Business continuity planning

Business continuity planning helps your business respond to unexpected events and situations which can interrupt your operations.

Developing a business continuity plan will help your business minimise the impacts of these events and continue trading.

What is a business continuity plan

A business continuity plan is a document that explains the actions you should take before, during and after unexpected events and situations.

It is designed to help you:

  • identify, prevent or reduce risks where possible
  • prepare for risks that are out of your control
  • respond and recover if an incident or crisis occurs.

Continuity planning for resilience

Business continuity planning is the process of creating a system in your business that helps prevent, minimise and recover from threats to your operations.

All businesses deal with risk. At any time, your business may experience:

  • natural disasters (floods, storms, cyclones)
  • fire
  • power outages
  • IT outages
  • supply chain failures
  • staff shortages
  • pandemics.

The aim of business continuity planning is to return to trading within the shortest period of time. This planning helps your business be more resilient and continue with minimal interruptions.

Examples: why continuity planning is important

A fire has destroyed all your stock in your warehouse. To continue to trade, could you:

  • replace the stock quickly, or find another way of meeting the needs of your customers?
  • replace stock quickly with your current suppliers?
  • buy excess stock from your competitors?
  • find a warehouse or other space to store stock if your own warehouse is unavailable?
  • ship straight from the supplier to your customers (dropshipping)?

Imagine you were not able to run your business or communicate with staff and stakeholders for 6 months.

  • Would your staff be able to run your business?
  • Do you have a document or plan in a secure place that staff and stakeholders could access (e.g. in the cloud)?
  • Does your plan include all the information needed to operate the business successfully in your absence?

Develop a business continuity plan

A typical business continuity plan has the following elements.

This section outlines the key objectives on your plan, and who needs to use it. It should also include information to help your staff to understand it.

In this section:

  • executive summary
  • objectives
  • distribution list
  • glossary of terms used in your plan documents.

This section identifies possible risks to your business, and ways to manage them or minimise their impact on your business.

In this section:

  • identified risks
  • preventative actions
  • contingency plans
  • business insurance details
  • data security and backup strategies.

Learn more about:

This section uses the risks identified in section 2 to review your critical business activities, forecast the impact of a disruption and work out how long it might take to recover.

Learn more about identifying and managing business risk.

This section describes how and when you'll activate your plan in response to a critical incident.

In this section:

  • immediate response checklist
  • evacuation procedures
  • emergency kits
  • roles and responsibilities
  • key contact lists
  • event log.

Learn more about:

This section describes the methods you will use to recover quickly.

In this section:

  • recovery plan
  • incident recovery checklist
  • recovery contacts
  • insurance claims
  • market assessment
  • staff mental health assessment.

Learn more about developing a recovery plan.

This section details how you'll test your systems and procedures. Use these reviews to evaluate and update your plan to be better prepared.

In this section:

  • training schedules
  • review schedules.

Learn more about:

Thumbnail of business continuity planning Word template

Business continuity plan template

The business continuity plan template will help you develop a:

  • risk management plan
  • incident response plan
  • recovery plan.

Download the business continuity planning template.

Best practice in managing disaster risk — the PPRR model

The prevention, preparedness, response, recovery (PPRR) model is a cyclical way of handling disaster risk within your business. It's a useful example for your business continuity planning.

This graphic describes the PPPR model of risk management. Prevention, Preparedness, Response and Recovery apprear in steps in a process that extendes around managing risk which lies at the heart of the model.

Reproduced from materials available on Prevention Preparedness, Response and Recovery Disaster Management Guideline published under a Attribution 4.0 International. © State of Queensland, 2022

This diagram shows the starting point of the model is prevention and mitigation, then moves to preparedness, followed by response, and finally recovery.

Use the PPRR model to:

  • assist in developing your business continuity plan
  • assist when conducting regular drills and rehearsals of emergency events
  • identify gaps and areas for improvement
  • ensure you are as prepared as possible.

The PPRR model is commonly used by Australian emergency management agencies because it is simple to understand and easy to remember and act on.

Small business examples of the PPRR model in practice

These examples help identify potential scenarios to consider for your business continuity plan.

Example 1: Floods

When selecting a suitable premises for your business, check your local council's online flood maps and choose a location above flood levels of past floods.

If your premises is likely to be flooded, try to locate your building and structures above potential flood levels. Build accessible paths and driveways to allow continued access.

Learn more about preparing your business for natural disasters.

Example 2: Finances

Protect your finances by enabling additional security measures on your bank accounts and authorisations on payments. Set up a procedure to check all invoices, accounts and transactions regularly.

Contact your suppliers prior to payment to ensure the bank details listed on invoices are correct. These simple measures prevent fraud from within your business and theft through external cyber fraud.

Learn more about:

Example 1: Bushfires

Identify what impact a bushfire might have on your business operations. This will not only include impacts to your business premises (e.g. loss of buildings and stock) but also wider impacts, such as how your local suppliers may be affected (e.g. limited orders, road or transport closures).

Develop emergency evacuation plans, and contact your local council for bushfire preparedness information for your area.

Learn more about:

Example 2: Losing a major customer

Losing a major customer can have a significant impact on your finances and may have implications for your staffing.

Consider how you could diversify products and services, or build your client base to ensure you're not reliant on the business of 1 customer.

Learn more about:

Example 1: Economic downturn

An economic downturn is a normal phase in the business cycle. Customers may reduce spending and you may have to look at reducing stock or staffing levels.

A planned incident response will allow you to take immediate action to stabilise your business. Consider changing staff hours or renegotiating supplier contracts.

Learn more about surviving an economic downturn.

Example 2: Electrical fire

An electrical fire on your business premises needs a rapid response including making sure all staff are safe, evacuating and contacting emergency services.

A go-to kit with response checklists and contacts will help manage the incident.

Learn more about:

Example 1: Drought

Recovering from drought in a rural area may require many steps to recover business customers and revenue, and is likely to take time.

Recovery could include attracting tourism to the area and broadening products and services. It may also require seeking financial assistance from the government and other sources.

Learn more about:

Example 2: Reputation loss

Reputation loss can be very difficult to recover from. You could consider engaging a public relations adviser, running a media campaign, retraining staff in customer service, and changing some products or services.

Learn more about:

Train your staff

Include key staff when you develop and review your business continuity plan. This will help ensure your plan is comprehensive across all areas of your business, and help staff effectively respond to incidents. Make sure you introduce your plan to new staff as part of induction processes.

Use workplace simulations with staff to test and review your plan.

Workplace simulations of possible risks can help by:

  • identifying how prepared you and your staff are
  • revealing how quickly your staff can locate the plan, enact the incident checklists and put recovery actions in place
  • identifying gaps and problems with the plan.

Simulation exercise

Your business experiences an IT outage. Many systems are affected including all your computers and telephones.

  • Is your business continuity plan accessible in another location (e.g. a hard copy onsite, in the cloud accessible by a mobile phone)?
  • Does your plan have a checklist of what to do including who to contact?
  • Does your plan provide instructions on how to contact customers?
  • How rapidly did the staff deal with the emergency and recover the business?

A team debrief after the simulation opens up discussion for review and changes based on staff feedback.

Also consider...

  • Last reviewed: 24 Nov 2022
  • Last updated: 24 Nov 2022