Free Business Continuity Plan Template

Business Continuity Plan

Confidential ©Quantivate 2011 1 | P a g e

Contin

uity

Pla

n fo

r: <in

sert d

epartm

ent n

am

e>

<insert company logo>

Business Continuity Plan for: <insert department name>

Group Owner: <insert owner name>

Revision History

VersionDescription of

ChangeDate Author

Version 1.0 Initial Plan Creation 00/00/2009 Quantivate


Table of Contents

ContentsTable of Contents..........................................................................................................2

Plan Overview.................................................................................................................3

1.0 Response........................................................................................................................5

1.1 Event Response..........................................................................................................61.2 Life Safety.................................................................................................................81.3 Day to Day or Disaster............................................................................................111.4 Engage Management...............................................................................................12

2.0 Continuity and Recovery Process................................................................................13

2.1 Assess Impact..........................................................................................................142.2 Resume Process.......................................................................................................152.3 Validate....................................................................................................................162.4 Restore.....................................................................................................................17

3.0 Continuity and Recovery Steps...................................................................................18

Continuity......................................................................................................................19Name: Business Process Name Goes Here................................................................19Name: Add First Dependency Name here.................................................................20

4.0 Reports.........................................................................................................................21

Call Lists........................................................................................................................22Employee List............................................................................................................22Vendor List................................................................................................................22

5.0 Forms...........................................................................................................................23

Form A: Initial Briefing.................................................................................................25Form B: Meeting or Conference Briefing.....................................................................26Form C: Initial Assessment...........................................................................................27Form D: Damage Assessment.......................................................................................28Form E: Skill Set Inventory...........................................................................................29Form F: Staffing Schedule.............................................................................................30Form G: Event Log........................................................................................................31Form H: Expense Log....................................................................................................32Form I: Deactivation Checklist......................................................................................33Form J: After Action Checklist......................................................................................34



Plan Overview



Introduction:The BC plan owner is responsible for all aspects of the BC plan, and for keeping plan information current. Each plan will be reviewed and updated yearly as technology components, processes or staff is changed. Plans should be updated after each exercise, event, or after a change/update in the BC plan.

Purpose:This BC plan will establish appropriate departmental responsibilities to respond and recover from emergencies and disasters.

Limitations:No guarantee of a perfect response system is expressed or implied by this plan or any of its appendices, implementing instructions, or Procedures. Since company assets and systems are vulnerable to natural and technological disasters, they may be overwhelmed. BC plan owners and staff can only attempt to make every responsible effort to respond based on the situation, information, and resources available at the time of disaster.

How to use the plan:This BC Plan is a process based plan that allows users to follow a standard sequence of steps if a disaster were to take place. The BC Plan is broken into 5 different sections (see below): Sections 1 & 2 are static action steps that direct staff actions, section 3 holds the detailed recovery steps for each asset, section 4 holds the reports for departments, and section 5 contains the forms used during the event of a disaster. Some steps in this BC plan will be performed many times or not at all, depending on the situation.

BC Plan Plan Tab Sections

Definitions Detail Areas Information/Data

Section 1 Response Process

Event Response, Life Safety, Day to Day or Disaster, Engage Management

Static Data

Section 2Continuity and Recovery Process

Assess Impact, Resume Processes, Validate, Restore Static Data

Section 3 Continuity and Recovery Steps

Assess Impact, Resume Processes, Validate, Restore

Dynamic Continuity Data

Section 4 Reports Call List, BIA, Solutions, Gaps, About this Plan Reports

Section 5 Forms

Briefing Template, Initial Assessment, Damage Assessment, Skill Set Inventory, Staffing Schedule, Event Log, Expense Log, Deactivation Checklist, After Action Checklist

Static Data

This plan and the documents embedded within it are backed up daily. However, for immediate availability in the wake of a disaster or event, it is the responsibility of the Plan Owner to ensure that copies of the response and recovery plan are available in electronic or hard copy format. The Plan Owner is also responsible for ensuring that all external documents, vital records, and links referenced (example: Standard Operating Procedures) in the plan are backed up and accessible.



1.0 Response



1.1 Event Response

(Section 1.1 directs employees initial response to an incident, event or problem)Step

#Action Step Source Notes

1. Contact the correct internal or external group & report the incident, event or problem:

......................

