business continuity plan it company

What Is A Business Continuity Plan? [+ Template & Examples]

Published: December 30, 2022

When a business crisis occurs, the last thing you want to do is panic.

The second-to-last thing you want to do is be unprepared. Crises typically arise without warning. While you shouldn't start every day expecting the worst, you should be relatively prepared for anything to happen.

A business crisis can cost your company a lot of money and ruin your reputation if you don't have a business continuity plan in place. Customers aren't very forgiving, especially when a crisis is influenced by accidents within the company or other preventable mistakes. If you want your company to be able to maintain its business continuity in the face of a crisis, then you'll need to come up with this type of plan to uphold its essential functions.

In this post, we'll explain what a business continuity plan is, give examples of scenarios that would require a business continuity plan, and provide a template that you can use to create a well-rounded program for your business.

Table of Contents:

What is a business continuity plan?

• Business Continuity Types
• Business Continuity vs Disaster Recovery

Business Continuity Plan Template

How to write a business continuity plan.

• Business Continuity Examples

A business continuity plan outlines directions and procedures that your company will follow when faced with a crisis. These plans include business procedures, names of assets and partners, human resource functions, and other helpful information that can help maintain your brand's relationships with relevant stakeholders. The goal of a business continuity plan is to handle anything from minor disruptions to full-blown threats.

For example, one crisis that your business may have to respond to is a severe snowstorm. Your team may be wondering, "If a snowstorm disrupted our supply chain, how would we resume business?" Planning contingencies ahead of time for situations like these can help your business stay afloat when you're faced with an unavoidable crisis.

When you think about business continuity in terms of the essential functions your business requires to operate, you can begin to mitigate and plan for specific risks within those functions.

Crisis Communication and Management Kit

Manage, plan for, and communicate during your corporate crises with these crisis management plan templates.

• Free Crisis Management Plan Template
• 12 Crisis Communication Templates
• Post-Crisis Performance Grading Template
• Additional Crisis Best Management Practices

You're all set!

Click this link to access this resource at any time.

Business Continuity Planning

Business continuity planning is the process of creating a plan to address a crisis. When writing out a business continuity plan, it's important to consider the variety of crises that could potentially affect the company and prepare a resolution for each.

Don't forget to share this post!

Related articles.

How to Navigate Customer Service During a Business Closure

10 Crisis Communication Plan Examples (and How to Write Your Own)

I Tried 7 Crisis Management Software to See if They’re Worth It (Results & Recommendations)

20 Crisis Management Quotes Every PR Team Should Live By

Social Media Crisis Management: Your Complete Guide [Free Template]

De-Escalation Techniques: 19 Best Ways to De-Escalate [Top Tips + Data]

Situational Crisis Communication Theory and How It Helps a Business

What Southwest’s Travel Disruption Taught Us About Customer Service

Showcasing Your Crisis Management Skills on Your Resume

What Is Contingency Planning? [+ Examples]

Manage, plan for, and communicate during a corporate crisis.

Service Hub provides everything you need to delight and retain customers while supporting the success of your whole front office

An IT business continuity plan: Why you need one and what it entails

Business continuity and disaster recovery plans ( BCDR ) are organization-wide plans to help prepare your business for a wide range of potential crises and to mitigate the impact of such events.

Threats to your business can take various forms—from global pandemics that disrupt supply chains to natural disasters that threaten your physical workspace. However, as businesses rely increasingly on various systems to manage core operations and house crucial information, including customer, employee, and financial data, threats to IT systems loom largest for many business owners.

That’s where your IT business continuity planning comes in. This may be part of a larger business continuity plan or may be conducted in isolation if IT is the sole concern of your business continuity management.

A deeper dive into business continuity planning

When an event disrupts your business’s operations, a business continuity and disaster recovery plan (BCDR) comes into action. Downtime can lead to financial losses for companies, so minimizing its impact is crucial to ensure prompt business recovery and minimize revenue loss.

Although disaster recovery is a critical function of IT systems, BCDR is much broader than merely ensuring the stability and security of your tech stack. It encompasses various aspects, such as ensuring employee safety, managing brand reputation, crisis management, identifying alternative work locations, and ensuring systems security and data protection.

Therefore, developing a comprehensive b usiness continuity and disaster recovery plan requires thoroughness. While it may not be possible to predict every potential disaster that could befall your business, you can develop fallback plans to utilize when disasters inevitably occur.

Threats to your IT systems

When you think of your IT systems, it’s natural to think of things like cyberattacks or systems downtime as posing potential threats to your business continuity. However, IT systems can face various threats that can cause significant damage and disrupt business operations. These threats include:

• Natural disasters , such as hurricanes, floods, earthquakes, wildfires, and tornadoes, which can damage physical infrastructure (like servers) and cause business disruptions.
• Cyberattacks and data breaches , which can result in data loss, system downtime, reputational damage, financial losses, regulatory fines, and legal liability. These attacks are becoming more sophisticated and frequent, and companies must take necessary precautions to secure their systems and data.
• Human errors made by employees, contractors, or vendors can also lead to system failures, data breaches, or other disruptions to business operations. Companies must invest in training and implementing proper protocols to mitigate such risks.
• Power outages can result in system downtime and data loss. Companies must implement backup power systems and disaster recovery plans to minimize the impact of such events.

It’s important for your organization to identify the specific threats that are most relevant to their business and to develop appropriate plans and strategies to mitigate those risks.

Where to start when developing an IT business continuity plan (BCP)

Most good plans start with information-gathering, and your IT business continuity plans are no different. The components of gathering the right information are outlined here:

Business continuity management (BCM)

Business continuity management (BCM) is the process of identifying potential threats and risks to an organization, developing plans to mitigate those risks, and ensuring that the organization is prepared to respond effectively to a crisis or disruption. 

The goal of BCM is to enable an organization to continue its critical operations during and after a catastrophic event, whether that event is a natural disaster, cyber-attack, or any other unexpected occurrence that could impact the organization’s ability to function.

The role of a Business Impact Analysis (BIA) in business continuity management 

A business impact analysis (BIA) is a key component of your business continuity management or BCM process. The BIA identifies and evaluates the potential impact of a disruption on critical IT functions and business processes.

When doing a BIA, you’ll:

• Identify the essential IT functions and processes your business needs to restore quickly after a disruption. For example, if you’re an e-commerce business, your website and payment processing systems are critical IT functions that need to be restored quickly to avoid losing revenue and customers.
• Assess and quantify the potential impacts of a disruption on each function or process. These impacts can range from shipping delays to customers to regulatory non-compliance. By understanding the potential impacts, you’ll be able to prioritize your disaster recovery efforts and allocate resources effectively.
• Understand the resources required to support each IT function or process. This can include personnel, technology, and facilities. This can help you identify single points of failure, such as only one person who knows how to operate a certain system. If that person is unavailable, it could result in significant downtime and lost revenue.

By conducting a BIA, you can develop targeted and effective recovery strategies that minimize the impact of a disruption on your IT systems. It’s recommended that organizations conduct a BIA at least once a year or whenever there are significant changes to the organization’s operations or risk profile.

How your IT business continuity plan comes to life

As business continuity and disaster recovery are interdependent, there is a significant overlap in devising an IT disaster recovery (DR) plan and an IT business continuity (BC) plan. As such, we like to consider all three branches of BCDR when developing an effective business continuity plan. Those three branches are:

• Emergency response: This branch of business continuity focuses on the immediate response to a crisis or emergency situation. Think of it as the immediate “to-do plan” if there’s a natural disaster, cyber-attack, or any other unexpected event that can disrupt business operations.
• Crisis management & business continuity: Crisis management deals with the restoration of critical business functions after an interruption, including the recovery of data, systems, and operations. The objective is to ensure that business operations can be resumed as quickly as possible and minimize the impact of the disruption.
• Disaster recovery: Time to recover critical business functions! Whether you’re rebuilding infrastructure, replacing equipment, or upgrading systems, this stage is about getting your business back to where it was. This branch also focuses on the proactive measures that organizations can take to mitigate the impact of another potential disaster or crisis.

For each IT function, you should have a plan in place that covers all three branches. Let’s look at an example:

Example: A power outage impacts critical IT systems

Power outages or blackouts can happen for a number of reasons, but if your business is located in a region that is prone to volatile weather or extreme heat, power outages are something you should prepare for well in advance. If and when a power outage occurs, you might have the following steps in place:

Your emergency response to a power outage: 

With the correct procedures and training in place, your team will know exactly how to respond the next time there’s a blackout. This might include:

• Using personal wireless hotspots for urgent tasks that require web access
• Unplugging devices from power sources so they don’t short circuit when power returns
• Reporting the outage to the relevant authorities 
• Seeking to understand the extent of the problem (often this can be found on websites or through social media accounts of power companies)
• Notifying key people (customers/leaders) about the situation (this can even be done through social media

Roles and responsibilities will also be clear so people do not duplicate efforts or create confusion.

Crisis management & business continuity: 

Now that initial steps and actions have been taken, you can move to actively manage your business while the power is out. Actions taken now will depend on the duration of the power outage, but some options include:

• Sending employees home if it’s easier for them to simply work from home or it looks like the outage may impact the rest of the business day
• Investing in a backup generator if the power will be out for a prolonged period (this might also be part of disaster recovery if it’s a proactive step to be taken for next time)
• Continuing to keep customers and stakeholders up to date via essential channels like social media, email, and even phone

Disaster recovery from power outages: 

Hooray! The power is restored. Your office can now return to normal productivity. But before everybody jumps in, your tech team might want to:

• Reset the circuit breaker before turning on devices and network routers
• Confirm any steps for restarting systems that have not been shut down properly

Having survived an outage, your business might now reassess your preparedness for such events and decide to implement some changes. This can include things like:

• Setting up an uninterruptible power supply (UPS) to allow people to safely shut down their computers
• Ensuring all staff members store all business documents, contact lists, and other critical information in the cloud so it’s accessible from anywhere with an internet connection

Who’s responsible for your IT business continuity plan

Going through each and every IT system, from hardware to software, that your company uses may seem like a daunting task. That responsibility typically falls on the organization’s IT department or a designated IT team. 

However, depending on the organization’s size and structure, the responsibility for a successful business continuity plan may also fall on other departments or individuals, such as risk management, operations, human resources, or a business continuity team.

Moreover, your IT team will likely depend on all staff and even business partners for inputs on the nature of certain systems, how essential they are to maintaining business operations, and the revenue implications of those systems being down.

For example, your marketing team may use various systems for email deployment, social media monitoring, content production, and more. As such, your IT team may require information from them on which systems you use that are most critical to maintaining productivity and which systems are most closely tied to revenue.

The importance of staff training

Because human error puts your IT systems at risk, all staff should also be required to undergo annual training on data security and emergency procedures. Depending on the compliance frameworks your company adheres to, certification may also be required for all employees. 

For example, if your company processes credit card information, it may be required for all employees to complete PCI compliance training. PCI compliance training refers to a program or series of courses designed to educate individuals and organizations on the Payment Card Industry Data Security Standards (PCI DSS) and the requirements for complying with these standards. 

PCI DSS is a set of security standards developed by major credit card companies to help ensure that businesses that accept, process, store, or transmit credit card information do so in a secure manner and protect against fraud and data breaches.

The importance of testing & iterating your IT business continuity plans

Just like running regular fire drills, your IT business continuity plan needs to be constantly tested and updated. Plus, every time you do a new business impact analysis (or BIA), you’ll potentially identify new areas of vulnerability that your BCDR needs to account for.

Here are some steps to follow when testing your BCDR plan:

• Define the testing objectives: Defining the objectives of the test can include testing the effectiveness of specific recovery procedures, identifying weaknesses in the plan, or assessing the readiness of key personnel.
• Develop a testing strategy: A testing strategy will outline the scope of the test, the testing approach, and the expected outcomes. This should include a detailed test plan that identifies the testing scenarios, the resources needed to conduct the test, and the criteria for success.
• Conduct the test: Run the test according to the testing plan. This may involve simulating a disaster scenario, testing specific recovery procedures, or conducting a tabletop exercise to test the response of key personnel.
• Evaluate the results: This may involve reviewing the test data, conducting post-test interviews with key personnel, or analyzing the effectiveness of specific recovery procedures.
• Improve: Based on your results, improvements to the BCDR plan may be identified and implemented. These may include revising specific recovery procedures, updating the contact list for key personnel, or investing in additional resources to improve the organization’s overall readiness for a disaster.

Need help? Working with the experts at Thoropass can help you build the foundations for a resilient business that stands the test of time.

Get the Guide

Founder’s Guide to Security and Compliance

Take security one step further, find out which frameworks are best for your business.

Share this post with your network:

Related Posts

What is soc 1 compliance, essential gdpr compliance checklist: navigate data protection with confidence, stay connected.

Subscribe to receive new blog articles and updates from Thoropass in your inbox.

Help Thoropass ensure that compliance never gets in the way of innovation.

Drop us a line and we’ll be in touch.

We use essential cookies to make Venngage work. By clicking “Accept All Cookies”, you agree to the storing of cookies on your device to enhance site navigation, analyze site usage, and assist in our marketing efforts.

Manage Cookies

Cookies and similar technologies collect certain information about how you’re using our website. Some of them are essential, and without them you wouldn’t be able to use Venngage. But others are optional, and you get to choose whether we use them or not.

Strictly Necessary Cookies

These cookies are always on, as they’re essential for making Venngage work, and making it safe. Without these cookies, services you’ve asked for can’t be provided.

Show cookie providers

• Google Login

Functionality Cookies

These cookies help us provide enhanced functionality and personalisation, and remember your settings. They may be set by us or by third party providers.

Performance Cookies

These cookies help us analyze how many people are using Venngage, where they come from and how they're using it. If you opt out of these cookies, we can’t get feedback to make Venngage better for you and all our users.

• Google Analytics

Targeting Cookies

These cookies are set by our advertising partners to track your activity and show you relevant Venngage ads on other sites as you browse the internet.

• Google Tag Manager
• Infographics
• Daily Infographics
• Popular Templates
• Accessibility
• Graphic Design
• Graphs and Charts
• Data Visualization
• Human Resources
• Beginner Guides

Blog Business 7 Business Continuity Plan Examples

7 Business Continuity Plan Examples

Written by: Danesh Ramuthi Nov 28, 2023

A business continuity plan (BCP) is a strategic framework that prepares businesses to maintain or swiftly resume their critical functions in the face of disruptions, whether they stem from natural disasters, technological failures, human error, or other unforeseen events.

In today’s fast-paced world, businesses face an array of potential disruptions ranging from cyberattacks and ransomware to severe weather events and global pandemics. By having a well-crafted BCP, businesses can mitigate these risks, ensuring the safety and continuity of their critical services and operations. To further safeguard their operations, integrating measures to protect against ransomware into their BCP is a natural and essential step.

Responsibility for business continuity planning typically lies with top management and dedicated planning teams within an organization. It is a cross-functional effort that involves input and coordination across various departments, ensuring that all aspects of the business are considered.

For businesses looking to develop or refine their business continuity strategies, there are numerous resources available. Tools like Venngage’s business plan maker and their business continuity plan templates offer practical assistance, streamlining the process of creating a robust and effective BCP. 

Click to jump ahead: 

7 business continuity plan examples

Business continuity types, how to write a business continuity plan, how often should a business continuity plan be reviewed, business continuity plan vs. disaster recovery plan, final thoughts.

In business, unpredictability is the only certainty. This is where business continuity plans (BCPs) come into play. These plans are not just documents; they are a testament to a company’s preparedness and commitment to sustained operations under adverse conditions. To illustrate the practicality and necessity of these plans, let’s delve into some compelling examples.

