Fundamentals and Essentials when Creating a Business Continuity Plan

Seeking private investigator services? Get a free consultation today.


Business continuity planning or a business continuity plan is the formal process of creating a a proactive and responsive plan when handling a disruption in normal business processes. The plan incorporates before, during, and after a disruption occurs with the primary purpose to get business back to normal operations. The article focuses on the planning process and does not incorporate technical procedures or controls.

The phases vary in name and can be more or less complex depending on the situation. However, we will be looking over the one provided by the nation Ready Campaign. According to, there are four main phases to a business continuity plan.

Business Impact Analysis (BIA)

The business impact analysis does exactly what it sounds like, it provides management with the opportunity to identify and analyze the possible threats, vulnerabilities, and their assets with their respective value. At the time of this article, ISO (the International Organization for Standardization) has a standard for assisting organizations with the business impact analysis (BIA). However, at its’ current version, it only provides only guidance and not an exact process. Check ISO/TS 22317:2015 for more details regarding this standard.

Recovery Strategies

Technical models are generally named after what they do. We have that case with the recovery strategies step. This phase in the business continuity is the backbone and purpose of a BCP plan. It prescribes which measure should be taken to get the business back up to a minimum acceptable level. For example, if there is a snow storm that is preventing employees from getting to work, this is a disruption. The recovery strategy would dictate that employees should work remotely from home, if possible. The recovery strategy may also provide multiple alternatives such as remote workers and moving main operations to a secondary company site in a location not affected by the disruption of business processes.

The recovery strategies should be in order of urgency. The most important business processes should be prioritized over less important ones to ensure the business reduces the amount of loss. In all situations, the business would prioritize human safety first generally followed by preventing further damage and disruption. It makes no sense to try to rebuild the house if it is still on fire. Afterwards, most organizations will prioritize processes that generate income for the business, usually in the form of skeleton crews while the damage is being assessed.

Plan Development

Business continuity plan development is when the two previous stages come together in formal documentation procedures that can be easily followed by other staff. The plan should be developed carefully to ensure proper order of priorities and ensure that all variables are fully thought through to the extent which is possible. The plan should be as detailed as possible but not excessive to the point that psychological acceptability is compromised and that individuals, who should be thoroughly familiar with the plan, decide to ignore it due to its’ length or complexity.

Testing & Excercises

Testing is an integral part of a business continuity plan. Testing and exercises can reveal holes in an apparently well thought-out and solid plan. That said, testing should be thorough but should also have its’ limits. In some cases, testing should be planned before implemented. There are very few situations in which management should run into the network room (unplanned) and yank the power. The purpose of security is to support the business and if the BCP team is inhibiting the business from functioning, they’ve already invalided their job from the start. For the BCP team, start with management’s sign off of basic drills and work up to more complex problems. Always ensure that you are testing for disasters that are most likely to happen based on the business impact analysis.

Outsourcing BCP

For companies that do not have the time or the capital to invest in their own employees conducting BCP planning and testing, you might consider outsourcing these services to a security and risk firm. Spectre Intelligence provides cost effective and efficient BCP at rates that won’t break the bank. We understand that security is not a preferred purchase and we do everything we can to ensure your organization is protected while still be able to maintain a reasonable budget.

About us

Spectre Intelligence is a private investigation and intelligence firm located in sunny Round Rock, TX (Austin area). If you need investigation or cyber security services, visit us at and