Business Continuity Plan (For Company XX) Business Continuity Coordinator ( ) Crisis Management Team Team Leader ( )
In the event of a business disruption refer to the following [Company XX] documents: Emergency Response Plan
Refer to [Company XX] Emergency Response Plan
Table of Contents ABBREVIATIONS.......................................................................................................................................................3 DEFINITIONS..............................................................................................................................................................4 ABOUT THIS PLAN TEMPLATE.............................................................................................................................5
Business Continuity Plan Documents & Crisis Response Phase................ Phase........................... ..................... ..................... ..................... ..........................5 ................5 INTRODUCTION.........................................................................................................................................................7 BUSINESS CONTINUITY POLICY..........................................................................................................................8
Purpose................. Purpose............................ ..................... .................... ..................... ..................... ..................... ..................... .................... ..................... ..................... ..................... ........................................8 .............................8 Scope................. Scope............................ ..................... .................... ..................... ..................... ..................... ..................... .................... ..................... ..................... ..................... ..................... .................................8 .......................8 Executive Sponsor................. Sponsor........................... .................... ..................... ..................... ..................... ..................... .................... ..................... ..................... ..................... ...................................8 ........................8 Document Manager...............................................................................................................................................8 Review and Compliance............ Compliance....................... ..................... .................... ..................... ..................... ..................... ..................... .................... ..................... ..................... ..............................8 ....................8 Rules Regulations..................................................................................................................................................8 Staff Responsible............... Responsible......................... ..................... ..................... ..................... ..................... .................... ..................... ..................... ..................... ..................... .................... ............................8 ..................8 Violations...............................................................................................................................................................9 BUSINESS CONTINUITY PLAN ............................................................................................................................10
Purpose................. Purpose............................ ..................... .................... ..................... ..................... ..................... ..................... .................... ..................... ..................... ..................... ......................................10 ...........................10 Objectives............................................................................................................................................................10 Assumptions.........................................................................................................................................................10 Scope................. Scope............................ ..................... .................... ..................... ..................... ..................... ..................... .................... ..................... ..................... ..................... ..........................................11 ...............................11 BUSINESS CONTINUITY PLAN DOCUMENTS & CRISIS RESPONSE PHASE..........................................12
B usiness Continuity Plan Documents............... Documents.......................... ..................... .................... ..................... ..................... ..................... ..................... ...................................13 .........................13 BUSINESS CONTINUITY PLAN HIGH-LEVEL PROCESS FLOW.................................................................14 BUSINESS CONTINUITY PLAN REFERENCE DOCUMENTS........................................................................14 FORMS........................................................................................................................................................................15
F1 – Version Change Control..............................................................................................................................15
©Sentryx 2007 All rights reserved
2
Abbreviations BCP
Business continuity plan
CMC
Crisis management center
CMT
Crisis management team
BCP
Business continuity plan
ER P
Emergency response plan
ERT
Emergency response team
ERTL
Emergency response team leader
ERTD ERTDM M
Emer Emerge genc ncy y respon sponse se team team depu deputy ty mana manage ger r
SCMP
Site crisis management plan
©Sentryx 2007 All rights reserved
3
Definitions Executive Sponsor
Senior management member who approves and provides full support for the development and implementation of the organization’s organization’s business continuity program
Document Manager
Person who approves and authorizes the BCP document including document revisions.
©Sentryx 2007 All rights reserved
4
About This Plan Template This business continuity plan (BCP) template is one template in a series of te mplates designed to provide comprehensive, practical, and structured guidance to those responsible for developing a business continuity plan. This template contains a recommended structure, outline, and contents for a typical business continuity plan document. Where possible, instructions instructions for completing specific sections provided and sample text is given as a suggestion of the type of information required. The template contents may be customized and tailored to suite your organization’s organization’s specific BCP requirements. It is recommended that a Document Manager be assigned the responsibility of overseeing updates and revisions to this document. Please refer to the section “Version “Version Change Control” for more information on how to manage and distribute changes to this document.
