Free Business Continuity Plan Template
-
Upload
andy-vanderhoff -
Category
Documents
-
view
10.165 -
download
2
description
Transcript of Free Business Continuity Plan Template
Business Continuity Plan
Confidential ©Quantivate 2011 1 | P a g e
Contin
uity
Pla
n fo
r: <in
sert d
epartm
ent n
am
e>
<insert company logo>
Business Continuity Plan for: <insert department name>
Group Owner: <insert owner name>
Revision History
VersionDescription of
ChangeDate Author
Version 1.0 Initial Plan Creation 00/00/2009 Quantivate
Business Continuity Plan
Table of Contents
ContentsTable of Contents..........................................................................................................2
Plan Overview.................................................................................................................3
1.0 Response........................................................................................................................5
1.1 Event Response..........................................................................................................61.2 Life Safety.................................................................................................................81.3 Day to Day or Disaster............................................................................................111.4 Engage Management...............................................................................................12
2.0 Continuity and Recovery Process................................................................................13
2.1 Assess Impact..........................................................................................................142.2 Resume Process.......................................................................................................152.3 Validate....................................................................................................................162.4 Restore.....................................................................................................................17
3.0 Continuity and Recovery Steps...................................................................................18
Continuity......................................................................................................................19Name: Business Process Name Goes Here................................................................19Name: Add First Dependency Name here.................................................................20
4.0 Reports.........................................................................................................................21
Call Lists........................................................................................................................22Employee List............................................................................................................22Vendor List................................................................................................................22
5.0 Forms...........................................................................................................................23
Form A: Initial Briefing.................................................................................................25Form B: Meeting or Conference Briefing.....................................................................26Form C: Initial Assessment...........................................................................................27Form D: Damage Assessment.......................................................................................28Form E: Skill Set Inventory...........................................................................................29Form F: Staffing Schedule.............................................................................................30Form G: Event Log........................................................................................................31Form H: Expense Log....................................................................................................32Form I: Deactivation Checklist......................................................................................33Form J: After Action Checklist......................................................................................34
Confidential ©Quantivate 2011 2 | P a g e
Business Continuity Plan
Plan Overview
Confidential ©Quantivate 2011 3 | P a g e
Business Continuity Plan
Introduction:The BC plan owner is responsible for all aspects of the BC plan, and for keeping plan information current. Each plan will be reviewed and updated yearly as technology components, processes or staff is changed. Plans should be updated after each exercise, event, or after a change/update in the BC plan.
Purpose:This BC plan will establish appropriate departmental responsibilities to respond and recover from emergencies and disasters.
Limitations:No guarantee of a perfect response system is expressed or implied by this plan or any of its appendices, implementing instructions, or Procedures. Since company assets and systems are vulnerable to natural and technological disasters, they may be overwhelmed. BC plan owners and staff can only attempt to make every responsible effort to respond based on the situation, information, and resources available at the time of disaster.
How to use the plan:This BC Plan is a process based plan that allows users to follow a standard sequence of steps if a disaster were to take place. The BC Plan is broken into 5 different sections (see below): Sections 1 & 2 are static action steps that direct staff actions, section 3 holds the detailed recovery steps for each asset, section 4 holds the reports for departments, and section 5 contains the forms used during the event of a disaster. Some steps in this BC plan will be performed many times or not at all, depending on the situation.
BC Plan Plan Tab Sections
Definitions Detail Areas Information/Data
Section 1 Response Process
Event Response, Life Safety, Day to Day or Disaster, Engage Management
Static Data
Section 2Continuity and Recovery Process
Assess Impact, Resume Processes, Validate, Restore Static Data
Section 3 Continuity and Recovery Steps
Assess Impact, Resume Processes, Validate, Restore
Dynamic Continuity Data
Section 4 Reports Call List, BIA, Solutions, Gaps, About this Plan Reports
Section 5 Forms
Briefing Template, Initial Assessment, Damage Assessment, Skill Set Inventory, Staffing Schedule, Event Log, Expense Log, Deactivation Checklist, After Action Checklist
Static Data
This plan and the documents embedded within it are backed up daily. However, for immediate availability in the wake of a disaster or event, it is the responsibility of the Plan Owner to ensure that copies of the response and recovery plan are available in electronic or hard copy format. The Plan Owner is also responsible for ensuring that all external documents, vital records, and links referenced (example: Standard Operating Procedures) in the plan are backed up and accessible.
