��������Ƶ

A Business Continuity Plan maps out how your organization will keep running during major disruptions like earthquakes, cyber attacks, or pandemic lockdowns. It's a crucial risk management tool that smart Kiwi businesses use to protect their operations, meet their legal obligations, and maintain essential services when things go wrong.

Under NZ's Companies Act and workplace safety laws, organizations need to manage foreseeable risks to their operations. A good continuity plan identifies critical business functions, outlines emergency responses, and details recovery steps - from backing up data systems to setting up alternate work sites. It helps satisfy regulators while giving staff clear direction during crises.

Activate your Business Continuity Plan immediately when disruptions threaten your operations - from natural disasters like earthquakes and floods to infrastructure failures, cyber attacks, or public health emergencies. Don't wait for a full-blown crisis; use it as soon as warning signs appear, like severe weather warnings or rising COVID-19 case numbers in your region.

Review and update your plan quarterly to align with NZ's evolving regulatory landscape and your organization's changing needs. Key triggers for updates include major changes to your business structure, new workplace safety requirements, shifts in critical supplier relationships, or after testing reveals gaps in your emergency procedures. Regular updates help maintain WorkSafe NZ compliance and keep your response capabilities sharp.

• Basic Emergency Plan: Covers essential operations and immediate response procedures - ideal for small businesses and retail outlets
• Comprehensive Corporate Plan: Detailed protocols for large organizations, including IT systems, supply chains, and multiple office locations
• Industry-Specific Plans: Tailored for sectors like healthcare (patient care focus) or manufacturing (production line emphasis)
• Crisis Management Plan: Leadership-focused version emphasizing decision-making chains and stakeholder communications
• Remote Work Continuity: Modern adaptation focusing on digital resilience and distributed workforce management under NZ's flexible working laws

• Senior Management: Responsible for approving and overseeing the Business Continuity Plan, ensuring it aligns with company strategy and risk tolerance
• Risk Managers: Draft and maintain the plan, coordinate testing, and keep it updated with emerging threats and regulatory changes
• Department Heads: Provide input on critical functions, review procedures, and lead their teams during plan activation
• Staff Members: Follow procedures, participate in drills, and report potential risks or gaps in the plan
• External Stakeholders: Key suppliers, customers, and regulators who need assurance about business resilience measures

• Risk Assessment: Map out critical business functions, key personnel, and potential threats specific to your NZ operation
• Resource Inventory: Document essential equipment, data systems, supplier relationships, and emergency contact details
• Recovery Timeframes: Set realistic targets for restoring various business functions after disruption
• Communication Protocols: Define clear chains of command and notification procedures for different scenarios
• Testing Schedule: Plan regular drills and updates to maintain WorkSafe NZ compliance and effectiveness
• Documentation Review: Ensure alignment with industry standards and local emergency management guidelines

• Scope Statement: Clear definition of business activities and operations covered by the plan
• Risk Assessment: Documented analysis of potential threats and their impact on operations
• Response Procedures: Step-by-step protocols aligned with NZ emergency management standards
• Recovery Timeframes: Maximum acceptable downtime for critical functions under Health and Safety laws
• Data Protection: Measures complying with Privacy Act 2020 requirements for information security
• Authority Chain: Clearly defined decision-making hierarchy and delegation powers
• Review Schedule: Regular testing and update requirements as per industry regulations

Business Continuity Plans often get confused with Incident Response Plan, but they serve distinct purposes in your organization's risk management framework. While both help manage disruptions, they differ significantly in scope and application.

• Timing and Scope: Business Continuity Plans cover long-term operational resilience across all business functions, while Incident Response Plans focus on immediate actions during specific events like cyber attacks or data breaches
• Planning Focus: Continuity plans emphasize maintaining essential operations and recovery strategies, whereas incident response concentrates on containing and resolving immediate threats
• Implementation Period: Continuity plans run continuously with regular updates, while incident response activates only during specific emergencies
• Legal Requirements: Under NZ law, continuity plans must address broader compliance obligations across multiple regulations, while incident response typically aligns with specific security or privacy requirements