Developing a Small Business Continuity Plan


Business continuity planning is the process of developing proactive strategies for averting, weathering, and recovering from a disaster or crisis and, in the process, protecting a business’s employees, operations, and key assets.

Continuity planning helps a company anticipate potential threats, identify measures that can be taken to avoid or minimize those threats, and, when such measures are not possible, delineate steps for getting through and recovering from dire situations. A well thought out continuity plan should improve the likelihood of a small business’s ability to prevent or survive a calamity.

Here are general steps involved in business continuity planning, but a continuity plan should be specific to the business for which it is developed.

Identify your support team. Who are the people in your company, or on your business’s support team, that in a crisis, can help shift operations and solve problems? Include them in your continuity planning and give them a role to play in your recovery plan. For the owner of a very small business, these people might be employees, external advisors such as an IT professional or an account manager with an important vendor, or even family members. It is a good idea to bring someone trained in continuity planning onto your planning team.

Know the legal requirements or compliance issues for your industry.  Businesses in healthcare, the financial sector, and ones that perform government contracting are subject to continuity planning requirements. Even if you are not in one of these industries, there may be contractual expectations that your business has a continuity plan that meets certain criteria. Depending on your business, you may need a certified continuity planner to assist in development of your plan.

Identify what needs to be protected. Does your business have employees? Do you carry large amounts of inventory or have other important physical assets? Do you have data that needs to be safeguarded? What are the functions without which your business cannot continue to exist? Who performs them? Where are they performed? What needs to be in place in order for them to operate?

Run through different scenarios. Consider the possible crisis or disaster scenarios that you would want to thwart or from which your business might conceivably need to recover someday, ranging from human acts to weather events.  A cybersecurity breach? Embezzlement? The sudden loss of a key employee or primary vendor? A major disease outbreak? A tornado, fire, or flood striking your place of business? An ice storm that knocks out power for days? What if something happens to one of your major vendors or customers?

Mitigate risk. What can be done to prevent your business from experiencing a crisis situation? Think about things like password security, keeping multiple back-ups of data in distinct locations, having back-up supply chains, training employees for certain job functions in remote work, evacuation plans, etc.  Do you have adequate safety protocols to protect whatever needs to be protected including your people? What are the ways in which you can minimize damage to your business’s financial health? What insurances do you have in place and what are their limitations? Where are the policies, how will you access them, and whom do you contact if you need to make a claim?

Create a communication plan. Who are the key people (employees, customers, vendors, stakeholders) with whom you would need to communicate and in what order? How will you communicate? What if there is no cell phone service or internet service? How will you access important data if you do not have physical access to your place of business?

Plan critical operations. How are you going to get essential functions up and running as quickly as possible? How long is that likely to take and is it within acceptable parameters? What operations can be set aside temporarily to facilitate resumption of more critical ones?

Keep your plan up to date. As your company evolves, as key employees turnover, as contractual obligations or industry expectations change, as new potential risks develop, etc., your plans will need to be updated.

Conduct testing and training on policies and procedures. What policies and procedures do you have in place to reduce the likelihood of a crisis? What policies and procedures do you have in place for responding to a crisis? Test what can be tested to see whether the measures are effective, improve where needed, and conduct training on policies and procedures. For them to be effective, team members  need to be familiar with whatever sections of the plan are relevant to their positions.

Encourage your employees to have emergency plans for their families. In a crisis situation, people worry about their families, especially if they are out of communication. Having family emergency plans in place, hopefully will help keep family members safe and also remove some of stress that accompanies emergency situations.

At America’s SBDC Kansas, we have advisors who are certified in business continuity planning. While we hope that disaster never strikes, we encourage business owners to to be proactive about protecting their future.

Related Posts & Other Resources

National Preparedness Month

Cybersecurity Tips for Small Businesses

NIST’s 7-Step Continuity Planning Process

Laurie Pieper, Ph.D.

Business Advisor

Washburn University KSBDC

America’s SBDC Kansas


This entry was posted in Business Planning, Cybersecurity and tagged , , , , , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s