Creating a business continuity plan

Business continuity planning is a primary element of organisational governance, with a business continuity plan being the key instrument that guides an organisation on how to continue to operate in the event of a disruption.
Man working on laptop

It is a good first step to establish a disaster recovery plan which is a subset of a business continuity plan and covers the technology components of maintaining your organisation’s operations. 

The primary steps for business continuity planning include: 

1. Management buy-in

Business continuity is an organisational initiative and requires support, input and resource commitment from management and key stakeholders in an organisation.  

2. Conducting a business impact analysis

Analyse activities undertaken by the organisation and the impact that a disruption might have on these activities. The steps involved in conducting a business impact analysis include:  

  • Identification of products and services delivered by the organisation's activities 

  • Consideration of the types of impact or losses an organisation may face if these activities are disrupted. For example, legal, regulatory or financial impact (similar to an impact reference table, from a risk management framework, with impacts to an organisation across different categories of impact) 

  • Assigning criticality and prioritisation to the organisation's activities, for example, core services that must continue to operate, whereas supplementary services could be suspended until the resumption of regular operations. To assist with prioritisation, the time period before losses or impacts to the organisation could occur should be used 

  • Determine if these products or services depend on external products or services 

  • Quantify resources required to maintain the critical organisational activities at a level required to ensure continuity of operations. Resources refer to data, applications, IT infrastructure, physical locations, suppliers and people's skills and knowledge. 

3. Performing a risk assessment

Identify and analyse risks that could cause disruption to the organisation. 

The risk assessment should be focused on the critical activities identified in the business impact analysis. 

Some examples include loss of staff, loss of access to IT systems and telecommunications, loss of utilities, loss of key suppliers or loss of access to premises. 

The likelihood of the risk occurring together with the impact to the organisation (from the business impact analysis) provides a ranking of risks that require action in terms of resource requirements and action plans. With these plans in place and contingencies identified, the organisation is better placed to continue operations after experiencing a disruption. 

4. Execution

It is important to test aspects of a business continuity plan on a regular basis. The plan should be reviewed when there are changes to the operating environment that affect the organisation's key activities or on an annual basis. 

Download the Business Continuity Plan template and customise it to meet your organisation’s needs.

Applying what you have learned

Below are some files and external links that can help you take action on what you read.

Assets you can download

Rate this guide

No votes yet

Status message

Thanks for rating this guide.

This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.