Call us on 03450 21 21 51

What needs to be included in a business continuity plan checklist?
The SRM Blog

What needs to be included in a business continuity plan checklist?

Katie McMillan

Written by Katie McMillan

25th March 2020

Share this article

business continuity plan checklist

A few months ago, a global pandemic with the capacity to bring the world to a standstill was almost unthinkable. Yet, here we are.

Those with high-level business continuity plans in place will be putting elements of these into action. For many, however, it is time to dust off what plans they have and update them to take account of the current threats.

The emergency response element of a business continuity plan will include continuity of supply issues and the reduction in workplace attendance, but it is also important to consider other elements, including the business’s critical functions, network system security and data security to ensure that business as usual is maintained as much as possible. That is because, regrettably, just because organisations across the globe are facing an unprecedented challenge, it does not mean that malicious hackers or cyber criminals will refrain from capitalising on the opportunities presented.

With the prospect of more remote working and employees having to cover for those who are ill, quarantined or looking after school-age children at home, it has never been more important to have clear set of guidelines in place which everyone understands and can readily follow. This is particularly relevant in those organisations where just one or two individuals currently carry the key responsibility for information security.

For those looking to tighten up or perhaps even craft a business continuity plan for the first time, here’s a helpful checklist to follow.


Business Continuity Plan Checklist 

  1. Business Impact Assessment (BIA)

Examining the key business processes that exist within an organisation and the impact of IT downtime on that business (outage impact), the BIA looks at the key assets in terms of recovery point objectives (RPOs) and recovery time objectives (RTOs). It also considers key business process dependencies, where one process is contingent on the completion of another.


  1. Risk Assessment and Recommendation

Exploring the key assumptions made prior to the BIA, both the process and the results of the risk assessment stage are considered, providing precise intelligence for detailed recommendations.


  1. Business Continuity Management (BCM)

Using the information gained from the first two stages, an overarching BCM strategy is then produced. First identifying the definition of business continuity, as it relates to the business, the BCM details who will manage the process of business continuity, assigning team roles and responsibilities. The plan will then be tested and reviewed to ensure its efficacy and to identify any gaps.


  1. Business Continuity Plan (BCP)

The BCP includes a detailed route map of exactly what needs to be done and how. It will also include reporting requirements, customer support and press relations. Once a plan is developed, it is essential that the internal Business Continuity Management team (BCMT) is fully conversant with it. Initiation, training and communication across the organisation are crucial in the event that the team is unable to fulfil its role, for whatever reason. The BCP relates not just to those working within the organisation but to their external and third-party contacts as well, so that its implementation is not met with any obstacles.


  1. Emergency Response Phase Procedures

This is where the widest possible range of potential emergencies is explored, considering a number of scenarios and examining how the BCP would be deployed and by whom.


  1. Disaster Recovery (DR)

Whether this is a data breach or a natural disaster, DR is the specific set of guidelines developed to counter the effects of a disaster with a clear set of objectives to ensure the organisation can recover as quickly as possible. Recovery team tasks will be clearly assigned, including those responsible for facilities recovery, procurement recovery and third-party vendor recovery.


For many years the team here at SRM have been creating, developing and testing business continuity plans, tailored to the requirements of each business. Our consultancy team has experience across all sectors and sizes of organisation, enhancing businesses’ capacity to deal with unforeseen contingencies through our high level of professionalism and expertise.

Need an objective eye to help challenge and enhance your business continuity planning efforts? Contact us

Back to top