FOR ALL EMERGENCIES CALL 911

FIRE, POLICE OR EMT:

When reporting an emergency make sure you give them your building location, floor, and organization name

(Non-emergency) If a problem occurs with 911 when you are trying to reach the Fire Department / Emergency Medical Technician (EMT), call: (xxx) xxx-xxxx

In a non-emergency situation, if a problem occurs with 911, call: (xxx) xxx-xxxx

State Emergency Management: (xxx) xxx-xxxx FEMA Region X - (xxx) xxx-xxxx County Emergency Management

o Web: o Phone: (xxx) xxx-xxxx

SECURITY:

Physical Security: o Alert onsite Managero Management will contact Facility Team

FACILITIES:

Facilities Service o Alert onsite Managero Management will contact Facility Team

TECHNOLOGY:

Contact List (See Forms Section)



Help Desk: (xxx) xxx-xxxx

HUMAN RESOURCES:

(xxx) xxx-xxxx

EMPLOYEE EMERGENCY INFORMATION:

(xxx) xxx-xxxx

HOSPITALS:

(xxx) xxx-xxxx

ADDITIONAL EMERGENCY TELEPHONE NUMBERS:

Poison Control: (xxx) xxx-xxxx National Response Center (Toxic Chemical and Oil

Spills): (xxx) xxx-xxxx American Red Cross: (xxx) xxx-xxxx

PANDEMIC INFLUENZA :

County Information Web Address:



1.2 Life Safety

(Section 1.2 directs employees to prepare for, respond to and recover from life threatening incidents)

Step #

Action Step Source

Notes

1. Accounting for Personnel: ......................

The following items list the tasks to be performed by the Evacuation Meeting Place Leader or Alternate Evacuation Meeting Place Leader.

� Include Steps here:2. Reacting to the Disaster:

When an emergency or disaster occurs (or is pending), please remain calm. Above all, personal safety is the first concern. The following procedures are to be used as time and safety permit. If evacuation is necessary, proceed to the nearest safe exit. Leave the building and report to your Evacuation Meeting Place.

For a specific emergency listed below utilize the following procedures in step number three.

Evacuation Power failure Equipment failure Fire Severe thunderstorms / high winds Bomb threat Suspicious letters or packages Hurricanes and floods

Remember - In the event of an evacuation, the Manager will be attempting to account for personnel. So please, remain at the site listed below until you receive further instructions.

3. Actions for Specific Disasters: In Case of Fire:

Preemptive Actions

1. All areas of the building should be reviewed on a regular basis to ensure combustible materials are stored safely,



electrical outlets are not overloaded, all electrical cords are in good condition, and all exits are clear.

2. Management should request the local fire department to inspect the building annually and recommend any corrective actions.

3. Management should ensure all employees receive annual training in the location and use of fire extinguishers.

4. Evacuation route maps should be posted in several places on each floor and employees should be made aware of the placement locations.

5. Fire drills should be conducted at least semi-annually.6. All employees should be made aware that there are three

types of fires: 1. CLASS A. Fires involving ordinary combustibles such

as paper, wood, and cloth, which can usually be extinguished with water.

2. CLASS B. Fires involving flammable liquids such as gasoline, oil, alcohol, benzene and ether, which are extinguished by smothering with a carbon dioxide or dry chemical fire extinguisher.

3. CLASS C. Fires involving electrical equipment, appliances and wiring. These are extinguished by the use of a non-conductive extinguishing agent such as a carbon dioxide or dry chemical fire extinguisher.

During the Event

1. Remove any member or employee who might be in immediate danger from the fire and close the door to the office or room.

2. Use a fire extinguisher to try to contain the fire, if possible.3. If the fire extinguisher is not sufficient to put out the fire,

call the fire department using 911. 4. Notify the entire building, by telephone if possible. If the

telephone system is not operable, the individual discovering the fire will have someone go to each floor with the message.

5. Guide and assist in the evacuation of members from the building to a safe location such as the Evacuation Meeting Place. If the smoke is thick, drop to the floor and crawl to the nearest exit. Cover your mouth to avoid inhaling smoke and gases.

The remaining steps should be done only if time permits!

1. Store all files, records, reports and other items in fireproof safes.

2. If time permits, sign off at your workstations.3. Lock all fireproof safes.4. Close all exterior office doors.5. Check all non-working areas to make sure all personnel

have been alerted (employee lounge, rest rooms, etc.).



6. Evacuate the building. Go to the Evacuation Meeting Place and wait for further instructions.

At the Evacuation Meeting Place, the Managers from each department will attempt to account for all personnel.

In Case of Thunderstorms/ High Winds:

Preemptive Actions

1. Include Steps Here

During the Event




At the Evacuation Meeting Place, the Managers from each department will attempt to account for all personnel.

In Case of Bomb Threat:

During the Event




In Case of Equipment Failure:

Preemptive Actions


In Case of Suspicious Letters or Packages:




1.3 Day to Day or Disaster

(Section 1.3 guides plan owners in establishing the incident/event as a disaster (or not) and whether or not to escalate to the Senior Management Team accordingly)

Step #

Action Step Source Notes

1. Conduct Initial Evaluation: ......................

Activate & mobilize plan members as needed.

