Legislation

How does legislation influence what kind of companies have Business Continuity Plans?

It could be any company, but it really depends on the requirements of:

Clients
Management
Stakeholders

Feedback from BCP Builder Community on LinkedIn:

Who needs a Plan?

Every organization from sole traders to very large multi-nationals should have business continuity. Business continuity plans are different by organization, but need to include all the areas. In some cases the loss of a key person or even one that can’t come to work can cripple an organization.
Every organization that has a purpose should want to protect what it has built by having an effective business continuity plan for those unlikely but high impact scenarios.
Public companies or companies that have money invested by shareholders of all persuasions. A shareholder will want to see a business continuity plan to ensure their investments are protected.

There is one dominant factor that force some companies to prepare a business continuity plan. This is the government and the regulator that is concerned about the stability of the country. Some companies, like banks, oil refineries and more are vital enterprise for the country.
Companies that provide essential services to government require business continuity plans.
For the National Health Service (NHS) in the UK, the Civil Contingencies Act 2004 mandates all NHS and those supplying NHS funded care to have business continuity. However, it is questionable how many of their supply chain have robust plans and how they are assured of this. It is possible that these plans exist and comply, but quality is the issue.
Financial Services need to comply with the Financial Conduct Authority and also the Prudential Regulation Authority in the UK.
In the US a company listed on the Securities and Exchange Commission would need a business continuity plan.
A public sector body needs to comply with ISO27001, which requires a business continuity plan.
It depends on the requirements of stakeholders. As an example, many service providers from different sectors have business continuity arrangements just to satisfy legislative requirements .

Increasing Compliance

Just about any public and private sector firm is a candidate for business continuity. There has been a definite and steady uptick in acceptance of business continuity/ disaster recovery initiatives. In the 1980s, disaster recovery was accepted by fairly large firms to protect their mainframes. By contrast, business continuity as a term (and activity) didn’t emerge until the early 1980s and acceptance was generally lukewarm over the 1980s, 1990s, and even early 2000s.

Beyond Compliance

If legislation is the dominant force that drives business to comply, then often the result can be a bare minimum compliant plan. Not necessarily a workable plan. Business Continuity Management should be seen as an investment not a compliance issue.

If you want to increase your Organizational Resilience, start with preparing a Business Continuity Plan and check out BCP Builder’s Business Continuity Planning Templates.