The 12-point checklist
Mark what is already done:
- 3–5 critical processes identified — the ones the business cannot run a day without.
- The cost of one day of downtime of a key process is calculated.
- Target recovery time (RTO) and acceptable data loss (RPO) are set.
- Risk concentration points found (a single server/supplier/person/channel).
- Short instructions for the first 2 hours after a failure exist — on paper or in a messenger.
- Decision-makers for a crisis are assigned.
- Backups exist and their recovery has been tested.
- Isolated (offline) copies in case of ransomware.
- Backup suppliers and backup channels to reach customers exist.
- A financial cushion for a downtime period is estimated.
- The team has run a drill on a failure scenario.
- The plan has been reviewed in the last 12 months.
How to read the result: 10–12 "yes" — high readiness; 6–9 — medium, with gaps; 5 or fewer — the business is vulnerable, start with critical processes and a first-hours plan.
What to do next
Close the gaps by priority: first critical processes and first-hours instructions, then backups and drills. A detailed breakdown is in "How to build a BCP" and "Business impact analysis (BIA)". For a precise picture, take the free resilience assessment — 13 questions.
See how resilient your business really is
13 questions, 5 minutes, free — results on screen and by email.
FAQ
How many "yes" answers mean the business is ready?
10–12 of 12 — high readiness. 6–9 — medium, with gaps. 5 or fewer — high vulnerability, start with the basics.
How is the checklist different from the assessment on the site?
The checklist is a quick self-check. The 13-question assessment gives a resilience level, the three main risks and first steps, with the result on screen.
Evgeny Telenkov
Chief Risk Officer · PhD in Economics · "Best Risk Manager of Russia 2020"
20 years in risk management. Led risk management at Beeline, Nornickel, Rosneft and EY. Built business continuity plans for Nornickel, Rostec, NSD and DIA. Trained 300+ risk and BCM specialists.