Skip to content

Business Continuity: Preparing for Disruptions You Can't Predict

You cannot forecast the fire, the flood or the sudden absence, but you can decide in advance how your business survives one. Business continuity is that decision, made while things are calm.

By Karani Geoffrey, Founder & CEO, Upeosoft
In short

Business continuity planning is deciding, before a crisis, how your business keeps running through disruptions you cannot predict. It means knowing which functions are critical, keeping backed-up records and payment access off any single point of failure, and writing down who does what when normal operations stop. The goal is not prediction, it is resilience.

Key takeaways
  • You cannot predict the specific disruption, so plan for the impact instead of the cause.
  • Identify your critical functions and how long you can survive without each one.
  • Backups only count if they are automatic, off-site and tested by restoring them.
  • Never let one person, device or location be a single point of failure.
  • Write down who does what during a disruption while everyone is calm.
  • A system of record that lives in the cloud is continuity built into daily operations.

You cannot predict the disruption, so stop trying

Founders often stall on continuity planning because they try to imagine every threat: fire, flood, theft, a pandemic, a key employee leaving, a landlord dispute, a system crash. The list is endless and it is paralysing, so nothing gets written.

The way out is to stop planning for causes and plan for impacts instead. You do not need to know whether the office becomes unusable because of a fire, a flood or a lockout. You only need to know what you do when the office is unusable. A handful of impacts, premises lost, records lost, a key person lost, money access lost, cover almost every disaster you will ever face. Plan for those and the specific cause stops mattering.

Start by naming your critical functions

Not everything your business does is equally urgent. Continuity planning begins by separating the functions you cannot survive without for long from the ones that can wait a week.

For most businesses the critical few are taking orders and getting paid, serving existing customers, paying staff and suppliers, and protecting the records that prove who owes what. For each critical function, ask a blunt question: how long can we survive without this before real damage is done? An hour? A day? A week? That number, your tolerance for downtime, tells you how much to invest in protecting each function. It stops you from spending equally on things that matter unequally.

Find and remove your single points of failure

A single point of failure is anything whose loss takes the whole business down with it. Continuity planning is largely a hunt for these, followed by the work of removing them.

Walk through your operation and ask, for each critical thing, what happens if we lose only this. If the honest answer is that everything stops, you have found a single point of failure, and you should not sleep easily until it has a backup.

  • One person who alone holds the passwords, supplier relationships or knowledge.
  • One laptop or phone that stores the only copy of your records.
  • One physical location holding all your stock or all your paperwork.
  • One M-Pesa line or bank login that only a single person can operate.
  • One supplier with no alternative if they fail to deliver.

Backups that actually protect you

Almost every business says it has backups. Far fewer have backups that would survive the disaster they are meant for. A backup on the same laptop as the original is not a backup. A backup nobody has ever restored from is a guess.

The test is simple: the backup must be automatic so it does not depend on someone remembering, off-site or in the cloud so a fire or theft cannot take both copies, and tested by actually restoring it so you know it works. If your records are in a system that backs itself up continuously to the cloud, you have quietly solved the hardest part of continuity as a side effect of how you work every day.

People and knowledge are part of continuity too

Continuity is not only about technology. The most common real-world disruption for a small business is not a fire, it is a key person suddenly unavailable through illness, resignation or a family emergency, taking undocumented knowledge with them.

Guard against this by writing down how critical tasks are done, cross-training so at least two people can run each essential function, and keeping supplier and customer relationships in the business rather than in one person's head or phone. When knowledge lives in a shared system and a documented process instead of one memory, the business can absorb the loss of any individual and keep moving. That is continuity as much as any backup drive.

Write the plan down while everyone is calm

A plan that lives only in the founder's head is not a plan, because the founder may be exactly who is unavailable when it is needed. The value of writing it down is that it lets someone else act correctly on the worst day, when nobody is thinking clearly.

Keep it short and practical. For each impact, note the first three things to do, who is responsible, and the contacts and access details they will need, stored somewhere they can actually reach in a crisis. Include how you will communicate with staff, customers and suppliers when normal channels are down. A single readable page that everyone can find beats a fifty-page document that lives in a drawer nobody opens.

