What is Business Continuity Plan and Why Should You Care?

Heather Todd • May 24, 2023

As a business owner or manager, you know that unexpected events can happen at any time that can disrupt your business operations. Imagine you're running a business, and a cyclone hits your town, or a hacker attacks your website, or your power goes out for a few days. What would you do? How would your business keep running? These kinds of events can cost you a lot of money, time, and even your reputation. That's where Business Continuity Planning  (BCP) comes in, it's all about making sure your business can keep going, even when things don’t go to plan.

Why is BCP important?

Consider all the things your business needs to do to keep running. You need to make sales, provide services to customers, pay your employees, and keep your technology and equipment working. If any of these things are interrupted, it will cause you issues. But having a BCP in place can help you minimise the impact on your business and avoid major problems. For example, if your website goes down due to a cyber-attack, you could lose sales and customers. But if you have a BCP that includes a backup website, you can keep your business going and minimise the impact of the attack. A BCP can also help you comply with regulations and contractual obligations, as well as protect your employees and customers.

What does BCP involve?

BCP involves a range of activities that help you prepare for and respond to a crisis. To make one you need to think about what could go wrong and how you would deal with it. Here are some of the key elements:

  • Risk assessment: You need to identify the risks that could impact your business, such as natural disasters, cyber-attacks, supply chain disruptions, or employee absences. It’s important to prioritise these, not all risks needs a plan. You can start with the most likely disruptions then expand on it from there.
  • Business impact analysis: You need to identify the critical functions and systems that your business needs to operate and assess the impact of a disruption on those functions and systems.
  • Plan development and implementation: You need to develop strategies to recover critical functions and systems in the event of a disruption, such as backup and recovery procedures, relocation strategies, and communication plan. Who would be in charge? Where would you go? How would you communicate with your employees and customers?
  • Prepare your resources: Make sure you have everything you need to keep your business running, like backup technology, emergency supplies, and alternate locations.
  • Train your team: Make sure everyone in your business knows what to do during a crisis. Train them on how to use your backup technology, where to go, and who to contact. Ensure they understand their role and repsonsibilitites
  • Test your plan: You need to make sure your plan actually works. Run drills and simulations to see if your team can handle a crisis. It allows you to be sure it’s effective and relevant.
  • Review your plan: Like with everything, things change and people move. Its important to review your plan regularly to make sure it stays relevant and front of mind, you don’t want people becoming complacent.

 

Overall, BCP is all about ensuring that your business can continue to operate in the event of a disruption. By identifying potential risks, assessing their impact, and developing plans and procedures to ensure continuity of operations, you can minimise the impact of any disruption on your business and ensure that your business can continue to provide services to customers, maintain critical infrastructure, and meet regulatory requirements, even during a crisis. So, don't wait until something goes wrong to start thinking about BCP, ensure you have it in place before you need it

FAQs

  • What should a BCP include?
    • An overview of your business and its critical functions.
    • A list of risks that your business migth face.
    • A plan for mitigating each risk.
    • A communication plan for employees and customers.
    • A recovery plan for restoring operations.
  • How often should it be updated?
    • At least annually, or whenever there is major change in your organisation
  • What are some common disasters or disruptions that should be considered?
    • Natural disasters, such as hurricanes, floods, and earthquakes.
    • Technological disasters, such as power outages, cyberattacks, and data breaches.
    • Other disasters, such as fires, and explosions.
  • We’ve identified too many things that could cause disrupton, where do we start?

    It will be a daunting task to plan for every eventuality. Start by prioritising the most likely disruptions, and of those which ones will have most impact on you. Plan for one or two of them to start with, e.g. a supply-chain disruption and an earthquake. Over time you can expand on your BCP. 

  • How can I communicate effectively with my staff and customers during a disruption?
    • Communicate early and often.
    • Be honest and transparent.
    • Provide updates on the situation.
    • Answer questions and address concerns.
  • How can I test my BCP?
    • Conducting a tabletop exercise.
    • Conducting a drill.
    • Conducting a full-scale exercise.
  • Whats the difference between a BCP and a DRP?

    BCP is a proactive plan that outlines how a business will continue to operate during and after a disruption, while Disaster Recovery Planning (DRP) is a reactive plan that outlines the steps a business will take to recover after a disruption has occurred.

Recent Posts

From small town to big security, with the ASD Essential 8

May 29, 2025
Cybercrime is on the rise in New Zealand, with CERT NZ recording $6.8M in reported financial losses in Q4 2024 alone. For small-town businesses, the stakes are even higher. That’s why we have adopted the Australian Signals Directorate (ASD) Essential 8 framework to enhance its cybersecurity practices.

MCI & Associates and Yorb: A journey from support to strategy

April 10, 2025
MCI & Associates is an accountancy firm with over 45 employees across offices in Dannevirke and Pahiatua. The practice services a diverse range of clients, including those in the farming and commercial sectors, and its core services include tax preparation, business advisory and planning, and general accounting. The relationship between Yorb and MCI goes back over three decades to when both companies were in their formative stages. The trust-based relationship has endured and evolved as each business has grown and matured - going through name and ownership changes.

Cyber security in small-town NZ: why it’s time to pay attention

March 26, 2025
If you think cybercriminals only go after big corporations in major cities, think again.  The majority of incidents recorded by the NCSC impact individuals and small to medium businesses, proving that cyber threats don’t discriminate based on location - they target opportunity. With over 23,000 reports to the Netsafe helpline, and $17.8M in losses reported last year, small-town businesses are very much in the spotlight. In the past few months alone, three local accounting firms in regional New Zealand have suffered a data breach,and local ISP - Inspire was recently the target of a malicious cyber attack.