A one-person business continuity plan (the bus-factor problem)

Most advice about keeping a small business running quietly assumes there is more than one person in it. The continuity plans you find online talk about cross-training staff, succession, and what happens if a key employee leaves. None of that maps cleanly onto a business that is one person doing everything from a single laptop on a kitchen table. The risk in that kind of business is not abstract and it is not far off. It is simply this: if you, personally, became unavailable for two weeks, what would happen to the orders, the money, the customers, and the thing you have spent a year or more building? In most solo operations the honest answer is that everything would quietly stop, and after a few weeks of silence it might not be recoverable at all.

Engineers have a blunt name for this. They call it the bus factor: the number of people who would have to be hit by a bus before a project could no longer continue. For a one-person business the bus factor is one, which is the worst possible score. This article is not about morbid scenarios, and you do not need to be hit by anything literal. A bad flu, a family emergency, a hospital stay, a stolen laptop, or a single account suspension can all produce the same effect as the proverbial bus. The good news is that you can change your bus factor with a few hours of unglamorous work. The aim here is not to make the business run without you forever. It is to make it recoverable, so a sudden gap becomes an inconvenience rather than the end.

It helps to be precise about what we are doing, because the phrase business continuity gets used loosely. This is not a deploy runbook, the technical document an engineer follows to push code and roll it back if something breaks. That kind of runbook keeps a piece of software healthy. Continuity planning sits one level up: it keeps the business alive and recoverable as a going concern. The question it answers is not how do I redeploy the site, but rather if I disappeared tomorrow, what would it take for someone, possibly me after I recover, to pick the business back up without losing the customers, the money, or the work. Those are different documents serving different emergencies, and a small business benefits from having both.

The reason solo operators skip this is understandable. The work feels theoretical, it competes with revenue-generating tasks that have obvious payoffs, and nothing bad has happened yet. But continuity planning has the same shape as insurance. You are spending a small, certain amount of effort now to cap a large, uncertain loss later. The difference is that this insurance is mostly free, you build it yourself, and the act of building it usually surfaces a few genuinely dangerous gaps you did not know you had. The plan that follows is deliberately modest. It is the version a real person can finish in an afternoon, not a corporate template you will abandon on page three.

Before you can protect anything you have to know what would actually break. A single point of failure is any one thing that, if it vanished or you lost access to it for two weeks, would take a meaningful chunk of the business down with it. For most online operations the list is shorter than people expect, and it tends to live in a handful of accounts and one physical device. Walk through each item below and ask the bus-factor question out loud: if this were gone, or I could not get into it, for two weeks, what breaks and how badly? Write the honest answer next to each one. The discomfort you feel while doing this is the whole point; it is the map of where to spend the next few hours.

The classic dangerous ones are easy to overlook precisely because they almost never fail. Your domain registrar holds the address customers and email both depend on; lose control of it and your store and your business email can both go dark at once. Your payment processor account is where the money lives and where it stops if the account is frozen. Your store or hosting platform is the storefront itself. Your business email is the recovery anchor for almost every other account, which makes it quietly the most important login you own. Then there are the relationships that are not accounts at all: the one key supplier whose contact details live only in your phone, and the single laptop where everything is signed in and nothing is written down.

There is a difference between listing your single points of failure and actually pressuring them, and the pressure is where the value is. For each item, do not stop at naming it; describe the failure in concrete terms. Saying the laptop is a risk is vague. Saying if my laptop were stolen tonight I could not log into the store because the two-factor app is on it, I have no idea what my registrar password is, and the supplier invoices are in a folder that only exists on that drive is specific, and specific fear is actionable. You are looking for the chains, where one failure cascades into others. The most common chain in a solo business runs through the phone and the laptop: lose both and you lose the second factor for everything, which can lock you out even of accounts whose passwords you remember.

Be honest about likelihood as well as impact, because they are not the same. A domain expiring because the renewal card on file expired is both fairly likely and quietly catastrophic, which makes it a top priority. A regional disaster destroying your only laptop is catastrophic but rare, so an offsite backup handles it without much fuss. A processor suspension is somewhere in between: not common, rarely warned about, and severe when it happens. Rank the list by impact times likelihood and you will find that two or three items dominate the risk. Those are where the next steps go first. Resist the urge to perfect the low-probability corners while the obvious chain through your email and your phone sits unaddressed.