Confidential ©Quantivate 2011 4 | P a g e
Business Continuity Plan
1.0 Response
Confidential ©Quantivate 2011 5 | P a g e
Business Continuity Plan
1.1 Event Response
(Section 1.1 directs employees initial response to an incident, event or problem)Step
#Action Step Source Notes
1. Contact the correct internal or external group & report the incident, event or problem:
......................
FOR ALL EMERGENCIES CALL 911
FIRE, POLICE OR EMT:
When reporting an emergency make sure you give them your building location, floor, and organization name
(Non-emergency) If a problem occurs with 911 when you are trying to reach the Fire Department / Emergency Medical Technician (EMT), call: (xxx) xxx-xxxx
In a non-emergency situation, if a problem occurs with 911, call: (xxx) xxx-xxxx
State Emergency Management: (xxx) xxx-xxxx FEMA Region X - (xxx) xxx-xxxx County Emergency Management
o Web: o Phone: (xxx) xxx-xxxx
SECURITY:
Physical Security: o Alert onsite Managero Management will contact Facility Team
FACILITIES:
Facilities Service o Alert onsite Managero Management will contact Facility Team
TECHNOLOGY:
Contact List (See Forms Section)
Confidential ©Quantivate 2011 6 | P a g e
Business Continuity Plan
Help Desk: (xxx) xxx-xxxx
HUMAN RESOURCES:
(xxx) xxx-xxxx
EMPLOYEE EMERGENCY INFORMATION:
(xxx) xxx-xxxx
HOSPITALS:
(xxx) xxx-xxxx
ADDITIONAL EMERGENCY TELEPHONE NUMBERS:
Poison Control: (xxx) xxx-xxxx National Response Center (Toxic Chemical and Oil
Spills): (xxx) xxx-xxxx American Red Cross: (xxx) xxx-xxxx
PANDEMIC INFLUENZA :
County Information Web Address:
Confidential ©Quantivate 2011 7 | P a g e
Business Continuity Plan
1.2 Life Safety
(Section 1.2 directs employees to prepare for, respond to and recover from life threatening incidents)
Step #
Action Step Source
Notes
1. Accounting for Personnel: ......................
The following items list the tasks to be performed by the Evacuation Meeting Place Leader or Alternate Evacuation Meeting Place Leader.
� Include Steps here:2. Reacting to the Disaster:
When an emergency or disaster occurs (or is pending), please remain calm. Above all, personal safety is the first concern. The following procedures are to be used as time and safety permit. If evacuation is necessary, proceed to the nearest safe exit. Leave the building and report to your Evacuation Meeting Place.
For a specific emergency listed below utilize the following procedures in step number three.
Evacuation Power failure Equipment failure Fire Severe thunderstorms / high winds Bomb threat Suspicious letters or packages Hurricanes and floods
Remember - In the event of an evacuation, the Manager will be attempting to account for personnel. So please, remain at the site listed below until you receive further instructions.
3. Actions for Specific Disasters: In Case of Fire:
Preemptive Actions
1. All areas of the building should be reviewed on a regular basis to ensure combustible materials are stored safely,
Confidential ©Quantivate 2011 8 | P a g e
Business Continuity Plan
electrical outlets are not overloaded, all electrical cords are in good condition, and all exits are clear.
2. Management should request the local fire department to inspect the building annually and recommend any corrective actions.
3. Management should ensure all employees receive annual training in the location and use of fire extinguishers.
4. Evacuation route maps should be posted in several places on each floor and employees should be made aware of the placement locations.
5. Fire drills should be conducted at least semi-annually.6. All employees should be made aware that there are three
types of fires: 1. CLASS A. Fires involving ordinary combustibles such
as paper, wood, and cloth, which can usually be extinguished with water.
2. CLASS B. Fires involving flammable liquids such as gasoline, oil, alcohol, benzene and ether, which are extinguished by smothering with a carbon dioxide or dry chemical fire extinguisher.
3. CLASS C. Fires involving electrical equipment, appliances and wiring. These are extinguished by the use of a non-conductive extinguishing agent such as a carbon dioxide or dry chemical fire extinguisher.
During the Event
1. Remove any member or employee who might be in immediate danger from the fire and close the door to the office or room.
2. Use a fire extinguisher to try to contain the fire, if possible.3. If the fire extinguisher is not sufficient to put out the fire,
call the fire department using 911. 4. Notify the entire building, by telephone if possible. If the
telephone system is not operable, the individual discovering the fire will have someone go to each floor with the message.
5. Guide and assist in the evacuation of members from the building to a safe location such as the Evacuation Meeting Place. If the smoke is thick, drop to the floor and crawl to the nearest exit. Cover your mouth to avoid inhaling smoke and gases.
The remaining steps should be done only if time permits!
