8 Steps to a Perfect Business Continuity Plan

Reading Time: 4 minutes

Imagine a disaster strikes and your company is not able to perform its regular business functions. What happens next? Where do you go to get your business up and running again? Studies show that 93% of companies that experience a disaster, without a disaster recovery plan in place, go out of business within a year. And for those that did have a plan, 96% of companies that experienced something as fatal as a ransomware attack, survived! 

Every company needs to make sure and create a solid and effective Business Continuity Plan (BCP) and Disaster Recovery Plan (DRP). But why both? Why can’t we just have a beefed-up BCP or DRP? Before we get into that, we need to understand what each one is. 

 6 Features of a Business Continuity Plan 

A Business Continuity Plan, or BCP, is a plan that outlines the processes and procedures necessary to move an organization forward during a disaster. A review of all essential tasks and key personnel is needed to keep those tasks going. Here are 6 things that should be outlined in a BCP:

    1. Strategy 
      Strategies used by the business to complete day-to-day activities while ensuring continuous operations. 
    2. Organization 
      Objects that are related to the structure, skills, communications, and responsibilities of its employees. 
    3. Applications and Data 
      The necessary software to enable business operations, as well as the method to provide high availability to implement the software. 
    4. Processes 
      The critical business process necessary to run the business, as well as the IT processes used to ensure smooth operations. 
    5. Technology 
      The systems, network and industry-specific technology necessary to enable continuous operations and backups for applications and data. 
    6. Facilities 
      Objects that are related to providing a disaster recovery site if the primary site destroys. 

8 Steps to the perfect DRP (Disaster Recovery Plan) 

Now you’re probably thinking that a BCP is thorough enough for a business to survive a disaster. But let’s look at what goes into a Disaster Recovery Plan, or DRP: 

1.    Inventory hardware and software 

A complete inventory of all hardware and software, in order of prioritization, should be created to streamline which services must be up and running to continue core operations. 

2.    Define your tolerance for downtime and data loss 

By properly identifying an acceptable recovery point objective (RPO) and recovery time objective (RTO), businesses can prioritize what is needed to successfully survive a disaster, ensure a cost-effective level of disaster recovery and lower the potential risk of miscalculating what they’re able to recover during a disaster. 

3.    Layout who is responsible for what 

Every DRP must have a clearly defined RACI Chart with current contact information to properly execute the plan. This would mainly consist of key personnel. 

4.    Create a communication plan 

The communications plan puts the RACI Chart into play. How are you going to communicate with each person? What’s the secondary/tertiary method of communication? 

5.    Let employees know where to go in case of an emergency 

During a disaster, employees are going to need a way to access the network, either at a different geographical location or remotely from their home. 

6.    Make sure your service-level agreements (SLAs) include disasters/emergencies 

If you’ve outsourced your technology, make sure you have a binding agreement with them that defines their level of service in the event of a disaster. 

7.    Include how to handle sensitive information 

This should address how sensitive information will be maintained and accessed when a DRP has been activated. 

8.    Test your plan regularly 

Testing your plan regularly ensures all working parts of the plan are still working, like back-ups, contact information, and RTO/RPO goals. 

What’s the Difference? 

As you can see, a DRP is more of a subset for a BCP. It goes into more detail about the organization and what makes up the specific business functions needed to keep the business running. A BCP is broader than a DRP.  

“For example, you should have several DRPs under one BCP that outline various scenarios like a cyberattack, power outage, or hurricane. Since each disaster can create a different “obstacle”, you would want to have the best plan of attack for whatever obstacle arises.”

Do you know the key difference between DRP and BCP? 


How Do I Create a BCP and a DRP? 

 Employing a certified EC-Council Disaster Recovery Professional (EDRP), whether contractually or full-time, is the straightforward answer.  A certified EDRP has the skills and knowledge to effectively plan, strategize, implement, and maintain business continuity and create appropriate disaster recovery plans. 


What is digital forensics in cybersecurity?
A cyber disaster recovery program ensures that an organization’s daily operations go back to normal in the minimal time possible. This plan comes into action during and after a security or disaster event occurs.

Read more: 4 Things That Can Happen in the Absence of a Cyber disaster recovery Plan  

What does a cyber disaster recovery plan include? 

A disaster recovery plan includes a set of procedures to recover an organization’s business IT infrastructure from the ill-effects of a disaster. It should also document all the necessary hardware, software, and tools required to execute the DR plan successfully.

Read more: 8 Steps to a Successful Cyber disaster recovery Plan

What are the challenges affecting business continuity in the wake of the recent pandemic? 

As the coronavirus is not only affecting one’s health but also the continuous growth of businesses, it is time for them to expand their  to address unforeseen scenarios. Here are the 4 Cybersecurity Challenges that Effecting Business Continuity Since The Outbreak of Coronavirus

What is the career scope of Business Continuity & Disaster Recovery? 

There many business continuity jobs that are yet to be filled. After completing a business continuity training or adding business continuity certification to your profile can take you to a position of business continuity analyst/manager/director depending upon your skills and experience. Business continuity analyst salary ranges from $46k – $94k and business continuity manager salary ranges from $65k – $128k (as per payscale.com).


get certified from ec-council
Write for Us