Establishing Your Business Continuity Strategy in 6 Steps

Establishing your business continuity strategy starts with considering your organization’s objectives, legal and regulatory requirements, personnel, and products or services, along with your customers and clients. 

 How Do You Develop a Business Continuity Strategy?

Before jumping in to identify and develop your strategy and plans for business continuity, there are some preparations you can perform to help you successfully implement a functional program, and create a proper business continuity strategy. These are:

  • Seek support from senior management.
  • Engage a competent third-party BCM consultant.
  • Develop a basic plan if nothing exists.
  • Appoint your BCM team.
  • Perform a business impact analysis (BIA).
  • Develop the BC strategy.


Seek Support from Senior Management

Without management support and engagement, it is difficult for a BC program to provide value and succeed in its goals. Management should form a steering committee to assist with funding and facilitation of cross-departmental issues. Providing regular status updates and reports on the added value of the program will help you garner support and understanding from senior management.

Engage a Competent BCM Consultant

This may sound self-serving, but we encourage you to at least reach out to a consultant for advice. A competent firm (like MHA – at least we think so) should be willing to spend an hour or so discussing your needs and providing input. They can share risks and ideas on how you might proceed, even if you want to try and do it on your own. We are happy to have those conversations. Don’t expect, however, for consultants to provide detailed plans, actions or other experience for free. A competent consultancy should make the process smoother and faster, not just more expensive with more meetings and PowerPoint presentations as deliverables.

Identify a Basic Strategy or Plan

If you have no existing plans, it may make sense to develop a high-level, basic strategy and plan for recovery so you at least have something in place. This can usually be accomplished in a short amount of time, less than 30 days with effort. You may not be able to implement the strategy, but having an idea of what to do is much better than trying to come up with something during an event.

Identify your BCM Team

The following individuals are the start to the BCM team. They are responsible for implementing the policies and directing the efforts.

Sponsor: The senior management individual with overall responsibility and accountability for the business continuity program.

The Business Continuity Manager: The individual with direct responsibility for the business continuity program.

Assistant Continuity Manager: The backup to the Business Continuity Manager. This could be a titled position or an assigned position.

Administrative Assistant: The individual responsible for supporting the BCM team. This is often an administrative assistant working in the Business Continuity office, if it exists, or one of the individuals on the administrative assistant team.

Along with the individuals above, representatives from business units and IT must be involved to help develop recovery strategies for business and technology functions. From a functional perspective, the non-BC staff members will perform the work of recovery preparation. The BCM team is there is provide guidance and support.

Read more about forming the business continuity team: Forming the Business Continuity Management Team

Perform a BIA

The BIA identifies and gathers the requirements that allow you to develop an appropriate strategy. The BIA gathers information and provides valuable insights that will be used in the generation of the BC strategy:

  • All business processes performed and the recovery time requirements for those processes.
  • Interdependencies between processes.
  • Identify and update actual applications and systems used, and explain the importance of those applications.
  • The functional importance of the applications become better understood by IT.
  • Identify shadow IT functions with critical business dependency. The assumption is often that for a SaaS/cloud-based application, there is no need for backup or recovery capabilities; the vendor “handles” that.
  • A better understanding of the nature and complexity (or lack thereof) of the processes.
  • Better understanding within departments of their role in the organization.
  • Identify gaps in IT recovery and business availability/recovery requirements.


Develop the Business Continuity Strategy

With the information gathered from the BIA, management support, and a team to organize and facilitate efforts, you can now develop an overall strategy. You can also develop individual department strategies for recovery and continued operations during an emergency or outage event. The steps and actions needed may include workarounds for when technology is unavailable, but should also include a plan for how functions will continue for an extended period of time. Will you relocate to an alternate location or work from home? How will customers contact the organization during the event? Your strategy should include the IT disaster recovery plan to recover applications and technology.

Business continuity is a life cycle and should be part of organizational culture. There is no end – only continual review, refinement, and improvement as necessary. Business continuity must be viewed as an ongoing function; if it is viewed as a project with an end, it will become stale and ineffectual.


“Establishing Your Business Continuity Strategy” is part of our Business Continuity 101 series. We created the series for those new to BCM and those looking to improve their knowledge of the fundamentals of business continuity best practices. If you’re not sure where to start when it comes to BCM, we created this series for you. Read the previous post in the series: The Difference Between Business Continuity and Insurance.

Richard Long
Richard Long is one of MHA’s practice team leaders for Technology and Disaster Recovery related engagements. He has been responsible for the successful execution of MHA business continuity and disaster recovery engagements in industries such as Energy & Utilities, Government Services, Healthcare, Insurance, Risk Management, Travel & Entertainment, Consumer Products, and Education. Prior to joining MHA, Richard held Senior IT Director positions at PetSmart (NASDAQ: PETM) and Avnet, Inc. (NYSE: AVT) and has been a senior leader across all disciplines of IT. He has successfully led international and domestic disaster recovery, technology assessment, crisis management and risk mitigation engagements.
The Difference Between Business Continuity and Insurance