Manager or Staff:


Conference Bridge Number (See Reports: Call List)

Initial Assessment (See Forms section)

Initial Briefing (See Forms section)

2. Day to Day Problem or Disaster? Review the following criteria to decide if the event is a disaster.

Disaster criteria:

1. Include Criteria Here

Contact List (See Reports Section)

Initial Assessment (Completed Form)

3. Execute Standard Operating Procedures (SOPs)

Follow day to day standard operating procedures (SOPs)

Current Standard Operating Procedures (SOPs)

4. Problem Resolution Is the problem currently resolved?


5. Return to Normal Return to normal & take no further action.

Consider completing a root cause analysis on problem(s) or document lessons learned




from the day to day event.



1.4 Engage Management

(Section 1.4 directs the plan owner to assess the impact on: Processes and Technology, Components, and Customers)

Step #


1. Assess Impact ......................

Capture the assessment of the following on the Damage Assessment Form:


Are the Continuity and Recovery Strategies documented in the Recovery Step section appropriate for the event?

1. Include Criteria Here

Technology and Dependency Report (See Reports Section)

Damage Assessment Form (See Forms Section)


2. Engage Senior Management Team ......................

1. Include Steps HereDamage Assessment Form (See Forms Section)

3. Analyzing Triggers ......................

The following triggers are guides for determining whether or not to declare a

disaster:

Disaster criterion:

Include Criteria Here

This disaster criterion is a guide; your best judgment should take precedence.

Form A Initial Briefing (Completed Earlier)

Form D: Damage Assessment (Completed Earlier)

Section 1.3 "Execute Standard Operating Procedures"



2.0 Continuity and Recovery Process



2.1 Assess Impact

(Section 2.1 directs the Plan Owner and staff to activate team members. Depending on the situation, the Plan Owner, staff or Senior Management Team will contact the customers to

coordinate resumption and recovery efforts.)Step


1. Activate & Notify ......................

Activate Team, Notify Employees, Customers and Dependencies

Include Steps Here

Form A: Incident Briefing (See Forms Section)

Call List (See Reports Section)

Form G: Event Log (See Forms Section)

Form E: Skill Set Inventory (See Forms Section)



2.2 Resume Process

(Section 2.2 informs Plan Owners and staff how to use the predefined steps for process dependency, continuity, and technology recovery)

Step #


1. Implementing Continuity and Recovery Steps

......................

Implement Continuity & Recovery Steps on process and assets you depend upon by going to SECTION 3: CONTINUITY & RECOVERY STEPS

Include Steps Here

Section 3: Continuity & Recovery Steps (Step #1 Pre-Continuity Checklist Impact Assessment)

2. Continue to Implement Continuity and Recovery

......................

During implementation:

Include Steps Here

Form A: Incident Briefing (See Forms Section)


Form G: Event Log (See Forms Section)

Form H: Expense Report (See Forms Section)



2.3 Validate

(Section 2.3 directs the plan owner and staff to validate process dependencies and technology components)

Step #


1. Validate Continuity and Recovery Strategies/Steps

......................


Section 3: Continuity & Recovery Steps (Step #3 Recovery & Communicate Steps)


Processes, Dependencies and customers (See Reports, BIA Report)

2. Resume Processes and put Technology into Production

......................

1. Include Steps Here Processes, Dependencies and

Customers (See Reports, BIA Report)

3. Monitor & Support ......................

1. Include Steps Here Contact List (See Reports Section)


4. Shift from Continuity/Recovery to Restoration

......................

1. Include Steps Here Section 2.4: Restore (Step #1

Restoration of Processes)

5. Return to Normal ......................

Deactivate all event activities if all of the following criteria is met:

DEACTIVATE CRITERIA:


Call List (See Report Section)

Section: 2.3 Validate, Step # 3 Monitor & Support



2.4 Restore

(Section 2.4 directs the plan owner to restore from the alternate site back to a new or repaired original site. The primary goal in this stage is to return to normal operations in the

new or repaired site.)Step


1. Restoration of processes and technology to the primary/restored site:

......................



Process Restoration Steps (Sec. 3: Recovery Steps)

2. Return Implementation ......................

Pre Return Implementation activities & reminders:



Process Restoration Steps (Section 3: Recovery Steps

Application Restoration Steps (Section 3: Recovery Steps)

3. Restoration ......................

Ensure processes are stable and technology is recovered to the primary or rebuilt location.Include Steps Here


Process Restoration Steps (Section 3: Recovery Steps)

4. Return to Normal ......................

Deactivate event activities if all of the following criteria is met:

Call List (See Report Section)

Form J: After Action




Checklist (Forms Section)

Form I: Deactivation Checklist (Forms Section)



3.0 Continuity and Recovery Steps



Continuity

Name: <Insert Business Process Name> Section Complete

Date:____/____/___

Time:____:____ ___

Completed by:

Process Number: 1 of XCriticality: Criticality Ranking goes here

Owner: Human Resources

Process Continuity - This section includes the steps to ensure the process can continue in the event of a disaster.

