Business Continuity Planning: How to Get Ahead of the Next AWS Outage

Cloud services usually run so smoothly that you rarely think about them … until something breaks. 

The harsh reality is that technology is imperfect, interconnected, and guaranteed to fail at some point. For many businesses, the Amazon Web Services (AWS) outage on October 20, 2025, was the rude wake-up call they didn’t know they needed. 

A single DNS error in AWS’s US-East-1 region triggered a chain reaction that disrupted millions of businesses worldwide—from Microsoft 365 and Slack to Shopify, Canva, and Snapchat. But the real lesson wasn’t the outage itself. It was how quickly it exposed gaps in many companies’ readiness. 

If your organization doesn’t know exactly what you’d do in the first 5 minutes, 5 hours, or 5 days of a major disruption, whether it’s from a cloud failure, a fire, or a pandemic, it’s time to build or update your business continuity plan. With a strong plan in place, you can reduce panic, protect revenue, and build organizational resilience. 

I’m sharing our biggest lessons from the AWS outage, what leaders must understand about business continuity, and tips to build a comprehensive plan to withstand any type of disruption. 

Top AWS Outage Takeaways 

Whether your business was affected or not, these learnings are essential reminders for every leadership team. 

• Moving to the cloud doesn’t eliminate risk. The biggest misconception leaders have is assuming cloud adoption = guaranteed reliability. It doesn’t. It simply shifts your risk profile. 
• Relying on a single vendor increases exposure. When your entire business runs on one cloud provider, your uptime becomes their uptime. For some organizations, that risk is acceptable. For many, it isn’t. 
• Downtime is inevitable, so prepare now. Systems fail. Vendors make mistakes. Global outages happen. The question is never if, it’s when, and how equipped you are to minimize impact. 

You can’t prevent every disruption, but you can determine how well your business withstands it. 

So how do you get ahead of the next major disruption? By building a continuity plan that accounts for far more than your tech stack. 

What Strong Business Continuity Plans Must Consider 

The most effective continuity plans focus on what keeps your business running. Hint: It’s not just servers and systems, but the entire ecosystem that supports your ability to generate revenue. 

Here are the 5 areas every comprehensive plan must address. 

1. Identify what truly drives revenue and must keep running 

Start with the business-critical functions that directly support ROI. These often go overlooked and include: 

• People 
• Key vendors 
• Phone systems 
• Cash processing 
• Accounting workflows 
• Communication channels  

Then ask: How long can each realistically be down? 4 hours? 8 hours? A day? A week? For each critical function, document: 

• Maximum acceptable downtime (in hours or days) 
• Business impact if the function is unavailable 
• Who owns decisions related to that function during a disruption 

If you cannot define how long something can be down, you cannot design an effective recovery strategy. 

2. Understand where you’re vulnerable, and where resilience is worth the cost 

Most disruptions stem from dependencies and single points of failure, like cloud vendors, ISPs, facilities, third-party tools, and service providers. Start by mapping how a failure in one area could cascade across your entire organization. This helps you distinguish between risks you can accept and those that require additional protection. 

“As powerful and resilient as AWS, Azure, and Google Cloud are, they are still computers—and between tech glitches and human error, they will go down,” says Mike VanderVat, Technology Principal at SC&H. “The best safeguard for large companies is to use more than one provider or ensure diversification across multiple regions and zones.”

Once you understand your exposure, determine what risks you can accept and where redundancy is worth the cost. For some companies, resilience may justify investments such as: 

• Multi-cloud or multi-region strategies 
• Dual ISPs or alternate network paths 
• Expanded backup and restore capabilities 

The key is balancing operational resiliency with financial realities. 

Technology Readiness Checklist 

Use this checklist to ensure you’ve covered your bases. Confirm you have addressed: 

• Single points of failure across cloud providers, ISPs, and SaaS tools 
• Backup access to critical systems and data 
• Alternate communication methods if email or collaboration tools are unavailable 
• Offline access to emergency contacts, plans, and procedures 

Don’t assume availability. Design for interruption. 

→ Need some help? We can help you identify your biggest risks with an in-depth cybersecurity assessment. 

3. Assess and vet third-party vendors for business continuity

Nearly every business relies on third parties. You can’t control whether they go down, but you can evaluate how prepared they are to withstand and recover from disruptions. 

Look beyond basic security claims. Strong partners should demonstrate operational resilience through: 

• Independent certifications such as SOC 2 Type II or ISO 27001 
• Strong internal controls 
• Transparent documentation of disaster recovery plans 
• Regular testing of incident response and failover procedures 

It’s also critical to understand how deeply a partner is embedded in your operations. A disruption at a core vendor can have the same impact as an internal system failure, especially if there’s no viable alternative. 

4. Plan for long-term resilience, not just IT outages 

While system outages are common, many of the most damaging events affect people, facilities, and finances, not just infrastructure. Your business continuity plan should account for scenarios such as:  

• Pandemics or widespread health events 
• Natural disasters that impact offices, data centers, or supply chains 
• Facility loss or extended building closures 
• Criminal activity, including physical security incidents 
• Workforce disruptions that limit staffing or access to critical roles 

These events often last longer and have broader consequences than a typical IT outage, making recovery more complex and expensive. 

“Business continuity isn’t just an IT priority—it’s a financial one,” said Lee Whieldon, Data Analytics Principal at SC&H. “You need to make sure your business strategy supports a continuity plan so you don’t lose precious software that your organization needs to make money.”

Tips to Build (and Maintain) a Continuity Plan 

• Document a plan anyone can execute. Define roles, responsibilities, steps, and escalation paths clearly. 
• Print the plan. If email or cloud storage is down, people still need access. 
• Run annual tabletop exercises. Test your plan against realistic disruption scenarios, then refine it. 
• Align the entire organization. Continuity planning is cross-functional. Leadership, finance, and frontline staff all see different risks, and each perspective matters. 
• Evaluate risk vs. cost. Not every layer of redundancy makes financial sense. Prioritize what protects revenue, customers, and reputation. 
• Accept that bad things will happen. Continuity planning isn’t about eliminating risk. It’s about ensuring your operations can continue through it. 

Get Help With Continuity Planning 

Proactive planning protects revenue, maintains customer confidence, and ensures your business can recover quickly when disruption strikes.  

If you need help creating, strengthening, or testing a continuity plan, our experts can guide you every step of the way! Get started >