Business Continuity Plan Documents & Crisis Response Phase For the purpose of this template, the crisis response phase h as been defined as the overall phase during which an emergency or disaster occurs. During the crisis response response phase, several sub phases occur, namely, namely, a disaster response phase, management response phase, and a business bu siness area response phase. During each phase, one of several business business continuity plan documents are utilized. The diagram below depicts the crisis response sub-phases and plan docu ments associated with each sub-phase:
©Sentryx 2007 All rights reserved
5
This business continuity plan template follows a phased approach as a response to a disaster or disruptive event. The [Company XX] business continuity plan consists of several plan documents as follows: 1. Busi Busines nesss cont contin inuit uity y plan plan (this plan) 2. Emerg Emergency ency respons responsee plan plan (refer (referenc enced) ed) 3. Site Site crisis crisis manage managemen mentt plan plan (refere (referenced nced)) 4. Busine Business ss area area recovery recovery plan plan(s) (s) (refe (referen renced) ced)
©Sentryx 2007 All rights reserved
6
Introduction This business continuity plan contains the essential procedures and ac tivities needed to recover [Company XX] business operations in the event of an emergency or disaster situation. The plan document follows a phased response response approach to a disaster or disruptive event. The [Company XX] business continuity plan consists of several plan documents as follows: 1. Busi Busines nesss cont contin inuit uity y plan plan (this plan) 2. Emerg Emergency ency respons responsee plan plan (refer (referenc enced) ed) 3. Site Site crisis crisis manage managemen mentt plan plan (refere (referenced nced)) 4. Busine Business ss area area recovery recovery plan plan(s) (s) (refe (referen renced) ced)
©Sentryx 2007 All rights reserved
7
Business Continuity Policy Purpose [Company XX] is committed to safeguarding the interests of shareholders, clients, customers, and vendors in the event of an emergency emergency or business disruption. disruption. [Company XX] has therefore therefore established a comprehensive organization-wide business continuity program to protect staff, safeguard corporate assets and environment, and to ensure continuous availability of its products and services. To support the business continuity program, [Company XX] recognizes the need for an effective business continuity capability and provides this corporate business continuity policy.
Scope This business continuity policy applies to all aspects of business functions and services across the entire organization. [Company XX] shall define, approve, and implement business continuity plan(s) which include essential activities, procedures, and tasks necessary to ensure critical operations and services are resumed resumed after a business disruption. Each plan shall reside in a common company database accessible to recovery staff.
Executive Sponsor [Company XX] assigns a senior management member to be the “Executive Sponsor” who approves, sponsors, and provides full support for the development and implementation of the organization-wide business continuity program and its constituent parts including this policy and any associated business continuity plan documents including this document. The executive sponsor approves the budget and resources required, and delegates authority to the b usiness continuity coordinator to manage, coordinate, and oversee the business continuity plan document design, development, implementation, maintenance, and assessment.
Document Manager [Company XX] shall appoint a Document Manag er to approve and authorize the BCP document and changes including document revisions.
Review and Compliance The corporate business continuity program policy has established an annual review and assessment for this policy and for the business continuity plan.
Rules Regulations [Company XX – enter rules and regulations regu lations that are specific to your organization here]
Staff Responsible [Company XX] business continuity and recovery teams have the responsibility to know this policy and understand and adhere adhe re to the standards and procedures established in this policy. policy.
©Sentryx 2007 All rights reserved
8
It is the responsibility of all staff to be aware of o f their departments and/or business unit’s unit’s business continuity plan and its associated documents.
Violations Any employee and/or contractor or service provider found to have violated this policy may be subject to legal actions such as termination.
©Sentryx 2007 All rights reserved
9
Business Continuity Plan Purpose The purpose of the business continuity plan is to: 1. Recover essenti essential al or critical critical busines businesss operations operations in a fast fast and efficie efficient nt manner 2. Provide Provide a mechanism mechanism for for management management to direct direct recovery recovery effo efforts rts
Objectives The primary objective of the business continuity plan is to recover critical elements of [Company XX] operations such as: 1. work work area/ area/of offi fice ce servi service ces; s; 2. inform informati ation on techn technolog ology y servi services ces;; and 3. manufac manufactur turing ing and and produc productio tion n servic services. es. Additional objectives are to: 1. ensure that staff staff are are aware aware of alternate alternate arrange arrangements ments 2. ensure that recovery recovery teams teams have suffi sufficient cient resources resources
Assumptions This plan has been developed dev eloped with the following assumptions: •
[Company XX] has conducted a business impact analysis to determine the exposure and impact that may result due to a disruptive event.
