Small and Medium Enterprises (SMEs) are expose to the risks of business interruption as they expand and become more dependent on Information Communication Technology (ICT) infrastructure. The current study seeks to determine why organization that have Business Continuity Plan (BCP) in place and implement regular testing of their plan still experience prolong downtime during a disaster event resulting in Service Level Agreement (SLA) not being met or major financial loss. By employing a descriptive analytics approach through a qualitative case study, the research propose a normative process model for comprehensive procedures of BCP for business leaders, ICT service managers, IS executives, data science researchers, risk managers, entrepreneur and policy makers on how to adopt strategies on effective disaster risk reduction and management in SMEs. The current study offer both theoretical and practical implications for BCP in SMEs.