1. Store all files, records, reports and other items in fireproof safes.
2. If time permits, sign off at your workstations.3. Lock all fireproof safes.4. Close all exterior office doors.5. Check all non-working areas to make sure all personnel
have been alerted (employee lounge, rest rooms, etc.).
Confidential ©Quantivate 2011 9 | P a g e
Business Continuity Plan
6. Evacuate the building. Go to the Evacuation Meeting Place and wait for further instructions.
At the Evacuation Meeting Place, the Managers from each department will attempt to account for all personnel.
In Case of Thunderstorms/ High Winds:
Preemptive Actions
1. Include Steps Here
During the Event
1. Include Steps Here
The remaining steps should be done only if time permits!
1. Include Steps Here
At the Evacuation Meeting Place, the Managers from each department will attempt to account for all personnel.
In Case of Bomb Threat:
During the Event
1. Include Steps Here
The remaining steps should be done only if time permits!
1. Include Steps Here
In Case of Equipment Failure:
Preemptive Actions
1. Include Steps Here
In Case of Suspicious Letters or Packages:
1. Include Steps Here
Confidential ©Quantivate 2011 10 | P a g e
Business Continuity Plan
Confidential ©Quantivate 2011 11 | P a g e
Business Continuity Plan
1.3 Day to Day or Disaster
(Section 1.3 guides plan owners in establishing the incident/event as a disaster (or not) and whether or not to escalate to the Senior Management Team accordingly)
Step #
Action Step Source Notes
1. Conduct Initial Evaluation: ......................
Activate & mobilize plan members as needed.
Manager or Staff:
1. Include Steps Here
Conference Bridge Number (See Reports: Call List)
Initial Assessment (See Forms section)
Initial Briefing (See Forms section)
2. Day to Day Problem or Disaster? Review the following criteria to decide if the event is a disaster.
Disaster criteria:
1. Include Criteria Here
Contact List (See Reports Section)
Initial Assessment (Completed Form)
3. Execute Standard Operating Procedures (SOPs)
Follow day to day standard operating procedures (SOPs)
Current Standard Operating Procedures (SOPs)
4. Problem Resolution Is the problem currently resolved?
1. Include Steps Here
5. Return to Normal Return to normal & take no further action.
Consider completing a root cause analysis on problem(s) or document lessons learned
Current Standard Operating Procedures (SOPs)
Confidential ©Quantivate 2011 12 | P a g e
Business Continuity Plan
from the day to day event.
Confidential ©Quantivate 2011 13 | P a g e
Business Continuity Plan
1.4 Engage Management
(Section 1.4 directs the plan owner to assess the impact on: Processes and Technology, Components, and Customers)
Step #
Action Step Source Notes
1. Assess Impact ......................
Capture the assessment of the following on the Damage Assessment Form:
2. Include Steps Here
Are the Continuity and Recovery Strategies documented in the Recovery Step section appropriate for the event?
1. Include Criteria Here
Technology and Dependency Report (See Reports Section)
Damage Assessment Form (See Forms Section)
Contact List (See Reports Section)
2. Engage Senior Management Team ......................
1. Include Steps HereDamage Assessment Form (See Forms Section)
3. Analyzing Triggers ......................
The following triggers are guides for determining whether or not to declare a
disaster:
Disaster criterion:
Include Criteria Here
This disaster criterion is a guide; your best judgment should take precedence.
Form A Initial Briefing (Completed Earlier)
Form D: Damage Assessment (Completed Earlier)
Section 1.3 "Execute Standard Operating Procedures"
Confidential ©Quantivate 2011 14 | P a g e
Business Continuity Plan
2.0 Continuity and Recovery Process
Confidential ©Quantivate 2011 15 | P a g e
Business Continuity Plan
2.1 Assess Impact
(Section 2.1 directs the Plan Owner and staff to activate team members. Depending on the situation, the Plan Owner, staff or Senior Management Team will contact the customers to
coordinate resumption and recovery efforts.)Step
#Action Step Source Notes
1. Activate & Notify ......................
Activate Team, Notify Employees, Customers and Dependencies
Include Steps Here
Form A: Incident Briefing (See Forms Section)
Call List (See Reports Section)
Form G: Event Log (See Forms Section)
Form E: Skill Set Inventory (See Forms Section)
Confidential ©Quantivate 2011 16 | P a g e
Business Continuity Plan
2.2 Resume Process
(Section 2.2 informs Plan Owners and staff how to use the predefined steps for process dependency, continuity, and technology recovery)
Step #
Action Step Source Notes
1. Implementing Continuity and Recovery Steps
......................
