BCMS[insert no.]Business Continuity Management

Recovery Response Action Plan for xxxx

LOGO

Business Continuity

Management

-BCM Continuity and Recovery
Action Plan for

< name of organization >

name of activity

IN CASE OF AN INCIDENT GO DIRECTLY TO CHAPTER 4.

Document Reference[insert no.]

Version: n.n

Status: Draft / Final

Document Author: Author

Document Owner:

Revision History

Version / Date / Change Number / Summary of Changes

Document Review

Date of Next Scheduled Review

Distribution

Name / Title

Approval

Name / Position / Signature / Date

Table of Contents

1Area of Application

2Purpose

2.1Plan Objectives

2.2Assumptions

3Process Information

3.1Process Description

3.2Process Dependencies

3.3Process Infrastructure and Assets

4Trigger for Activation

5Activation of the Plan

5.1Responsibility for Activation

5.2Process for Activation

6Team Charter

6.1Team Composition

6.2Meeting Point

7Business Continuity Actions

8Recovery and Resumption Phase

8.1Response Checklists

8.1.1Office not available

8.1.2Infrastructure Outage

8.1.3Unavailability of Staff

8.1.4Unavailability of External Providers

8.2Recovery

8.2.1Workarounds for [name of product or service] if [insert resource e.g. building] is unavailable

9Procedures

9.1Insert Procedure

9.2Insert Procedure

10Actions after Recovery

Appendix 1:Emergency Response Checklist

Appendix 2:Contact List Key Suppliers

Appendix 3:Process Flow of Incident Handling

Appendix 4:Reference

1Area of Application

The Business Continuity Management System covers all business processes of company.

2Purpose

The Business Continuity Action Plan outlines the actions to be taken and resources to be used to facilitate the continuity of critical business activities in the event of prolonged business interruption due to major incident impacting a Business Unit of <company>.

This plan is not a complete, step-by-step, how-to-do-it manual since each crisis situation is unique, with varying levels of threats and business impact.

The plan suggests actions to take and only guidelines to serve in managing a major incident. Real life decisions for reacting to a major incident must be guided ultimately by the sound judgment and discretion of involved managers and staff.

Procedures for dealing with day-to-day problems are not dealt with in this plan. Such problems should be taken up under the <company>’s standard operating procedures.

2.1Plan Objectives

  • Serves as a guide for the recovery teams.
  • References and points to the location of any data that resides outside this document.
  • Provides procedures and resources needed to assist in recovery.
  • Identifies vendors and customers that must be notified in the event of a disaster.
  • Assists in avoiding confusion experienced during a crisis by documenting, testing and reviewing recovery procedures.
  • Identifies alternate sources for supplies, resources and locations.
  • Documents storage, safeguarding and retrieval procedures for vital records.
  • Assumptions
  • Key people (Team Leaders or Alternates) will be available following a disaster.
  • This document and all vital records are stored in a secure off-site location and not only survived the disaster but are accessible immediately following the disaster.
  • Each support organization will have its own plan consisting of unique recovery procedures, critical resource information and procedures.

3Process Information

3.1Process Description

Please provide a short description of the process including a description of the prerequisites and outcome.

3.2Process Dependencies

Please provide an overview from which processes this process is dependent and which processes will follow.

Preceding Processes / Input
Succeeding Processes / Outcome

3.3Process Infrastructure and Assets

Detailed information on resource needs can be found in the related BIA (see Appendix 4).

4Trigger for Activation

As soon as a trigger below has been reach, the business area notified of disruption will inform the F&A Manager / Deputy- This will be done by phone.

The triggers given are in no way intended to represent a comprehensive list.

Type / Trigger
IT /
  • Key applications unavailable (name the applications)
  • Network unavailable

Facilities /
  • Denial of access to premises
  • Damage to part of building (meaning staff are unable to work there)
  • Physical security threat or breach
  • Natural disaster

Information Security /
  • System breach

Data Protection /
  • Data loss
  • Breach of Data Protection Issues

Staff /
  • Abnormal absenteeism (e.g. food poisoning, Pandemic)
  • Amok

Civil Emergency /
  • Riots in area
  • Bomb threat in area
  • Severe weather causing flooding of building, transport disruption, affecting staff ability to get to work

5Activation of the Plan

5.1Responsibility for Activation

A member of the nominated Business Continuity Team (Team Lead or Core Team Members – see section7.1) will normally activate and stand down this plan.

5.2Processfor Activation

6Team Charter

The role of this team is to ensure the continuity of critical activities of {business unit} within the stipulated timeframes in the event of a major incident.

