Strategy & Risk

Top-10 Business Continuity Tips that Won't Break the Bank

Published: November 2, 2023

Read Time: 5 minutes

Business continuity plan tips

Don’t be ’too busy’ to make a Business Continuity Plan

Regardless of the industry you operate in, you will be expected by customers, staff, suppliers, general public and other stakeholders, to be prepared for a potential disruption - whether it be caused by a power outage, staff shortage, cyber-attack, flood, earthquake, fire, network outage, supply chain issue, flu outbreak or other cause. For the sake of your business and stakeholders, it is paramount that you implement a Business Continuity Plan (BCP).

Whether it’s better preparedness for impacts on your workforce, a critical vendor, your ICT systems or access to buildings and other physical assets, consider the good practices listed below - no matter how large or small your organisation is, and whether it’s an NFP, Government agency or commercial business.

1. Who’s the boss?

Who is in charge in the event of an incident? Build a team with ‘rotating chiefs’ to make key decisions and nominate alternates to step in when primary members aren’t immediately available (or fatigued). Ensure the team is efficient in its crisis response, encourage its members to think ‘outside the box’ and ensure they are open to completely changing business direction, if necessary.

2. Keep a contact directory

Ensure all contact details are available and accessible - including internal and external stakeholders’ details such as staff, suppliers, customers, media and next-of-kin. Store various contacts (e.g. work and personal email and mobile details) in several forms (e.g. cloud, pre-populated SIM cards, hard copy and/or USB/thumb drive). Ensure appropriate security and suitable continuity options in case some platforms are out of operation.

3. Prioritise

What are your key, time-critical services and activities that absolutely cannot wait? Prioritise your most valuable customers and focus on recovering their critical services first.

4. Don’t have all your eggs in one basket

Have multiple supplier arrangements in place. Having your ’eggs in multiple baskets’ in the form of various ongoing vendors of key services such as data/voice communication, maintenance, consumables and medical services may reduce economies of scale in your day-to-day business, but does allow for that badly needed ‘quick switch-over’ in case one supplier is down.

5. Are your key people multi-skilled?

Ensure your staff are trained and equipped take on various roles in the event of sudden illness or resignation, particularly if you don’t have extra employees on hand for every key role. Job rotation on a regular ‘practice’ basis can also be an excellent way to enhance cross-departmental understanding and overall corporate culture.

6. Build plan B (and C!) including manual operations

Well-prepared and well-tested manual work-arounds could assist you, at least temporarily, in case of an unexpected business disruption. Apart from working from home or a dedicated alternate location, consider utilising a virtual/shared workspace or hotel as an affordable continuity solution - at least for your team of decision-makers. Set-up a reciprocal arrangement with a business that has similar requirements to yours. Ensure IT, phone, supplier deliveries and other services can be diverted from a remote location and be sure to have the necessary passwords and contact details at hand.

Use a smart, best-practice BCP documentation format including pocket guides. During an incident, typically the last thing that people do is work through a 200-page plan (which generally is out of date to some degree, meaning those activating the BCP and needing it most, don’t actually trust its contents).

7. Train your team and take the plan for a test drive

Training and exercising your BCP go hand-in-hand. Most decision-makers and staff learn best by actual experience, and practicing the plan based on various disruption scenarios reduces the chance of panic in the event of an actual incident. Additionally webinar-style training supported by quizzes and other interactive elements assist in induction programmes.

8. Stay one step ahead

Be proactive and notify customers, suppliers, the community, press and other stakeholders before they find out through trial and error that your services are delayed or fully disrupted. Avoid unnecessary stress by negotiating delayed payment terms with suppliers, banks, the landlord and/or the tax office, to buy some time and breathing space in the initial stages of an incident.

9. Recognise your weakness

On the preventative side, conduct a gap analysis or benchmarking exercise (or ask an independent party to do so). Understand and mitigate your weaknesses, whether it be vulnerability to a cyber-attack, key staff unavailability or critical dependency on a facility, and agree on an action plan to bridge them - rather than over-promising and/or keeping your fingers crossed that you won’t ever experience an incident.

10. Cover yourself for what’s beyond your powers

Consider taking out insurance where specifically needed to bridge the final gaps - and where particularly relevant to your business. Apart from insuring for fire, general property, glass, accidental damage, money, liability, burglary, goods in transit, tax audit, equipment breakdown and fraud, also consider ‘key person’ insurance and ‘business interruption’ insurance as a last resort - but be aware this only assists you financially. A BCP is still required to actually keep key services operational and to provide confidence to your stakeholders.

This article was originally published in the Better Boards Conference Magazine 2023

Further Resources

Digital Transformation & Governance

Cyber Security 1.0.1 For Boards

The Board’s Role in Business Continuity Management


Managing Director
Business As Usual

Rinske is a multi-award winning, internationally known consultant, speaker and certified Business Continuity Management (BCM), Information Security and Risk Management facilitator. She was awarded Risk Consultant of the Year by RMIA (2017), Alumnus of the University of Technology Delft (the Netherlands), Australian Business Woman of the Year by BPW (2010), 1 of 5 Technology Delft (the Netherlands), Australian Business Woman of the Year by BPW (2010-2013) and Outstanding Security Consultant Finalist in the OSPAs (2019).

Rinske draws on more than 20 years’ experience gained during roles across Australasia, Africa, South America and Europe. Her Board and Committee experience includes national and international Vice President and Director roles within ASIS, itSMF and BPW. In terms of her consultancy experience, Rinske has been changing the way organisations ‘plan for the unexpected’. Rinske applies a fresh, energetic, fun, practical, easy-to-apply, innovative approach to topics sometimes perceived as dull and cumbersome. She holds ISO22301, ISO31000, ISO27001, CBCP, MBCI, ITIL, PRINCE2 and COBIT certifications.

Found this article useful or informative?

Join 5,000+ not-for-profit & for-purpose directors receiving the latest insights on governance and leadership.

Receive a free e-book on improving your board decisions when you subscribe.

Unsubscribe anytime. We care about your privacy - read our Privacy Policy .