Implement Continuity & Recovery Steps on process and assets you depend upon by going to SECTION 3: CONTINUITY & RECOVERY STEPS
Include Steps Here
Section 3: Continuity & Recovery Steps (Step #1 Pre-Continuity Checklist Impact Assessment)
2. Continue to Implement Continuity and Recovery
......................
During implementation:
Include Steps Here
Form A: Incident Briefing (See Forms Section)
Call List (See Reports Section)
Form G: Event Log (See Forms Section)
Form H: Expense Report (See Forms Section)
Confidential ©Quantivate 2011 17 | P a g e
Business Continuity Plan
2.3 Validate
(Section 2.3 directs the plan owner and staff to validate process dependencies and technology components)
Step #
Action Step Source Notes
1. Validate Continuity and Recovery Strategies/Steps
......................
1. Include Steps Here
Section 3: Continuity & Recovery Steps (Step #3 Recovery & Communicate Steps)
Call List (See Reports Section)
Processes, Dependencies and customers (See Reports, BIA Report)
2. Resume Processes and put Technology into Production
......................
1. Include Steps Here Processes, Dependencies and
Customers (See Reports, BIA Report)
3. Monitor & Support ......................
1. Include Steps Here Contact List (See Reports Section)
Current Standard Operating Procedures (SOPs)
4. Shift from Continuity/Recovery to Restoration
......................
1. Include Steps Here Section 2.4: Restore (Step #1
Restoration of Processes)
5. Return to Normal ......................
Deactivate all event activities if all of the following criteria is met:
DEACTIVATE CRITERIA:
1. Include Steps Here
Call List (See Report Section)
Section: 2.3 Validate, Step # 3 Monitor & Support
Confidential ©Quantivate 2011 18 | P a g e
Business Continuity Plan
2.4 Restore
(Section 2.4 directs the plan owner to restore from the alternate site back to a new or repaired original site. The primary goal in this stage is to return to normal operations in the
new or repaired site.)Step
#Action Step Source Notes
1. Restoration of processes and technology to the primary/restored site:
......................
1. Include Steps Here
Contact List (See Reports Section)
Process Restoration Steps (Sec. 3: Recovery Steps)
2. Return Implementation ......................
Pre Return Implementation activities & reminders:
1. Include Steps Here
Contact List (See Reports Section)
Process Restoration Steps (Section 3: Recovery Steps
Application Restoration Steps (Section 3: Recovery Steps)
3. Restoration ......................
Ensure processes are stable and technology is recovered to the primary or rebuilt location.Include Steps Here
Contact List (See Reports Section)
Process Restoration Steps (Section 3: Recovery Steps)
4. Return to Normal ......................
Deactivate event activities if all of the following criteria is met:
Call List (See Report Section)
Form J: After Action
Confidential ©Quantivate 2011 19 | P a g e
Business Continuity Plan
1. Include Steps Here
Checklist (Forms Section)
Form I: Deactivation Checklist (Forms Section)
Confidential ©Quantivate 2011 20 | P a g e
Business Continuity Plan
3.0 Continuity and Recovery Steps
Confidential ©Quantivate 2011 21 | P a g e
Business Continuity Plan
Continuity
Name: <Insert Business Process Name> Section Complete
Date:____/____/___
Time:____:____ ___
Completed by:
Process Number: 1 of XCriticality: Criticality Ranking goes here
Owner: Human Resources
Process Continuity - This section includes the steps to ensure the process can continue in the event of a disaster.
Process Continuity Steps Sources NotesNote the dependencies that will need to have their continuity solutions implemented during process recovery:
1. Repeat section for each process in the department plan.
Confidential ©Quantivate 2011 22 | P a g e
Business Continuity Plan
Name: <Insert Dependency Name> Section Complete
Date:____/____/___
Time:____:____ ___
Completed by:
Parent Process: Add process name HereDependency Number: 1 of XOwner: Add Owner Name HereContinuity Solution: Add Solution Here
Continuity Steps - The steps to ensure that the 3rd Party Web Hosted applications required for continuing day to day operations have workaround steps.
Continuity Steps Sources Notes Solution for continuing the process if the dependency is not available:
1. Include Steps Here
Standard Operating Procedures
Confidential ©Quantivate 2011 23 | P a g e
Business Continuity Plan
4.0 Reports
Confidential ©Quantivate 2011 24 | P a g e
Business Continuity Plan
Call Lists
Employee ListEmployee Name Division Work Phone Home Phone Cell Phone State Add Employee Call List Data Here
Vendor ListVendor Name Vendor Contact Name Phone Email State Add Vendor Call List Data Here - - - -
Confidential ©Quantivate 2011 25 | P a g e
Business Continuity Plan
5.0 Forms
Confidential ©Quantivate 2011 26 | P a g e
Business Continuity Plan
Overview
This section contains the forms referenced in the source column through the response and recovery action steps found in the plan. The source column is used to capture information, location and/or materials required or helpful for accomplishing the action step. The forms below are built to be used as wall charts which are blown up and utilized to display useful information.