Once you know what matters, the data those things produce needs to outlive any single device. The durable, decades-old rule of thumb here is 3-2-1: keep three copies of anything you cannot afford to lose, on two different kinds of media, with at least one copy stored offsite. For a one-person business the data worth protecting is mundane but irreplaceable: your order and customer records, your accounting and tax documents, your supplier invoices and contracts, your product photos and source files, and an export of your email list. None of that is dramatic, and that is exactly why it gets neglected until the drive fails or the laptop walks off.

In practice 3-2-1 does not require special software. Your working copy lives on the laptop. A second copy syncs automatically to a reputable cloud service, which gives you a different medium and offsite location in one move. A third copy lands periodically on an external drive you keep somewhere physically separate, ideally not the same bag as the laptop. The key word in that last sentence is periodically, because a backup you have to remember to make is a backup that will not exist when you need it. Wherever possible, automate the cloud sync so it happens without your attention, and put a recurring reminder on the calendar for the manual external-drive copy. A backup you have never restored is a hope, not a backup, which is why testing comes later in this plan.

The most common reason a solo business cannot recover is not that the data was lost; it is that nobody, including the owner under stress, could get back into the accounts. Passwords that live only in your memory, or in a browser you can no longer reach, are a single point of failure dressed up as security. The fix is a dedicated password manager. Move every business login into it: the registrar, the host, the processor, the email, the bank, the supplier portals, and the social accounts. Record not just the password but the username, the recovery email, and crucially where the two-factor codes come from, because a login you remember is useless if the second factor is trapped on a phone you cannot reach.

A password manager also solves a problem you might not have considered, which is your own future inability to function. After an accident or illness you may be exhausted and foggy, not sharp and organized. A single vault you can open with one master password, holding everything in one place, is far kinder to that version of you than a memory palace you built while healthy. Take the time to store your two-factor recovery codes in the vault as well, the long backup strings each service offers when you first turn on two-factor authentication. Those codes are the thing that gets you back in when the phone is gone, and almost nobody saves them. Saving them now turns the worst lockout scenario into a minor annoyance.

A vault only you can open still leaves the bus factor at one. The next move is to create a controlled way for someone you trust to step in if you genuinely cannot, without handing them the keys to your life today. Most reputable password managers offer an emergency access feature for exactly this: you nominate a trusted contact, and if they request access, the manager waits a delay you set, commonly several days, before granting it unless you decline. That waiting period is the safety valve. It means a trusted person can get in during a real emergency, but a momentary lapse in judgment or a stolen phone cannot instantly drain your accounts, because you have a window to say no.

If you would rather not give standing access to a vault, the low-tech version works too: write a sealed instructions document and tell one trusted person where it is and when they are allowed to open it. The document explains how to reach the essential accounts, where the money is, and who to contact, and it lives somewhere physically secure such as a home safe or a sealed envelope with a relative. Whichever path you choose, the principle is the same. One other human being, chosen carefully, should be able to keep the lights on or wind things down gracefully if you are unreachable. Choosing that person and having the conversation is uncomfortable, but it is the single change that moves your bus factor off one, and it costs nothing.

Access without instructions is not much better than no access. Your trusted person, or you on a bad day, needs to know what to actually do. So write a single page, no longer, that a reasonably capable stranger could follow. Keep it boring and literal. It should answer the handful of questions that come up in the first week of any unplanned absence: how do orders get fulfilled and where do shipments go from, where does the money sit and how does it move, who are the suppliers and how are they contacted, and how do you post a short status notice to customers so the silence does not read as the business having vanished. That status notice matters more than people think, because a brief honest message buys you weeks of customer patience that silence would burn.

The trap with runbooks is over-engineering them into a manual nobody reads. Resist it. One page, plain language, current contact details, and the location of the vault and the backups. Note the things that are genuinely time-sensitive, such as a domain or processor that will lapse if a payment is missed, because those are the items that turn a pause into a permanent loss. Store the runbook with the rest of the emergency materials and, importantly, date it. A runbook is only as good as its freshness, and a phone number from two years ago will send your stand-in down a dead end at the worst possible moment. Revisit it on the same schedule as your other reviews so it ages gracefully rather than rotting in place.