The key members of this team are:

6.1Team Composition

For contact details of the team member see Business Continuity Plan - Part C.

Team Lead
Team Leader / {name}
Alternate Team Leader
BCM Plan Owner
Team Members
{function} / {name}
Stand-By Team Members
{function} / {name}

6.2Meeting Point

To assure that all members of the local BCM Team can meet each other, definite meeting points have to be appointed. In case meeting point number 1 is not accessible due to the incident, meeting point 2 will be the place for the first meeting.

Possible Meeting Points / City / Address / Comments
Meeting Point 1
Meeting Point 2
(outside of existing premises of <company>)

7Business Continuity Actions

The Business Continuity Team for the incident is responsible for ensuring the following actions are completed:

Action / Further Info / Details
Identify any other staff required to be involved in the BC response / Depending on the incident, the F&A Manager:
  • Informs his line manager and the global Business Continuity Manager; use the Incident Notification Form (see Appendix 4)
  • may need additional/specific input in order to drive the recovery of critical activities

Evaluate the impact of the incident / Use an incident impact assessment form to understand the impact of the incident on ‘business as usual’ working activities.
Plan how critical activities will be maintained / Consider:
  • Immediate priorities
  • Communication strategies
  • Deployment of resources
  • Finance
  • Monitoring the situation
  • Reporting

Log all decisions and actions, including what you decide not to do and include rationale / Use the decision and action log to do so (see Appendix 4)
Log all financial expenditure incurred / Use a financial expenditure log to do so(see Appendix 4)
Allocate specific roles as necessary / Roles allocated will depend on the incident and availability of staff
Secure resources to enable critical activities to continue/be recovered / Consider requirements such as the staffing, premises, equipment.
Refer to BIA for more detailed information on resource needs.
Deliver appropriate communication actions as required / Ensure methods of communication and key messages are developed as appropriate to the needs of your key stakeholders e.g. customers, suppliers, staff and their relatives, Executive Board etc.

A dedicated description of roles and their functionalities can be found in BCMS08015 Business Continuity Plan – Part A (see Appendix 7).

8Recovery and Resumption Phase

The purpose of the recovery and resumption phase is to resume normal working practices for the activity. Where the impact of the incident is prolonged, normal operations my need to be delivered under new circumstances e.g. from a different building.

Recovery is the return to your pre-emergency condition. Performing these critical activities as soon as possible after a critical incident is the primary focus.

8.1Response Checklists

Plan Checklists of Initial Actions for each high risk threat (complete a checklist for each high risk threat)

8.1.1Office not available

Damage to Premises / Completed Y/N
Liaise with the facility department regarding dangerous structures, if appropriate
Notify utility companies (e.g. gas, water, electricity, telecommunications)
Consider impact on staff and public health and safety e.g.
  • Loss of electrical power affecting fire detection and alarms, lighting, emergency lighting, heating, swipe card access, intruder alarms/security
  • Loss of water supply affecting catering, sanitation, e.g. toilets and hand washing facilities etc.

If structure is dangerous, take advice and reasonable action to remove/reduce immediate danger to staff and the public. Action may include:
  • Barricade off
  • Arrange for repair
  • Removal of the hazard if appropriate.
  • Scaffolding or shoring to make the building safe until permanent work can be arranged may have to be organized
  • Have the premises secured to prevent unauthorized access

Identify alternative premises if required
Contact your IT department regarding implications for IT and communications infrastructure
Implement arrangements to maintain building security
Loss of Premises / Access Denied / Completed Y/N
Identify alternative premises if appropriate.
Staff may need practical assistance e.g. to get home, obtain spare keys, notify relatives/friends to assist
Notify staff:
Advise of action to take for next working day (e.g. staff for high criticality functions go to alternative location, staff from lower criticality functions call in for further information)
If you are unable to contact all staff, (e.g. if incident occurs out of working hours) arrange for staff to be met on arrival at site on next working day and advise them what to do and where to go (as above)
Establish staff ‘information line’ number with recorded message of action to take (Use Reception until a dedicated line can be set up and details publicized to staff)

8.1.2Infrastructure Outage

Loss of Utility Supply (Gas, Water, Electricity) / Completed Y/N
Contact service provider to establish:
  • Extent of disruption.
  • Remedial action being taken.
  • Length of time before restoration of service

Consider impact on staff and public health and safety e.g.
  • Loss of power affecting fire detection and alarms, lighting, emergency lighting, heating, swipe card access/security.
  • Loss of water supply affecting catering, sanitation e.g. toilets and hand washing facilities