Business continuity plan example for small business

Imagine a small business specializing in digital marketing services, with a significant portion of its operations reliant on continuous internet connectivity and digital communication tools. This business, although small, caters to a global clientele, making its online presence and prompt service delivery crucial.

Scope and objective:

This Business Continuity Plan (BCP) is designed to ensure the continuity of digital marketing services and client communications in the event of an unforeseen and prolonged internet outage. Such an outage could be caused by a variety of factors, including cyberattacks, technical failures or service provider issues. The plan aims to minimize disruption to these critical services, ensuring that client projects are delivered on time and communication lines remain open and effective.

Operations at risk:

Operation: Digital Marketing Services Operation Description: A team dedicated to creating and managing digital marketing campaigns for clients across various time zones. Business Impact: High Impact Description: The team manages all client communications, campaign designs, and real-time online marketing strategies. An internet outage would halt all ongoing campaigns and client communications, leading to potential loss of business and client trust.

Recovery strategy:

The BCP should include immediate measures like switching to a backup internet service provider or using mobile data as a temporary solution. The IT team should be prepared to deploy these alternatives swiftly.

Immediate measures within the BCP should encompass alternatives like switching to a backup internet service provider or utilizing mobile data, supplemented by tools such as backup and recovery systems, cloud-based disaster recovery solutions, and residential proxies , while the IT team should be prepared to deploy these swiftly. 

Additionally, the company should have a protocol for informing clients about the situation via alternative communication channels like mobile phones.

Roles and responsibilities:

Representative: Alex Martinez Role: IT Manager Description of Responsibilities:

• Oversee the implementation of the backup internet connectivity plan.
• Coordinate with the digital marketing team to ensure minimal disruption in campaign management.
• Communicate with the service provider for updates and resolution timelines.

Business continuity plan example for software company

In the landscape of software development, a well-structured Business Continuity Plan (BCP) is vital. This example illustrates a BCP for a software company, focusing on a different kind of disruption: a critical data breach.

Scope and objectives:

This BCP is designed to ensure the continuity of software development and client data security in the event of a significant data breach. Such a breach could be due to cyberattacks, internal security lapses, or third-party service vulnerabilities. The plan prioritizes the rapid response to secure data, assess the impact on software development projects and maintain client trust and communication.

Operation: Software Development and Data Security Operation Description: The software development team is responsible for creating and maintaining software products, which involves handling sensitive client data. In the realm of software development, where the creation and maintenance of products involve handling sensitive client data, prioritizing security is crucial. Strengthen your software development team’s capabilities by incorporating the best antivirus with VPN features, offering a robust defense to protect client information and maintain a secure operational environment. The integrity and security of this data are paramount.

Business Impact: Critical Impact Description: A data breach could compromise client data, leading to loss of trust, legal consequences and potential financial penalties. It could also disrupt ongoing development projects and delay product releases.

The IT security team should immediately isolate the breached systems to prevent further data loss. They should then work on identifying the breach’s source and extent. Simultaneously, the client relations team should inform affected clients about the breach and the steps being taken. The company should also engage a third-party cybersecurity or pentest firm for an independent investigation and recovery assistance.

Representative: Sarah Lopez Role: Head of IT Security Contact Details: [email protected] Description of Responsibilities:

• Lead the initial response to the data breach, including system isolation and assessment.
• Coordinate with external cybersecurity experts for breach analysis and mitigation.
• Work with the legal team to understand and comply with data breach notification laws.
• Communicate with the software development team leaders about the impact on ongoing projects.

Related: 7 Best Business Plan Software for 2023

Business continuity plan example for manufacturing

In the manufacturing sector, disruptions can significantly impact production lines, supply chains, and customer commitments. This example of a Business Continuity Plan (BCP) for a manufacturing company addresses a specific scenario: a major supply chain disruption.

This BCP is formulated to ensure the continuity of manufacturing operations in the event of a significant supply chain disruption. Such disruptions could be caused by geopolitical events, natural disasters affecting key suppliers or transportation network failures. The plan focuses on maintaining production capabilities and fulfilling customer orders by managing and mitigating supply chain risks.

Operation: Production Line Operation Description: The production line is dependent on a steady supply of raw materials and components from various suppliers to manufacture products. Business Impact: High Impact Description: A disruption in the supply chain can lead to a halt in production, resulting in delayed order fulfillment, loss of revenue and potential damage to customer relationships.

The company should establish relationships with alternative suppliers to ensure a diversified supply chain. In the event of a disruption, the procurement team should be able to quickly switch to these alternative sources. Additionally, maintaining a strategic reserve of critical materials can buffer short-term disruptions. The logistics team should also develop flexible transportation plans to adapt to changing scenarios.

Representative: Michael Johnson Role: Head of Supply Chain Management Contact Details: [email protected] Description of Responsibilities:

• Monitor global supply chain trends and identify potential risks.
• Develop and maintain relationships with alternative suppliers.
• Coordinate with logistics to ensure flexible transportation solutions.
• Communicate with production managers about supply chain status and potential impacts on production schedules.

Related: 15+ Business Plan Templates for Strategic Planning

BCPs are essential for ensuring that a business can continue operating during crises. Here’s a summary of the different types of business continuity plans that are common:

• Operational : Involves ensuring that critical systems and processes continue functioning without disruption. It’s vital to have a plan to minimize revenue loss in case of disruptions.
• Technological : For businesses heavily reliant on technology, this type of continuity plan focuses on maintaining and securing internal systems, like having offline storage for important documents.
• Economic continuity : This type ensures that the business remains profitable during disruptions. It involves future-proofing the organization against scenarios that could negatively impact the bottom line.
• Workforce continuity : Focuses on maintaining adequate and appropriate staffing levels, especially during crises, ensuring that the workforce is capable of handling incoming work.
• Safety : Beyond staffing, safety continuity involves creating a comfortable and secure work environment where employees feel supported, especially during crises.
• Environmental : It addresses the ability of the team to operate effectively and safely in their physical work environment, considering threats to physical office spaces and planning accordingly.
• Security : Means prioritizing the safety and security of employees and business assets, planning for potential security breaches and safeguarding important business information.
• Reputation : Focuses on maintaining customer satisfaction and a good reputation, monitoring conversations about the brand and having action plans for reputation management.

As I have explained so far, a Business Continuity Plan (BCP) is invaluable. Writing an effective BCP involves a series of strategic steps, each crucial to ensuring that your business can withstand and recover from unexpected events. Here’s a guide on how to craft a robust business continuity plan:

1. Choose your business continuity team

Assemble a dedicated team responsible for the development and implementation of the BCP. The team should include members from various departments with a deep understanding of the business operations.

2. Outline your plan objectives

Clearly articulate what the plan aims to achieve. Objectives may include minimizing financial loss, ensuring the safety of employees, maintaining critical business operations, and protecting the company’s reputation.

3. Meet with key players in your departments

Engage with department heads and key personnel to gain insights into the specific needs and processes of each department. This helps in identifying critical functions and resources.

4. Identify critical functions and types of threats

Determine which functions are vital to the business’s survival and identify potential threats that could impact these areas. 

5. Carry on risk assessments across different areas

Evaluate the likelihood and impact of identified threats on each critical function. This assessment helps in prioritizing the risks and planning accordingly.

6. Conduct a business impact analysis (BIA)

Perform a BIA to understand the potential consequences of disruption to critical business functions. It has to be done in determining the maximum acceptable downtime and the resources needed for business continuity.

7. Start drafting the plan

Compile the information gathered into a structured document. The plan should include emergency contact information, recovery strategies and detailed action steps for different scenarios.

8. Test the plan for any gaps

Conduct simulations or tabletop exercises to test the plan’s effectiveness. This testing can reveal unforeseen gaps or weaknesses in the plan.

9. Review & revise your plan

Use the insights gained from testing to refine and update the plan. Continual revision ensures the plan remains relevant and effective in the face of changing business conditions and emerging threats.

Read Also: How to Write a Business Plan Outline [Examples + Templates]

A Business Continuity Plan (BCP) should ideally be reviewed and updated at least annually. 

The annual review ensures that the plan remains relevant and effective in the face of new challenges and changes within the business, such as shifts in business strategy, introduction of new technology or changes in operational processes. 

Additionally, it’s crucial to reassess the BCP following any significant business changes, such as mergers, acquisitions or entry into new markets, as well as after the occurrence of any major incident that tested the plan’s effectiveness. 

However, in rapidly changing industries or in businesses that face a high degree of uncertainty or frequent changes, more frequent reviews – such as bi-annually or quarterly – may be necessary. 

A Business Continuity Plan (BCP) and a Disaster Recovery Plan (DRP) are two crucial components of organizational preparedness, yet they serve different functions. The BCP is aimed at preventing interruptions to business operations and maintaining regular activities. 

It focuses on aspects such as the location of operations during a crisis (like a temporary office or remote work), how staff will communicate and which functions are prioritized. In essence, a BCP details how a business can continue operating during and after a disruption​​​​.

On the other hand, a DRP is more specific to restoring data access and IT infrastructure after a disaster. It describes the steps that employees must follow during and after a disaster to ensure minimal function necessary for the organization to continue. 

Essentially, while a BCP is about maintaining operations, a DRP is about restoring critical functions, particularly IT-related, after a disruption has occurred​

It’s clear that having a robust and adaptable business continuity plan (BCP) is not just a strategic advantage but a fundamental necessity for businesses of all sizes and sectors. 

From small businesses to large corporations, the principles of effective business continuity planning remain consistent: identify potential threats, assess the impact on critical functions, and develop a comprehensive strategy to maintain operations during and after a disruption.

The process of writing a BCP, as detailed in this article, underscores the importance of a thorough and thoughtful approach. It’s about more than just drafting a document; it’s about creating a living framework that evolves with your business and the changing landscape of risks.

To assist in this crucial task, you can use Venngage’s business plan maker & their business continuity plan templates . These tools streamline the process of creating a BCP, ensuring that it is not only comprehensive but also clear, accessible and easy to implement. 

Discover popular designs

Infographic maker

Brochure maker

White paper online

Newsletter creator

Flyer maker

Timeline maker

Letterhead maker

Mind map maker

Ebook maker

• Search Search Please fill out this field.
• Business Continuity Plan Basics
• Understanding BCPs
• Benefits of BCPs
• How to Create a BCP
• BCP & Impact Analysis
• BCP vs. Disaster Recovery Plan

Frequently Asked Questions

• Business Continuity Plan FAQs

The Bottom Line

What is a business continuity plan (bcp), and how does it work.

Investopedia / Ryan Oakley

What Is a Business Continuity Plan (BCP)? 

A business continuity plan (BCP) is a system of prevention and recovery from potential threats to a company. The plan ensures that personnel and assets are protected and are able to function quickly in the event of a disaster.

Key Takeaways

• Business continuity plans (BCPs) are prevention and recovery systems for potential threats, such as natural disasters or cyber-attacks.
• BCP is designed to protect personnel and assets and make sure they can function quickly when disaster strikes.
• BCPs should be tested to ensure there are no weaknesses, which can be identified and corrected.

Understanding Business Continuity Plans (BCPs)

BCP involves defining any and all risks that can affect the company's operations, making it an important part of the organization's risk management strategy. Risks may include natural disasters—fire, flood, or weather-related events—and cyber-attacks . Once the risks are identified, the plan should also include:

• Determining how those risks will affect operations
• Implementing safeguards and procedures to mitigate the risks
• Testing procedures to ensure they work
• Reviewing the process to make sure that it is up to date

BCPs are an important part of any business. Threats and disruptions mean a loss of revenue and higher costs, which leads to a drop in profitability. And businesses can't rely on insurance alone because it doesn't cover all the costs and the customers who move to the competition. It is generally conceived in advance and involves input from key stakeholders and personnel.

Business impact analysis, recovery, organization, and training are all steps corporations need to follow when creating a Business Continuity Plan.

Benefits of a Business Continuity Plan

Businesses are prone to a host of disasters that vary in degree from minor to catastrophic. Business continuity planning is typically meant to help a company continue operating in the event of major disasters such as fires. BCPs are different from a disaster recovery plan, which focuses on the recovery of a company's information technology system after a crisis.

Consider a finance company based in a major city. It may put a BCP in place by taking steps including backing up its computer and client files offsite. If something were to happen to the company's corporate office, its satellite offices would still have access to important information.

An important point to note is that BCP may not be as effective if a large portion of the population is affected, as in the case of a disease outbreak. Nonetheless, BCPs can improve risk management—preventing disruptions from spreading. They can also help mitigate downtime of networks or technology, saving the company money.

How To Create a Business Continuity Plan

There are several steps many companies must follow to develop a solid BCP. They include:

• Business Impact Analysis : Here, the business will identify functions and related resources that are time-sensitive. (More on this below.)
• Recovery : In this portion, the business must identify and implement steps to recover critical business functions.
• Organization : A continuity team must be created. This team will devise a plan to manage the disruption.
• Training : The continuity team must be trained and tested. Members of the team should also complete exercises that go over the plan and strategies.

Companies may also find it useful to come up with a checklist that includes key details such as emergency contact information, a list of resources the continuity team may need, where backup data and other required information are housed or stored, and other important personnel.

Along with testing the continuity team, the company should also test the BCP itself. It should be tested several times to ensure it can be applied to many different risk scenarios . This will help identify any weaknesses in the plan which can then be corrected.

In order for a business continuity plan to be successful, all employees—even those who aren't on the continuity team—must be aware of the plan.

Business Continuity Impact Analysis

An important part of developing a BCP is a business continuity impact analysis. It identifies the effects of disruption of business functions and processes. It also uses the information to make decisions about recovery priorities and strategies.

FEMA provides an operational and financial impact worksheet to help run a business continuity analysis. The worksheet should be completed by business function and process managers who are well acquainted with the business. These worksheets will summarize the following:

• The impacts—both financial and operational—that stem from the loss of individual business functions and process
• Identifying when the loss of a function or process would result in the identified business impacts

Completing the analysis can help companies identify and prioritize the processes that have the most impact on the business's financial and operational functions. The point at which they must be recovered is generally known as the “recovery time objective.”

Business Continuity Plan vs. Disaster Recovery Plan

BCPs and disaster recovery plans are similar in nature, the latter focuses on technology and information technology (IT) infrastructure. BCPs are more encompassing—focusing on the entire organization, such as customer service and supply chain. 

BCPs focus on reducing overall costs or losses, while disaster recovery plans look only at technology downtimes and related costs. Disaster recovery plans tend to involve only IT personnel—which create and manage the policy. However, BCPs tend to have more personnel trained on the potential processes. 

Why Is Business Continuity Plan (BCP) Important?

Businesses are prone to a host of disasters that vary in degree from minor to catastrophic and business continuity plans (BCPs) are an important part of any business. BCP is typically meant to help a company continue operating in the event of threats and disruptions. This could result in a loss of revenue and higher costs, which leads to a drop in profitability. And businesses can't rely on insurance alone because it doesn't cover all the costs and the customers who move to the competition.

What Should a Business Continuity Plan (BCP) Include?

Business continuity plans involve identifying any and all risks that can affect the company's operations. The plan should also determine how those risks will affect operations and implement safeguards and procedures to mitigate the risks. There should also be testing procedures to ensure these safeguards and procedures work. Finally, there should be a review process to make sure that the plan is up to date.

What Is Business Continuity Impact Analysis?

An important part of developing a BCP is a business continuity impact analysis which identifies the effects of disruption of business functions and processes. It also uses the information to make decisions about recovery priorities and strategies.

FEMA provides an operational and financial impact worksheet to help run a business continuity analysis.

These worksheets summarize the impacts—both financial and operational—that stem from the loss of individual business functions and processes. They also identify when the loss of a function or process would result in the identified business impacts.

Business continuity plans (BCPs) are created to help speed up the recovery of an organization filling a threat or disaster. The plan puts in place mechanisms and functions to allow personnel and assets to minimize company downtime. BCPs cover all organizational risks should a disaster happen, such as flood or fire.  

