Business Continuity Plan (For Company XX) Business Continuity Coordinator ( ) Crisis Management Team Leader ( ) In the event of a business disruption refer to the following [Company XX] documents: Emergency Response Plan Refer to [Company XX] Emergency Response Plan
Table of Contents ABBREVIATIONS.......................................................................................................................................................3 DEFINITIONS..............................................................................................................................................................4 ABOUT THIS PLAN TEMPLATE.............................................................................................................................5 Business Continuity Plan Documents & Crisis Response Phase..........................................................................5 INTRODUCTION.........................................................................................................................................................7 BUSINESS CONTINUITY POLICY..........................................................................................................................8 Purpose.................................................................................................................................................................8 Scope.....................................................................................................................................................................8 Executive Sponsor.................................................................................................................................................8 Document Manager...............................................................................................................................................8 Review and Compliance........................................................................................................................................8 Rules Regulations..................................................................................................................................................8 Staff Responsible...................................................................................................................................................8 Violations...............................................................................................................................................................9 BUSINESS CONTINUITY PLAN ............................................................................................................................10 Purpose...............................................................................................................................................................10 Objectives............................................................................................................................................................10 Assumptions.........................................................................................................................................................10 Scope...................................................................................................................................................................11 BUSINESS CONTINUITY PLAN DOCUMENTS & CRISIS RESPONSE PHASE..........................................12 Business Continuity Plan Documents.................................................................................................................13 BUSINESS CONTINUITY PLAN HIGH-LEVEL PROCESS FLOW.................................................................14 BUSINESS CONTINUITY PLAN REFERENCE DOCUMENTS........................................................................14 FORMS........................................................................................................................................................................15 F1 – Version Change Control..............................................................................................................................15
©Sentryx 2007 All rights reserved
2
Abbreviations BCP
Business continuity plan
CMC
Crisis management center
CMT
Crisis management team
BCP
Business continuity plan
ERP
Emergency response plan
ERT
Emergency response team
ERTL
Emergency response team leader
ERTDM
Emergency response team deputy manager
SCMP
Site crisis management plan
©Sentryx 2007 All rights reserved
3
Definitions Executive Sponsor
Senior management member who approves and provides full support for the development and implementation of the organization’s business continuity program
Document Manager
Person who approves and authorizes the BCP document including document revisions.
©Sentryx 2007 All rights reserved
4
About This Plan Template This business continuity plan (BCP) template is one template in a series of templates designed to provide comprehensive, practical, and structured guidance to those responsible for developing a business continuity plan. This template contains a recommended structure, outline, and contents for a typical business continuity plan document. Where possible, instructions for completing specific sections provided and sample text is given as a suggestion of the type of information required. The template contents may be customized and tailored to suite your organization’s specific BCP requirements. It is recommended that a Document Manager be assigned the responsibility of overseeing updates and revisions to this document. Please refer to the section “Version Change Control” for more information on how to manage and distribute changes to this document.
Business Continuity Plan Documents & Crisis Response Phase For the purpose of this template, the crisis response phase has been defined as the overall phase during which an emergency or disaster occurs. During the crisis response phase, several subphases occur, namely, a disaster response phase, management response phase, and a business area response phase. During each phase, one of several business continuity plan documents are utilized. The diagram below depicts the crisis response sub-phases and plan documents associated with each sub-phase:
©Sentryx 2007 All rights reserved
5
This business continuity plan template follows a phased approach as a response to a disaster or disruptive event. The [Company XX] business continuity plan consists of several plan documents as follows: 1. Business continuity plan (this plan) 2. Emergency response plan (referenced) 3. Site crisis management plan (referenced) 4. Business area recovery plan(s) (referenced)
©Sentryx 2007 All rights reserved
6
Introduction This business continuity plan contains the essential procedures and activities needed to recover [Company XX] business operations in the event of an emergency or disaster situation. The plan document follows a phased response approach to a disaster or disruptive event. The [Company XX] business continuity plan consists of several plan documents as follows: 1. Business continuity plan (this plan) 2. Emergency response plan (referenced) 3. Site crisis management plan (referenced) 4. Business area recovery plan(s) (referenced)
©Sentryx 2007 All rights reserved
7
Business Continuity Policy Purpose [Company XX] is committed to safeguarding the interests of shareholders, clients, customers, and vendors in the event of an emergency or business disruption. [Company XX] has therefore established a comprehensive organization-wide business continuity program to protect staff, safeguard corporate assets and environment, and to ensure continuous availability of its products and services. To support the business continuity program, [Company XX] recognizes the need for an effective business continuity capability and provides this corporate business continuity policy.
Scope This business continuity policy applies to all aspects of business functions and services across the entire organization. [Company XX] shall define, approve, and implement business continuity plan(s) which include essential activities, procedures, and tasks necessary to ensure critical operations and services are resumed after a business disruption. Each plan shall reside in a common company database accessible to recovery staff.
Executive Sponsor [Company XX] assigns a senior management member to be the “Executive Sponsor” who approves, sponsors, and provides full support for the development and implementation of the organization-wide business continuity program and its constituent parts including this policy and any associated business continuity plan documents including this document. The executive sponsor approves the budget and resources required, and delegates authority to the business continuity coordinator to manage, coordinate, and oversee the business continuity plan document design, development, implementation, maintenance, and assessment.
