Lead the AI era of GRC at Elevate 2026 — Join us April 22–24 in Atlanta Register nowarrow_forward

menu

Lead the AI era of GRC at Elevate 2026 — Join us April 22–24 in Atlanta Register now

arrow_forward

language

Products

arrow_drop_down

Solutions

arrow_drop_down

Resources

arrow_drop_down

Diligent AI

Request a demo

Governance

Risk

Compliance

Audit

Diligent Boards

Automate meeting prep, secure sensitive data and give directors the clarity to make the best decisions.

BoardEffect

Secure, flexible board management software for nonprofits and higher education.

Community

Increase transparency, streamline governance and empower your school board or local government.

Diligent Market Intelligence

On-demand access to exclusive shareholder activism, executive compensation and ESG data.

FEATURED

Diligent One Platform

Centralize and unify all your board management and GRC activities

Role

Use Cases

Company Type

Industries

General Counsel

Safeguard your organization with centralized oversight of governance, risk and compliance.

Corporate Secretary

Run governance flawlessly with AI tools that eliminate busywork and ensure audit-readiness.

Executive Assistant

Streamline board prep, communications and approvals with AI workflows for seamless meetings.

C-Suite

Accelerate decisions and inspire confidence with AI-powered reporting and real-time risk intelligence.

Directors & Trustees

Prepare faster, mitigate risk and make smarter decisions with purpose-built board tools.

Risk Manager

See enterprise risk in real time, act decisively, and deliver AI-powered insights.

Information Security

Unify IT risk, compliance and cyber oversight in one secure platform.

Compliance Officer

Turn regulatory obligations into clear, actionable metrics — proving compliance and ROI.

Internal Auditor

Connect audit management, analytics and monitoring in a secure, AI-powered hub.

FEATURED

Diligent One Platform

Centralize and unify all your board management and GRC activities

Content Library

Case Studies

Virtual Summits

Events

Resources Hub

Discover all of Diligent's insights in one place. Stay ahead of trends with expert perspectives, exclusive research and information you won't find anywhere else.

MEDIA TYPE

Blog Guides Videos Podcasts Content Toolkits Research & Reports

BY TOPIC

Governance Risk & Audit Compliance AI & Cyber Public Sector Diligent Institute

FEATURED

Diligent named a Leader in 2025 Gartner® Magic Quadrant™ for GRC

Why the business continuity plan must be a living document

January 25, 2021

•

6 min read

Professionals walk through office building while two colleagues hold the BCP and make adjustments to it.

Kezia Farnham

Senior Manager

Share:

The business continuity plan ' sometimes known as a disaster recovery plan — is an essential document for all organizations, designed to ensure their operations can continue with minimal interruption in the event of an unexpected disruption. Many organizations already have such a plan. The danger is that it's all too easy to make the development of a business continuity plan (BCP) a one-off event, a tick-box exercise that sees the resulting plan filed away in a drawer (literally or virtually) and not referred to again until it's needed. Unfortunately, by the time this happens, businesses often find that the plan is out of date, superseded by external events or made irrelevant by changes to personnel, approaches or business structure. That's why it's imperative that the business continuity plan is a living project, an evolving document that is regularly reviewed and updated to ensure it remains current. You don't want to wait until the day a crisis happens to discover your BCP is woefully out of date.

What is a Business Continuity Plan (BCP)?

An organization's BCP aims to ensure the business can maintain its operations during an unexpected disruption. Whether this incident takes the form of a natural disaster, deliberate act of sabotage or another event — for instance, topically, a pandemic — the BCP is designed to ensure that your organization can continue to function no matter what happens.

What Should a BCP Contain?

A best practice business continuity plan should explore all the elements that might be impacted by an unexpected disaster. It should:
Identify potential risks to the business
Define responsible teams for each element of the plan
Cover all the aspects of your operations that might be impacted by an outage or disaster, including:
- Power supply
- Telephone and internet connectivity
- Emergency communications
- IT and other systems
- Data management
- Alternative sites
- Personnel issues — absence or inability to get to any alternative location

Why Must a Business Continuity Plan Be a Living Document?

Because the threats a business faces change and evolve all the time, your business continuity plan must do the same. The procedure isn't a static document to be put on a shelf once created and forgotten. It's essential that your business continuity plan is reviewed and resubmitted regularly; tested against the myriad of shifting risks your organization will face. 2020 proved this beyond doubt. Who would have anticipated a year ago the upheaval that COVID-19 would have brought, not just to business operations but our entire existence? The coronavirus pandemic provides a timely reminder that things can change almost overnight — and that businesses should be prepared to pivot in response. Some BCP elements are particularly crucial for regular checks and updates. For instance:

Your contact list. Your business needs to act swiftly in the event of any disruption. A contact list that includes your personnel, suppliers and emergency contacts will enable you to get hold of everyone as quickly as possible. Verify the data regularly, for example, checking with employees that their mobile numbers are still correct.
The integrity of your entity data underpins your ability to respond to a disaster, so you should revisit it regularly.

You may have opened or acquired new subsidiaries since reviewing the plan. Or perhaps, undergone an IPO that increases your regulatory or legislative obligations. These will affect the issues you need to consider in business continuity planning.

It will help if you have a clear picture of all your business operations — their location, what they do, who they employ — to ensure you can respond comprehensively to any disruption.
Similarly, you need to understand and map your critical functions. These are the functions that your business cannot operate without, and you should prioritize within any continuity plan.
What does your business need to function in the first hours and days after an interruption? COVID-19 threw a spotlight on the need for homeworking, with those organizations able to pivot to remote operations the least impacted as global lockdowns took effect.
Challenge your assumptions about how things might play out in the event of a disaster. Again, the coronavirus pandemic is a good case in point here; before this year, many wouldn't have assumed that a pandemic would cause supply chain issues among items as diverse as yeast and toilet roll.

List out your assumptions and then challenge them. What would need to happen for these assumptions to be proved false, and how should your plans be updated to reflect the changed goalposts?

It's advisable to consider the new technologies you have adopted since your last BCP review. For instance, review the technologies and systems you use to support your operations, whether it be entity data management software, CRM systems or other technologies. How might they help your planning, and what plans do you need to put in place to ensure their continued operation?

How Often Should You Review Your Business Continuity Plan?

According to questia.com, '''A plan's shelf life ranges from one to three years'''. So the plan should be reviewed at least every three years — and ideally more frequently — to ensure that it remains current in terms of both your organization and the risks it faces. You should revisit some elements of the BCP more regularly. For instance, questia.com suggests conducting a quarterly review '''to update contact lists and recheck critical-function maps, editing for unnecessary content and reviewing plan assumptions.''' That's why the business continuity plan must be a living document. The good news is that, as more businesses turn to cloud-based technologies to manage their data and operations, it grows ever-easier to access the information you need to create and update your business continuity plans. Suppliers of cloud-based technology proved their worth during 2020, acting as trusted partners to support organizations transforming their operations to meet pandemic-related challenges. Diligent serves as a partner to more than half of the Fortune 1000, providing market-leading entity data management software via Diligent Entities. Reliable entity data creates the foundation for robust business continuity planning, helping organizations minimize disruption from unexpected events and ensure a thorough response to any crisis. You can learn more about how Diligent Entities can support your entity management and business continuity through a demo with our team.