Continuity built into how you operate

The strongest continuity is not a binder you dust off in an emergency, it is the way your business runs every ordinary day. When your records, orders, stock and accounts live in a cloud-based system of record rather than on paper or a single machine, most continuity problems solve themselves.

The data is backed up automatically and off-site. Any authorised person can log in from anywhere if the office is unreachable. Access is controlled per person, so losing a device or an employee does not lose the system. And the audit trail means you can always reconstruct exactly where things stood before the disruption. Continuity stops being a separate project and becomes a property of your operations.

How Upeosoft helps

Upeosoft builds Kenyan businesses a cloud-based system of record on ERPNext and Frappe, which quietly delivers much of what a continuity plan asks for. Your records are backed up automatically and stored off-site, your team can work from anywhere if a location is lost, access is controlled per person, and every change is on an audit trail you can reconstruct after any disruption.

We also help you find the single points of failure hiding in how you work today, the lone laptop, the shared login, the knowledge in one person's head, and design them out. If a disruption tomorrow would put your business at serious risk, talk to us about building resilience into the way you operate, not just into a document.

Frequently asked questions

What is a business continuity plan in simple terms?

It is a written plan for how your business keeps operating when something goes wrong: a fire, a flood, a system failure, a key person suddenly unavailable. It lists your critical functions, the resources they depend on, backups for those resources, and who does what during the disruption. It exists so decisions are made calmly in advance, not in a panic.

How is continuity different from disaster recovery?

Disaster recovery is mostly about restoring IT systems and data after a failure. Business continuity is broader: it covers people, premises, suppliers, cash flow and communication, not just technology. Disaster recovery is one important part of continuity. You can restore a server and still be unable to trade if nobody knows the plan or can reach the money.

Do small businesses really need a continuity plan?

Yes, and arguably more than large ones, because a small business has less cushion to absorb a shock. A big firm can survive a warehouse fire; a small trader whose only records burned with the shop may not. Continuity planning does not have to be elaborate. A simple, honest plan and backed-up records already put you far ahead.

How often should backups be taken and tested?

Critical data should back up automatically and frequently, ideally continuously or at least daily, and be stored somewhere separate from the original. Just as important, restore from a backup on a schedule to confirm it actually works. An untested backup is only a hope. Many businesses discover their backup was broken only on the day they needed it.

What is a single point of failure?

It is anything whose loss stops the whole business: one person who alone knows the passwords, one laptop holding the only records, one location with all the stock, one phone that controls the money. Continuity planning is largely the work of finding these points and making sure the business survives losing any one of them.

Karani Geoffrey
Karani Geoffrey
Founder & CEO, Upeosoft

Karani Geoffrey is the Founder & CEO of Upeosoft, a software and automation company rooted in Kenya. He builds custom software, AI systems, and production-grade ERPNext for businesses across East Africa, and writes about the Kenyan realities - eTIMS, M-Pesa, SHIF, unreliable internet and power - that make or break real systems.

Next step

Want this working in your business?

Upeosoft builds and hardens the systems behind this article - for real Kenyan operations, with eTIMS, M-Pesa and offline realities handled.

Keep reading

Risk, Continuity and Governance

Protecting Your Business From Internal Fraud and Theft

The person stealing from your business usually has keys, a login and your trust. Here are the controls that make internal fraud hard to commit and easy to catch.

7 min readRead article →
Risk, Continuity and Governance

Do You Really Own Your Business? A Guide to Records and Structure

You built it, so you own it, but could you prove it? Ownership lives in registration, records and structure, and founders who never formalise these can find their claim is weaker than they thought.

8 min readRead article →
Risk, Continuity and Governance

Cybersecurity Basics Every Kenyan Business Leader Should Know

Cybersecurity is not an IT problem you can delegate away, it is a business risk you own. Here are the basics every Kenyan business leader can understand and act on without being technical.

8 min readRead article →