information technology is disrupted, business is impacted and the financial losses can begin to grow. Recovery strategies are alternate means to restore business operations to a minimum acceptable level following a business disruption and are prioritized by the recovery time objectives (RTO) developed during the business impact analysis .

Recovery strategies require resources including people, facilities, equipment, materials and information technology. An analysis of the resources required to execute recovery strategies should be conducted to identify gaps. For example, if a machine fails but other machines are readily available to make up lost production, then there is no resource gap. However, if all machines are lost due to a flood, and insufficient undamaged inventory is available to meet customer demand until production is restored, production might be made up by machines at another facility—whether owned or contracted.

Strategies may involve contracting with third parties, entering into partnership or reciprocal agreements or displacing other activities within the company. Staff with in-depth knowledge of business functions and processes are in the best position to determine what will work. Possible alternatives should be explored and presented to management for approval and to decide how much to spend.

Depending upon the size of the company and resources available, there may be many recovery strategies that can be explored.

Utilization of other owned or controlled facilities performing similar work is one option. Operations may be relocated to an alternate site - assuming both are not impacted by the same incident. This strategy also assumes that the surviving site has the resources and capacity to assume the work of the impacted site. Prioritization of production or service levels, providing additional staff and resources and other action would be needed if capacity at the second site is inadequate.

Telecommuting is a strategy employed when staff can work from home through remote connectivity. It can be used in combination with other strategies to reduce alternate site requirements. This strategy requires ensuring telecommuters have a suitable home work environment and are equipped with or have access to a computer with required applications and data, peripherals, and a secure broadband connection.

In an emergency, space at another facility can be put to use. Cafeterias, conference rooms and training rooms can be converted to office space or to other uses when needed. Equipping converted space with furnishings, equipment, power, connectivity and other resources would be required to meet the needs of workers.

Partnership or reciprocal agreements can be arranged with other businesses or organizations that can support each other in the event of a disaster. Assuming space is available, issues such as the capacity and connectivity of telecommunications and information technology, protection of privacy and intellectual property, the impacts to each other’s operation and allocating expenses must be addressed. Agreements should be negotiated in writing and documented in the business continuity plan. Periodic review of the agreement is needed to determine if there is a change in the ability of each party to support the other.

There are many vendors that support business continuity and information technology recovery strategies. External suppliers can provide a full business environment including office space and live data centers ready to be occupied. Other options include provision of technology equipped office trailers, replacement machinery and other equipment. The availability and cost of these options can be affected when a regional disaster results in competition for these resources.

There are multiple strategies for recovery of manufacturing operations. Many of these strategies include use of existing owned or leased facilities. Manufacturing strategies include:

There are many factors to consider in manufacturing recovery strategies:

Resources for Developing Recovery Strategies

Manual Workarounds

Telephones are ringing and customer service staff is busy talking with customers and keying orders into the computer system. The electronic order entry system checks available inventory, processes payments and routes orders to the distribution center for fulfillment. Suddenly the order entry system goes down. What should the customer service staff do now? If the staff is equipped with paper order forms, order processing can continue until the electronic system comes back up and no phone orders will be lost.

The order forms and procedures for using them are examples of “manual workarounds.” These workarounds are recovery strategies for use when information technology resources are not available.

Developing Manual Workarounds

Identify the steps in the automated process - creating a diagram of the process can help. Consider the following aspects of information and work flow:

Internal Interfaces (department, person, activity and resource requirements)

Create data collection forms to capture information and define processes for manual handling of the information collected. Establish control logs to document transactions and track their progress through the manual system.

Manual workarounds require manual labor, so you may need to reassign staff or bring in temporary assistance.

Last Updated: 05/26/2021

Return to top

Atlas logo - Red capital A logo

What are the 5 key components of a business continuity plan?

