Download Business Continuity Plan

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

Transcript
Your Company Name
Business Continuity Plan
Business Continuity Plan
Name of Business
Address:
Plan Owner:
Issue Date:
Review Date:
[IL0: UNCLASSIFIED]
Version 1.0
Your Company Name
Business Continuity Plan
IN CASE OF
DISRUPTION GO
TO PAGE 1
[IL0: UNCLASSIFIED]
Version 1.0
Your Company Name
Business Continuity Plan
Initial Assembly Point
The Initial Assembly Point (IAP) is where all staff/personnel should meet on the instruction of
the person in charge. The need for an IAP may arise during disruption in particular one that
affects access to or use of the services premises. The following areas are for a quick
response purpose prior to relocation or longer term arrangements.
Initial Assembly Point:
Contact:
Telephone Number:
Back Up Assembly Venue:
Contact:
Telephone Number:
Temporary Emergency Office
In the event of an incident affecting any of the business premises a Temporary Emergency
Office (TEO) may be set up where members of the public/staff can make contact in the event
of an emergency. A TEO should be used as a short term solution.
TEO Location 1:
Contact:
Telephone Number:
TEO Location 2:
Contact:
Telephone Number:
[IL0: UNCLASSIFIED]
i
Your Company Name
Business Continuity Plan
Contents
Initial Assembly Point ............................................................................................................. i
Temporary Emergency Office ................................................................................................ i
Contents ................................................................................................................................ii
Acronyms .............................................................................................................................. iii
1.
Activation Procedure ..................................................................................................... 1
2.
Response Action Checklist ............................................................................................ 2
3.
Critical Functions ........................................................................................................... 4
4.
Action Cards.................................................................................................................. 5
5.
Key Contacts ................................................................................................................. 9
6.
Incident Log Sheet ...................................................................................................... 11
7.
Plan Overview ............................................................................................................. 13
7.1 Introduction ............................................................................................................... 13
7.2 Aim............................................................................................................................ 13
7.3 Objectives ................................................................................................................. 13
7.4 National Definitions ................................................................................................... 13
8.
Roles and Responsibilities .......................................................................................... 14
8.1 Response and Recovery Team ................................................................................. 14
8.2 Senior Management .................................................................................................. 14
8.3 Service Management and Staff ................................................................................. 14
8.4 Service Structure ....................................................................................................... 14
9.
Administration ............................................................................................................. 15
9.1 Amendment Record .................................................................................................. 15
9.2 Distribution List.......................................................................................................... 15
9.3 Training Record......................................................................................................... 15
9.4 References and Related Documents ......................................................................... 15
Appendix A
Business Impact Assessment ...................................................................... 16
Appendix B
Insurance Guidance ..................................................................................... 18
Appendix C
Service Structure ......................................................................................... 19
[IL0: UNCLASSIFIED]
ii
Your Company Name
Business Continuity Plan
Acronyms
BCM
Business Continuity Management
BCP
Business Continuity Plan
BIA
Business Impact Assessment
IAP
Initial Assembly Point
TEO
Temporary Emergency Office
Include any relevant Service specific Acronyms/team names here
[IL0: UNCLASSIFIED]
iii
Your Company Name
1.
Business Continuity Plan
Activation Procedure
Disruption to your
business
Could it cause
interruption to your
Critical Functions?
No
Yes
GO TO
RESPONSE
ACTION
CHECKLIST
Page 2
Could it cause
interruption to other
areas within your
business?
Will it affect external
stakeholders?
Ye
s
No
Yes
Consider Response
Action Checklist (Page
2) for all areas
Contact affected
stakeholder(s) to
inform them of the
impact on your/their
business
Have all Critical Functions been
reinstated?
Yes
END
Note: If the disruption changes, reassess this flow chart and take action accordingly.
[IL0: UNCLASSIFIED]
1
Your Company Name
2.
Business Continuity Plan
Response Action Checklist
The Response Action Checklist is an aide memoire to be used in conjunction with any
advice received from the Emergency Services/Specialist Services during disruption or an
emergency.
Note: Not all of the below actions may need to be followed in every instance. Treat each
disruption as unique and the actions as dynamic to ensure the most suitable response for
the current incident.
Work through this checklist during a disruption:
No.
1
2
Action
Responsible
Complete?
Start and maintain an Incident Log Sheet.
(Section 6)
Convene a Response/Recovery Team (Section
8.5)
 Meetings
 Develop an action plan
3
Inform staff of disruption and advise to meet at
Initial Assembly Point or back up. (Page i)
4
Consider the use of a Temporary Emergency
Office. (Page i)
5
Liaise with relevant teams and services.
(Section 5: Key Contacts)
6
Identify any damage to premises
7
Identify service critical functions disrupted and
record on Incident Log Sheet.
8
Use action cards (Section 4) to view impacted
functions and implement suitable contingency
arrangements
9
Relocate teams/services to predetermined or
contingency locations if necessary
[IL0: UNCLASSIFIED]
2
Your Company Name
Business Continuity Plan
10
Estimate scale and duration of the disruption
11
Inform affected staff and stakeholders of
disruption:
 Update at timely intervals
12
Consider the need for additional/relief staff
13
Consider producing ‘Situation Reports to keep
management and staff informed
14
Establish Communications team to provide
internal and external briefings
15
Consider insurance issues
16
Reassess the situation and review actions until
all critical functions are reinstated
Post Incident
1
Begin the debrief process (Within two weeks of
incident closure)
2
Review Business Continuity Plan (Upon
completion of debrief)
[IL0: UNCLASSIFIED]
3
Your Company Name
3.
Business Continuity Plan
Critical Functions
Functions are the services or products provided. Critical Functions are those services or
products that are integral to the running of business or that will have the biggest impact on
stakeholders if they fail to continue within an identified period of time.
A Recovery Time Objective should be included to outline the ‘deadline’ in which a Critical
Function should be restored.
3.1 Critical Function Priority List
Prioritise the services and products which should be reinstated first (after loss) or need to
continue in the event that some must temporarily stop.
Complete a Business Impact Assessment to identify priority functions (Appendix A).
Once you have identified your critical functions, please complete Action Cards for each
function overleaf (Section 4).
Priority
Critical Function
Recovery Time
Objective
1
2
3
4
5
6
7
8
9
10
This list should be used during disruption when the Response/Recovery team are compiling
an Action Plan and to assist with decision making.
[IL0: UNCLASSIFIED]
4
Your Company Name
4.
Business Continuity Plan
Action Cards
Priority:
1
Critical Function: Name of priority 1 critical function
Responsibility and deputy:
Potential Impact on Service:

First 24 hours


24-48 hours


Up to 1 week


Up to 2 weeks

Resources required for minimum level of Service:
Contingency Arrangements:
Staff:
Premises/Relocation:
ICT resources:
Other resources:
(equipment, money
etc)
Stakeholders:
Petty cash/other money arrangements
Impact:
[IL0: UNCLASSIFIED]
5
Your Company Name
Priority:
Business Continuity Plan
2
Critical Function: Name of priority 2 critical function
Responsibility and deputy:
Potential Impact on Service:

First 24 hours


24-48 hours


Up to 1 week


Up to 2 weeks

Resources required for minimum level of Service:
Contingency Arrangements:
Staff:
Premises/Relocation:
ICT resources:
Other resources:
(equipment, money
etc)
Stakeholders:
Impact:
[IL0: UNCLASSIFIED]
6
Your Company Name
Priority:
Business Continuity Plan
3
Critical Function: Name of priority 3 critical function
Responsibility and deputy:
Potential Impact on Service:

First 24 hours


24-48 hours


Up to 1 week


Up to 2 weeks

Resources required for minimum level of Service:
Contingency Arrangements:
Staff:
Premises/Relocation:
ICT resources:
Other resources:
(equipment, money
etc)
Stakeholders:
Impact:
[IL0: UNCLASSIFIED]
7
Your Company Name
Priority:
Business Continuity Plan
4
Critical Function: Name of priority 4 critical function
Responsibility and deputy:
Potential Impact on Service:

