What Is a Business Continuity Plan (BCP) in Japan? And How to Prepare It
A Business Continuity Plan (BCP)—known in Japanese as 事業継続計画 (jigyou keizoku keikaku)—is a documented plan describing the policies, systems, and procedures an enterprise uses to continue critical operations, or recover them quickly, when disrupted by a natural disaster, pandemic, cyber attack, supply chain failure, or other emergency.
In Japan, BCPs are developed in accordance with the Cabinet Office's Business Continuity Guidelines, first published in 2005 and most recently revised in March 2023.
BCPs are not legally mandatory for most private businesses in Japan, but are strongly encouraged by the government, and are required by some industry regulators including financial services authorities and critical infrastructure operators.
But if BCPs are news to you, you are not alone.
According to a May 2021 survey by Teikoku Databank on business continuity planning in Japan, only 17.6% of the 11,242 corporate respondents across all company sizes had a BCP in place, with "not knowing how to create one" cited as the top reason by 41.9% of those without a plan.
The picture for larger companies has improved significantly since then. According to the Cabinet Office's FY 2023 Survey on Business Continuity and Disaster Reduction Efforts Made by Corporations — a biennial survey of private companies across Japan — 76.4% of large and medium-sized companies had developed a BCP by 2023.
The gap between large companies and SMEs remains wide, and the Cabinet Office has identified closing it as a priority. For small business owners and foreign-owned companies in Japan, the 2021 SME-inclusive figure remains the more relevant benchmark: BCP adoption among smaller firms is still low, and the barriers have not substantially changed.
Considering a BCP for your business? Here's a quick guide explaining what it is, what it addresses, and how to draw up your very own.
What is a Business Continuity Plan? And does my business need one?
Japan's guidelines surrounding BCPs were first established in 2005. The guidelines have been revised several times since, most recently in March 2023, when the Cabinet Office published an updated Japanese-language version reflecting lessons from COVID-19, cyber threats, and supply chain disruptions.
An English translation of the original Third Edition (June 2014) remains available via the Disaster Management Bureau, though readers working in Japanese should consult the current 2023 revision directly at the Cabinet Office disaster management portal.
The primary objective of Business Continuity Measures (BCM) is to help mitigate business setbacks and protect employees' lives in the face of a disruptive event.
It is somewhat similar to a disaster preparedness plan. Yet, a BCP covers a wider range of actions because it encompasses natural disasters and other possible emergencies that could hinder your business's operations while articulating your strategy in the face of such events.
Here's a comparison chart provided by Japan's Disaster Management Bureau, which shows the points covered in a disaster management plan vs. a business continuity plan.
Image: "Business Continuity Guidelines," Third Edition, Pg.10., Disaster Management Bureau
The benefits of a BCP include minimizing the damage of an interruptive event, visualizing your essential operations and priorities, identifying potential weaknesses, and bolstering your company against risks—all of which will strengthen your business as well as boost trust with stakeholders and clients.
Is a BCP mandatory in Japan?
For most private businesses in Japan, a BCP is not legally required.
The Cabinet Office's Business Continuity Guidelines are recommendations, not statutory obligations.
However, several important exceptions apply. Financial institutions supervised by the Financial Services Agency (FSA) are required to maintain business continuity systems under financial regulations.
Hospitals and medical institutions are subject to BCP requirements under healthcare laws, with a transitional period for compliance. Operators of critical infrastructure, including electricity, gas, water, telecommunications, and transport, are subject to sector-specific continuity requirements from their respective regulators.
For SMEs and foreign-owned businesses without a regulatory BCP requirement, the government's voluntary certification programme (事業継続力強化計画) offers a practical entry point: the plan is less complex than a full BCP, qualifies for tax incentives, and signals to clients and partners that continuity risks have been considered. According to the Cabinet Office, the gap between large companies (76.4% BCP adoption as of 2023) and SMEs remains the central challenge in Japan's national resilience strategy.
What incidents should be covered in a Business Continuity Plan?
The Business Continuity Guidelines state, "These Guidelines cover natural disasters which disrupt the business (especially the supply of products and services) of enterprises. However, the BCM can also cover any incidents which may suspend business operations such as large-scale accidents, communicable disease pandemics, terrorist acts and disruption of supply chains."