Federal Emergency Management Agency. " Business Process Analysis and Business Impact Analysis User Guide ." Pages 15 - 17.

Ready. “ IT Disaster Recovery Plan .”

Federal Emergency Management Agency. " Business Process Analysis and Business Impact Analysis User Guide ." Pages 15-17.

• Terms of Service
• Editorial Policy
• Privacy Policy
• Your Privacy Choices

• Artificial Intelligence
• Generative AI
• Business Operations
• Cloud Computing
• Data Center
• Data Management
• Emerging Technology
• Enterprise Applications
• IT Leadership
• Digital Transformation
• IT Strategy
• IT Management
• Diversity and Inclusion
• IT Operations
• Project Management
• Software Development
• Vendors and Providers
• Enterprise Buyer’s Guides
• United States
• Middle East
• España (Spain)
• Italia (Italy)
• Netherlands
• United Kingdom
• New Zealand
• Data Analytics & AI
• Newsletters
• Foundry Careers
• Terms of Service
• Privacy Policy
• Cookie Policy
• Copyright Notice
• Member Preferences
• About AdChoices
• Your California Privacy Rights

Our Network

• Computerworld
• Network World

How to create an effective business continuity plan

A business continuity plan outlines procedures and instructions an organization must follow in the face of disaster, whether fire, flood, or cyberattack. here’s how to create a plan that gives your business the best chance of surviving such an event..

The tumultuous events of the past several years have impacted practically every business. And with the number of extreme weather events, cyberattacks, and geopolitical conflicts continuing to rise, business leaders are bracing for the possibility of increasingly more frequent impactful incidents their organizations will need to respond to.

According to PwC’s 2023 Global Crisis and Resilience Survey , 96% of 1,812 business leaders said their organizations had experienced disruption in the past two years and 76% said their most serious disruption had a medium to high impact on operations.

It’s little wonder then that 89% of executives list resilience as one of their most important strategic priorities.

Yet at the same time, only 70% of respondents said they were confident in their organization’s ability to respond to disruptions, with PwC noting that its research shows that too many organizations “are lacking the foundational elements of resilience they need to be successful.”

A solid business continuity plan is one of those foundational elements.

“Every business should have the mindset that they will face a disaster, and every business needs a plan to address the different potential scenarios,” says Goh Ser Yoong, head of compliance at Advance.AI and a member of the Emerging Trends Working Group at the professional governance association ISACA.

A business continuity plan gives the organization the best shot at successfully navigating a disaster by providing ready-made directions on who should do what tasks in what order to keep the business viable.

Without such as a plan, the organization will take longer than necessary to recover from an event or incident — or may never recover at all.

What is a business continuity plan?

A business continuity plan (BCP) is a strategic playbook created to help an organization maintain or quickly resume business functions in the face of disruption, whether that disruption is caused by a natural disaster, civic unrest, cyberattack, or any other threat to business operations.

A business continuity plan outlines the procedures and instructions that the organization must follow during such an event to minimize downtime, covering business processes, assets, human resources, business partners, and more.

A business continuity plan is not the same as a disaster recovery plan , which focuses on restoring IT infrastructure and operations after a crisis. Still, a disaster recovery plan is part of the overall strategy to ensure business continuity, and the business continuity plan should inform the action items detailed in an organization’s disaster recovery plan. The two are tightly coupled, which is why they often are considered together and abbreviated as BCDR.

Why business continuity planning matters

Whether you operate a small business or a large corporation, it’s vital to retain and increase your customer base. There’s no better test of your capability to do so than right after an adverse event.

Because restoring IT is critical for most companies, numerous disaster recovery solutions are available. You can rely on IT to implement those solutions. But what about the rest of your business functions? Your company’s future depends on your people and processes. Being able to handle any incident effectively can have a positive effect on your company’s reputation and market value, and it can increase customer confidence.

Moreover, there are increasing consumer and regulatory expectations for both enterprise security and continuity today. Consequently, organizations must prioritize continuity planning to prevent not only business losses, but financial, legal, reputational, and regulatory consequences.

For example, the risk of having an organization’s “license to operate” withdrawn by a regulator or having conditions applied (retrospectively or prospectively) can adversely affect market value and consumer confidence.

Building (and updating) a business continuity plan

Whether building the organization’s first business continuity plan or updating an existing one, the process involves multiple essential steps.

Assess business processes for criticality and vulnerability: Business continuity planning “starts with understanding what’s most important to the business,” says Joe Nocera, principle in the cyber risk and regulatory practice at PwC, a professional services firm.

So the first step in building your business continuity plan is assessing your business processes to determine which are the most critical; which are the most vulnerable and to what type of events; and what are the potential losses if those processes go down for a day, a few days, or a week.

“This step essentially determines what you are trying to protect and what you are trying to keep up for systems,” says Todd Renner, senior managing director in the cybersecurity practice at FTI Consulting.

This assessment is more demanding than ever before because of the complexity of today’s hybrid workplace, the modern IT environment, and the reliance on business partners and third-party providers to perform or support critical processes.

Given that complexity, Goh says a thorough assessment requires an inventory of not only key processes but also the supporting components — including the IT systems, networks, people, and outside vendors — as well as the risks to those components.

This is essentially a business impact analysis.

Determine your organization’s RTO and RPO: The next step in building a business continuity plan is determining the organization’s recovery time objective (RTO), which is the target amount of time between point of failure and the resumption of operations, and the recovery point objective (RPO), which is the maximum amount of data loss an organization can withstand.

Each organization has its own RTO and RPO based on the nature of its business, industry, regulatory requirements, and other operational factors. Moreover, different parts of a business can have different RTOs and RPOs, which executives need to establish, Nocera says.

“When you meet with individual aspects of the business, everyone says everything [they do] is important; no one wants to say their part of the business is less critical, but in reality you have to have those challenging conversations and determinations about what is actually critical to the business and to business continuity,” he adds.

Detail the steps, roles, and responsibilities for continuity: Once that is done, business leaders should use the RTO and the RPO, along with the business impact analysis, to determine the specific tasks that need to happen, by whom, and in what order to ensure business continuity.

“It’s taking the key components of your analysis and designing a plan that outlines roles and responsibilities, about who does what. It gets into the nitty-gritty on how you’re going to keep the company up and running,” Renner explains.

One common business continuity planning tool is a checklist that includes supplies and equipment, the location of data backups and backup sites, where the plan is available and who should have it, and contact information for emergency responders, key personnel, and backup site providers.

Although the list of possible scenarios that could impact business operations can seem extensive, Goh says business leaders don’t have to compile an exhaustive list of potential incidents. Rather, they should compile a list that includes likely incidents as well as representative ones so that they can create responses that have a higher likelihood of ensuring continuity even when faced with an unimagined disaster.

“So even if it’s an unexpected event, they can pull those building blocks from the plan and apply them to the unique crisis they’re facing,” Nocera says.

The importance of testing the business continuity plan

Devising a business continuity plan is not enough to ensure preparedness; testing and practicing are other critical components.

Renner says testing and practicing offer a few important benefits.

First, they show whether or how well a plan will work.

Testing and practicing help prepare all stakeholders for an actual incident, helping them build the muscle memory needed to respond as quickly and as confidently as possible during a crisis.

They also help identify gaps in the devised plan. As Renner says: “Every tabletop exercise that I’ve ever done has been an eye-opener for everyone involved.”

Additionally, they help identify where there may be misalignment of objectives. For example, executives may have deprioritized the importance of restoring certain IT systems only to realize during a drill that those are essential for supporting critical processes.

Types and timing of tests

Many organizations test a business continuity plan two to four times a year. Experts say the frequency of tests, as well as reviews and updates, depends on the organization itself — its industry, its speed of innovation and transformation, the amount of turnover of key personnel, the number of business processes, and so on.

Common tests include tabletop exercises , structured walk-throughs, and simulations. Test teams are usually composed of the recovery coordinator and members from each functional unit.

A tabletop exercise usually occurs in a conference room with the team poring over the plan, looking for gaps and ensuring that all business units are represented therein.

In a structured walk-through, each team member walks through his or her components of the plan in detail to identify weaknesses. Often, the team works through the test with a specific disaster in mind. Some organizations incorporate drills and disaster role-playing into the structured walk-through. Any weaknesses should be corrected and an updated plan distributed to all pertinent staff.

Some experts also advise a full emergency evacuation drill at least once a year.

Meanwhile, disaster simulation testing — which can be quite involved — should still be performed annually. For this test, create an environment that simulates an actual disaster, with all the equipment, supplies and personnel (including business partners and vendors) who would be needed. The purpose of a simulation is to determine whether the organization and its staff can carry out critical business functions during an actual event.

During each phase of business continuity plan testing, include some new employees on the test team. “Fresh eyes” might detect gaps or lapses of information that experienced team members could overlook.

Reviewing and updating the business continuity plan should likewise happen on an ongoing basis.

“It should be a living document. It shouldn’t be shelved. It shouldn’t be just a check-the-box exercise,” Renner says.

Otherwise, plans go stale and are of no use when needed.

Bring key personnel together at least annually to review the plan and discuss any areas that must be modified.

Prior to the review, solicit feedback from staff to incorporate into the plan. Ask all departments or business units to review the plan, including branch locations or other remote units.

Furthermore, a strong business continuity function calls for reviewing the organization’s response in the event of an actual event. This allows executives and their teams to identify what the organization did well and where it needs to improve.

How to ensure business continuity plan support, awareness

One way to ensure your plan is not successful is to adopt a casual attitude toward its importance. Every business continuity plan must be supported from the top down. That means senior management must be represented when creating and updating the plan; no one can delegate that responsibility to subordinates. In addition, the plan is likely to remain fresh and viable if senior management makes it a priority by dedicating time for adequate review and testing.

Management is also key to promoting user awareness. If employees don’t know about the plan, how will they be able to react appropriately when every minute counts?

Although plan distribution and training can be conducted by business unit managers or HR staff, have someone from the top kick off training and punctuate its significance. It’ll have a greater impact on all employees, giving the plan more credibility and urgency.

Related content

Boomi burnishes api management capabilities, tiaa modernizes the customer journey with ai, 10 it skills where expertise pays the most, what is erp enterprise resource planning systems explained, from our editors straight to your inbox, show me more, colorado ai legislation further complicates compliance equation.

UK government’s Pensions Dashboards Programme delayed

Raj Polanki’s five steps by which CIOs can lead holistically

CIO Leadership Live with Sri Adusumilli, Chief Information Officer, TruckPro LLC

CIO Leadership Live NZ with Tim Partington, Director Digital & Technology, Skills Consulting Group

CIO Leadership Live UK with Charlene Hunter, MBE, CEO & Founder, Coding Black Females

A Fundamental Question: Open or Closed Source?

Sponsored Links

• Everybody's ready for AI except your data. Unlock the power of AI with Informatica

Published: 21 December 2023 Contributors: Mesh Flinders, Ian Smalley

Business continuity disaster recovery (BCDR) refers to a process that helps organizations return to normal business operations if a disaster happens. While business continuity and  disaster recovery  are closely related, they describe two subtly different approaches to crisis management that businesses can take.

As data loss prevention and downtime become more expensive, many organizations are upping their investment in emergency management. In 2023, companies worldwide were set to spend USD 219 billion on cybersecurity, a 12% increase from the previous year  according to a recent report by the International Data Corporation  (link resides outside ibm.com).

What is a disaster recovery plan?

A  disaster recovery plan (DRP)  is a contingency plan for how an enterprise will recover from an unexpected event. DRPs help businesses manage different disaster scenarios, such as massive outages, natural disasters,  ransomware  and  malware  attacks, and many others.

What is a business continuity plan?

Like DRPs, business continuity plans (BCPs) play a critical role in disaster recovery and help organizations return to normal business functions when a disaster happens. Where a DRP focuses specifically on IT systems, business continuity management focuses more broadly on various aspects of preparedness.

Connect and integrate your systems to prepare your infrastructure for AI.

Register for the guide on DaaS

Most organizations divide BCDR planning into two separate processes: business continuity and disaster recovery. This approach is effective because while the two processes share many steps, there are also key differences in how organizations build, implement and test the plans.

The main difference is that BCPs are proactive, aiming to maintain operations before, during and right after a disaster. On the other hand, DRPs are reactive, focusing on how to respond and recover from an incident. This distinction should guide the creation of your BCDR strategy, with BCPs focusing on critical processes and roles, and DRPs on recovery actions post-incident. 

Both processes depend heavily on two critical components: recovery time objective and recovery point objective.

Recovery time objective (RTO)

RTO refers to the amount of time it takes to restore business processes after an unplanned incident. Establishing a reasonable RTO is one of the first things businesses need do when they’re creating their DRP.

Recovery point objective (RPO)

Your business’ RPO is the amount of data it can afford to lose in a disaster and still recover. Since data protection is a core capability of many modern enterprises, some constantly copy data to a remote  data center  to ensure continuity in case of a massive breach. Others set an RPO of a few minutes—or even hours—for them to recover business data from a backup system, so they know they are able to recover from whatever they've lost during that time.

1. Conduct business impact analysis

To build an effective BCP, you first need to understand the various risks your organization faces. Business impact analysis (BIA) is vital in risk management and business resilience. BIA is the process of identifying and evaluating the potential impact of a disaster on normal operations. Strong BIA includes an overview of all potential existing threats and vulnerabilities—internal and external—and detailed plans for mitigation. The BIA must also identify the likelihood of an event occurring so the organization can prioritize accordingly.

2. Design responses

When your BIA is complete, the next step in building your BCP is planning effective responses to each of the threats you’ve identified. Different threats naturally require different disaster recovery strategies, so each of your responses should have a detailed plan for how the organization will spot a specific threat and address it.

3. Identify key roles and responsibilities

This step dictates how key members of your team responds when facing a crisis or disruptive event. It documents expectations for each team member and also the resources required for them to fulfill their roles. This part of the process is good to consider how individuals communicate when an incident occurs. Some threats shut down key networks—such as cellular or internet connectivity—so it’s important to have reliable fallback methods of communication.

4. Test and update your plan

To be actionable, you need to constantly practice and refine your BCDR plan. Constant testing and training of employees lead to a seamless deployment when an actual disaster strikes. Rehearse realistic scenarios like cyberattacks, fires, floods, human error, massive outages and other relevant threats so team members can build confidence in their roles and responsibilities.

Like BCPs, DRPs require BIA—the outlining of roles and responsibilities and constant testing and refinement. But because DRPs are more reactive in nature, there is more of a focus on risk analysis and  data backup and recovery . Steps 2 and 3 of DRP development, analyzing risks and creating an asset inventory are not part of the BCP development process at all.

Here's a widely used five-step process for creating a DRP:

1. Conduct business impact analysis

Like in your BCP process, start by assessing each threat your company might face and what its ramifications might be. Consider how potential threats might impact daily operations, regular communication channels and worker safety. Other considerations for a strong BIA include loss of revenue, cost of downtime, cost of reputational repair (public relations), loss of customers and investors (short and long term) and any incurred penalties from compliance violations.

2. Analyze risks

DRPs typically require more careful risk assessment than BCPs since their role is to focus on recovery efforts from a potential disaster. During the risk analysis portion of planning, consider a risk’s likelihood and potential impact on your business.

3. Create an asset inventory

To create an effective DRP, you must know exactly what your enterprise owns, its purpose or function and its condition. Doing regular asset inventory helps identify hardware, software, IT infrastructure and anything else your organization might own that is crucial to your business operations. When you’ve identified your assets, you can group them into three categories: critical, important and unimportant.