Related articles, putting together a robust business continuity plan means that your business is more likely to be able to react confidently and quickly in the event of disruption. this can help you to keep customer dissatisfaction at bay, give your team confidence and reduce recovery timescales. in order to achieve this, every business continuity plan needs to incorporate five key elements., 1. risks and potential business impact.

Any business continuity plan worth its salt will be based on a business impact analysis, which identifies potential risks and vulnerabilities both within and outside the business. These risks could be anything from flooding or a major IT disruption to a failure from an important supplier. By knowing what you could potentially face, you can begin to take steps to prevent or mitigate the risk.

A strong plan will also use the output of your business impact analysis to reveal the possible consequences of disruption on your business. This will enable you to anticipate its cost, the effect it could have on essential business functions and the time needed to recover.

2. Planning an effective response

Once you have an awareness of the types of risks and threats your business may be vulnerable to, you can begin to form an effective plan.

A comprehensive business continuity plan will take each risk identified in the business impact analysis and develop an appropriate response strategy to either minimise it or prevent it altogether. These detailed plans will describe the action needed and outline who needs to be involved to implement it. Timescales and resources, such as laptops, alternative warehouse space and mobile phones, should also be laid out to ensure a quick and relevant response.

3. Roles and responsibilities

In order for a crisis or disruption to be met confidently, the key people in your business need to know their roles and responsibilities. A business continuity plan will therefore document which key personnel need to be involved in the response to the disruption. This will typically be more senior staff members, but this depends on your business and the type of risk you are dealing with.

Once these people have been identified, their roles and actions need to be clearly defined so that they can react quickly and efficiently. The resources they need following a disruption should also be clearly stated so that they can be prioritised ahead of the rest of the team. For instance, if a remote office needs to be set up following a disruption, critical personnel will need to be prioritised when it comes to allocating resources such as laptops, tablets and mobile phones.

4. Communication

Clear communication is vital during business disruptions. Effective communication across your business can reassure team members and give them confidence that the organisation is taking effective steps to respond and recover. Outside of your company, good communication is also necessary in order to liaise with suppliers and customers and minimise dissatisfaction.

To prepare for this, a business continuity plan will normally include a list of key contacts as well as templated press releases and social media posts. Having these in place in advance can speed up communication in a crisis and ensure that both your staff and external contacts are kept up to speed. In larger organisations, it may be necessary to have a separate communication plan that provides a comprehensive approach to communication during a crisis.

5. Testing and training

Business continuity plans are not just theoretical – they need to be robust enough to be put into action. In order to check this, the final key component of a business continuity plan is testing and exercising.

Realistic scenarios can be used to test the plan and your team’s response. By doing so, you can identify room for improvement and take action to improve the plan before a disruption occurs. Testing and exercising business continuity plans also helps to ensure that key personnel understand the plan and their role in it. This means that the company can respond quickly and efficiently when a disruption occurs.

Raising awareness of the business continuity plan among your wider staff will also help them to understand their role in responding to disruptions. Many companies run regular awareness training sessions and include business continuity as a key topic during new staff inductions. This training can then improve the resilience of the company overall.

Building your own business continuity plan

An internationally recognised mark of best practice, ISO 22301 will enable you to implement, maintain and improve a business continuity management system, which will support your business before, during and after disruption.

To find out more, visit our dedicated webpage for  ISO 22301 .

You can also get in touch on  0333 259 0445  or by emailing  [email protected] .

Sign up to get the latest in your inbox

About the author

Claire Price

Content Marketing Executive

Claire worked for Citation ISO Certification between 2020 and 2022 writing creative and informative content on ISO certification and consultation to help businesses reach their potential.

business continuity plan types

Looking for some guidance? Join us for one of our upcoming seminars!

QMS International use cookies to provide you with a better site experience, enable features and to help us understand how our website is being used.

By continuing, you consent to the use of cookies in accordance with our Cookie Policy

Allow All Cookies

Allow Strictly Necessary Cookies Only

Please Wait...

At the end of your visit today, would you complete a short survey to help improve our services?

