Business Continuity Plan Template for Australian General Practices

What's in this template?

This business continuity plan complements the Emergency Response Plan and focuses on sustained operations and recovery when a disruption prevents normal practice operations. It maps to RACGP Criterion C3.3 and covers 14 sections:

1. Purpose — distinguishing BCP (sustained operations) from ERP (immediate response)
2. Scope — loss of premises, IT failure, cyberattack, utility outage, key personnel loss, pandemic, supply chain disruption
3. Key Contacts — BCP Coordinator, Practice Principal, Practice Manager, IT provider, insurance, landlord, accountant, MDO
4. Critical Business Functions — prioritised into 4 tiers (4 hours, 24 hours, 1 week, deferrable)
5. Loss of Premises — immediate actions, short-term telehealth continuity, temporary premises, Medicare/PHN notification
6. IT System Failure and Cyberattack — backup details, paper-based fallback, ransomware response steps, ACSC contact, system restoration
7. Extended Power or Utility Outage — cold chain protection, telehealth pivot, utility provider contacts
8. Loss of Key Personnel — locum arrangements, delegation of authority, pandemic multi-staff absence
9. Supply Chain Disruption — buffer stock, backup suppliers, electronic prescribing fallback
10. Communication Plan — staff phone tree, patient notification channels, external spokesperson protocol
11. Insurance — business insurance, cyber insurance, workers' compensation
12. Testing and Maintenance — annual review, tabletop exercise, contact verification, backup testing
13. Related Policies — Emergency Response, IT Security, Privacy, Cold Chain, Handover
14. Review History

Editable placeholder fields

Includes fields for practice details, BCP coordinator, IT provider, insurance providers, temporary premises options, locum agencies, backup suppliers, and more.

How to customise this template

1. Download and fill in all {{placeholder}} fields
2. Identify temporary premises options in advance — nearby practices, serviced offices, co-working medical suites
3. Verify your backup system — confirm backup method, frequency, offsite location, and last successful test restore
4. Set up your staff phone tree — document who calls whom in sequence
5. Review your insurance coverage — confirm you have business interruption and consider cyber insurance
6. Run a tabletop exercise — walk through a scenario (e.g. "ransomware encrypts all systems on a Monday morning") with key staff

Frequently asked questions

How is this different from the Emergency Response Plan?

The Emergency Response Plan covers immediate response — what to do in the first minutes and hours. The BCP covers sustained operations — how to keep the practice running for days or weeks during an extended disruption, and how to recover back to normal.

Do we really need cyber insurance?

Ransomware attacks on Australian healthcare practices are increasing. Cyber insurance can cover incident response costs, data breach notification, business interruption, and even ransom payments. It's worth obtaining a quote — premiums for small practices are often reasonable.

Can I use this for AGPAL or QPA accreditation?

Yes. Both accrediting bodies assess against RACGP Criterion C3.3. A BCP demonstrates thorough emergency preparedness beyond the immediate response plan.