What a Business Continuity Plan Should Include (Without the Jargon)
If you run a UK business with 10–200 staff, you don’t need a book of acronyms and a policy that collects dust. You need a practical document that helps keep lights on, customers served and pay cheques paid when something goes wrong. This is for owners and managers who want clear outcomes — less downtime, less cash leakage, more trust from customers and regulators — without the jargon.
Why bother? (Short answer)
Disruptions happen: a burst pipe in January, a supplier who can’t deliver after a staff shortage, a power cut during peak trading, or your website going down on a Black Friday-style day for your sector. A simple continuity plan turns panic into a set of clear actions. That saves time, money and your reputation.
What a Business Continuity Plan should include
Here’s a straightforward checklist with plain-English explanations. Think of each item as a small piece of insurance that you can test and improve.
1. Purpose and scope
Say why the plan exists and what it covers. Is it for the whole business or just the head office? Does it include manufacturing, retail, or remote teams? Keep it specific — postcode-level if necessary — so everyone knows whether the plan applies.
2. Who’s in charge (and who covers them)
Name the decision-makers and their deputies. Include phone numbers, home contacts and a secondary way to reach them (SMS, WhatsApp, personal email). People move roles and phones, so review this list every quarter. A two-person cover for each key role is sensible: illness and travel disruptions are common in the UK.
3. Critical activities and priorities
List the things that must keep running. For a retailer it might be payments and dispatch; for a consultancy it could be client reporting and payroll. Prioritise: what must be restored within 24 hours, 72 hours, one week? These priorities determine where you spend effort in a disruption.
4. Dependencies
Map the dependencies that support your critical activities: staff, premises, utilities, IT, suppliers, and transport links. Don’t just note “IT” — be specific. Which suppliers supply the parts you can’t make without? Which service accounts require admin access? By being precise you’ll spot single points of failure.
5. Simple recovery steps (not manuals)
For each critical activity, write a short recovery sequence. Think in steps: stop, protect, restore, communicate. For example: if online orders stop, switch to manual order capture, notify customers, and route payments to a backup gateway. Avoid technical manuals; the aim is to give a clear route back to service.
6. Communication plan
Who tells staff, customers and suppliers what’s happening? Draft short templates for key messages: an initial notification, an update and a final resolution note. Decide channels — email, SMS, phone trees, social media — and who signs off. Clear communication reduces repeated calls and panic.
7. Contact lists and supplier agreements
Keep an easy-to-access list of key contacts: staff, senior suppliers, landlord, insurers, accountant and any regular contractors. Note alternate contacts and contractual remedies. If a supplier is critical, have a backup preferred supplier or a contingency arrangement documented — even if it’s an informal agreement to be activated in an emergency.
8. Data and access basics
Say where backups are and who can access them. You don’t need the tech detail, but you must know: where are the latest copies of accounts, personnel files and customer records? How quickly can they be restored? Make sure at least two people can get what’s needed outside normal IT channels.
9. Facilities and remote-working options
Plan for staff being unable to reach the office. Identify safe alternative locations and the minimum kit staff need to work from home (laptops, VPN access, phones). Bear in mind UK realities: public transport strikes, floods or snow can keep people away for days.
10. Finance, insurance and regulatory notes
Record how you’ll pay emergency costs and who approves them. Note key insurance policies and contact details, plus any regulatory notifications you must make (for example if customer data is involved). Keep copies of policy numbers and excess amounts in the plan.
11. Decision triggers
Define clear triggers for when the plan is activated: a certain number of staff off sick, a site being unusable, a payment gateway failure. Avoid vague language; clarity speeds decisions.
12. Training, exercises and review
Run a short tabletop exercise once a year and a quick practical test of one recovery action each quarter. After any incident, capture lessons and update the plan. Real-world testing reveals the things you wouldn’t spot on paper — like the one person who held a password no one else knew.
Keeping it realistic
Make the plan easy to use. Keep it one living document, no longer than necessary, stored in a few accessible places (paper copy in the office, a cloud copy and a copy with a senior person). Avoid dense legal language; a member of staff should be able to pick it up and act.
Practical tips from the coalface
- Start with the things that stop you getting paid.
- Use role-based responsibilities, not names alone.
- Assume tech will fail: include paper or offline workarounds for essential transactions.
- Keep customer messages human and brief — they just want to know what it means for them.
- Review supplier contracts once a year; staff turnover on both sides changes risk quickly.
FAQ
How long should a business continuity plan be?
As long as it needs to be useful and no longer. For most firms of 10–200 staff that’s one to a few pages of core actions and a short annex with contact details. If it’s longer, people won’t read it in a crisis.
Is this the same as disaster recovery?
They overlap. Business continuity focuses on keeping essential services running. Disaster recovery is often the technical work to restore systems. Your plan should point to who does what and where detailed technical recovery instructions live.
How often should we test the plan?
At minimum, run a tabletop exercise yearly and test a real recovery action quarterly where practical. Smaller, regular checks beat one big annual rehearsal that nobody remembers by the time the real thing happens.
Who should see the plan?
Key managers, nominated deputies and the staff who have actions in it. Don’t bury it in a server folder called ‘policies’ — make sure people can access the parts they need quickly.
Final note
A useful plan isn’t about eliminating risk — that’s impossible — it’s about shortening disruption and protecting cash, customers and credibility. Start small: list your critical activities, name the people who keep them running and pick one recovery action to test next month. A bit of preparation buys calmer decisions, less downtime and a more resilient business. That’s time, money and credibility saved — and a lot more calm when things go wrong.
