Keep essential work possible during disruption
A continuity plan connects business priorities to practical alternatives when a system, supplier, person, location or connection is unavailable. A backup is important, but it is only one dependency in restoring useful work.
Identify critical activities and their technology, people, data, location, power, communications and supplier dependencies. Agree acceptable disruption and data loss, prioritise recovery, prepare a safe manual or alternate route, name decision and communication roles, protect recoverable data and test the complete plan.
Write one recovery sheet per critical service
- Business activity: the customers, staff, obligations and deadlines affected if it stops.
- Priority: the maximum tolerable disruption and the order in which this service should return.
- Data point: how much recent information can be lost or reconstructed, and from which evidence.
- Dependencies: people, supplier, identity, device, network, power, integration, location, records and specialist knowledge.
- Fallback: the safe reduced or manual service, its capacity, controls and trigger for use.
- Recovery: owner, supplier route, restoration steps, access, backup, verification, communications and return to normal.
Test the outcome, not only the backup job
- Choose a plausible outage that removes a critical dependency, including supplier or identity failure where relevant.
- Activate the decision and communication route without relying on the unavailable system.
- Operate the fallback with realistic volume, approvals, security, records and time pressure.
- Restore data and service in a safe environment, then verify completeness and priority workflows.
- Record actual recovery time, data point, bottlenecks, unsafe workarounds and actions with owners and dates.
Protect the route back
Backups should not depend on the same credentials, configuration or failure path as the live service. Verify that critical information can be restored, that the organisation has the access and instructions needed, and that a supplier outage or account lockout does not remove every copy.
The UK NCSC says backups are an essential part of response and recovery in its ransomware-resistant backup guidance. NIST describes contingency planning as a coordinated combination of procedures and technical measures, including alternate equipment, manual processing and alternate locations, in its contingency-planning overview.
Business technology continuity FAQs
Is a backup the same as a business continuity plan?
No. A backup may restore data, while continuity also covers priorities, people, access, devices, power, communications, suppliers, safe fallback, decisions and customer or staff communication. The restored data must support a working process.
How often should a technology continuity plan be tested?
Set frequency by consequence and rate of change, and retest after material system, supplier, access, process or personnel changes. Critical services need more frequent evidence than low-impact tools. Record actual results rather than only that a test occurred.
What should a manual fallback include?
Define the minimum safe service, forms or records, authorisations, privacy and security controls, capacity, reconciliation into the restored system, maximum duration and the person who can activate and end it.
Continue your business technology decision
Use the next guide that matches the requirement, investment, supplier, implementation, migration, access, continuity or renewal question you still need to resolve.