Document Manager [Company XX] shall appoint a Document Manager to approve and authorize the BCP document and changes including document revisions.
Review and Compliance The corporate business continuity program policy has established an annual review and assessment for this policy and for the business continuity plan.
Rules Regulations [Company XX – enter rules and regulations that are specific to your organization here]
Staff Responsible [Company XX] business continuity and recovery teams have the responsibility to know this policy and understand and adhere to the standards and procedures established in this policy.
©Sentryx 2007 All rights reserved
8
It is the responsibility of all staff to be aware of their departments and/or business unit’s business continuity plan and its associated documents.
Violations Any employee and/or contractor or service provider found to have violated this policy may be subject to legal actions such as termination.
©Sentryx 2007 All rights reserved
9
Business Continuity Plan Purpose The purpose of the business continuity plan is to: 1. Recover essential or critical business operations in a fast and efficient manner 2. Provide a mechanism for management to direct recovery efforts
Objectives The primary objective of the business continuity plan is to recover critical elements of [Company XX] operations such as: 1. work area/office services; 2. information technology services; and 3. manufacturing and production services. Additional objectives are to: 1. ensure that staff are aware of alternate arrangements 2. ensure that recovery teams have sufficient resources
Assumptions This plan has been developed with the following assumptions: •
[Company XX] has conducted a business impact analysis to determine the exposure and impact that may result due to a disruptive event.
•
A summary of the critical functions and processes, maximum tolerable downtimes, recovery time and point objectives, workaround procedures, and critical IT systems, resources, and services have been determined and are listed in this plan.
•
[Company XX] has conducted a risk assessment and has implemented risk controls to reduce or eliminate potential risks to its operations.
•
[Company XX] has selected and implemented suitable recovery options in the event that a disaster occurs.
•
The business continuity plan has been tested and approved.
•
The recovery teams will be comprised of sufficient number of staff to ensure a satisfactory turnout in the event of a business disruption.
©Sentryx 2007 All rights reserved
10
Scope The scope of this BCP is the [Company XX] facility/site located at [Company XX facility].
©Sentryx 2007 All rights reserved
11
Business Continuity Plan Documents & Crisis Response Phase For the purpose of this template, the crisis response phase has been defined as the overall phase during which a crisis situation or disaster occurs. During the crisis response phase, several subphases occur, namely, a disaster response phase, management response phase, and a business area response phase. During each phase one of several business continuity plan documents are utilized. The diagram below depicts the crisis response sub-phases and plan documents associated with each sub-phase:
Each crisis response sub-phase is described below: 1. Emergency Response Phase This phase is the first phase in managing a crisis. It comprises of the initial few hours after an actual disaster, or after the threat of a disaster is first identified. The emergency response plan (ERP) is the primary document used during this phase. In this phase, business continuity plan procedures, tasks, and forms are used; the business continuity coordinator and other members of the crisis management team are alerted; and evacuation occurs and/or the disruption is contained.
©Sentryx 2007 All rights reserved
12
2. Management Response Phase In this phase, the crisis management team manages and coordinates all site recovery activities. This phase begins after the initial response is received by the crisis management team. The crisis management plan is the main document used during this phase. 3. Business Area Response Phase In this phase, business area teams recover and resume business operations. Depending on how large you organization is, you may opt to develop Business area recovery plans and business unit recovery plans or just business unit recovery plans. Business area recovery plans may be used to invoke business unit plans. Note that this breakdown allows for a more modular structure of activities and is especially useful if your organization is large has many business department and units.
Business Continuity Plan Documents Below is a list of plan documents and an explanation of each: •
Site Emergency Response Plan o The ERP is used to respond to a disaster or disruption. The primary plan objectives are to: Protect life Provide shelter Evacuate premises Mitigate threat and control extent of damage
•
Site Crisis Management Plan o Plan used to manage and coordinate all site recovery activities including activities such as: Supervising recovery effort Declaring a disaster Invoking other plans Monitoring recovery, resumption, and normalization activities
•
Business Area/Department/Unit Recovery Plan o Plan used to manage and recover business operations within each business area/department/unit.
©Sentryx 2007 All rights reserved
13
Business Continuity Plan High-level Process Flow During BCP execution, the Crisis Management Center will be opened and CMT team members will gather to determine if a disaster is to be declared. The following diagram illustrates the relationship between the BCP, Site CMP, and the Recovery Plans:
Business Continuity Plan Reference Documents The business continuity plan follows a sequence of activities specified in the following documents: 1. Emergency Response Plan (ERP) Refer to [Company XX] Emergency Response Plan 2. Site Crisis Management Plan (SCMP) Refer to [Company XX] Site Crisis Management Plan 3. Business Area Recovery Plan(s) Refer to [Company XX] Business Area Recovery Plan(s)
©Sentryx 2007 All rights reserved
14
Forms F1 – Version Change Control Version control is required in order to maintain integrity and cohesion of this document. The Document Manager should be the only person to approve and authorize changes and distribute revised versions. To reduce the risk that an old version is used, the Document Manager should collect all copies of old versions before distributing new ones. This document shall not be photocopied. Additional copies should be obtained from the Document Manager.
Version Number
Issue Date
Reason for Change
©Sentryx 2007 All rights reserved
Authorized by
15