The subject of continuity is a vast one, What I can tell you is that our organization has more and more requests from our major clients. So we had to work on the issue.
Our strategy was to use the resources of the different departments and create a network group, which allowed us to get a consultant and share the costs. In addition, we could benefit from the network afterwards.
Our goal was to certify to ISO 22301, although honestly, in our business context, we have not achieved it yet.
We still did different things though... Our goal is to avoid any form of customer audit (the data is often "sensitive" in this area because we do not want the customer to refuse us as a supplier). We thought then that to be able to prove to the customer that our continuity system was audited by a third organization would be acceptable.
We have also included in our evaluation forms of our suppliers a section asking them about their management of this aspect.
Hoping that helps! :)
PS: Our prayers are going to the people who are suffering from Dorian now.