•
A summary of the critical functions and processes, maximum tolerable downtimes, recovery time and point objectives, workaround procedures, and critical IT systems, resources, and services have been determined and are listed in this plan.
•
[Company XX] has conducted a risk assessment and has implemented risk controls to reduce or eliminate potential risks to its operations.
•
[Company XX] has selected and implemented suitable recov ery options in the event that a disaster occurs.
•
The business continuity plan has been tested and approved.
•
The recovery teams will be comprised of sufficient number of staff to ensure a satisfactory turnout in the event of a business disruption.
©Sentryx 2007 All rights reserved
10
Scope The scope of this BCP is the [Company XX] facility/site located at [Company XX facility].
©Sentryx 2007 All rights reserved
11
Business Continuity Plan Documents & Crisis Response Phase For the purpose of this template, the crisis response phase h as been defined as the overall phase during which a crisis situation or disaster occurs. During the crisis response phase, several sub phases occur, namely, namely, a disaster response phase, management response phase, and a business bu siness area response phase. During each phase one of several business business continuity plan documents are utilized. The diagram below depicts the crisis response sub-phases and plan docu ments associated with each sub-phase:
Each crisis response sub-phase is described below: 1. Emergency Response Phase This phase is the first phase in managing a crisis. It comprises of the initial few hours after an actual disaster, disaster, or after the threat of a disaster is first identified. The emergency response plan (ERP) is the primary document used during this phase. In this phase, business continuity plan procedures, tasks, and forms are used; the business continuity coordinator and other members of the crisis management team are alerted; and evacuation occurs and/or the disruption is contained.
©Sentryx 2007 All rights reserved
12
2. Management Response Phase In this phase, the crisis management team manages and coordinates all site recovery activities. This phase begins after the initial initial response is is received by the crisis management team. The crisis management plan is the main document used during this phase. 3. Business Area Response Phase In this phase, business area teams recover an d resume business operations. Depending on how large you organization is, you may opt to develop Business area recovery plans and recovery business unit recovery plans or just business unit recovery plans. Business area recovery plans may be used to invoke business business unit plans. Note that this breakdown allows for a more modular structure of activities and is especially useful if your organization is large has many business department and units.
Business Continuity Plan Documents Below is a list of plan documents and an explanation of each: •
Site Emergency Response Plan The ERP is is used to respond to a disaster disaster or disruption. The primary plan o objectives are to: Protect life Provide shelter Evacuate premises Mitigate threat and control extent of damage
•
Site Crisis Management Plan Plan used to manage and coordinate all site recovery activities including activities o such as: Supervising recovery effort Declaring a disaster Invoking other plans Monitoring recovery, recovery, resumption, and normalization activities
•
Business Area/Department/Unit Recovery Plan Plan used to manage and recover business operations within each business o area/department/unit.
©Sentryx 2007 All rights reserved
13
Business Continuity Plan High-level Process Flow During BCP execution, the Crisis Management Center will be opened and CMT team members will gather to determine if a disaster is to be declared. The following diagram illustrates the relationship between the BCP, BCP, Site CMP, CMP, and the Recovery Plans:
Business Continuity Plan Reference Documents The business continuity plan follows a sequence of activities specified in the following documents: 1. Emergency Response Plan (ERP) Refer to [Company XX] Emergency Response Plan
2. Site Crisis Management Plan (SCMP) Refer to [Company XX] Site Crisis Management Plan
3. Business Area Recovery Plan(s) Refer to [Company XX] Business Area Recovery Plan(s)
©Sentryx 2007 All rights reserved
14
Forms F1 – Version Change Control Version control is required in order to maintain integrity and cohesion of this document. The Document Manager should be the only person to approve and authorize changes and distribute revised versions. To reduce the risk that an old version is used, the Document Manager should collect all copies of old versions before distributing distributing new ones. This document shall not be photocopied. Additional copies should be obtained from the Document Manager.
Version Number
Issue Date
Reason for Change
©Sentryx 2007 All rights reserved
Authorized by
15