Some single points of failure are not about access at all; they are about ownership. If your entire business lives inside one rented account, a single un-appealable suspension can end it overnight, and the platform owes you nothing and often will not even explain. This is the quiet existential risk of building solely on someone else's land. The defenses are about not putting all your weight on a foundation you do not control. Own your domain directly at a registrar in your name rather than letting a platform hold it, because the domain is what lets you move and redirect customers if you ever have to leave. Own your email list as an exported file you keep, not just as numbers inside a marketing tool, because the list is the relationship and the platform is only the pipe.

Keeping your policies clean is part of the same discipline, and it is unglamorous but effective. Read the terms of the platforms you depend on, stay clearly inside them, and do not treat a warning as background noise. Most catastrophic suspensions are preceded by signals that were ignored. None of this means you should avoid hosted platforms; for many solo businesses they are the right call, and rebuilding everything yourself to dodge a rare risk is its own kind of overkill. The point is balance. Lean on the platform for convenience, but make sure the two things that let you survive leaving it, your domain and your customer list, are firmly in your own hands. That single distinction is what separates an inconvenient migration from a total loss.

There is a layer of continuity that sits outside accounts and backups, and it is worth a calm mention even though it is the least exciting part. Depending on where you live and how your business is structured, there may be insurance products that cover business interruption, and there are legal mechanisms that determine what happens to a business if its owner is incapacitated, such as a power of attorney that lets a named person act on your behalf. These are real tools and they can matter a great deal, particularly once a business has inventory, contracts, or meaningful revenue. They are also genuinely specific to your jurisdiction and your circumstances. This is general education, not legal or financial advice, and the responsible move is to ask a qualified professional in your area whether any of it applies to you.

The reason to raise it at all is that the technical continuity work above can lull you into thinking you are fully covered when you have only handled the digital layer. A perfectly backed-up business can still be paralyzed if no one has the legal authority to act for an incapacitated owner, or if a covered loss had no policy behind it. You do not need to solve this today, and for a very small operation it may be premature. But it belongs on the list as a known gap rather than an unknown one, so that as the business grows you address it deliberately. Knowing the gap exists is most of the protection; the rest is a single conversation with someone qualified when the scale justifies it.

Almost everyone who builds a continuity plan stops at the moment it is written, and an untested plan is mostly a comforting story. The failures hide in the gaps you cannot see from the inside: the backup that turns out to be empty, the recovery code that was never actually saved, the emergency access your trusted person does not know how to trigger. The only way to find those gaps before an emergency does is to run a small drill while everything is calm. Pick a quiet afternoon and do two concrete things. First, actually restore one of your backups to a different folder or device and open a file to confirm the data is real and complete, not just that a backup job reported success.

Second, run the human path end to end. Ask your trusted person to attempt the break-glass access, or to open the sealed document, and to read your runbook as if you were unreachable, then tell you honestly where they got stuck. You will almost certainly learn that something is unclear, out of date, or missing, and discovering that on a calm Tuesday is a small gift compared to discovering it in a crisis. Put a recurring reminder on the calendar to repeat a lighter version of this drill once or twice a year and to refresh the runbook and credentials at the same time. The whole exercise is a few hours, perhaps an afternoon to build and an hour twice a year to maintain, and it converts an existential risk into a manageable inconvenience.

Honesty cuts both ways, so it is worth saying clearly when not to bother with most of this. If what you have is a hobby project with no real revenue, no customers depending on you, and nothing irreplaceable inside it, then a full continuity plan is effort spent on a risk that barely exists. A side experiment that could disappear tomorrow without anyone being harmed or any money being lost does not need a break-glass access path or a tested recovery drill. Forcing the apparatus of continuity onto something that small is its own mistake, because it borrows time from the work that would actually turn the hobby into a business worth protecting. The plan earns its keep only when there is something real to lose.

The line to watch for is the moment the project starts mattering to other people or to your own finances. The first time a customer is waiting on an order, the first time the income is something you would miss, the first time there is data you could not cheerfully recreate, the calculus flips and the afternoon of work becomes clearly worth it. For everyone past that line, which is most people reading this, the message is simple. Your bus factor is one, the fix is mostly free, and a few hours now buys you the difference between a recoverable pause and a quiet ending. If you want the wider context for the routines this plan protects, the rest of our online-business library walks through the day-to-day operations that a continuity plan is ultimately there to safeguard.