Thanks! When you're ready, just click "Start Survey".

It looks like you’re about to finish your visit. Are you ready to start the short survey now?

Managing risks in your business

Business continuity planning.

Business continuity planning helps your business respond to unexpected events and situations which can interrupt your operations.

Developing a business continuity plan will help your business minimise the impacts of these events and continue trading.

On this page

What is a business continuity plan.

A business continuity plan is a document that explains the actions you should take before, during and after unexpected events and situations.

It is designed to help you:

Continuity planning for resilience

Business continuity planning is the process of creating a system in your business that helps prevent, minimise and recover from threats to your operations.

All businesses deal with risk. At any time, your business may experience:

The aim of business continuity planning is to return to trading within the shortest period of time. This planning helps your business be more resilient and continue with minimal interruptions.

Examples: why continuity planning is important

A fire has destroyed all your stock in your warehouse. To continue to trade, could you:

Imagine you were not able to run your business or communicate with staff and stakeholders for 6 months.

Develop a business continuity plan

A typical business continuity plan has the following elements.

This section outlines the key objectives on your plan, and who needs to use it. It should also include information to help your staff to understand it.

In this section:

This section identifies possible risks to your business, and ways to manage them or minimise their impact on your business.

Learn more about:

This section uses the risks identified in section 2 to review your critical business activities, forecast the impact of a disruption and work out how long it might take to recover.

Learn more about identifying and managing business risk .

This section describes how and when you'll activate your plan in response to a critical incident.

This section describes the methods you will use to recover quickly.

Learn more about developing a recovery plan .

This section details how you'll test your systems and procedures. Use these reviews to evaluate and update your plan to be better prepared.

Thumbnail of business continuity planning Word template

Business continuity plan template

The business continuity plan template will help you develop a:

Download the business continuity planning template .

Best practice in managing disaster risk — the PPRR model

The prevention, preparedness, response, recovery (PPRR) model is a cyclical way of handling disaster risk within your business. It's a useful example for your business continuity planning.

This graphic describes the PPPR model of risk management. Prevention, Preparedness, Response and Recovery apprear in steps in a process that extendes around managing risk which lies at the heart of the model.

Reproduced from materials available on Prevention Preparedness, Response and Recovery Disaster Management Guideline published under a Attribution 4.0 International . © State of Queensland, 2022

This diagram shows the starting point of the model is prevention and mitigation, then moves to preparedness, followed by response, and finally recovery.

Use the PPRR model to:

The PPRR model is commonly used by Australian emergency management agencies because it is simple to understand and easy to remember and act on.

Small business examples of the PPRR model in practice

These examples help identify potential scenarios to consider for your business continuity plan.

Steps to prevent or eliminate risks

Example 1: Floods

When selecting a suitable premises for your business, check your local council's online flood maps and choose a location above flood levels of past floods.

If your premises is likely to be flooded, try to locate your building and structures above potential flood levels. Build accessible paths and driveways to allow continued access.

Learn more about preparing your business for natural disasters .

Example 2: Finances

Protect your finances by enabling additional security measures on your bank accounts and authorisations on payments. Set up a procedure to check all invoices, accounts and transactions regularly.

Contact your suppliers prior to payment to ensure the bank details listed on invoices are correct. These simple measures prevent fraud from within your business and theft through external cyber fraud.

Prepare your business to respond to and recover from an incident

Example 1: Bushfires

Identify what impact a bushfire might have on your business operations. This will not only include impacts to your business premises (e.g. loss of buildings and stock) but also wider impacts, such as how your local suppliers may be affected (e.g. limited orders, road or transport closures).

Develop emergency evacuation plans, and contact your local council for bushfire preparedness information for your area.

Example 2: Losing a major customer

Losing a major customer can have a significant impact on your finances and may have implications for your staffing.

Consider how you could diversify products and services, or build your client base to ensure you're not reliant on the business of 1 customer.