• Critical:  Only label assets as critical if your enterprise requires them for normal business operations.
• Important:  Give this label to assets that you use at least once a day and that would have an impact on business operations (but not shut them down entirely) if they are disrupted.
• Unimportant:  These are assets your business uses infrequently that are not essential for normal business operations.

4. Establish roles and responsibilities

Just like in your BCP development, you need to clearly outline responsibilities and ensure that team members have what they need to perform their required duties. Without this crucial step, no one knows how to act during a disaster. Here are some roles and responsibilities to consider when building your DRP:

• Incident reporter:  Someone who maintains contact information for relevant parties and communicates with business leaders and stakeholders when disruptive events occur.
• DRP supervisor:  The DRP supervisor ensures that team members perform their assigned tasks during an incident. 
• Asset manager:  Someone whose job it is to secure and protect critical assets when a disaster strikes. 
• Third-party liaison:  The person who coordinates with any third-party vendors or service providers you’ve hired as part of your DRP and updates stakeholders accordingly on how the DRP is going.

5. Test and refine

Like your BCP, your DRP requires constant practice and refinement to be effective. Practice it regularly and update it according to any meaningful changes that are necessary. For example, if your company acquires a new asset after you've formed your DRP, you’ll need to incorporate it into your plan to ensure it's protected going forward.

In terms of BCDR planning, every business is going to have its own unique set of needs. Here are a few examples of plans that are effective for companies of differing sizes and industries:

Crisis management plan

A crisis management plan, also known as an incident management plan, is a detailed plan for managing a specific incident. It provides detailed instructions on how your organization responds to a specific crisis, such as a power outage, cyberattack or natural disaster.

Communications plan

A communications plan outlines how your organization handles public relations (PR) in the event of a disaster. Business leaders typically coordinate with communications specialists to formulate communications plans that complement any crisis management activities needed to keep business operations going during an unplanned incident.

Data center recovery plan

A data center recovery plan focuses on the security of a data center facility and its ability to get back up and running after an unplanned incident. Some common threats to data storage include overstretched personnel that can result in human error, cyberattacks, power outages and difficulty following compliance requirements. 

Network recovery plan

Network recovery plans help organizations recover from an interruption of network services, including internet access, cellular data, local area networks and wide area networks. Due to the critical role networked services play in business operations, network recovery plans must clearly outline the steps, roles and responsibilities needed to quickly and effectively restore services after a network compromise.

Virtualized recovery plan

A virtualized recovery plan relies on virtual machine (VM) instances that can be ready to operate within a couple of minutes of an interruption. Virtual machines are representations, or emulations, of physical computers that provide critical application recovery through high availability, or the ability of a system to operate continuously without failing.

BCDR planning helps organizations better understand the threats they face and better prepare to face them. Enterprises that don’t undertake BCDR planning face various risks, including data loss, downtime, financial penalties and reputational damage. Effective BCDR planning helps ensure business continuity and the prompt restoration of services after a business disruption. Here are some of the benefits companies with strong BCDR planning enjoy:

When an unplanned incident disrupts business as usual, it can cost hundreds of millions of dollars. Additionally, high-profile cyberattacks frequently attract unwanted attention in the press and can result in loss of confidence in both customers and investors. BCDR plans increase an organization’s ability get back up and running swiftly and smoothly after an unplanned incident.

According to  IBM’s recent Cost of Data Breach Report , the average cost of a data breach in 2023 was USD 4.45 million, a 15% increase over the previous three years. Enterprises with strong BCDR can reduce those costs by helping maintain business continuity throughout an incident and speeding recovery afterward. Another opportunity for cost-savings with strong BCDR is in cyber insurance. Many insurers won’t insure organizations that haven't established a strong BCDR plan.

Data breaches incur hefty fines when private customer information is compromised. Businesses that operate in heavily regulated sectors like healthcare and personal finance face especially costly penalties. Since these penalties are often tied to the duration and severity of a breach, maintaining business continuity and shortening response and recovery lifecycles is critical to keeping financial penalties low.

Even a minor outage can put you at a competitive disadvantage. Protect your data with a cloud disaster recovery plan. 

Employ a highly durable, scalable and security-rich destination for backing up your data.

Expand capacity and consolidate data center infrastructure onto an automated and centrally managed software-defined data center with IBM Cloud for VMware Solutions.

Many factors come into play when deciding whether to invest in and manage your on-premises disaster recovery (DR) solutions or use disaster recovery as a service (DRaaS) providers.

Backup and restore refers to technologies and practices for making periodic copies of data and applications to a separate, secondary device and then using those copies to recover the data and applications.

There are critical similarities and differences between disaster recovery and backup. These solutions can both help you solve your business' most important problems.

IBM has plans and processes in place globally that help sustain its business by assessing potential disasters. This paper provides an overview of the business continuity measures used by IBM to help prevent or reduce the impact of potential threats.

Zerto helps clients access robust disaster recovery and data protection capabilities while using the agility and flexibility of IBM Cloud for VMware solutions shared in a single-click deployment.

IBM's business continuity and resiliency engagement is designed to help you enable resumption of your business operations quickly and maintain the quality of your existing services in the event of an outage.

IBM Cloud Backup is a full-featured, agent-based backup and recovery system managed through a web interface. Back up data between IBM Cloud servers in one or more IBM Cloud global data centers.

ITSM for high-velocity teams

What is it service continuity management.

IT service continuity management (ITSCM) is a key component of ITIL service delivery. It focuses on planning for incident prevention, prediction, and management with the goal of maintaining service availability and performance at the highest possible levels before, during, and after a disaster-level incident.

The goal of ITSCM is to reduce the downtime, costs, and business impact of incidents by putting effective, standardized processes in place for when those incidents do inevitably occur.

Because without a plan, there are a lot of factors that can slow—or stop—incident recovery. After all, your on-call expert might be responding when they’re bleary-eyed at 3 a.m. They might be out of touch with the code after working on something else for weeks or months. They might panic at the scale of the disaster-level incident. Or they might be the newest member of the disaster recovery team, without as much experience resolving issues.

Having a well-documented, clear plan for service continuity management will help minimize any delays caused by learning curves, time away from the code, disaster panic, or midnight alerts.

ITSCM and ITIL 4

In ITIL 4, service continuity management is a process meant to support business continuity management (BCM). The goal of the process is to make sure services are back up and running within the agreed-upon business timelines after major service disruptions.

ITSCM vs. incident management

ITIL 4 makes a distinction between incident management —which handles incidents at a variety of impact levels—and ITSCM, which is about planning for large-scale disasters.

So, what exactly constitutes a disaster? The answer may be different for each business, but the Business Continuity Institute defines it as: “A sudden unplanned event that causes great damage or serious loss to an organization. It results in an organization failing to provide critical business functions for some predetermined minimum period of time.”

The scale of what we call a disaster, the predetermined minimum time, and the definition of critical business functions are three things each business will need to define and document for themselves.

ITSCM and business continuity management (BCM)

Business continuity management is a process managed outside IT that identifies risks to the business and works to mitigate those risks. Some risks may be IT-related, including disaster-level incidents, and some risks may be outside IT control, such as natural disasters or facility fires.

Since BCM encompasses ITSCM as well as other risk-mitigation processes, it makes sense for IT teams to work closely with the BCM team to create:

• A business continuity plan (BCP) that includes plans for prevention and recovery from disaster-level IT incidents
• Business impact analyses (BIA) that identify the potential business impact of an IT disaster

ITSCM objectives

From a business perspective, the goal of ITSCM is to reduce the downtime, costs, and business impact of disaster-level incidents. On a more tactical level, objectives include:

• Working closely with BCM to protect overall business continuity
• Creating and managing plans for IT service continuity and recovery in case of disaster
• Working with vendors to minimize the impact of any downtime in their products and services, as it relates to the business
• Analyzing risk and impact and revising plans accordingly over time

The ITSCM process

Here at Atlassian, our own continuity plan , is built on the assumption that the process of disaster planning is ongoing, leadership-driven, and thoroughly tested. We are determined to not #@!% our customers . Our process includes planning, communication, clear responsibilities, testing, and continuous improvement .

The planning process starts with asking high-level questions and then building a plan based on your answers. Starting questions should include:

• What is our incident response?
• What are the values we’ll follow?
• What kinds of disasters do we need to plan for? What are the risks and threats inherent to our business?
• What systems do we need to support? Which are critical?
• How will we respond in case of each disaster?
• Where is the information we’ll need to support and restore critical systems?
• How can we centralize that information and simplify restoration processes?
• Is the information and process documentation collaborative and reviewable by the teams who will be managing it?

Once you have answers to these questions, the next step is to use those answers to define:

• Policies for disaster recovery
• Scope of IT responsibilities
• Scope of business impact of each risk
• Plans and processes for each risk scenario
• Personnel and documentation requirements

The key to a successful ITSCM planning phase is documenting and templatizing the resulting plan to make it clear and repeatable. Having assets such as an incident response playbook or other runbooks can be a source of truth and organization to responders during a high-stakes scenario.

In the spirit of ITSCM, a solution with access to a built-in knowledge base —like Jira Service Management powered by Confluence—allows for continuous documentation that allows for revision, optimization and collaboration. That way, responders have access to previous resolution documentation and up-to-date resources.

Clear responsibilities

Who’s responsible in case of disaster? Who’s responsible for maintaining and updating plans, processes, and documentation? ITSCM should always have a clear sense of roles and responsibilities not only for disasters themselves, but for ongoing monitoring and improvement. Using Jira Service Management, responders can tag the appropriate party or person on issues to ensure responsibilities are properly delegated and to facilitate cross-functional collaboration.

At Atlassian, part of our approach is to have regular disaster recovery meetings with our site reliability engineers and our risk and compliance team. They discuss gaps in disaster recovery and identify where additional plans, improvements, assessments, or changes need to be made.

Communication

Openness is a core value at Atlassian and we believe the more informed your organization is about your ITSCM plans, the more effective those plans will be.

Offering flexible communication channels throughout the incident response process allows teams to stay in touch by their preferred method. Jira Service Management integrates multiple communications channels to minimize downtime, such as embeddable status widget, dedicated statuspage, email, chat tools, social media, and SMS.

Not only does communication keep stakeholders on board and help the c-suite stave off panic during a disaster-level incident, but it also allows the team to reach out for help from other teams if needed and mitigate the risk of friction caused by organizational confusion. 

How do you know if your plans work unless you test them? This is a foundational question for ITSCM and the reason that testing and incident management drills are vital to the success of the practice.

Testing can help you identify weak points in your process, unforeseen issues, and where teams may need re-training or better documentation.

Assess and improve

ITSCM is not a one-and-done process. It requires thoughtful planning up front and ongoing training, assessment, and improvement. That’s why we have regular disaster recovery meetings. It’s why we test system backups and run drills on what happens in case of a data center outage or AWS region failure. And it’s why any ITSCM plan worth its salt is a continually monitored, ever-changing thing.

Most companies represent the ITSCM process as a series of steps, but we think it’s more like a circle. Planning should lead to defined roles and responsibilities. From there, the team should communicate across the organization, test and test again, assess, monitor, and improve and, in those improvements, continue to update the plan, further define roles, and continue communicating.

Again, this is where a built-in, collaborative knowledge base comes into play. Knowledge base articles are a valuable resource when it comes to assessment and documentation. Incident postmortem reports are crucial for revision and repair following an incident, but can also act as a longstanding resource for potential problems in the future. Jira Service Management, powered by Confluence, offers a powerful collaborative platform to execute assessment and improvement solutions.

ITSCM roles and responsibilities

In order to effectively plan and implement ITSCM practices across the organization, many businesses appoint a Service Continuity Manager and a Service Continuity Recovery Team.

Service Continuity Manager (SCM)

As the name suggests, the Service Continuity Manager is responsible for overseeing service continuity. This person typically owns the process from A to Z, leading plan development, managing ongoing monitoring and assessment activities, and overseeing plans in action in case of disaster.

This person is typically an experienced, senior-level technical support professional, but may be in a management role and not directly involved with the tech day to day.

Service Continuity Recovery Team

Led by the SCM, this team is responsible for running tests and incident drills and continually improving ITSCM. The team typically includes technical staff, QA professionals or users for testing, and representatives from departments across the organization who are responsible for keeping lines of communication open between ITSCM and their teams.

Why does ITSCM matter?

Organizations with clear plans for disaster recovery will recover quicker and more fully in case of disasters.

ITSCM isn’t about planning for everyday outages. It’s about addressing worst-case scenarios and ensuring that if they happen, they cause minimal disruption to the lives of customers and employees.

Here are three clear benefits of a good ITSCM practice:

• If disaster strikes, a good ITSCM plan means essential services will be back up and running quickly.
• The organization is always prepared for a major disaster and can react quickly and appropriately.
• Everyone across the business understands what will happen in case of disaster and how long they can expect systems to be down.

Discover how ITSCM improves customer service quality and minimizes organizational downtime with Jira Service Management.

The Atlassian Incident Management Handbook

This handbook features the real incident management processes we've created as a global company with thousands of employees and over 200,000 customers.

What is problem management? A guide

Problem Management enables IT teams to prevent incidents by identifying the root cause. Learn about the overall process, benefits, and best practices.

Business Continuity Simplified

By Andy Marker | December 17, 2018 (updated October 24, 2021)

• Share on Facebook
• Share on LinkedIn

Link copied

Unexpected work interruptions can cripple a business and cause millions of dollars in expenses and lost business. Learn about the importance of business continuity planning and management from experts. 

In this article, you’ll learn the definition of a business continuity plan and the primary goal of business continuity planning . Additionally, you’ll learn the steps involved in business continuity planning and about the business continuity lifecycle .

What Is Business Continuity Management?

In business continuity management (BCM) , a company identifies potential threats to its activities and the threat impact. The company then develops plans to respond to those threats and continue activities through any crisis.

What Is a Business Continuity Plan?

A business continuity plan (BCP) describes how a business will continue to run during and after a crisis event. The BCP details guidelines, procedures, and work instructions to aid continuity.

To learn more about writing a plan, see our how-to guide to writing a business continuity plan .

What Is Business Continuity Planning?

Business continuity planning (BCP) refers to the work a company does to create a plan and system to deal with risks. Thorough planning seeks to prevent problems and ensure business processes continue during and after a crisis.

Business continuity planning ensures that the company deals with disruptions quickly, and minimizes the impact on operations. Business continuity planning is also called business resumption planning and continuous service delivery assurance (CSDA) .

What Is the Primary Goal of Business Continuity Planning?

The main goal of business continuity planning is to support key company activities during a crisis. Planning ensures a company can run with limited resources or restricted access to buildings. Continuity planning also aims to minimize revenue or reputation losses.   

A business continuity plan should outline several key things that an organization needs to do to prepare for potential disruptions to its activities, including the following:

• Recognize potential threats to a company.
• Assess potential impacts on the company’s daily activities.
• Provide a way to reduce these potential problems, and establish a structure that allows key company functions to continue throughout and after the event.
• Identify the resources the organization needs to continue operating, such as staffing, equipment, and alternative locations.

Business Continuity Planning Steps

A business continuity plan includes guidelines and procedures to guide a business through disruption. The efforts to create a plan are the same for large or small organizations. A simple plan is better than no plan. 

The basic steps for writing a business continuity plan are as follows:

• Create a governance team.
• Complete your business impact analysis (BIA) and risk assessment documents.
• Document your plan. Remember to include detailed guidelines and procedures that cover key processes and facilities.
• Test and update the plan regularly.

The Business Continuity Management Lifecycle

Business continuity management includes preparing for and handling unexpected events. BCM has a six-step lifecycle. This cycle repeats during both in regular business times and crises, as you take the right steps to keep activities always running.

