What is Business Continuity Plan and Why Should You Care?

Heather Todd • May 24, 2023

As a business owner or manager, you know that unexpected events can happen at any time that can disrupt your business operations. Imagine you're running a business, and a cyclone hits your town, or a hacker attacks your website, or your power goes out for a few days. What would you do? How would your business keep running? These kinds of events can cost you a lot of money, time, and even your reputation. That's where Business Continuity Planning  (BCP) comes in, it's all about making sure your business can keep going, even when things don’t go to plan.

Why is BCP important?

Consider all the things your business needs to do to keep running. You need to make sales, provide services to customers, pay your employees, and keep your technology and equipment working. If any of these things are interrupted, it will cause you issues. But having a BCP in place can help you minimise the impact on your business and avoid major problems. For example, if your website goes down due to a cyber-attack, you could lose sales and customers. But if you have a BCP that includes a backup website, you can keep your business going and minimise the impact of the attack. A BCP can also help you comply with regulations and contractual obligations, as well as protect your employees and customers.

What does BCP involve?

BCP involves a range of activities that help you prepare for and respond to a crisis. To make one you need to think about what could go wrong and how you would deal with it. Here are some of the key elements:

  • Risk assessment: You need to identify the risks that could impact your business, such as natural disasters, cyber-attacks, supply chain disruptions, or employee absences. It’s important to prioritise these, not all risks needs a plan. You can start with the most likely disruptions then expand on it from there.
  • Business impact analysis: You need to identify the critical functions and systems that your business needs to operate and assess the impact of a disruption on those functions and systems.
  • Plan development and implementation: You need to develop strategies to recover critical functions and systems in the event of a disruption, such as backup and recovery procedures, relocation strategies, and communication plan. Who would be in charge? Where would you go? How would you communicate with your employees and customers?
  • Prepare your resources: Make sure you have everything you need to keep your business running, like backup technology, emergency supplies, and alternate locations.
  • Train your team: Make sure everyone in your business knows what to do during a crisis. Train them on how to use your backup technology, where to go, and who to contact. Ensure they understand their role and repsonsibilitites
  • Test your plan: You need to make sure your plan actually works. Run drills and simulations to see if your team can handle a crisis. It allows you to be sure it’s effective and relevant.
  • Review your plan: Like with everything, things change and people move. Its important to review your plan regularly to make sure it stays relevant and front of mind, you don’t want people becoming complacent.

 

Overall, BCP is all about ensuring that your business can continue to operate in the event of a disruption. By identifying potential risks, assessing their impact, and developing plans and procedures to ensure continuity of operations, you can minimise the impact of any disruption on your business and ensure that your business can continue to provide services to customers, maintain critical infrastructure, and meet regulatory requirements, even during a crisis. So, don't wait until something goes wrong to start thinking about BCP, ensure you have it in place before you need it

FAQs

  • What should a BCP include?
    • An overview of your business and its critical functions.
    • A list of risks that your business migth face.
    • A plan for mitigating each risk.
    • A communication plan for employees and customers.
    • A recovery plan for restoring operations.
  • How often should it be updated?
    • At least annually, or whenever there is major change in your organisation
  • What are some common disasters or disruptions that should be considered?
    • Natural disasters, such as hurricanes, floods, and earthquakes.
    • Technological disasters, such as power outages, cyberattacks, and data breaches.
    • Other disasters, such as fires, and explosions.
  • We’ve identified too many things that could cause disrupton, where do we start?

    It will be a daunting task to plan for every eventuality. Start by prioritising the most likely disruptions, and of those which ones will have most impact on you. Plan for one or two of them to start with, e.g. a supply-chain disruption and an earthquake. Over time you can expand on your BCP. 

  • How can I communicate effectively with my staff and customers during a disruption?
    • Communicate early and often.
    • Be honest and transparent.
    • Provide updates on the situation.
    • Answer questions and address concerns.
  • How can I test my BCP?
    • Conducting a tabletop exercise.
    • Conducting a drill.
    • Conducting a full-scale exercise.
  • Whats the difference between a BCP and a DRP?

    BCP is a proactive plan that outlines how a business will continue to operate during and after a disruption, while Disaster Recovery Planning (DRP) is a reactive plan that outlines the steps a business will take to recover after a disruption has occurred.

Recent Posts

MCI & Associates and Yorb: A journey from support to strategy

April 10, 2025
MCI & Associates is an accountancy firm with over 45 employees across offices in Dannevirke and Pahiatua. The practice services a diverse range of clients, including those in the farming and commercial sectors, and its core services include tax preparation, business advisory and planning, and general accounting. The relationship between Yorb and MCI goes back over three decades to when both companies were in their formative stages. The trust-based relationship has endured and evolved as each business has grown and matured - going through name and ownership changes.

Cyber security in small-town NZ: why it’s time to pay attention

March 26, 2025
If you think cybercriminals only go after big corporations in major cities, think again.  The majority of incidents recorded by the NCSC impact individuals and small to medium businesses, proving that cyber threats don’t discriminate based on location - they target opportunity. With over 23,000 reports to the Netsafe helpline, and $17.8M in losses reported last year, small-town businesses are very much in the spotlight. In the past few months alone, three local accounting firms in regional New Zealand have suffered a data breach,and local ISP - Inspire was recently the target of a malicious cyber attack.

What's happening at Yorb - Q1 2025

March 21, 2025
We've had a flying start to the year, and given we're really just past the point where you start to realise what day it actually is, we thought we'd share everything we've been working on lately. 2024 In Review As we reflect on 2024, it's clear that this year has been one of remarkable achievements and significant advancements for Yorb. We were very proud that we won the Reseller News Innovation Awards in the Regional Partner Category, a testament to our commitment to excellence and innovation. AI has continued to dominate the headlines, with some businesses making great strides in how they work and interact. However, the majority are still grappling with understanding the full impact of this technology on their business, industry, and society. As we navigate this evolving landscape, companies must adapt to the security implications, ensure the integrity of data, and adjust to changing work and consumer patterns. In line with our commitment to security, we launched our new Security Platform, Yorb Defender 2.0. Designed from the ground up to be Essential 8 compliant, we believe this solution is now a best-in-class product that meets the requirements of modern business. 2025 Looking Forward Looking ahead to 2025, we have set ambitious goals following the EOS business framework. Our recent Annual Planning has helped us develop our 10-year, 3-year, and 1-year goals, with a strong focus on several key areas: Client Experience: We are dedicated to ensuring that every interaction with Yorb meets and exceeds your expectations. Automation Platforms: We will continue to develop our automation platforms to provide more consistent and efficient service. Investing in New Technologies: Our focus will be on AI, Hyper-Automation, and Data Governance to stay ahead of the curve. Team Development: We are committed to investing in our team, ensuring they receive the best skills training in technical, people, professional, and business areas. We will are also excited to be launching business peer groups focussed around AI, bringing together business owners and leaders from across the regions to explore what the future holds for all of us. This year we are injecting new energy into our Total Support agreement, we believe there is more to our partnership than phones calls, Teams Conferences and remote support. We are therefore introducing ongoing scheduled visits as part of the contract, alongside a productivity focus with scheduled access to our development team. Kicking off this year will be monthly seminars on topics such as Security, AI, Productivity, we want to hear what topics matter most to you. Look out for your invite in the coming weeks. I’m incredibly excited by 2025 and the opportunities it brings, we call breath a collective sigh that 2024 is behind us lets get cracking on what promises to be a great year. Daniel Goymer CEO