Since a company is meant to prepare for any incidents that could disrupt their specific business, each business will likely have different areas of concern and priority.
But, broadly speaking, corporations can look at the following 3 categories, according to HR Note:
1. Natural disasters
Events such as earthquakes, flash floods, typhoons, and other extreme weather events. Measures for such events could include:
Evacuation from the premises
Safety confirmation of employees
Checking for structural damage
Emergency response for saving lives
Restoring operations that have stopped
Emergency contact list and priority of contact
Handling data after the power is restored
2. External factors
Events in this category include bankruptcy of suppliers, cyber attacks, terrorist attacks, etc. Measures for such events could include:
Procedures for explaining the situation to the public
List of alternative suppliers
Alternative IT equipment systems
Safety confirmation of employees
Contact list of business partners and priority of contact
Data backups, recovery methods, and alternative data storage
One external risk that has grown significantly since this article was first written is cyber attack.
Japan's Cabinet Office 2023 survey specifically highlighted information security risks as among the top concerns cited by companies formulating BCPs—ranking alongside natural disasters and infectious diseases. For businesses operating in Japan, particularly those handling customer data or running cloud-based systems, cyber attack scenarios should be explicitly addressed in your BCP: this includes procedures for containing a breach, notifying affected parties, engaging your incident response team, and restoring systems from clean backups.
The National Institute of Information and Communications Technology (NICT) and IPA (Information-technology Promotion Agency) both publish Japan-specific guidance on cyber resilience planning that can supplement your BCP.
3. Internal factors
Events such as leakage of confidential information by employees, the resignation of executives due to misconduct, workplace accidents, or internal fraud. Measures for such events could include:
Steps and templates for creating an apology letter
Scenarios for handling different cases
Procedures for creating a press release and holding a press conference
Contact list of business partners and priorities for contact
Procedure for reviewing business contents
Prioritization of operations in the event of a drastic reduction in the workforce (e.g., which departments should remain operational)
When assessing the impact of a business interruption, the Guidelines suggests considering the implications on categories such as human resources, profit, sales, financing, customers, the social credibility of an enterprise, continuation or early recovery of the supply of critical products and services, ensuring core functions of the business, maintaining information and information systems, etc.
How to prepare your company's Business Continuity Plan
In general, there is no "standard" format, and BCPs are written in free form.
Various Japanese templates exist online that you can use to create your business's BCP measures, along with English-language resources created by the Disaster Management Bureau and Small and Medium Enterprise Agency (SMEA), METI.
Here are resources to know of before creating your BCP:
Business Continuity Guidelines, Third Edition (English PDF), Disaster Management Bureau. Note: This is the most recent English-language version available. A revised Japanese edition was published in March 2023. Japanese-language readers should access the current version at bousai.go.jp.
Operational Guidelines for Formulating BCPs for Small and Medium Enterprises (Japanese),
What Is Business Continuity?, The Business Continuity Institute
Keep in mind, the example forms provided are just one way of writing out your BCP.
If the forms look too daunting to tackle, start by assessing the risks and potential disruptions particular to your business and prepare contingencies for those risks.
Rather than aiming for a perfect system from the start, the Guidelines suggest corporations focus on establishing good practice first and then gradually improve their business continuity capabilities by making continual improvements.
Basically, aim to revise your BCP as new circumstances and risks become known.
Final steps to strengthen your Business Continuity Plan
Once your BCP is documented, you'll also want to have a plan in place for the following 3 points:
1. Plan for implementing proactive measures
Businesses are strongly encouraged to enact proactive measures to secure company data and services.
Cloud-based services, such as MailMate's virtual mail service, are an example of how businesses can continue operations without needing to go into the office in case of an extreme weather event or other business interruption.
If the logic of cloud storage as being the safest place for your company data makes sense to you, the next logical step here is putting your corporate mail on the cloud.
2. Plan for implementing education and training
To maintain the effectiveness of your company's BCP, schedule training of all new hires and commit to ongoing education.
Review your continuity measures with all staff to deepen knowledge of possible risks. Employees should practice implementing the plan to make sure there are no problems or weaknesses in your BCP.