The BCM lifecycle includes the following points:

• Mitigate Risk: Proactively identify business continuity risks to your company, and plan how your company will respond.
• Prepare: Train staff on your business continuity plan and ensure they understand what they need to do to help the business respond.
• Respond: Ensure that your company and all employees respond appropriately to a crisis. Be prepared to adapt in the moment.
• Resolve: Ensure that the company plans how to communicate effectively with staff and that it does so appropriately during the crisis.
• Recover: Inform employees, customers, and other important people about the status of the crisis and your company’s response.
• Resume: Communicate with employees and others after the crisis ends.

What Are Business Continuity Risks or Events?

Also called business continuity events, business continuity risks are the most common events that can disrupt a company’s regular operations — these can be natural and human-made crises. Defining these risks is a vital part of business continuity planning.

Such events might include the following:

• Severe weather
• Natural disasters (tornadoes, floods, blizzards, earthquakes, fire, etc.)
• A physical security threat
• A recall of a company’s product
• Supply chain problems
• Threats to staffing and employee safety
• Accidents at an organization’s facilities
• Destruction to a company’s facilities or property
• Power disruptions
• Server crashes
• Failures in public and private services (communications, transportation, safety, etc.)
• Environmental disasters, including hazardous materials spills
• Network disruptions
• Human error/human-made hazards
• Stock market crashes
• Cyber attacks and hacker activity

Any of these triggers can result in broader problems for a company, such as danger or injury to staff and others, equipment damages, brand injury, and loss of income and net worth. Business continuity management and planning address and mitigate these contingencies.

What Is a Business Continuity Strategy?

A business continuity strategy is more often called a business continuity plan. The strategy includes the processes and structure a company uses to manage an unexpected event.

Some people consider business continuity strategy to be a step in the planning process. In the strategy phase, business continuity planners describe the overall approach a company should take to prevent, manage, and recover from a crisis.

An Overview of Business Continuity Management and Planning

There are several goals, key elements, and benefits to business continuity management and planning. The primary goals of management and planning are as follows:

• Build Company Resiliency: Doing so means that your company’s tools, buildings, and operations are resistant to — and not greatly affected by — most disruptions.
• Create a Plan for Recovery (with Contingencies that Aid in That Recovery): If a major event does cause problems, you should have a plan for how to recover quickly. That plan will include contingencies. For example, you should plan for how key operations will resume if there is a widespread power outage.

Business continuity management and planning generally cover the following areas, with differences depending on the organization and industry:

• Disaster Recovery: Disaster recovery involves recovering technology after a disruptive event. You can learn more about disaster recovery and download free templates in our comprehensive article .
• Emergency Management: Emergency management focuses on avoiding and mitigating catastrophic risks to staff and communities.
• Business Recovery: Considered part of business continuity, business recovery centers on short-term activities after a disruptive incident. The short-term is sometimes defined as less than 60 days.
• Business Resumption: This describes the longterm phase of recovery (60 or more days after an even), wherein the company returns to near-normal conditions.
• Crisis Management: Crisis management focuses on communicating with stakeholders during and after a crisis, and controlling damage during the event. To learn more, read our comprehensive guide to crisis management .
• Incident Management: Incident management is an ITIL (previously known as Information Technology Infrastructure Library) framework for reducing or eliminating downtime after an incident.
• Contingency Planning: This covers outlier risks that are unlikely to occur but which could have disastrous results.

“A well managed business continuity management program will help protect people, assets, and business processes,” says Scott Owens, founder and managing director of BluTinuity , a business continuity firm based in New Berlin, Wisconsin. “It may not be able to prevent all incidents. But it can reduce the likelihood of incidents, decrease response time, and lower the cost and impact of an incident.”

Key Elements of Business Continuity Management

All business continuity management programs should include a number of key elements, which serve to ensure that your plan is positioned for success and that you regularly update and improve it.   

These important elements include the following:

• Governance: This is the structure and team your business sets up to create and monitor the program.
• Business Alignment: This section details how your company’s current business continuity management and planning processes compare to expert approaches and industry standards.
• Continuity Strategy and Recovery Strategies: Include a detailed plan that assesses risks to your organization and how you can recover, should those risks become reality.
• Plan Documentation: Provide details on the plan that everyone in your company can access. To get started, see our roundup of free business continuity plan templates .
• Tactical Implementation: This section includes details on the specific ways your company plans to recover from certain types of incidents.
• Training: In this section, detail how you will train your staff to understand the business continuity plan and their role in it.
• Testing: Include real-world simulations of a crisis event, and test how your company and its employees respond and the effectiveness of your business continuity plans.
• Maintenance: Make changes to the plan where necessary to increase its effectiveness.
• Monitoring: This section details how you will continue to compare industry standards and expert advice to how your plan is working.

To learn about formal requirements for business continuity planning and management, see our comprehensive article on the ISO 22301 standard . 

The Costs of Business Continuity Management

The costs to do an appropriate job of business continuity management can be significant. However, some reports say that the cost of unforeseen downtime may be as much as $2.5 billion a year for Fortune 1000 companies.

Kurt Engemann, Ph.D., is Director of the Center for Business Continuity and Risk Management at Iona College in New York, Editor-in-Chief of the International Journal of Business Continuity and Risk Management and author of Business Continuity and Risk Management: Essentials of Organizational Resilience . In the book, he says that costs for business continuity preparation do not only include the groundwork to assess a company’s risks and plans to manage those risks. Rather, they also cover the needed backup facilities and equipment and company assets for emergency response. In addition, costs must cover resources for training employees and testing the plan.

Some experts have estimated that business continuity management and planning within only the crucial information technology aspects of companies can cost two to four percent of the information technology budget. But the costs are necessary, and worth it in the long run, according to business continuity experts.

“There is an initial outlay of a modest amount of money that will lessen the financial impact of a possible future crisis,” Engemann writes in his book. “Similar to an insurance policy, the financial benefit of BCM must be viewed from a long-term prospective.”

When an organization’s top executives complain about the costs, Owens says, “Ask them what it would cost their organization for an hour of downtime. Or eight hours. Or 24 hours. Chances are the cost — financial, operational, and to brand and reputation — of having key business functions unavailable for an extended period are significant. They will most likely find business continuity management to be worth the investment.” 

Benefits of Business Continuity Management

Like Engemann, Owens points out that there are significant benefits to the investment organizations make in business continuity management, including the following:

• Mission Critical Processes: If you understand your key processes, you can plan to protect them and prioritize their recovery.
• Legal and Regulatory Compliance: Laws or regulations require companies in some industries to implement a formal business continuity management system.
• Satisfying Demands from Other Organizations: Some groups and companies may require that your company sets up BCM before they do business with you.
• Insurance Payments: To get the maximum payments from an insurance policy after an event, a company must have suitable business continuity management policies in place.
• Reputation Management: Your business’s brand will be greatly helped or hurt, depending on how an unforeseen event affects its operations.
• Competitive Advantage: A strong business continuity plan can offer your company the advantage over peers who are not as well prepared.
• Seamless Recovery: Cloud-based technologies make data backup, remote work, and business recovery affordable and accessible. Groups and businesses of all sizes can benefit from such tools. See our article on cloud computing for business continuity to learn more.
• Time Savings: Planning prevents teams from scrambling at the last minute to cobble together a recovery effort. Strong planning helps you get back online — and back on track — faster.

Michael Herrera, CEO of MHA Consulting , a business continuity and disaster recovery firm, cites two other significant benefits: 

• Keeping Customers and Avoiding Major Financial Losses: Getting operations back to normal quickly after an event means your company loses less money.

“Your customers aren’t as patient as you think they are,” Herrera explains. “They expect you to have a business continuity system and they expect you to be up and running. Their patience does run out.”

• Improving Day-to-Day Operations: Herrera says his firm’s clients often discover how business continuity planning gives them insights into the day-to-day operations of their company. “It really can help you with process improvement and getting a good understanding of what your business does every day.”

Additionally, strong business continuity planning will enable you to do the following:

• Officially declare a disaster and alert senior management.
• Assist in the development of an official public statement regarding a disaster and its effects on a business.
• Monitor your business’s progress and present the recovery status.
• Provide ongoing support and guidance to teams with pre-planned operations.
• Review critical processing, schedules, and backlogs to keep everyone up to date on status.
• Ensure businesses have both the resources and the information to deal with an unforeseen emergency.
• Reduce the risk that an emergency might pose to employees, clients, and vendors, etc.
• Provide a response for both man-made and environmental disasters.
• Improve overall business communication and response plans.
• Summarize both the operational and the financial impacts resulting from the loss of critical business functions.
• Allow businesses to plan for a loss of function that has potentially larger, more severe consequences.

See our article on the importance and benefits of business continuity planning to read more expert examples of how business continuity can bolster your company. 

Key Business Continuity Management and Planning Considerations

Companies don’t have to face business continuity planning alone. There are a variety of tools and services that can help, including the following:

Consultant Services

There are hundreds, if not thousands, of consultants and companies that can provide help with developing your business continuity plan. Below are a few things to think about in choosing one:

• How experienced are they? How long have they been around?
• What’s their reputation as a company? What do their clients say about them?
• Are they focused on a specific industry or area of business continuity, or do they have experience with a range of industries and a broad spectrum of business continuity?
• How do they think about business continuity (as a somewhat separate practice or something that needs to be ingrained within your organization)?
• How aligned is their advice with standards in your industry?

Business Continuity Software

There are also hundreds of pieces of business continuity software on the market. Here are some things to consider:

• Are you looking for software that will automate the development of plan components, or software that offers more in-depth help during the planning phase?
• What is the history of the software and the company behind it? How long has this particular software been on the market and what is the history and the reputation of the company behind it?
• Is the software being continually updated and improved?

Below are some specifics to consider as you test drive the software:

• Does it have an easy-to-use interface?
• Does it cover all aspects and components of business continuity, including business impact analysis and risk assessment ?
• Does it include sufficient storage for your company’s supporting documents?
• Does it provide secure portable access via mobile or other technologies, if a crisis interrupts your information technology systems?
• Does it provide strong data analytics?
• Is it secure and private?

Primary Things Your Organization’s Business Continuity Management System Should Accomplish

While your business continuity management system will have various elements and details, there are some primary things it should do for your organization. They correspond to the key elements listed earlier in this article. 

For example, a BCM system should help do the following: 

• Understand your company’s needs for business continuity and disaster preparedness. A BCM system should be able to assist company leaders in understanding the need for a business continuity management policy.
• Understand which processes should be recovered and in what order.
• Establish business continuity metrics to gauge success.
• Plan for communicating with customers, staff, and other stakeholders.
• Determine what tools, technology, and staffing are required to restore activities and support customers.
• Establish remote-work support or relocation plans for staff and activities.
• Implement ways to continually assess and manage continuity risks.
• Monitor and review how its business continuity management system is working.
• Continually improve the system.
• Respond effectively in a real-world crisis, and allow the business’s critical operations to continue and all operations to resume quickly.

Although nobody wants to think about disasters or the effort needed to prepare to meet and mitigate crises, the alternative is the potential loss of reputation, income, or the entire business. In sum, planning translates to determining your key processes, equipment, and tools, and applying basic recovery strategies. 

The Importance of Senior Organizational Leaders Strongly Supporting Your Business Continuity Management and Planning

Your senior leaders must strongly support your company’s business continuity management plan for it to succeed. Such leadership is key as storms, floods, pandemics, and data breaches increase in force and frequency.

“Make sure senior management is committed to the planning, development, execution, and implementation of a business continuity/disaster recovery program,” says Paul Kirvan , a business continuity consultant and a fellow of the Business Continuity Institute with 25 years of experience in business continuity work. “Otherwise, it simply won’t happen. Such programs work best if they have top-down support and funding, as opposed to being developed from the ground up.”

Business Continuity Plan Test Types

Testing verifies the effectiveness of your plan and provides training for participants. To ensure better communication, include suppliers, vendors, and other stakeholders in exercises. If appropriate, also consider including local emergency preparedness officials.  

There are four types of testing, and each requires increasing levels of planning, resources, and focus. You should try to run each type of drill regularly.

• Plan Review: Plan reviews are often the first test applied to a new plan. In this test, top management and some key BCP personnel review the relevance and completeness of a plan. Such a review can verify risk and BIA results, and help you check for gaps and inconsistencies among continuity documents.
• Tabletop or Structured Walkthrough: A tabletop test requires more preparation and time. It provides a role-playing exercise for recovery teams.
• Simulation or Walkthrough Drill: In a walkthrough drill, your continuity team physically completes the type of tasks they'd find in a crisis. They may practice evacuating a building during a fire, restoring a backup, or switching to another communication frequency.
• Functional or Live Scenario: Functional tests include a complete physical drill of continuity plans. Live tests may focus on one aspect of the plan or include the complete plan. They may include one part of the company or all team members.

Be sure to document what happened in the test so everyone involved in the exercise — and especially those who created the plan — can understand what did and didn’t go well, and can revise as necessary.

Business Continuity Management Policy Statement

A business continuity policy statement is a written document that outlines an organization’s business continuity management program. The policy statement should be communicated to all employees and should be signed and endorsed by the organization’s senior management.

See real-world examples of a business continuity policy statement .

Cultivating Awareness of Business Continuity Plans

The best business continuity system is useless if no one knows about it. Find ways to promote your plans in daily company activities, and discuss business continuity regularly in company and team meetings. Also, be sure to include the business continuity manager in cross-functional planning meetings so they can represent the business continuity perspective. Above all, exercise your plan, test your plan, and then test again.

What Is the Importance of a Business Continuity Plan?

A business continuity plan is vital to ensure that your company mitigates downtime during a crisis. Resuming activities quickly after an event also helps ensure your company’s financial health.

How to Write a Business Continuity Plan

It is crucial that your company set up a group of people to help create your business continuity plan. The group should include senior leadership, experts, and staff. A simple, practical plan is the best plan. At a minimum, include continuity team roles and duties, and team member contact information. You should also add guidelines and checklists for dealing with unforeseen events. 

Daily business functions rely on many resources — human, utilities, machines, and even paper, pens, and pencils. Business recovery after a disruptive event is no different. See our in-depth article on writing a business continuity plan for a complete list of resource types you may want to include in a plan.

You can ask certain questions as you form your strategy, and a business continuity plan usually includes common resources and elements. See our article on how to write a business continuity plan to learn more.

Business Continuity Plan Template

This template can help you document and track business operations in the event of a disruption/disaster to maintain critical processes. The plan includes space to record business function recovery priorities, recovery plans, and alternate site locations. Plan efficiently for disruption and minimize downtime, so your business maintains optimal efficiency.

Download Business Continuity Plan Template

Word | PowerPoint | PDF

You’ll find other most useful free, downloadable business continuity plan (BCP) templates, in Microsoft Word, PowerPoint, and PDF formats in this article . 

What Is a Business Impact Analysis and Why Is It an Important Part of a Business Continuity Plan?

A business impact analysis (BIA) is one of the most important parts of business continuity planning. The analysis considers how an unforeseen disruption could affect a company. BIA results also suggest how a business can recover from a crisis.

The business impact analysis will include details on the following:

• Recovery time objectives that outline the organization’s goals relating to how quickly various services and processes will resume after an event
• Financial impact of an incident
• Impact on customers
• Other possible impacts of an incident
• How the organization will prioritize recovery steps
• How the organization will prioritize critical services or products
• Identification of potential revenue loss
• Identification of additional expenses the organization will incur because of the event
• Identification of insurance an organization has or needs to have
• Identification of an organization’s dependencies on other agencies, companies, and providers

See our business impact analysis toolkit to find guidelines and templates to get started.

Risk Mitigation for Business Continuity

Risk assessment is one of the first steps in preparing your business continuity plan. 

Risk management includes identifying and ranking risks, and risk control includes identifying policies and procedures to avoid and contain risks. 

To learn more about risk management , read our comprehensive guide.

