Business resilience vs. business continuity: Key differences Free business impact analysis (BIA) template with instructions

Preparing an annual schedule of business continuity activities

Many activities comprise a business continuity plan, and the better you manage them, the more successful your overall business continuity program will be.

An annual schedule of business continuity activities can help an organization set a clear time frame that can aid with resilience planning, as well as provide evidence for future business continuity audits.

The international standard for business continuity management, ISO 22301:2019, Security and Resilience -- Business Continuity Management Systems -- Requirements, defines a business continuity management system (BCMS) as "part of the overall management system that establishes, implements, operates, monitors, reviews, maintains and improves business continuity." In addition, the standard states, "The management system includes organizational structure, policies, planning activities, responsibilities, procedures, processes and resources."

While the standard provides details on the many activities to be performed for compliance with its requirements, it does not specifically mandate the creation of an annual schedule or framework for performing the business continuity activities stated in the standard. The standard does, however, frequently mention the need for planning.

Considering the many activities that can be part of a BCMS or set of resilience-focused activities, organizations that wish to demonstrate compliance with the standard are advised to prepare an annual schedule of business continuity activities.

BCMS schedule template downloadClick here to download
our free template to get
started with creating a
schedule of business
continuity activities.

Below, we provide guidance on the issues to incorporate in a schedule, recommended time frames for executing these activities and a template for creating a BCMS annual schedule.

Activities to include

Let's list items from the standard as a starting point and then fill in additional administrative activities. These may include tasks such as staff meetings and preparing necessary reports and assessments. The table below provides a starting list of activities with a suggested frequency of performance. In the ready-to-use template included with this article, we have adapted it to help you prepare an annual schedule of resilience activities.

Remember that the above table entries are based largely on the ISO 22301 standard. As you build your own annual schedule, you'll be including activities that are specific to your organization and its culture.

BCMS activity schedule
Suggested BCMS Activities based on ISO 22301

The table lists enough activities so that you will be able to comply with ISO 22301 requirements from an audit perspective. The activities also represent good BCMS practice and can be tailored to your organization as needed.

Using the planning template

Along with general guidance for creating a schedule of business continuity activities, we've also included a downloadable planning calendar. While the above table includes suggested time frames based on the ISO standard, these will differ by organization, so we encourage you to take your own company's needs and abilities into account when choosing the frequency of business continuity activities.

The BCMS schedule planning template is formatted as a 12-month calendar with space in each month to insert a check mark. This is how you indicate when you plan to perform specific activities. From that starting point, you can then progress to assigning specific calendar dates. As you identify additional activities required by your organization or industry, insert them in the planning template.

Next Steps

How to build and train organizational resilience teams

Optimize business continuity with 6 ITGC audit controls

Tips for obtaining BC/DR plan and resilience funding

Dig Deeper on Disaster recovery planning and management

Data Backup