"In an emergency, people have no time to read manuals. In preparation for an emergency, therefore, it is important to train personnel in advance to make them familiar with BCPs and manuals and enable them to take action at any time." (Business Continuity Guidelines, Third Edition, Disaster Management Bureau)
3. Plan for implementing review and improvement
The person in charge of your business's BCP, along with your BCM secretariat, should evaluate the details of your BCP once a year or more frequently to ensure the effectiveness of your plan.
Additionally, the management is encouraged to review your BCM when significant changes occur through external or internal factors.
Consider your BCP a living document that should change, grow, and improve along with other aspects of your company's operations.
From a reader who was in charge of his firm's BCP
"One thing I would add from experience,” says Stephen Turner, Representative Director & President of TS Japan Railway Travel Planning Company Limited, “most crises do not follow a plan, otherwise they probably would not be a crisis. So when devising a plan, there are some things that are a must-do (in appropriate situations) but there are other things where decisions will have to be made on the fly. It is important that everyone knows who can make those decisions, with alternatives if possible and ideally you list points that need to be considered for various scenarios (and possible actions). Although it is hoped that all actions and decisions made are the right ones, reality says there will be mistakes made. The important thing is that these are spotted quickly and plans are updated from the lessons learned. Although not a popular job, [have] someone who is experienced in the company’s business and operations be in charge of the plan, not the ‘unlucky’ junior staff member.”
Business Continuity Enhancement Plan certification
For those who want to take things one step further:
To encourage Japanese businesses to create BCPs, Small and Medium Enterprise Agency (SMEA), METI has developed a program 「事業継続力強化計画」that allows companies to get their BCP certified.
Businesses with a certified plan receive: tax breaks under the Small and Medium Enterprise Disaster and Risk Reduction Investment Promotion Tax System (中小企業防災・減災投資促進税制, updated April 2025); preferential scoring in government subsidy applications including the Manufacturing Subsidy (ものづくり補助金) and others. Note that the specific subsidy terms are updated each application round, so confirm current eligibility before applying; and the right to use the official certification logo on PR materials and company documents.
Applications are now accepted online via the dedicated system using a GBizID Prime account (allow approximately two weeks to obtain the account before applying). Paper applications remain available via regional METI offices.
Information on this program and how to apply can be found here (Japanese).
Frequently asked questions
What is a business continuity plan in Japan?
A business continuity plan (BCP) is a strategic framework that outlines how a company will maintain critical business functions when an unexpected event affects operations, such as a natural disaster, power outage, or service disruption. In Japan, the planning process follows the Cabinet Office's Business Continuity Guidelines, revised most recently in March 2023. Unlike a disaster recovery plan, which focuses on restoring information technology and data access, a BCP covers the full operational impact of a business disruption, including supply chain failures, financial loss, and recovery priorities across the entire organization.
Is a BCP legally required in Japan?
For most private businesses in Japan, a business continuity plan is not legally mandatory. Sector-specific requirements apply to financial institutions, healthcare providers, and critical infrastructure operators. For SMEs, Japan's voluntary 事業継続力強化計画 certification programme provides a structured entry point into the planning process, with tax incentives for companies that develop and certify a continuity plan.
How often should a BCP be reviewed in Japan?
The Cabinet Office Business Continuity Guidelines recommend reviewing your business continuity plan at least once a year, with additional reviews triggered by changes to critical functions, key employees, key suppliers, or potential threats. Regular tabletop exercises and training help the business continuity team test recovery strategies and update emergency contact information before disaster strikes.
What is the difference between a BCP and a disaster recovery plan in Japan?
A disaster recovery plan focuses on restoring information technology systems, data backup, and data access after a business disruption. A business continuity plan outlines a broader strategic framework, covering recovery strategies for all critical business operations, including supply chain, remote work, financial loss, and public relations. In Japan, the Disaster Management Bureau publishes a comparison chart in the Business Continuity Guidelines illustrating the difference between the two.
What is 事業継続力強化計画?
事業継続力強化計画 (jigyou keizoku ryouka kyouka keikaku) is Japan's government-certified Business Continuity Enhancement Plan programme for SMEs, administered by METI's Small and Medium Enterprise Agency. Companies that certify a plan receive tax breaks, preferential scoring in government subsidy applications, and the right to display the official certification logo. Applications are submitted online using a GBizID Prime account.