First 24 hours


24-48 hours


Up to 1 week


Up to 2 weeks

Resources required for minimum level of Service:
Contingency Arrangements:
Staff:
Premises/Relocation:
ICT resources:
Other resources:
(equipment, money
etc)
Stakeholders:
Impact:
[IL0: UNCLASSIFIED]
8
Your Company Name
5.
Business Continuity Plan
Key Contacts
5.1 Management Contact Details
Name
Role
Work No.
Mobile / Home
5.2 Staff/Service Contact Details
Name
Role
Mobile / Home
5.3 External Stakeholder’s Contact Details
Stakeholder
Contact No.
5.4 Useful Contacts
Organisation/Service
Contact No.
[IL0: UNCLASSIFIED]
9
Your Company Name
Business Continuity Plan
[IL0: UNCLASSIFIED]
10
Your Company Name
6.
Date
Business Continuity Plan
Incident Log Sheet
Time
Contact Details
(incoming/outgoing)
Information (received/given)
Sheet Number:
Actions (to be taken)
Complete?
Person
Responsible
[IL0: UNCLASSIFIED]
11
Your Company Name
Business Continuity Plan
Sheet Number:
[IL0: UNCLASSIFIED]
12
Your Company Name
7.
Business Continuity Plan
Plan Overview
7.1 Introduction
Business Continuity Management is a process that helps manage risks to enable the smooth
running of an organisation or delivery of a service, ensuring continuity of critical functions in
the event of a disruption, and effective recovery afterwards.
7.2 Aim
To prepare the business to cope in an emergency, in order to resume normal service
provision.
7.3 Objectives
 To define and prioritise the Critical Functions of the service
 To analyse the risks to the service
 To detail a Response Action Checklist
 To develop Action Cards
 To identify Key Contacts
7.4 National Definitions
Emergency
An emergency is a situation which threatens serious damage to human welfare in the UK,
the environment of a place in the UK, or war or terrorism which threatens serious damage to
the security of the UK:




Arises with or without warning
Causes or threatens death, injury or disruption to normal life
Affects more people than can be dealt with under normal circumstances
Requires special mobilisation and organisations of resources
Incident
Not all situations are emergencies, an incident is a situation which:



Requires the council to respond in a manner outside its normal, day to day
procedures and method of work
Is limited in scale or area enabling a local response
Involves one or more service area
[IL0: UNCLASSIFIED]
13
Your Company Name
8.
Business Continuity Plan
Roles and Responsibilities
8.1 Response and Recovery Team
Depending on the nature and severity of an emergency a Response and Recovery Team
may be convened.
The Team has a collective remit:
●
●
●
●
●
To review the overall co-ordination of activity in response to major emergencies
and implement the most appropriate strategy for its continuation;
To ensure the most effective use of resources and their withdrawal at the earliest
appropriate time to allow resumption of management by normal arrangements;
To ensure the welfare and well being of the community and those engaged in supporting
it;
This Team will be led by an appropriate Senior Manager or delegated member of staff;
The Response / Recovery Team will undertake any response or recovery actions. See
Section 2 and 4.
8.2 Senior Management





Continuing with the management of the service’s activities during a response to an
incident;
To provide advice, guidance and updates to team members;
To coordinate their teams response where required;
To ensure health and safety, and well being;
To attend incident meetings.
8.3 Service Management and Staff



