BCP Stage 4: Building the Business Continuity Organisation

BCP Stage 4: Building the Business Continuity Organisation

The initial three articles of this series focused on the process of Developing Business Continuity Plans (BCP). Now, we move the discussion on to how these are deployed and maintained to ensure they stay relevant to the needs of the organisation.

Many business continuity initiatives ‘wither on the vine’ because the development of the preparation and response actions is seen as the end game. Importantly, this is not the case, and a management team needs to be implemented to establish ongoing responsibilities. A typical management team would consist of:

  • A Steering Group – to ensure that the BCP remains relevant to the organisation’s current needs and strategy.
  • A Review Team – who return to the plans periodically to ensure that they can be relied upon if activated. And lastly,
  • An Invocation Team – who will collectively respond when an incident occurs, and adopt specific roles to manage the event.

A typical Business Continuity Team could be represented in the organisation chart, below.  It shows representatives from each of a company’s business units that provide critical infrastructure into the company. Each member has a role to play both for the Business Continuity Plan maintenance, and for undertaking specific actions if the plans are invoked.

Example 1: A Business Management Team

This organisation is typically underpinned by a Business Continuity Policy that defines roles and responsibilities for the specific groups within the Management Team. This policy also sets out requirements for testing, training, and general awareness of the BCP strategy throughout the company. Here is an example of a typical Business Continuity Policy.

Example 2: Business Continuity Policy

As shown, the policy covers the whole scope of the BCP, providing a management and organisation framework for maintaining it going forward.  Its purpose is to communicate to those responsible for each aspect of the plan what needs to be completed, defining the roles and responsibilities, and the assurance activities that will need to be actioned.

That concludes BCP Stage 4 of the process. The next article will focus on the last step, ‘Oversight & Assurance, ‘ where we will discuss reviewing, testing, and change management procedures. If you have any questions concerning this article or any of the previous stages (a summary of which can be found here), then please contact us. Learn more about Centerprise Group.

 

Frequently Asked Questions (FAQ)

BCP-Stage-4-CiContinuity-Business-Continuity-UK-2

1. Why is a management structure essential for business continuity success?

A well-developed plan is only effective if it’s actively maintained. Without a clear management structure, roles can become ambiguous, updates are missed, and the plan risks becoming outdated. BCP Stage 4 ensures long-term ownership and accountability so the BCP evolves with the business.

2. How does the Steering Group influence the direction of the BCP?

The Steering Group sets the strategic context for the BCP. This team ensures the continuity framework reflects current business priorities, risk appetite, and compliance obligations. Their decisions impact policy changes, training priorities, and overall plan relevance.

3. What distinguishes the Review Team from the Steering Group?

While the Steering Group focuses on strategy, the Review Team is operational. They assess whether the BCP is practical and executable in real-world scenarios. Their periodic reviews confirm that systems, people, and processes are ready to respond at short notice.

4. What is the Invocation Team’s role during an actual disruption?

This team is activated when an incident occurs. Each member assumes predefined responsibilities such as initiating communication protocols, managing logistics, or overseeing IT recovery. Their preparedness directly affects the speed and effectiveness of the response.

5. How can organisations keep the BCP aligned with changing business conditions?

Regular reviews, scenario-based exercises, and cross-functional collaboration are key. As the organisation grows or adopts new technologies, the BCP must adapt. Embedding continuity awareness into day-to-day operations helps ensure it remains relevant.

6. What should a Business Continuity Policy include?

Beyond defining team roles, the policy should outline the scope of the BCP, testing schedules, training requirements, communication plans, and metrics for success. It acts as a living reference document that governs how continuity is managed and measured.

7. How does cross-departmental involvement strengthen the BCP?

Involving representatives from each business unit ensures that all critical functions are accounted for and can be restored if disrupted. It also builds organisational buy-in, improving the likelihood that continuity procedures are understood and followed.