Table of Contents:
Briefing Templates
Form A: Initial Briefing
Form B: Meeting or Conference Briefing
Form C: Initial Assessment
Form D: Damage Assessment
Form E: Skill Set Inventory
Form F: Staffing Schedule
Form G: Event Log
Form H: Expense Log
Form I: Deactivation Checklist
Form J: After Action Checklist
Confidential ©Quantivate 2011 27 | P a g e
Business Continuity Plan
Form A: Initial Briefing
Location: ________________ Date: _____/___/_______ Time: ______________________
Completed by: ___________ Contact#: _____________ Dept/Plan Name: _____________
The following is a checklist of items for discussion during the initial briefing.
Document Present Situation and Actions NeededPresent Situation:
Immediate Needs or Actions:
Reminders Senior Management Roles
Life Safety is the #1 concern Use Event Log Use Expense Log (purchasing is approved at the management
level) Use Skill Set Inventory Log Complete Staffing Schedule Participate in working meetings and conference calls Validate conference bridge #’s Validate reoccurring meeting times Participate as requested on management status meetings Raise issues, concerns and problems in working meetings &
status meetings Assess impact & communicate ASAP Review and validate current recovery strategy Communicate to management, lead or supervisor, gather
facts, set priorities and implement response and recovery steps
Executive Crisis Manager:_____________
Legal:_____________
Business Continuity / Disaster Recovery:_____________
Finance:_____________
Claims:_____________
Public Relations / Media:_____________
Information / Documentation / Communications:_____________
Technology:_____________
Security:_____________
Travel and Food:_____________
Human Resources:_____________
Life Safety:_____________
Business Operations::_____________
Sales and Marketing:_____________
End Form: A
Confidential ©Quantivate 2011 28 | P a g e
Business Continuity Plan
Form B: Meeting or Conference Briefing
Location: ________________ Date: _____/___/_______ Time: ______________________
Completed by: ___________ Contact#: _____________ Dept/Plan Name: _____________
The following is a checklist of items for discussion during a standard working meeting, status meeting, or briefing meeting. Meeting Preparation: Invite Teams to Meetings or Conference calls, Conduct roll call, Make sure All Life Safety is being addressed, See Detail Assessment
Control #
Current Situation (Detail
Assessment)
Impact Description (Down or Up) (Risk Elements)
Recommended Resolution (Use
Current BC Solution/Steps or
Rebuild BC Solution/Steps)
Resource Requirements (what will be
need)
Priority (H-M-L)
Approved (EOC
Approves or Not)
1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11.
Meeting with ECO
Discuss Recommendation ECO:Get Approval from ECO:Build Action Plans to Meet Objectives Set by the ECO:
Action Plan Assigned to Milestones or Deliverables
ET to Implement
Status Resource Required
1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11.
End Form: BReminder: Document and report current situation, and work with EOC to determine priorities and objectives.
Confidential ©Quantivate 2011 29 | P a g e
Business Continuity Plan
Form C: Initial Assessment
1. Include Form here
Confidential ©Quantivate 2011 30 | P a g e
Business Continuity Plan
Form D: Damage Assessment1. Include Form here
Confidential ©Quantivate 2011 31 | P a g e
Business Continuity Plan
Form E: Skill Set Inventory1. Include Form here
Confidential ©Quantivate 2011 32 | P a g e
Business Continuity Plan
Form F: Staffing Schedule1. Include Form here
Confidential ©Quantivate 2011 33 | P a g e
Business Continuity Plan
Form G: Event Log1. Include Form here
Confidential ©Quantivate 2011 34 | P a g e
Business Continuity Plan
Form H: Expense Log1. Include Form here
Confidential ©Quantivate 2011 35 | P a g e
Business Continuity Plan
Form I: Deactivation Checklist1. Include Form here
Confidential ©Quantivate 2011 36 | P a g e
Business Continuity Plan
Form J: After Action Checklist1. Include Form here
Confidential ©Quantivate 2010 37 | P a g e
Forms Reports Continuity and RecoverySteps
Continuity and Recovery Process
Response
Last Page
INSERT IN BINDER BACK COVER