What is Business Continuity Plan and Why Should You Care?

Heather Todd • May 24, 2023

As a business owner or manager, you know that unexpected events can happen at any time that can disrupt your business operations. Imagine you're running a business, and a cyclone hits your town, or a hacker attacks your website, or your power goes out for a few days. What would you do? How would your business keep running? These kinds of events can cost you a lot of money, time, and even your reputation. That's where Business Continuity Planning  (BCP) comes in, it's all about making sure your business can keep going, even when things don’t go to plan.

Why is BCP important?

Consider all the things your business needs to do to keep running. You need to make sales, provide services to customers, pay your employees, and keep your technology and equipment working. If any of these things are interrupted, it will cause you issues. But having a BCP in place can help you minimise the impact on your business and avoid major problems. For example, if your website goes down due to a cyber-attack, you could lose sales and customers. But if you have a BCP that includes a backup website, you can keep your business going and minimise the impact of the attack. A BCP can also help you comply with regulations and contractual obligations, as well as protect your employees and customers.

What does BCP involve?

BCP involves a range of activities that help you prepare for and respond to a crisis. To make one you need to think about what could go wrong and how you would deal with it. Here are some of the key elements:

  • Risk assessment: You need to identify the risks that could impact your business, such as natural disasters, cyber-attacks, supply chain disruptions, or employee absences. It’s important to prioritise these, not all risks needs a plan. You can start with the most likely disruptions then expand on it from there.
  • Business impact analysis: You need to identify the critical functions and systems that your business needs to operate and assess the impact of a disruption on those functions and systems.
  • Plan development and implementation: You need to develop strategies to recover critical functions and systems in the event of a disruption, such as backup and recovery procedures, relocation strategies, and communication plan. Who would be in charge? Where would you go? How would you communicate with your employees and customers?
  • Prepare your resources: Make sure you have everything you need to keep your business running, like backup technology, emergency supplies, and alternate locations.
  • Train your team: Make sure everyone in your business knows what to do during a crisis. Train them on how to use your backup technology, where to go, and who to contact. Ensure they understand their role and repsonsibilitites
  • Test your plan: You need to make sure your plan actually works. Run drills and simulations to see if your team can handle a crisis. It allows you to be sure it’s effective and relevant.
  • Review your plan: Like with everything, things change and people move. Its important to review your plan regularly to make sure it stays relevant and front of mind, you don’t want people becoming complacent.

 

Overall, BCP is all about ensuring that your business can continue to operate in the event of a disruption. By identifying potential risks, assessing their impact, and developing plans and procedures to ensure continuity of operations, you can minimise the impact of any disruption on your business and ensure that your business can continue to provide services to customers, maintain critical infrastructure, and meet regulatory requirements, even during a crisis. So, don't wait until something goes wrong to start thinking about BCP, ensure you have it in place before you need it

FAQs

  • What should a BCP include?
    • An overview of your business and its critical functions.
    • A list of risks that your business migth face.
    • A plan for mitigating each risk.
    • A communication plan for employees and customers.
    • A recovery plan for restoring operations.
  • How often should it be updated?
    • At least annually, or whenever there is major change in your organisation
  • What are some common disasters or disruptions that should be considered?
    • Natural disasters, such as hurricanes, floods, and earthquakes.
    • Technological disasters, such as power outages, cyberattacks, and data breaches.
    • Other disasters, such as fires, and explosions.
  • We’ve identified too many things that could cause disrupton, where do we start?

    It will be a daunting task to plan for every eventuality. Start by prioritising the most likely disruptions, and of those which ones will have most impact on you. Plan for one or two of them to start with, e.g. a supply-chain disruption and an earthquake. Over time you can expand on your BCP. 

  • How can I communicate effectively with my staff and customers during a disruption?
    • Communicate early and often.
    • Be honest and transparent.
    • Provide updates on the situation.
    • Answer questions and address concerns.
  • How can I test my BCP?
    • Conducting a tabletop exercise.
    • Conducting a drill.
    • Conducting a full-scale exercise.
  • Whats the difference between a BCP and a DRP?

    BCP is a proactive plan that outlines how a business will continue to operate during and after a disruption, while Disaster Recovery Planning (DRP) is a reactive plan that outlines the steps a business will take to recover after a disruption has occurred.

Recent Posts

Why you should think of your technology partner as an iceberg.

February 21, 2025
And no, it’s not because it has the potential to turn you into a Titanic. Rather, it’s because what you see and interact with most days is just the tip of what we do. Below the waterline of everyday interaction is a significant mass of knowledge, expertise, and strategic value – all aimed at helping to secure and enable the growth of your business.

NZ Privacy Act – what you really, really need to know - (Data Privacy Day Part 2)

By Yorb January 30, 2025
In part 1 of our Data Privacy Day blog, we discussed the state of cybersecurity in New Zealand (as you do) and the critical importance of data governance. You can catch up on the whys and wherefores of data governance as it applies to you here . Moving on, this time, we’re focusing on the 13 Information Privacy Principles in our Privacy Act (2020) and what you need to do to stay on the good side of our legislation – and your customers. But first, this is why you should care.

Data Privacy Day, and why you should mind your own business - (Data Privacy Day Part 1)

By Yorb January 23, 2025
Data Privacy Day has been internationally observed on 28 January since 2007. Its purpose is to raise awareness and promote best privacy and data protection practices. It serves as an excellent reminder of exactly how precious our data is, as well as our ethical and legal obligations as businesses to securely manage and protect it. So, in terms of data privacy, how have we fared here in New Zealand? Why is data governance so important - what is it, and why exactly do you need it? Warning – triggering content: It may not be your job to manage data – and you may not think you even need to care about it. But if you are a stakeholder, it’s your responsibility to make sure that your business complies with New Zealand’s privacy and data protection best practices.  This is a big topic (sorry!), so it’s in two parts.
Share by: