What is a business continuity plan?
A business continuity plan, or BCP, is a documented arrangement that prepares an organization to face a major disruption: cyberattack, disaster, prolonged outage, unavailability of a supplier. Its goal is to ensure essential activities continue, even in degraded mode, until normal operations resume.
The BCP rests on a business impact analysis (BIA) that identifies critical functions, their dependencies and the point beyond which their interruption becomes unacceptable.
Why it matters for your organization
In a crisis, improvisation is costly. A BCP turns panic into execution: roles are assigned, procedures known, fallback solutions ready. It reduces downtime and limits financial and reputational losses.
It is also a growing expectation of customers, insurers and regulators, who want proof that an organization can withstand a shock without collapsing.
What a BCP contains
- Business impact analysis (BIA): critical functions and tolerable timeframes.
- Recovery objectives: RTO and RPO per activity.
- Continuity procedures: workarounds and degraded modes.
- Crisis organization: roles, responsibilities, decision chain.
- Tests and exercises: regular validation of the plan under stress.
Where organizations most often fall short
The most common BCP is the one sleeping in a drawer, written once and never tested. An unexercised plan reveals its flaws at the worst moment. The other pitfall is limiting it to IT, forgetting the people, premises and suppliers that business continuity really depends on.