The Importance of Periodically Testing an Organization’s Business Continuity Plan

Even the best business continuity plans are useless if you do not continually test them in real-world mockups. Testing helps you continuously improve procedures, and also keeps plans synched with current business context.

Robert Sollars, a security trainer and consultant from Mesa, Arizona, says, “You must exercise your plan and train your employees in it. This can be costly and unwieldy at times, but it is an absolute must. I liken this to buying a Lamborghini and letting it sit in the garage, never starting it up, never driving it, never doing anything but admiring it. Your plan must be taken out and test driven at least two to three times per year. If you don’t test it, then when the real thing pops you will realize what the books, consultants, and experts have told you is useless for your organization. Testing it allows you to figure out the bugs and tweak the necessary items to make it more efficient and effective.”

Owens adds, “If you haven’t tested your plans, you aren’t ready for a disaster.”

You can do some testing through simpler table top exercises — for example, by talking through hypothetical incidents with your team. But Owens and other business continuity experts say organizations should also periodically do exercises that more closely mimic a real-world event.

“Organizations need to move … to progressively more complex scenarios, involving cross-functional teams and interdependent systems and processes,” he writes in a blog post about business continuity. “This is the only way that a company can get outside its comfort zone to truly understand if what they have designed will really work. My preference is to involve role-playing, actors, and include participation from vendors, business partners, and local law enforcement when appropriate. This will almost always result in lessons learned and opportunities to improve the plan, which is another great outcome.”

The most important result from testing your plan is an understanding of where theoretical solutions won’t work in real events. This understanding will then allow your organization to amend the plan to be more effective.

What Is a Business Continuity Plan Governance Committee?

Many companies set up a business continuity plan governance committee, which consists of staff members and senior leaders (their continuity efforts is vital). Governance tasks include writing the business continuity plan and supervising ongoing plan maintenance.  

The committee is often responsible for the following duties:

• Approving the governance structure of the committee
• Clarifying the roles of committee members and others working on the plan
• Overseeing the creation of working groups to develop and implement the plan
• Providing overall direction and communicate important information to employees
• Approving the continuity plan and essential specifics within it
• Setting priorities within the plan

The committee often includes the following members:

• A senior leader from the business, often the sponsor
• A business continuity manager and assistant manager
• The company employee, or outside consultant, who will serve as overall coordinator of the business continuity plan
• The company’s security officer
• The company’s chief information officer, or information technology leader
• Representatives from the company’s business department, to help with the business impact analysis
• An administrative representative

How to Cultivate Resilience in Your Organization

A resilient organization has the tools and abilities to survive a disruptive event, and also regularly looks for new threats and adapts to changes in the organizational and industry landscape. Resilience experts recognize two types of resilience: reactive resilience uses a company’s existing processes to meet and overcome a crisis; proactive resilience anticipates disruptions and considers methods to prevent problems.  

Real World Example: Lessons Learned About Business Continuity from the Terrorist Attacks of Sept. 11, 2001

Organizational leaders and business continuity experts learned a lot from the terrorist attacks of September 11, 2001. Worst of all, the attacks killed thousands of people. But they also severely disrupted communications, financial transactions, and some commerce in New York City and throughout the world.

The following are among the lessons learned:

• Business continuity plans must be tested frequently, and updated where needed.
• The plans must assume a wide range of threats.
• The plans must take into account how much companies, agencies, and other entities depend on each other.
• Key people from any organization must be available and reachable when an incident happens.
• The ability to communicate, especially through landline phones, cell phones, and the internet, is vital.
• Sites that organizations use for backup of their digital information should be located at a distance from their primary information technology site.
• Employee support and counseling may be important during and after a crisis.
• An organization should store copies of its business continuity plan at a location apart from its primary location.
• Security perimeters around the scene of an incident may be large, which may affect employees’ access to organization facilities for long periods.

Legislation Governing Some Business Continuity Management and Planning

The United Kingdom did approved the Civil Contingencies Act in 2004, which requires businesses to have business continuity plans in place.

Some industries do have regulatory bodies that may impose business continuity requirements within those industries. For instance, the Financial Industry Regulatory Authority (FINRA) is a private self-regulatory organization overseeing the U.S. financial securities industry. FINRA established FINRA Rule 4370. This rule requires securities firms to create and maintain written business continuity plans. Utility bodies, such as North American Electric Reliability Corporation ( NERC ) and Federal Energy Regulatory Commission ( FERC ), also require continuity plans.

Guidelines, Standards, and Resources Providing Guidance on Business Continuity Management and Planning

Organizational leaders can use a number of standards set by industry and other groups to guide their business continuity planning and management programs. Below are some commonly used standards:

• ISO 22301 : Developed by the International Organization for Standardization (ISO), a standard-setting body, this group of standards sets out appropriate business continuity management practices. Learn more about how this standard can help businesses of all sizes in our guide to ISO 22301 . 
• NFPA 1600 : Developed by the National Fire Protection Association, the standard is one of the most widely recognized in the U.S. on emergency preparedness and business continuity.
• National Institute of Standards and Technology SP 800-34 : Sets contingency planning standards for federal information systems in the U.S.
• SPC-2009 — Organizational Resilience : Security, Preparedness and Continuity Management Systems provides critical business and infrastructure security standards developed by the American Society for Industrial Security.
• ISO 27000 : Standards for security in information technology systems, which include standards for business continuity in information technology. Learn more about ISO 27000 and find free checklists and templates . 
• DRI International : Professional Practices for Business Continuity Management
• Federal Emergency Management Agency (FEMA): Continuity Guidance Circular: Continuity Guidance for Non-Federal Entities: An 86-page formal document, the circular presents FEMA’s perspective on how businesses can prepare for disasters.
• Insurance Institute for Business & Home Safety: Open for Business Continuity Toolkit: This site offers a video, FAQ, and downloadable continuity planning tools.

What Is the Business Continuity Institute?

The Business Continuity Institute (BCI), based in the United Kingdom, is a non-profit professional organization providing education, certification, and leadership on business continuity management. The Institute has more than 8,000 members in more than 100 countries.

Improve Business Continuity Planning with Real-Time Work Management in Smartsheet

Empower your people to go above and beyond with a flexible platform designed to match the needs of your team — and adapt as those needs change. 

The Smartsheet platform makes it easy to plan, capture, manage, and report on work from anywhere, helping your team be more effective and get more done. Report on key metrics and get real-time visibility into work as it happens with roll-up reports, dashboards, and automated workflows built to keep your team connected and informed. 

When teams have clarity into the work getting done, there’s no telling how much more they can accomplish in the same amount of time.  Try Smartsheet for free, today.

Discover why over 90% of Fortune 100 companies trust Smartsheet to get work done.

• Skip to content
• Skip to search
• Skip to footer

What Is Business Continuity?

Business continuity is an organization's ability to maintain or quickly resume acceptable levels of product or service delivery following a short-term event that disrupts normal operations. Examples of disruptions range from natural disasters to power outages.

• Watch video (1:14)
• Business continuity

Contact Cisco

• Get a call from Sales

Call Sales:

• 1-800-553-6387
• US/CAN | 5am-5pm PT
• Product / Technical Support
• Training & Certification

Is business continuity the same as business resilience or disaster recovery?

Business continuity, disaster recovery, and business resilience are not the same, but they are related.

• Business continuity is a process-driven approach to maintaining operations in the event of an unplanned disruption such as a cyber attack or natural disaster. Business continuity planning covers the entire business—processes, assets, workers, and more. It isn't focused solely on IT infrastructure and business systems.
• Business resilience encompasses crisis management and business continuity. It requires a response to all types of risk that an organization may face. An organization that is business resilient is essentially in a constant state of "expecting the unexpected." It means continuously preparing to meet disruptions head-on, including events of extended duration that may affect more than one facility or region.
• Disaster recovery focuses specifically on how to restore an enterprise's IT infrastructure and business systems following a disruption. It is considered an element of business continuity. A business continuity plan (BCP) might contain several disaster recovery plans, for example.

What is a business continuity strategy?

A business continuity strategy is a summary of the mitigation, crisis, and recovery plans to be implemented after a disruption to resume normal operations. "Business continuity strategy" is often used interchangeably with "business continuity plan." Both consider the broader goals, legal and regulatory requirements, personnel, and even the business's clients and partners.

What does a business continuity plan mitigate?

A relevant and well-tested BCP can help ease the negative impacts of an unexpected business disruption in many ways.

• Financial impact: Disruptions to product supply chains and critical services to customers can directly affect sales and revenue. Downtime caused by unplanned disruptions can also result in higher costs for a business as it looks to repair operations and mitigate previously unidentified threats.
• Reputation and brand impact: Failure to resume operations quickly and supply customers with the products or services they expect can prompt customer defections and tarnish the brand. Damage to reputation can in turn cause investors and capital sources to pull back funding, exacerbating the financial impact of a business disruption.
• Regulatory impact: Customers and vendors are likely to complain when businesses fail to respond appropriately to disruptions, which may result in regulatory scrutiny or even censure. In highly-regulated industries, such as energy and financial services, business continuity planning is mandatory to ensure regulatory compliance.

Business continuity planning activities

A well-crafted and tested BCP can go a long way toward helping a business recover swiftly from a disruption. These are key steps a business may want to take.

Identifying critical business areas and functions

Business continuity planning begins with identifying an organization's key business areas and the critical functions within those areas. A business needs to determine and document the acceptable downtime for each area and function considered vital to operations. Then a plan to restore operations can be established, documented, and communicated.

Analyzing risks, threats, and potential impacts

Creating appropriate response scenarios requires knowing what disruptions the business could experience. An upfront analysis of risks and threats is necessary in order to prepare contingency responses to events. Organizations can also conduct a back-end analysis after an event to gather metrics and assess lessons learned. This information can drive improvements in how the business responds to disruptions.

Outlining and assigning responsibilities

A BCP details which personnel will be responsible for implementing specific aspects of the plan. It also identifies key decision-makers and a chain of command. The plan should include alternative options in case primary personnel are incapacitated or unavailable to respond to the disruption.

Defining and documenting alternatives

A business continuity plan should define and document alternative communication strategies in case telephone services or the internet are down. Enterprises should also have alternatives for mission-critical spaces such as data centers or manufacturing facilities in case buildings are damaged.

Assessing the need for critical backups

Essential equipment may be damaged or unavailable during a disruptive event. A business should consider whether it has access to backup equipment and uninterruptible power supplies (UPS) during extended power outages. Business-critical data needs to be backed up regularly, and is mandatory in many regulated industries.

Testing, training, and communication

Business continuity plans need to be tested to ensure they will be effective. (Disaster recovery plans should be tested as well.) A best practice is to conduct a plan review at least quarterly with leadership and key team members who are responsible for executing the plan.

Many companies use role-playing sessions, simulations, and other types of exercises several times per year to test their BCPs. This approach helps to identify gaps, develop strategies for improvement, and determine if more resources are needed. Targeted staff training and communicating to the whole workforce the benefits of having a business continuity plan are also vital to its success.

Related products and solutions

• Cisco Webex Contact Center
• Virtual Desktop Infrastructure (VDI)
• Cisco Intersight Workload Optimizer
• AppDynamics Application Performance Management
• ThousandEyes End User Monitoring
• ThousandEyes Endpoint Agents

You may also like…

• Cisco’s Business Resiliency Strategy
• Business Continuity Blogs
• Business Continuity Planning

IT Business Continuity Plan Template

What is an IT Business Continuity Plan?

An IT Business Continuity Plan (BCP) is a comprehensive plan that outlines the steps an organization will take to ensure the continuity of operations in the event of an IT-related disruption. It outlines the procedures and processes that must be in place to protect the organization’s IT systems and operations when disruptions or disasters occur. The plan includes identifying potential risks and threats to operations, as well as strategies to mitigate those risks. It also outlines the roles and responsibilities of various stakeholders, as well as the resources and technologies that must be in place to support the business continuity processes.

What's included in this IT Business Continuity Plan template?

• 3 focus areas
• 6 objectives

Each focus area has its own objectives, projects, and KPIs to ensure that the strategy is comprehensive and effective.

Who is the IT Business Continuity Plan template for?

The IT Business Continuity Plan template is designed for IT teams and managers to plan and implement business continuity measures for IT systems and infrastructure. It provides a comprehensive framework for assessing risks, establishing objectives and strategies, and monitoring progress. The template is easy to use and can be tailored to any organization’s specific needs.

1. Define clear examples of your focus areas

When creating an IT Business Continuity Plan, it's important to define clear focus areas. Focus areas are the areas of IT operations that you want to focus your planning and implementation efforts on. These areas can include protecting IT infrastructure, ensuring data security, and strengthening IT security. Each focus area should have its own objectives, strategies, and measurable targets (KPIs).

2. Think about the objectives that could fall under that focus area

Objectives are the goals that you want to achieve within each focus area. These objectives should be SMART (specific, measurable, achievable, relevant, and time-bound) so that you can track your progress and measure success. Examples of objectives for an IT BCP may include establishing a disaster recovery plan, implementing a backup strategy, implementing data access controls, and monitoring data access.

3. Set measurable targets (KPIs) to tackle the objective

Key Performance Indicators (KPIs) are measurable targets that you can set for each objective. These will help you track and measure your progress towards achieving the objective. KPIs should be specific and measurable, with an initial and target value and a unit of measure, such as minutes, days, or people. An example of a KPI for the focus area of Protect IT Infrastructure could be: Reduce downtime in the event of disaster.

4. Implement related projects (actions) to achieve the KPIs

Projects (actions) are the steps that you need to take to achieve your KPIs. These should be specific, actionable tasks that can be completed in a set amount of time. Examples of projects could include developing a disaster recovery plan, establishing data access policies, monitoring data access logs, and installing and configuring security software.

5. Utilize Cascade Strategy Execution Platform to see faster results from your strategy

The Cascade Strategy Execution Platform provides an easy-to-use platform for teams and managers to create, manage, and track their strategic plans. With Cascade, you can build and customize your BCP, set measurable targets, track progress, and measure success in less time and with greater accuracy.

• Advisera Home
• ISO in General

Partner Panel

ISO 22301 Documentation Toolkits

Iso 22301 training.

• Documentation Toolkits
• White Papers
• Templates & Tools

Where to Start

New ai tool.

• Live Consultations
• Consultant Directory
• For Consultants

Dejan Kosutic

• Get Started

Business continuity plan: How to structure it according to ISO 22301

In my experience, companies usually find two things in their business continuity or information security management to be the most difficult: risk assessment, and business continuity planning. Here I’ll give you some tips on business continuity plans (BCP).

ISO 22301 business continuity plan should include Purpose, scope and users, Reference documents, Assumptions, Roles and responsibilities, Key contacts, Plan activation and deactivation, Communication, Incident response, Physical sites and transportation, Order of recovery for activities, Recovery plans for activities, Disaster recovery plan, Required resources, and Restoring and resuming activities from temporary measures.

What is a business continuity plan?

According to ISO 22301 , business continuity plan is defined as “documented procedures that guide organizations to respond, recover, resume, and restore to a pre-defined level of operation following disruption.” (clause 3.5)

This basically means that BCP focuses on developing plans/procedures, but it doesn’t include the analysis that forms the basis of such planning, nor the means of maintaining such plans – all these are required elements of business continuity management that are necessary for enabling successful contingency planning.

To read more about analysis, see Five Tips for Successful Business Impact Analysis , and to find out how to interpret the analysis, read Can business continuity strategy save your money? .

Business continuity plan example

Here’s what I found to be the optimal structure for the business continuity plan for smaller and midsize companies, and what each section should include:

Purpose, scope and users – why this plan is developed, its objectives, which parts of the organization it covers, and who should read it.

Reference documents – to which documents does this plan relate? Normally, these are Business Continuity Policy, Business Impact Analysis, Business Continuity Strategy, etc.