To assist with any response required;
To provide support to senior managers;
To complete an incident log (Section 5).
8.4 Service Structure
Give a brief description of your service structure. Include a diagram with communication
flows and reporting lines (Appendix C)
[IL0: UNCLASSIFIED]
14
Your Company Name
9.
Business Continuity Plan
Administration
To ensure validity of the plan, copy holders are requested to notify the Plan Owner of any
amendments to the information contained within it. Updated plans should then be distributed
to all copy holders and the Resilience Team notified.
This plan should be reviewed every 6 months.
9.1 Amendment Record
Date
Version No.
Amendment Details
9.2 Distribution List
Copy No.
Name
Role
9.3 Training Record
Date
Staff Trained
Details
9.4 References and Related Documents
Document
Location
Location
[IL0: UNCLASSIFIED]
15
Your Company Name
Business Continuity Plan
Appendix A Business Impact Assessment
The following areas of impact should be considered when allocating a risk rating to each function.
The following table gives examples; however the threshold will vary depending on the size and nature of your business. Input the highest
impact risk level per function into the timescale table on the following page.
Type of Impact
Critical
High
Medium
Limited
Low
Financial: Loss of
£5million + in a year
£3million to £5 million in a
year
£1million - £3million in a
year
£50k - £1million in a
year
Less than £50k
Breach of UK or European
Law Organisation and Council
are the subject to scrutiny
Breach of Statutory
Guidance and Codes of
Best Practice.
No immediate breach of
regulations, but with the
potential to do so should
the situation continue
Failure to comply with
internal guidelines and
instructions
No Legal or
regulatory
impact
Whole Business Impact
Many services affected
Large proportion of one
service affected
Multiple functions
Impacted
Single function
disrupted
Death or serious injury to
customers
Most customers badly
affected with some
vulnerable groups put in
danger
Adverse comment in
national media and/or loss
of confidence in a major
part of the organisation.
Reversible environmental
degradation over a
number of years
Many Customers
inconvenienced for a
sustained period.
Small groups of
customers affected for
a few days.
Consistent negative
coverage by local
media.
National Media interest
Manageable
environmental impacts.
No long term effects.
Adverse comment in
local media only
Minor disruption
to a small
number of
customers
Internal criticism
of service
revenue, assets, increased
costs, fines, penalties and
compensation
Regulatory & Legal:
Failure to meet legal
requirements or maintain
standards
Public enquiry/Royal
commission
Organisation found liable to
legal action
Operational &
Employee Impact:
Consequences for the
Council
Service User / Citizen
Impact: Consequences for
the public
Impact to Reputation:
Damage to relations,
perception and trust
Environmental Impact:
Damage to the physical
environment
Adverse and sustained
national media campaign
and/or loss of confidence/trust
by public.
Irreversible environmental
degradation with severe legal
consequences
Minor short term
environmental damage
Inconsequential
environmental
impact if any.
[IL0: UNCLASSIFIED]
16
Your Company Name
Business Continuity Plan
The table below will display each function and the highest impact risk level over the outlined timescales – this will assist with Critical Function
identification and prioritisation. Include the impact with the highest level of risk; it is colour coded to enable understanding and future review.
Function
Impact
<6
hours
6-12
hours
24
hours
48
hours
72
hours
1
Week
2-3
Weeks
1
Month
>1
Month
Financial
Regulatory & Legal
Operational & Employee
Service User/Citizens
Reputational
Environmental
Financial
Regulatory & Legal
Operational & Employee
Service User/Citizens
Reputational
Environmental
Financial
Regulatory & Legal
Operational & Employee
Service User/Citizens
Reputational
Environmental
Financial
Regulatory & Legal
Operational & Employee
Service User/Citizens
Reputational
Environmental
[IL0: UNCLASSIFIED]
17
Your Company Name
Business Continuity Plan
Appendix B Insurance Guidance
The involvement of the Insurance Team would be considered appropriate in the event of:








Fire,
Flood Water Surge,
Water Escape,
Terrorism,
Asbestos,
Lightning/Electrical Surge,
Malicious Acts
Significant incident involving injury to employees and / or members of the public
If any of these events result in:




Material Damage,
Motor Damage,
Damage to other public or private property.
Significant interruption to service delivery from any other cause.
The following steps should be taken:

Contact your Insurance Company
Please refer to the Risk and Insurance intranet page for further contact details:
http://intranet.sandwell.gov.uk/info/20292/insurance


Create a contents list of damaged items/property.
Take photos of damage where it is not possible or safe to leave it in place.
Throughout this process consider the Health and Safety of all people on site.
[IL0: UNCLASSIFIED]
18
Your Company Name
Business Continuity Plan
Appendix C Service Structure
[IL0: UNCLASSIFIED]
19
Similar
download
download
OASIS UTILIZATION- MICC FDO Eustis
OASIS UTILIZATION- MICC FDO Eustis