Continuity planning is the workflow for maintaining business continuity and disaster recovery plans — and proving they're tested. Covers ISO 27001 Annex A continuity controls and is critical for organisations under NIS2. Naturally builds on the asset inventory and the risk register.
🆕 What's new: The Continuity planning workflow brings together what used to be spread across themed lists. Your existing plans, owners, and exercise records are all here, exactly as they were — just on one focused page.
Setting it up
Continuity planning is an Advanced workflow — there's no separate guided setup. The workflow is available directly; configuration (continuity owner, scope of critical processes, exercise cadence) is handled inline on the page when relevant. Most organisations land here after Asset inventory has flagged the critical systems that need continuity plans.
What's on the page
Main metrics
The header carries three views of how your continuity programme is doing:
- Continuity plan documentation — % coverage with trend, shown against goal (e.g. 80%, +10% above goal)
- Total critical assets / services with a continuity plan — e.g. 10
- Arranged exercises this year — against an annual goal (e.g. 3 / target)
Actions to focus on
A prioritised list of what to handle next, grouped into three buckets:
- Unblock — issues stopping the workflow from running properly. For Continuity planning: Identify first continuity plan and Continuity plans without an owner.
- Strengthen — recommended next moves to make this workflow more robust. Items like Review active continuity plans, Identify more continuity plans, and Critical asset without a linked continuity plan.
- Maintain — scheduled reviews and check-ins on what's already in place. Practice continuity plan implementation and Review completed continuity plans.
Clicking into a bucket opens a focused list — you can resolve, refine, or check off each item without leaving the workflow page.
[Screenshot: Actions to focus on card with one bucket expanded]
Documentation
The documentation that backs your continuity practice:
- Continuity plans — documented plans per critical process or service
- Incident response plans — how the organisation responds to disruptions
- Backup processes — backup approach, scope, and verification routines
Each documentation row shows the total item count, items still to work on, the related ISMS theme, and the responsible owner.
Tasks
Below the documentation, the workflow page lists the operational tasks — owner assignment, plan upkeep, exercise scheduling, and documentation of recovery routines. Each task shows its theme, status (Untreated / Partly done / Mostly done / Fully done), owner, priority (Low / Normal / High / Critical), and due date.
Reports
The audit-ready outputs Continuity planning produces:
- Continuity management policy — describes how the organisation maintains continuity of critical processes, including BIA scope, plan ownership, and exercise cadence
- Incident management policy — referenced from continuity, describing how disruptions are detected, escalated, and resolved
Reports refresh from your live data, so they're always current.
How it connects to other workflows
Critical assets in Asset inventory drive what needs a continuity plan. Failed tests or near-misses generate items in Incident management and Continuous improvement. Continuity status is a standard input to Management reviews.