Assumptions – the prerequisites that need to exist in order for this plan to be effective.

Roles and responsibilities – who will be responsible for managing the disruptive incident, and who is authorized to perform certain activities in case of a disruptive incident – e.g. activation of the plans, urgent purchases, communication with media, etc.

Key contacts – contact details for persons who will participate in the execution of the business continuity plan – this is usually one of the annexes of the plan.

Plan activation and deactivation – in which cases can the plan be activated, and the method of activation; which conditions need to exist to deactivate the plan. Communication – which communication means will be used between different teams and with other interested parties during the disruptive incident. Who is in charge of communicating with each interested party, and the special rules of communication with media and government agencies.

Incident response – how to react initially to an incident in order to reduce the damage – this is very often an annex to the main plan.

Physical sites and transportation – which are the primary and alternative sites, where the assembly points are, and how to get from primary to alternative sites.

Order of recovery for activities – list of all the activities, with precise Recovery Time Objective (RTO) for each.

Recovery plans for activities – description of step-by-step actions and responsibilities for recovering manpower, facilities, infrastructure, software, information, and processes, including interdependencies and interactions with other activities and external interested parties – these are very often annexes to the main plan. To read more about them, see How to write business continuity plans?

Disaster recovery plan – this is normally a type of recovery plan that focuses on recovering the information and communication technology infrastructure. To read more about the relationship between disaster recovery and business continuity, see Disaster recovery vs business continuity .

Required resources – a list of all the employees, third-party services, facilities, infrastructure, information, equipment, etc. that are necessary to perform the recovery, and who is responsible to provide each of them.

Restoring and resuming activities from temporary measures – how to restore business activities back to business-as-usual once the disruptive incident has been resolved.

What I like about ISO 22301 is that it requires all the elements that are necessary for this plan to be useful in case of a disaster (or any other disruption in a company’s activities). However, no standard can help you unless you understand this task seriously – a properly written and comprehensive plan can save your company in tough times, while a superficially written plan will only make things worse.

Click here to see a sample  Business Continuity Plan .

Writing a business continuity plan according to ISO 22301

Free webinar explains the basics about business continuity plans and how to structure them

Related Products

ISO 27001 Premium Documentation Toolkit

ISO 27001 Lead Auditor Course

Upcoming free webinar, related articles.

You may unsubscribe at any time. For more information, please see our privacy notice .

The 15 Best Business Continuity Software and Tools for 2024

• Best Practices ,

Solutions Review’s listing of the best business continuity software is an annual mashup of products that best represent current market conditions, according to the crowd. Our editors selected the best business continuity software based on each solution’s Authority Score; a meta-analysis of real user sentiment through the web’s most trusted business software review sites and our own proprietary five-point inclusion criteria.

The editors at Solutions Review have developed this resource to assist buyers in search of the best business continuity software and tools to fit the needs of their organization. Choosing the right vendor and solution can be a complicated process — one that requires in-depth research and often comes down to more than just the solution and its technical capabilities. To make your search a little easier, we’ve profiled the best business continuity software providers all in one place. We’ve also included platform and product line names and introductory software tutorials straight from the source so you can see each solution in action.

Note: The best business continuity software is listed in alphabetical order.

The Best Business Continuity Software

Platform: Archer Business Resiliency

Description:  Archer Business Resiliency enables users to identify and catalog their organization’s mission-critical processes and systems, as well as develop detailed business continuity and disaster recovery plans to protect their business from disruption. The platform offers incident management capabilities, which gives users the ability to quickly evaluate the criticality of an incident, determine the appropriate response procedures, and assign response team members based on factors such as business impact and regulatory requirements. Additionally, Archer Business Resiliency offers a coordinated and automated approach to business continuity and disaster recovery planning, testing, and execution.

Learn more and compare products with the Solutions Review Data Pr otection Buyer’s Guide.

Platform:  Arcserve Continuous Availability

Description:  Arcserve offers several different backup products, including Arcserve Unified Data Protection (UDP), Arcserve Replication and High Availability, Arcserve UDP Cloud Direct, UDP Cloud Hybrid, and a legacy offering. UDP provides comprehensive Assured Recovery for virtual and physical environments with a unified architecture, backup, continuous availability, migration, email archiving, and an easy-to-use console. Arcserve Continuous Availability ensures business continuity with asynchronous, real-time replication and automatic failover to prevent downtime and data loss. Recovery testing can be fully automated or performed on a scheduled basis.

Platform:  Asigra Cloud Backup

Description:  Asigra is built for cloud computing environments and designed to offer backup efficiencies by allowing enterprises to capture, ingest, and store less data. Designed for compatibility with public, private, and hybrid cloud architectures, the Asigra platform is equipped with agentless software architecture, global deduplication, and data compression technology along with NIST FIPS 140-2 certified security. Asigra also offers ransomware protection, business continuity, and compliance management. These platforms offer bi-directional malware detection, deep MFA, immutable retention, and variable repository naming. In addition, the vendor reduces recovery time objectives and eliminates silos of backup data.

Platform:  Axcient x360Recover

Description:  Axcient offers a single solution that incorporates data protection, disaster recovery, archiving, and test/dev. Axcient x360Recover offers flexible deployments and ease of management to MSPs. The vendor also provides two self-service platform options that can be managed by a single user: Axcient Business Recovery Cloud, which is the legacy solution, and Axcient Fusion. Axcient Fusion is built to run on the public cloud, and both platforms offer one-hour and eight-hour RTO options. Axcient enables users to mirror their entire business in the cloud, thereby simplifying data access and restoration, failovers, and virtualization.

• Castellan Solutions

Platform:  Castellan Platform

Description:  Castellan Solutions provides business continuity software to organizations of all sizes. The vendor’s SaaS platform enables users to leverage automation and intelligence to solve operational resilience, crisis management, and emergency notification challenges in a single centralized location. Additionally, through fully integrated business impact analyses, risk assessments, and plan development functionality, users can set business continuity requirements and create visualizations summarizing the entire, end-to-end value chain. The solution also offers embedded alerts and emergency notifications.

Platform:  Cohesity SiteContinuity

Description:  Cohesity is a data management company that manages, protects, and extracts value from enterprise data. The provider’s flagship tool, Cohesity DataProtect, safeguards a wide range of data sources on a single web-scale platform. The solution can be deployed on-premises on qualified platforms in the data center, public cloud, and on the edge. Cohesity SiteContinuity is the automation and orchestration engine that powers Cohesity’s unified data protection portfolio. The tool delivers near-zero RTO with hot standby and automated recovery of a single application or an entire site within minutes on a secondary site or cloud.

Platform:  Commvault Complete Data Protection

Description:  Commvault provides data protection and information management software to help organizations protect, access, and use all of their data economically. The provider offers Commvault Complete Data Protection, which is an all-in-one solution combining Commvault Backup & Recovery with Commvault Disaster Recovery for enterprise-level data protection software. The solution provides backup, replication, disaster recovery orchestration, copy data management, scale-out architecture, ransomware protection, migration support for data and application, and a web-based user interface. Additionally, Commvault Complete Data Protection delivers fast VM, application, and storage snapshot replication with flexible RPO/RTO.

Platform:  Datto Unified Continuity

Description:  Datto offers backup and disaster recovery appliances, Software as a Service ( SaaS ) data protection, and managed networking products. Datto is offered for data on-prem in a physical or virtual server or in the cloud via SaaS applications. Datto Unified Continuity offers a suite of business continuity platforms, including SIRIS, ALTO, Cloud Continuity for PCs, and SaaS Protection. The vendor is completely channel-driven and recently released SIRIS 4, a business continuity and disaster recovery solution built for MSPs. Datto also boasts nine data center locations worldwide, including the U.S., Canada, Iceland, the U.K., Germany, Australia, and Singapore.

Platform:  FalconStor StorGuard

Description: FalconStor provides data protection and recovery services. FalconStor StorGuard enables storage virtualization and optimizes efficiency across heterogeneous storage and networks, deliver centralized management and continuous availability of primary data for business continuity. The platform’s built-in WAN-optimized replication with compression provides improved efficiency and cost reduction. The provider’s tool, RecoverTrac also automates complex and error-prone manual disaster recovery operations, allowing any associated applications and services to be brought back online as quickly as possible.

• Fusion Risk Management

Platform:  Fusion Framework System

Description:  Fusion Risk Management’s Fusion Framework System enables users to leverage objective risk insights that help to audit, analyze, and improve business operations. The platform also offers continuity planning capabilities, allowing users to sequence their actions based on dependency and what-if analysis, rather than static plans. Additionally, Fusion Framework System enables users to prioritize, set, and maintain impact tolerances to learn over time what their organization can withstand with regard to disaster.

Platform: Oracle Risk Management Cloud

Description: The Oracle Risk Management Cloud delivers automated advanced security and transaction monitoring to strengthen financial controls, ensure the separation of duties, stop fraud, and streamline audit workflows. The solution enables users to create a risk-intelligent culture at their organization by collaborating with business owners through periodic surveys, assessments, and dashboards. Additionally, users can calculate risks by using analysis and context models in order to determine the best course of action.

• Premier Continuum

Platform: Premier Continuum ParaSolution

Description:  Premier Continuum is a business continuity software solution provider, aiming to help clients increase their level of organizational resilience. Its flagship platform, ParaSolution centralizes, standardizes, and automates business continuity management operations. To enhance efficiency, ParaSolution offers a quick-start data improt engine, pre-built templates, assessment templates, fully configurable workflows, real-time plan updates, and an ISO 22301 self-assessment tool. The platform also provides a BC module that integrates BIA, risk assessment, crisis management, and reporting, as well as vendor risk assessment capabilities.

Platform: Quantivate Business Continuity

Description: Quantivate is a leading provider of web-based business continuity, risk management, and compliance software and service solutions. The vendor’s product portfolio includes a comprehensive suite of applications for business continuity, vendor management, enterprise risk management, information security, and internal audit management. Quantivate offers a wide range of business continuity services in its Governance, Risk, and Compliance Suite, including emergency operations center plans, continuity of operations plans, hurricane plans, full business impact analyses, threat and vulnerability assessments, RPO/RTO documentation, exercises, and a maturity roadmap.

• Veritas Technologies

Platform: Veritas NetBackup Resiliency Platform

Description:  Veritas Technologies provides backup and recovery, business continuity, information governance, and storage management tools. Its flagship NetBackup  product is a single and scalable solution that can protect physical, virtual , and cloud workloads. Multitenant support is optional, and the solution is available on a converged platform that requires minimal administration, even in large environments. The NetBackup Resiliency Platform offers automated, orchestrated recovery for multi-tier applications in the cloud and on-prem with added APIs to optimize time and resources. Additionally, the solution ensures compliance with stringent SLAs through audit reports and non-disruptive recovery rehearsals.

Platform:  Zerto IT Resilience Platform

Description:  Zerto offers an IT Resilience Platform, which combines backup, disaster recovery, and cloud mobility into one converged solution. Through an enterprise-scale, the provider’s software platform delivers continuous availability, which minimizes downtime. Additionally, IT Resilience simplifies workload mobility to freely protect, recover, and move applications across hybrid and multi-clouds. Users can replace their legacy solutions through Zerto’s single platform. Zerto also powers resiliency offerings for Microsoft Azure, IBM Cloud, and AWS. The provider was recently acquired by Hewlett Packard Enterprise.

This article was written by Tess Hanna on December 26, 2023

• Best Business Continuity Software
• Business Continuity
• Recent Posts

Tess Hanna is an editor and writer at Solutions Review covering Backup and Disaster Recovery, Data Storage, Cloud Computing, and Network Monitoring. Recognized by Onalytica in the 2021 "Who's Who in Data Management," and "Who's Who in Automation" reports. You can contact her at [email protected]

• The 16 Best Data Protection Software Companies for 2024 - December 14, 2023
• The 20 Best Disaster Recovery as a Service Providers for 2024 - October 14, 2023
• The 28 Best Backup and Disaster Recovery Software for 2024 - October 14, 2023

Related Posts

62 World Backup Day Quotes from 51 Experts for 2024

The Essential Data Protection Officer Requirements in the AI Era

15 Backup and Disaster Recovery Best Practices to Consider

Expert insights.

Latest Posts

Follow Solutions Review

An official website of the United States government

Here’s how you know

Official websites use .gov A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS A lock ( Lock A locked padlock ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Business Continuity Planning

Organize a business continuity team and compile a  business continuity plan  to manage a business disruption. Learn more about how to put together and test a business continuity plan with the videos below.

Business Continuity Plan Supporting Resources

• Business Continuity Plan Situation Manual
• Business Continuity Plan Test Exercise Planner Instructions
• Business Continuity Plan Test Facilitator and Evaluator Handbook

Business Continuity Training Videos

The Business Continuity Planning Suite is no longer supported or available for download.

Business Continuity Training Introduction

An overview of the concepts detailed within this training. Also, included is a humorous, short video that introduces viewers to the concept of business continuity planning and highlights the benefits of having a plan. Two men in an elevator experience a spectrum of disasters from a loss of power, to rain, fire, and a human threat. One man is prepared for each disaster and the other is not.

View on YouTube

Business Continuity Training Part 1: What is Business Continuity Planning?

An explanation of what business continuity planning means and what it entails to create a business continuity plan. This segment also incorporates an interview with a company that has successfully implemented a business continuity plan and includes a discussion about what business continuity planning means to them.

Business Continuity Training Part 2: Why is Business Continuity Planning Important?

An examination of the value a business continuity plan can bring to an organization. This segment also incorporates an interview with a company that has successfully implemented a business continuity plan and includes a discussion about how business continuity planning has been valuable to them.

Business Continuity Training Part 3: What's the Business Continuity Planning Process?

An overview of the business continuity planning process. This segment also incorporates an interview with a company about its process of successfully implementing a business continuity plan.

Business Continuity Training Part 3: Planning Process Step 1

The first of six steps addressed in this Business Continuity Training, which detail the process of building a business continuity plan. This step addresses how organizations should “prepare” to create a business continuity plan.

Business Continuity Training Part 3: Planning Process Step 2

The second of six steps addressed in this Business Continuity Training, which detail the process of building a business continuity plan. This step addresses how organizations should “define” their business continuity plan objectives.

Business Continuity Training Part 3: Planning Process Step 3

The third of six steps addressed in this Business Continuity Training, which detail the process of building a business continuity plan. This step addresses how organizations should “identify” and prioritize potential risks and impacts.

Business Continuity Training Part 3: Planning Process Step 4

The fourth of six steps addressed in this Business Continuity Training, which detail the process of building a business continuity plan. This step addresses how organizations should “develop” business continuity strategies.

Business Continuity Training Part 3: Planning Process Step 5

The fifth of six steps addressed in this Business Continuity Training, which detail the process of building a business continuity plan. This step addresses how organizations should define their “teams” and tasks.

Business Continuity Training Part 3: Planning Process Step 6

The sixth of six steps addressed in this Business Continuity Training, which detail the process of building a business continuity plan. This step addresses how organizations should “test” their business continuity plans. View on YouTube

Last Updated: 12/21/2023

Return to top

Ensuring Business Continuity: High Availability and Disaster Recovery Planning for Odoo Hosting

I n today's fast-paced corporate environment, when every second counts, it is vital to ensure that critical systems operate continuously. Companies that rely on Cloudpepper Odoo hosting for business processes must have a strong High Availability (HA) and Disaster Recovery (DR) plan in place to reduce downtime and protect against unanticipated interruptions.

Considering high Availability:

High Availability means a system can keep working and stay reachable even if there are problems with the hardware, software, or regular maintenance. For Odoo hosting, it means making sure the application is always ready for users.

