It should be tested several times to ensure it can be applied to many different risk scenarios.
This will help identify any weaknesses in the plan which can then be identified and corrected.
The BCP is generally conceived in advance and involves input from key stakeholders and personnel.
BCP involves defining any and all risks that can affect the company's operations, making it an important part of the organization's risk management strategy.
These documents give a practical plan to deal with most eventualities—from extreme weather conditions to terrorism, IT system failure, and staff sickness.
In 2004, following crises in the preceding years, the UK government passed the Civil Contingencies Act of 2004: Businesses must have continuity planning measures to survive and continue to thrive whilst working towards keeping the incident as minimal as possible.
A 2005 analysis of how disruptions can adversely affect the operations of corporations and how investments in resilience can give a competitive advantage over entities not prepared for various contingencies, and the term "strategic resilience" is now used to go beyond resisting a one-time crisis, but rather continuously anticipating and adjusting, "before the case for change becomes desperately obvious." This approach is sometimes summarized as: preparedness, Business continuity is the intended outcome of proper execution of Business continuity planning and Disaster recovery.
It is the payoff for cost-effective buying of spare machines and servers, performing backups and bringing them off-site, assigning responsibility, performing drills, educating employees and being vigilant.
In the United Kingdom, resilience is implemented locally by the Local Resilience Forum.
In New Zealand, the Canterbury University Resilient Organisations programme developed an assessment tool for benchmarking the Resilience of Organisations.