Skip to main content
Fulton Bank
Fulton Bank

How to Create a Business Continuity Plan

While risk is always a part of running a business, there are proactive steps you can take to identify and mitigate threats to your business. It begins with creating a BCDR—a Business Continuity and Disaster Recovery plan.

A BCDR outlines the key ways you will protect your business, ensure employee safety, and minimize financial loss. For example, imagine the financial impact on your business should a natural disaster make it impossible for your location to reopen for weeks or even months, as well as how the safety of employees and customers on the premises could be jeopardized.

Bad actors can also negatively affect your business financially and its reputation, simply by breaching your cyber security and stealing customer data. And it's not just big businesses that lose out — IBM's 2023 Cost of Data Breach report found that businesses with fewer than 500 employees paid an average of $3.31 million per data breach, averaging out to $164 per record. Your BCDR can outline your exposure, Cyber Liability insurance coverage, and the process you will put into action to communicate with your customers and protect them.

A Business Continuity and Disaster Recovery plan includes things like:

  • An emergency response plan
  • How you’ll backup and recover your electronic data
  • Your communications protocols for various types of events
  • The extent to which different types of potential financial losses are covered by insurance
  • Who is responsible for various components of the plan — and more

Depending on your business, your business continuity and disaster recovery plan may need to account for multiple facets of operations. Read on to learn more about what a BCDR plan is, who needs one, and how to create one for your small business.

WHAT IS A BUSINESS CONTINUITY AND DISASTER RECOVERY PLAN (BCDR)?

As the name implies, a BCDR outlines the tools, processes, and strategies a company will use to ensure its business operations continue and recover from disruptions that stop or slow operations. This includes both natural and non-natural disasters, such as:

  • Floods or storms
  • Fires
  • Cyberattacks
  • Equipment or technology failures
  • Some other unforeseen disaster or disruption

WHO NEEDS A BCDR?

Because disasters can occur in many forms and wreak havoc on your company’s finances, equipment, property, employees, and even safety, every organization should have a business continuity and disaster recovery plan in place — no business is exempt from unforeseen risks.
As you create a BCDR for your small business, think about specific aspects of your company and its operations, and what types of risks it could face. Then come up with the strategies you will use to:

  • Minimize interruptions to operations (i.e., when a disruption occurs, how quickly can your business resume operations?)
  • Protect and recover critical processes and assets, like your ability to process payments or recover customer data
  • Mitigate financial loss from the disruption or disaster, including through resuming operations and insurance coverage
  • Make sure your employees and customers are safe
  • Ensure compliance with your industry’s legal, regulatory, and best practice standards

9 STEPS FOR CREATING YOUR BUSINESS CONTINUITY AND DISASTER RECOVERY PLAN

The specific components of your business continuity and disaster recovery plan will depend on your business and its size, scope, and operations. However, every BCDR should include the following:

1. Develop a Risk Assessment and Business Impact Analysis Statement

A risk assessment outlines the various disasters or disruptions that could affect your business and how your operations are vulnerable. The impact analysis explains the extent to which your business could be negatively impacted by an unforeseen disruption, such as the amount of daily revenue at risk, being unable to fulfill orders, or what your business stands to face in insurance claims from customer lawsuits resulting from being hacked, and so on.

2. Identify the Critical Functions of Your Business

What aspects of your business operations are critical or essential to its survival? List these functions (e.g., online orders, sales, payment processing, physical operations such as in-person retail sales, etc.) and then rank them in order of priority.

3. Establish a Data Backup and Recovery Process

Develop a backup and recovery process for your online business operations. This includes not only customer data, online sales, and payment processing, but also things like your website, email, and so on.

4. Outline Your Emergency Response Plan

List the types of immediate response actions you can take to ensure customer and employee safety in the event of a disaster or disruption. This includes things like calling 911, evacuating the building, and putting announcements on your website, social media, email autoresponders, and voice mail. It might also entail shutting down equipment or removing equipment, files, and physical assets from a location to keep them safe.

5. Create a Communication Plan

This part of your BCDR explains how you will communicate with employees, customers, suppliers, investors, and other stakeholders during a disaster. It should also outline who is authorized and responsible for ensuring the communication takes place and when it will occur (such as when and how you will announce a data breach or tell customers about your expected reopening after a flood).

6. Explain Your Recovery Strategies

This section of your business continuity and disaster recovery plan addresses both how you’ll continue operations (such as designating an alternative work location) as well as recovery strategies for data, technology, apps, and more.

In addition, financial recovery often requires that your business has adequate and appropriate insurance in place, so make sure you know what types of insurance your company needs. For example, if you're renting an office in a commercial building, your landlord may require that you list them as an Additional Insured and obtain Damage to Premises Rented coverage.

7. Identify the Disaster Recovery Team

For every continuity and recovery strategy you have, you should designate a person responsible for implementing and executing the tactics. If your business is small, you might be the disaster recovery team at first, but as it grows, so too will this team.

8. Test and Train

Remember those fire drills you had to do back in school? They were in place for a reason; a plan is only as good as its execution and results. For this reason, don’t assume that a plan on paper will work without testing it and training your team.

9. Regularly Review and Update Your Plan

Set aside time to review and update your plan at least annually and make it part of your process when growing your business. Any time you add new business functionality (such as expanding your online operation with a brick-and-mortar location) your plan may need to be updated to ensure that your company can recover from a disaster as quickly as possible.

 

No one wants to think about disasters that could take out their business. But it’s important that you do so that you can recover as quickly as possible and protect your business’ finances, assets, employees, and reputation. Creating a business continuity and disaster recovery plan is an essential piece of this puzzle.

Ready to document your BCDR plan? Download this Business Continuity and Disaster Recovery plan template and use it to jump-start your process. You'll also find a BCDR checklist and emergency planning guides there to help ensure your plan is as comprehensive as possible.

Did you find this article helpful?