Business Continuity Planning Checklist

List the operations the store cannot lose for more than a few hours: POS and payment authorization, e-commerce fulfillment / BOPIS, receiving and replenishment, loss prevention CCTV/EAS, scheduling and timekeeping. Tie each to a comp-sales impact estimate so leadership can rank them.

Cover the scenarios retailers actually hit: POS database corruption, payment processor outage, internet/WAN loss at store, ransomware on back-office, hurricane/wildfire closure, organized retail crime spike, DC fire, key supplier bankruptcy. Score each on probability × dollar impact per day of downtime.

Recovery Time Objective (how fast back up) and Recovery Point Objective (how much data loss tolerable) drive the backup and failover spend. POS should typically run RTO ≤ 4 hours and RPO ≤ 1 hour; HRIS and BI can tolerate days.

Include fitting-room and stockroom sweeps, designated assembly points in the parking lot, and a manager headcount procedure. Reference state OSHA emergency action plan requirements and post the diagram in the back-of-house.

Rotate drills across opening, mid-day, and closing shifts so every key holder participates at least once per year. Document who attended in the training log; LP audits this annually.

Name the Incident Commander, Operations Lead, IT Lead, LP Lead, and Communications Lead with primaries and alternates. Each role gets a one-page action card with first-hour responsibilities.

For Lightspeed, NCR Counterpoint, Heartland, or whichever platform: confirm nightly database backups run, are encrypted at rest, and replicate offsite. PCI DSS scope requires retention and access logging — document both.

When the processor or WAN drops, cashiers fall back to store-and-forward mode or manual imprinter for high-value sales. Write the exact register prompts, the dollar cap, and the reconciliation steps once connectivity returns — cashiers will not improvise this correctly.

Restore last night's backup to a test environment, log in, run a test transaction, and verify the price book and tax tables loaded cleanly. Unverified backups are the most common reason a retailer discovers their recovery plan never worked — only at the worst possible moment.

Triage the restore failure with IT and the POS vendor. Treat as P1 — a failed quarterly restore means the next real outage will not recover. Track to closure with a re-test before signing off.

Capture personal phone, secondary phone, and email for every store manager and ASM in Beekeeper, Reflexis, or whichever store-comms tool you use. Test annually — turnover invalidates ~25% of contacts each year.

One named spokesperson plus one alternate. Store managers and associates redirect all press, social, and breach inquiries to the spokesperson — written into the BCP and reinforced in training.

Templates for: storefront signage, e-commerce banner, Google Business Profile post, social channels, and a Klaviyo email to the local customer segment. Pre-approved by legal so they can ship within 30 minutes of an incident.

For the SKUs that drive the most comp sales, document a secondary vendor with confirmed lead times and minimums. Single-source dependency on overseas suppliers is the single most common BCP gap retailers find when they audit.

If your DC goes dark, who picks up the ship-from-store volume? Get written response-time commitments from your 3PL and a backup carrier (UPS ↔ FedEx ↔ USPS) so e-commerce continues during a DC outage.

Pull a current Certificate of Insurance from each critical vendor naming your company as additional insured. Capture the vendor's 24/7 incident line — the daytime account rep is useless on a Saturday night.

One 45-minute session per district. Cover the first-hour actions: stop the bleeding, count people, notify the IC, switch to offline procedures if applicable. Managers leave with a laminated card kept at the safe.

Every new key holder, ASM, and store manager completes a short module within their first 30 days. The associate-level version covers evacuation and active-threat only; managers get the full plan.

Run the completion report from your LMS by district. Flag any store below 90% and escalate to the District Manager. Document for the OSHA file.

Use a realistic scenario — ransomware encrypts the POS database on Black Friday morning, or a hurricane closes 12 stores for a week. Two hours, role-played, with a facilitator capturing decisions and gaps.

Pick a low-traffic Tuesday at one pilot store. Kill the POS network connection at 10 AM and observe: do cashiers switch to offline mode? Does the manager call the right number? Time how long until first transaction recovers.

Write up what worked, what failed, and three specific changes to the plan. Vague lessons ("communication needs improvement") get rejected; assign each item an owner and a due date.

Annual review with Director of Operations, VP Stores, IT, LP, and HR. Walk every section; mark sections that need rework before next year's run.

New POS platform, new DC, new e-commerce channel, new predictive-scheduling jurisdiction, new PCI DSS version — any of these invalidates parts of last year's plan. Sweep the diff and rewrite the affected sections.

Push the new version to every store manager and district manager with a one-page change summary at the top. Require acknowledgement in the LMS so you can prove distribution if a regulator or auditor asks.