Your response to contain and control an incident

Example 1: Economic downturn

An economic downturn is a normal phase in the business cycle. Customers may reduce spending and you may have to look at reducing stock or staffing levels.

A planned incident response will allow you to take immediate action to stabilise your business. Consider changing staff hours or renegotiating supplier contracts.

Learn more about surviving an economic downturn .

Example 2: Electrical fire

An electrical fire on your business premises needs a rapid response including making sure all staff are safe, evacuating and contacting emergency services.

A go-to kit with response checklists and contacts will help manage the incident.

The steps and timelines to fully restore your business operations

Example 1: Drought

Recovering from drought in a rural area may require many steps to recover business customers and revenue, and is likely to take time.

Recovery could include attracting tourism to the area and broadening products and services. It may also require seeking financial assistance from the government and other sources.

Example 2: Reputation loss

Reputation loss can be very difficult to recover from. You could consider engaging a public relations adviser, running a media campaign, retraining staff in customer service, and changing some products or services.

Train your staff

Include key staff when you develop and review your business continuity plan. This will help ensure your plan is comprehensive across all areas of your business, and help staff effectively respond to incidents. Make sure you introduce your plan to new staff as part of induction processes.

Use workplace simulations with staff to test and review your plan.

Workplace simulations of possible risks can help by:

Simulation exercise

Your business experiences an IT outage. Many systems are affected including all your computers and telephones.

A team debrief after the simulation opens up discussion for review and changes based on staff feedback.

Also consider...


  1. Business Continuity Planning Process Stock Photo

    business continuity plan types

  2. Business Continuity Planning Process

    business continuity plan types

  3. What Is A Business Continuity Plan?

    business continuity plan types

  4. Business Continuity Plan

    business continuity plan types

  5. A three column image graphically describing the differences between the three options for

    business continuity plan types

  6. What is business continuity plan (BCP)?

    business continuity plan types


  1. SHE in 5 Minutes

  2. Business continuity plan for Service Desk

  3. D&V Philippines


  5. Business Continuity Plan Implementation and Maintenance

  6. Introduction to Business Continuity Planning


  1. The Ultimate Guide to Business Continuity Planning

    1. Planning Approach Determination. As discussed earlier, there are five types of business continuity plans: crisis management, crisis communications, emergency

  2. Type of Plans

    Type of Plans ; 2. Occupant Emergency Planning (OEP) ; 3. Incident Response Plan (IR Plan) ; 4. Continuity of Operations Plan (COOP) ; 5. Disaster

  3. What Does a Business Continuity Plan Typically Include? [Complete

    Next, assess your various risks. By evaluating all of the various types of risks that an incident could bring up – such as financial

  4. What is a Business Continuity Plan (BCP)?

    A BCP covers risks including cyber attacks, pandemics, natural disasters and human error. The array of possible risks makes it vital for an organization to have

  5. What Is a Business Continuity Plan (BCP), and How Does It Work?

    Business continuity plans (BCPs) are prevention and recovery systems for potential threats, such as natural disasters or cyber-attacks. BCP is designed to

  6. What Are the Types of Business Continuity Strategy?

    Output of BC Strategy · (a) Mitigation Strategy · (b) Recovery Strategy · (c) Crisis Response Strategy.

  7. Business Continuity Planning: What Is It All About?

    Types of Continuity Plans · Business Continuity Plan · Crisis Communications Plan · Crisis Management Plan · Disaster Recovery Plan (DR Plan).

  8. Business Continuity Plan

    Conducting the Business Continuity Impact Analysis · Shifting production from one facility to another · Increasing manufacturing output at

  9. What are the 5 key components of a business continuity plan?

    A comprehensive business continuity plan will take each risk identified in the business impact analysis and develop an appropriate response

  10. Business continuity planning

    Continuity planning for resilience · natural disasters (floods, storms, cyclones) · fire · power outages · IT outages · supply chain failures · staff