To set up High Availability for Odoo, we need backup systems, a way to balance the workload, and a method for quick recovery. Backup systems ensure that if one part fails, another can step in without any interruptions. Workload balancing makes sure the incoming traffic is shared among different servers, making things work better and preventing one server from getting too busy.

Key Elements of Disaster Recovery for Odoo:

• Backups: Regular backups of Odoo data and customizations are required. This guarantees that in the case of a disaster, data may be recovered to a point close to when it failed.
• Offsite Data Storage: Store backups remotely to guard against on-site disasters, often using cloud storage for safety.
• Documentation: Comprehensive plan documentation includes recovery steps, key staff contacts, and Odoo service restoration instructions.
• Testing and Exercises: Regularly test the disaster recovery plan to identify concerns, allowing modifications before a crisis occurs.

Version Control and Configuration Management:

Version control and configuration management are critical for ensuring consistency and repeatability across several settings. Organizations that use version control systems for Odoo setups and customizations may trace changes, roll back to earlier states as needed, and preserve a reliable history of alterations. 

Configuration management technologies guarantee that the infrastructure supporting Odoo stays constant across many servers, lowering the possibility of mistakes and allowing for a smoother disaster recovery procedure.

Redundant Network Connectivity:

In a High Availability environment, network redundancy is just as important as server redundancy. Having several network channels and connections reduces network disruptions and improves the overall stability of the Cloudpepper Odoo hosting environment. 

Redundant network lines, routers, and switches guarantee that if one path fails, traffic may be easily diverted through another, ensuring that consumers have ongoing connectivity. This redundancy applies to both internal networks and external connections, protecting against network failures that might affect Odoo accessibility.

Pairing HA and DR to Provide Comprehensive Protection:

While High Availability focuses on ensuring ongoing operation, Disaster Recovery is designed to recover from significant events. Combining the two techniques results in a complete strategy for maintaining company continuity

In the tough business world, if systems go down, companies can lose money and damage their reputation. Having a good plan for Odoo hosting is not just a technical thing but also a smart strategy. Companies that do this well can protect their operations and data and be ready for any challenges.

Woke no more

Companies were starting to support political causes. Now they're too scared to speak up.

Unilever spent years crafting its image as a corporate goody-two-shoes. The owner of Dove, Vaseline, Hellmann's, and a bunch of other brands axed quarterly reporting and earnings guidance in the name of focusing on sustainable long-term growth. Under Paul Polman , its CEO from 2009 to 2019, it said it would take into consideration all its stakeholders, not just shareholders, and set out to halve its environmental footprint — including greenhouse-gas emissions, waste, and water use — while doubling its sales over a decade. Five years and two chief executives later, Unilever is changing its tune . It's not doing a U-turn on environmental, social, and governance efforts, but it says it's being more realistic about what it can achieve and when. And, oh, those shareholders Unilever wasn't so beholden to? It's paying them a little more mind now, too.

Unilever isn't alone in this. Plenty of companies are reining in their rhetoric and in some cases action on issues such as sustainability and diversity. They're being extra cautious about weighing in on the social and political debates of the day, especially in an election year. In some cases they're telling their workers to cool it, too; Google, for example, fired more than two dozen workers for protesting its contract with Israel's government .

"Many executives have made the decision that it's sometimes safer to just be silent versus to take a stance, because they have a fiduciary responsibility to their shareholders and their bottom line and are very concerned about how this will be perceived," said Naomi Wheeless, a board director for Eventbrite who was formerly a global head of customer success at Square.

Call it the great un-wokening.

Over the past decade, many corporations have at least professed to take a more active role in social issues, under pressure from their customers and, more importantly, employees. Companies pushed back on North Carolina's "bathroom bill" in 2016, and when Donald Trump took the White House, many spoke out against his policies on immigration and the environment. Around that time, the Business Roundtable said it was time to rethink the purpose of a company , and BlackRock's Larry Fink expressed all sorts of thoughts about the importance of companies being responsible social stewards.

In the wake of George Floyd's murder in 2020, corporate America put out endless statements about the horror of what had happened and pledged to undertake diversity, equity, and inclusion initiatives. An expectation arose that big businesses would take a stand on issues — if Congress wouldn't do something on guns, at least Dick's Sporting Goods would .

"You can almost say that ESG ran unopposed for a few years," said Andrew Jones, a senior researcher at the Conference Board's ESG Center.

It's a bona fide countermovement against both ESG and DEI.

Then came the backlash. Over the past couple of years there's been an uproar, especially among conservatives, about the rise of "woke capitalism." Bud Light came under scrutiny from the right when it partnered with the transgender influencer Dylan Mulvaney for a small-scale Instagram campaign last spring. Then Target took heat about its Pride merchandise , with some customers destroying displays in stores over a campaign it has run for years. These high-profile examples spooked companies, which are now afraid to poke the hyped-up right-wing bear. In the market, ESG funds haven't been doing so hot . According to Morningstar, investors pulled $13 billion out of sustainable funds in 2023 amid underperformance and political unease.

"It's a bona fide countermovement against both ESG and DEI," said Philip Mirvis, an organizational psychologist and research fellow at Babson College's Social Innovation Lab. "Certainly for businesses, this is about making money. And in the conventional logic, all of these issues represent risks."

After last year's Bud Light debacle, which was a real blow to its business , executives fear they'll be the next target of some anti-woke outcry. In a 2023 Conference Board survey of more than 100 large US companies, almost half of respondents said they'd gotten some ESG backlash, and nearly two-thirds said they expected the problem to persist or get worse over the next two years. Jones told me the surveys suggest companies are antsy about mentioning DEI too much, too. He said it's not necessarily the case that companies aren't doing any work on sustainability and diversity, but they're definitely changing how they talk about it.

The chilling effect is palpable. Fink won't say "ESG" anymore because, he says, it's been "weaponized." Asset managers are quieting down on ESG as part of a "greenhushing" trend. Some companies that made a big deal about their DEI efforts in 2020 are downsizing those, too . Data provided to me by FactSet, a financial-data company, shows that mentions of ESG and DEI in S&P 500 companies' quarterly earnings calls with analysts have taken a nosedive over the past few years. For the fourth quarter of 2020, 131 companies mentioned ESG, and 34 mentioned DEI or diversity and inclusion. For the fourth quarter of 2023, those numbers dropped to 28 and four.

While the backlash has certainly driven the quieting, in some cases companies are talking less about their social commitments because they got out over their skis on their pledges. Companies such as AIG, Amazon, and ExxonMobil have scaled back some of their climate initiatives.

"We saw a lot of companies make very bold commitments — we're going to be net-zero emissions by whatever date, 2040, 2050," Jones said. "And often those commitments came but there wasn't always the underlying work."

Alison Taylor, an associate professor at New York University's Stern School of Business who wrote the book "Higher Ground: How Business Can Do the Right Thing in a Turbulent World," told me that, in her view, corporate America's about-face isn't as abrupt as it seems. C-suites have become more Republican over the past decade, and in loudly proclaiming to be do-gooders, companies have also drawn attention to their political donations, which often don't align with their rhetoric. Additionally, the issues dominating political and social discussions are much thornier than they were in the recent past — speaking out against white supremacists in Charlottesville is a bit of a gimme, weighing in on the Israeli-Palestinian conflict is not.

"Now what we've got is the end of Roe v. Wade, and we've got the Middle East, and we've got issues where they're much, much more divisive and difficult," Taylor said.

Taylor, a longtime skeptic of CEO activism, isn't surprised the friendly-corporation-next-door schtick has gone awry, but it has clearly caught some employees unawares. Some corporations have encouraged the creation of employee resource groups, which organize people by social identities and beliefs and in some cases embolden them to push for change. Google workers have previously participated in walkouts and protests and kept their jobs . Many were bewildered to find that this time around, the company was no longer having it. Instead, it's firing those protesting and reminding everyone, "This is a business."

"A company is not a democracy, and so all these leaders wanted to imply it was a democracy when it suited them," Taylor said. "Now it doesn't suit them."

It's unclear whether this trend of companies trying to stick to straight business is a blip or a more permanent reversal. Bud Light and its parent company, Anheuser-Busch, have generally steered clear of anything that might be read as controversial since the Dylan Mulvaney debacle; their main message since then has been "We love America." Target told me it didn't have anything to share on its 2024 Pride plans yet, but it has publicly acknowledged it's likely to make some modifications.

A company is not a democracy, and so all these leaders wanted to imply it was a democracy when it suited them. Now it doesn't suit them.

Many of the people I spoke to for this story described executives as more on edge because of the election this year; come 2025, that may ease. The anti-woke crowd is extra fired up about certain issues right now, but that may not last — attention spans are short, and hot-button issues are constantly changing.

Still, companies' backing down on sustainability and diversity efforts, even temporarily, could prove short-sighted. Sure, you saved yourself a headache now, but in the long run, setting up a business to weather the climate crisis is a good bet. So is hiring diverse workers and appealing to new demographics. Despite the controversy last year, at the heart of Bud Light's campaign was an understandable business decision: It wants to appeal to a younger, more diverse consumer base.

Underlying this all is one central question: Just how "woke" are companies anyway?

Commitments to social responsibility are never far-reaching, said Kenneth Pucker, a former Timberland chief operating officer and current professor of practice at the Fletcher School at Tufts University. "It's always on the margins because the main goal of executives — the real responsibility, the way the structure of the system is organized, the way incentives work, the way the rules govern — is money making."

This may be a great un-wokening, but maybe corporate America was actually never that committed to the idea in the first place.

Emily Stewart is a senior correspondent at Business Insider, writing about business and the economy.

About Discourse Stories

Through our Discourse journalism, Business Insider seeks to explore and illuminate the day’s most fascinating issues and ideas. Our writers provide thought-provoking perspectives, informed by analysis, reporting, and expertise. Read more Discourse stories here .

Related stories

More from Economy

Most popular

• Main content

• Share full article

Advertisement

Supported by

Norfolk Southern Investors Reject Plan to Oust Its Management

An activist investment firm failed to replace the railroad’s top executive and all its directors, but did win three seats on its board.

By Peter Eavis

Shareholders of Norfolk Southern, the beleaguered freight railroad, on Thursday voted down an attempt by an activist investment firm to remove the company’s chief executive and take control of its board.

But the activist, Ancora, a Cleveland firm, managed to secure a foothold at the company, after shareholders voted to place three of its directors onto Norfolk Southern’s 13-member board. Ancora had hoped to take control of the company’s leadership with an aim to cut costs and increase Norfolk Southern’s profits and stock price.

The result is a partial victory for Norfolk Southern’s executives, who had to defend themselves against criticisms of the company’s safety record and its lackluster financial performance. A company train carrying hazardous chemicals derailed last year in East Palestine, Ohio, forcing residents to evacuate.

The results of the shareholder vote, which were preliminary, were announced Thursday morning at a virtual company annual meeting.

During the meeting, Alan Shaw, Norfolk Southern’s chief executive, said he looked forward to working with the new directors.

“Norfolk Southern persevered through several challenges over the last year,” he said. “We have met every challenge and never lost sight of where we are taking our powerful franchise.”

Over several weeks, Norfolk Southern and Ancora fought for shareholder support in a battle of bitter statements filled with railway minutiae.

Ancora argued that Norfolk Southern had lost its way and needed to deploy a set of practices aimed at constraining expenses and simplifying its 19,100-mile rail network. In response, Norfolk Southern said its financial performance was improving, and contended that it was building a railroad that would better weather economic ups and downs. During the coronavirus pandemic, freight railroads pared back so much that they struggled to meet customer demand when the economy rebounded.

The Ancora directors elected to the board are William Clyburn Jr., a former rail regulator, and Sameh Fahmy and Gilbert Lamphere, former railroad executives. Amy E. Miles, the chairwoman of the board and a Norfolk Southern nominee, was not re-elected.

In a statement, Frederick D. DiSanto, chief executive of Ancora, and James Chadwick, president of Ancora Alternatives, said they would “continue to hold Mr. Shaw to account and push for the appointment of a qualified operator.” Ancora held a 0.16 percent stake in Norfolk Southern at the end of 2023, according to securities filings.

Norfolk Southern’s stock dropped 2.5 percent on Thursday. The final certified tally of the votes will be released next week, a Norfolk Southern spokesman said.

Ancora’s campaign ignited a debate over how freight railroads should be run. The investment firm preached the virtues of precision scheduled railroading, the term given to practices aimed at making railroads more profitable. In the past two decades, that approach has reduced costs and made railroads more efficient. Norfolk Southern has introduced elements of precision scheduled railroading.

But critics of the efficiency drive say it can cut too much rail capacity, making freight railroads unreliable for customers. They point to the performance of CSX, a rival of Norfolk Southern, which introduced precision scheduled railroading in 2017.

Speaking before the vote, Martin J. Oberman, the departing chairman of the Surface Transportation Board, the federal agency that oversees freight railways, said Ancora’s cuts might have left Norfolk Southern without the capacity to deal with an upswing in demand and unexpected disruptions.

Ancora had said it would carry out its proposed overhaul over three years to ensure that it was done well.

Norfolk Southern essentially acknowledged before the vote that it needed to keep becoming more efficient by appointing a chief operating officer in March with a strong reputation in the industry.

The company has not, however, given up on a plan that rests on finding new revenue — in part by winning business from trucking companies — and having enough rail capacity and employees available to quickly respond to increases in demand.

But Norfolk Southern must now show investors that it can make more money under its approach.

Sympathetic rail analysts said Norfolk Southern’s leaders might have struggled to achieve their financial goals because the East Palestine accident, which occurred in February 2023, temporarily hampered the railway’s operations and distracted management.

Norfolk Southern is still under investigation by several federal and state agencies, including the National Transportation Safety Board, which is expected next month to release its final report on the derailment.

Tony Hatch, a longtime rail analyst who supports Mr. Shaw’s approach, said the vote gave management a respite. But he added: “They will be under watch. This is not a free pass. This could happen again.”

Peter Eavis reports on the business of moving stuff around the world. More about Peter Eavis

Explore Our Business Coverage

Dive deeper into the people, issues and trends shaping the world of business..

Turbulence in TV News: ​​As an especially divisive presidential race looms, ABC, NBC, CBS and CNN all face questions about their future .

Start-Up Stocks: Tensions in Silicon Valley over the shadowy and often enigmatic market of private company stocks  have reached a boiling point.

Finding a Powerful Voice: Women in Shanghai are gathering in bars, salons and bookstores to reclaim their feminist identities  as China’s leader calls for the country to adopt a “childbearing culture.”

Tesla’s Pullback: The automaker led by Elon Musk is no longer planning to take the lead in expanding the number of places to fuel electric vehicles. It’s not clear how quickly other companies will fill the gap .

A ‘Not Charlotte’ Recipe:  North Carolina’s Triad region was built on tobacco, textiles and furniture. Now it’s trying to forge a new economy from more highly skilled manufacturing .

Japan's Nippon Steel sticks to plan to close U.S. Steel deal by year-end

• Medium Text

PROFIT DOWN

Sign up here.

Reporting by Katya Golubkova and Yuka Obayashi; Editing by Gerry Doyle and Clarence Fernandez

Our Standards: The Thomson Reuters Trust Principles. New Tab , opens new tab

Thomson Reuters

Yuka Obayashi reports on Japan's energy, metals and other commodities.

Markets Chevron

Global stocks rally, Europe at record highs, dollar gains

A rally in global equity markets lifted stocks in Europe to record highs on Friday amid strong corporate earnings and hopes central bank interest rate cuts are near, while the dollar edged higher despite signs of slowing U.S. economic growth.

We've detected unusual activity from your computer network

To continue, please click the box below to let us know you're not a robot.

Why did this happen?

Please make sure your browser supports JavaScript and cookies and that you are not blocking them from loading. For more information you can review our Terms of Service and Cookie Policy .

For inquiries related to this message please contact our support team and provide the reference ID below.