Process Continuity Steps Sources NotesNote the dependencies that will need to have their continuity solutions implemented during process recovery:

1. Repeat section for each process in the department plan.



Name: <Insert Dependency Name> Section Complete

Date:____/____/___

Time:____:____ ___

Completed by:

Parent Process: Add process name HereDependency Number: 1 of XOwner: Add Owner Name HereContinuity Solution: Add Solution Here

Continuity Steps - The steps to ensure that the 3rd Party Web Hosted applications required for continuing day to day operations have workaround steps.

Continuity Steps Sources Notes Solution for continuing the process if the dependency is not available:


Standard Operating Procedures



4.0 Reports



Call Lists

Employee ListEmployee Name Division Work Phone Home Phone Cell Phone State Add Employee Call List Data Here

Vendor ListVendor Name Vendor Contact Name Phone Email State Add Vendor Call List Data Here - - - -



5.0 Forms



Overview

This section contains the forms referenced in the source column through the response and recovery action steps found in the plan. The source column is used to capture information, location and/or materials required or helpful for accomplishing the action step. The forms below are built to be used as wall charts which are blown up and utilized to display useful information.

Table of Contents:

Briefing Templates

Form A: Initial Briefing

Form B: Meeting or Conference Briefing

Form C: Initial Assessment

Form D: Damage Assessment

Form E: Skill Set Inventory

Form F: Staffing Schedule

Form G: Event Log

Form H: Expense Log

Form I: Deactivation Checklist

Form J: After Action Checklist



Form A: Initial Briefing

Location: ________________ Date: _____/___/_______ Time: ______________________

Completed by: ___________ Contact#: _____________ Dept/Plan Name: _____________

The following is a checklist of items for discussion during the initial briefing.

Document Present Situation and Actions NeededPresent Situation:

Immediate Needs or Actions:

Reminders Senior Management Roles

Life Safety is the #1 concern Use Event Log Use Expense Log (purchasing is approved at the management

level) Use Skill Set Inventory Log Complete Staffing Schedule Participate in working meetings and conference calls Validate conference bridge #’s Validate reoccurring meeting times Participate as requested on management status meetings Raise issues, concerns and problems in working meetings &

status meetings Assess impact & communicate ASAP Review and validate current recovery strategy Communicate to management, lead or supervisor, gather

facts, set priorities and implement response and recovery steps

Executive Crisis Manager:_____________

Legal:_____________

Business Continuity / Disaster Recovery:_____________

Finance:_____________

Claims:_____________

Public Relations / Media:_____________

Information / Documentation / Communications:_____________

Technology:_____________

Security:_____________

Travel and Food:_____________

Human Resources:_____________

Life Safety:_____________

Business Operations::_____________

Sales and Marketing:_____________

End Form: A



Form B: Meeting or Conference Briefing

Location: ________________ Date: _____/___/_______ Time: ______________________

Completed by: ___________ Contact#: _____________ Dept/Plan Name: _____________

The following is a checklist of items for discussion during a standard working meeting, status meeting, or briefing meeting. Meeting Preparation: Invite Teams to Meetings or Conference calls, Conduct roll call, Make sure All Life Safety is being addressed, See Detail Assessment

Control #

Current Situation (Detail

Assessment)

Impact Description (Down or Up) (Risk Elements)

Recommended Resolution (Use

Current BC Solution/Steps or

Rebuild BC Solution/Steps)

Resource Requirements (what will be

need)

Priority (H-M-L)

Approved (EOC

Approves or Not)

1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11.

Meeting with ECO

Discuss Recommendation ECO:Get Approval from ECO:Build Action Plans to Meet Objectives Set by the ECO:

Action Plan Assigned to Milestones or Deliverables

ET to Implement

Status Resource Required

1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11.

End Form: BReminder: Document and report current situation, and work with EOC to determine priorities and objectives.



Form C: Initial Assessment

1. Include Form here



Form D: Damage Assessment1. Include Form here



Form E: Skill Set Inventory1. Include Form here



Form F: Staffing Schedule1. Include Form here



Form G: Event Log1. Include Form here



Form H: Expense Log1. Include Form here



Form I: Deactivation Checklist1. Include Form here



Form J: After Action Checklist1. Include Form here


Forms Reports Continuity and RecoverySteps

Continuity and Recovery Process

Response

Last Page

INSERT IN BINDER BACK COVER

Free Business Continuity Plan Template

Documents

Transcript of Free Business Continuity Plan Template