Contact your IT department regarding implications for IT and communications infrastructure
Identify alternative premises if necessary
Loss of IT and /or Communications / Completed Y/N
Contact your IT department regarding impact on IT and communications infrastructure
Publicize alternative contact details to staff and public
Identify alternative premises if unable to
Prolonged incident consider alternative supply

8.1.3Unavailability of Staff

Loss of Staff (Temporary/Permanent) / Completed Y/N
Staff illness
Staff absence due to illness of dependent children/closure of schools
Loss of large numbers of staff
Loss of small numbers of key staff (managers/specialists)
Industrial action.
Liaise with Human Resources
Review staffing arrangements
Appropriate managers and staff to be re-deployed from other areas as required
Staff temporarily re-deployed - cover by agency staff if appropriate
Influenza Pandemic / Completed Y/N
Consider the impact of greater demand on the critical services you provide and plan to manage the increased workload if appropriate
Determine the potential impact of the pandemic on your business-related travel
Consider planning for the use of audio or video conferencing as alternatives to traveling/attending meetings to reduce person-to-person contact
Forecast potential employee absence during a pandemic. For Influenza Pandemic planning purposes, the estimated worst case scenario is for a cumulative clinical attack rate of 50% of the population over 15 weeks for each phase.

8.1.4Unavailability of External Providers

Loss of Supplier / Completed Y/N
Identify alternative material resources
Identify alternative human resources
Identify alternative service provider

8.2Recovery

Below are the workarounds which detail how the product or service will be continued during an incident (e.g. denial of access to work premises, loss of IT, telephony, and key supplier).

Procedures for complex actions in Workarounds can be found in section 9.

8.2.1Workarounds for [name of product or service] if [insert resource e.g. building] is unavailable

Ref / Actions / Responsible
1.
2.
3.
4.
5.

9Procedures

Below are the procedures to help implement complex actions in the Workarounds section.

9.1Insert Procedure

9.2Insert Procedure

10Actions after Recovery

Action / Further Info / Details
Gather all documentation e.g. log files, mails, activity files etc. that have been created during the recovery phase / All documentation will be gathered and stored on a central place, paper related documents have to be scanned and stored too.
Conduct a debriefing / The debriefing is used to
  • analyze the incident and the related recovery phase
  • identify strengths and weaknesses
  • define improvements of the related plans and procedures

Create a final report / Use the Final Incident Report to do so (see Appendix 4)
Follow Up / Follow Up the identified actions and revise the related documents

Appendix 1:Emergency Response Checklist

This page should be used as a checklist during the emergency.

Task / Completed
(date, time, by)
Actions within 24 hours:
Start of log of actions and expenses undertaken
(use BCMS08021 Incident and Exercise Logbook)
Liaise with emergency services
Identify and quantify any damage to the organization, including staff, premises, equipment, data, records, etc.
Identify which critical functions have been disrupted
Convene those responsible for recovering identified critical functions, and decide upon the actions to be taken, and in what time-frames
Provide information to:
  • Staff, Upper Management and Global Business Continuity
  • Suppliers and customers
  • Insurance company or department

Daily actions during the recovery process:
Convene those responsible for recovery to understand progress made, obstacles encountered, and decide continuing recovery process
Provide information to:
  • Staff, Upper Management and Global Business Continuity
  • Suppliers and customers
  • Insurance company or department

Provide public information Corporate Communication to maintain the reputation of the organization and keep relevant authorities informed
Following the recovery process:
Arrange a debrief of all staff and identify any additional staff welfare needs (e.g. counseling) or rewards
Use information gained from the debrief to review and update this business continuity management plan
Summarize the incident, recovery process and results of the debriefing in a Final Incident Report (use BCMS08022 Final Incident Report)

Appendix 2:Contact List Key Suppliers

Supplier / Provides / Telephone / E-mail

Appendix 3:Process Flow of Incident Handling

Appendix 4:Reference

Reference / Title
BCMS[insert no.] / Glossary
BCMS[insert no.] / XX.nnnn Business Impact Analysis
*please enter the correct file name of the related BIA
BCMS[insert no.] / Business Continuity Plan - Part A
BCMS[insert no.] / Business Continuity Plan - Part B
BCMS[insert no.] / Business Continuity Plan - Part C
BCMS[insert no.] / Incident Notification Form
BCMS[insert no.] / Incident Status Review Summary
BCMS[insert no.] / Incident and Exercise Logbook
BCMS[insert no.] / Final Incident Report
BCMS[insert no.] / Business Continuity Plan - Regional and Global Contacts
BCMS[insert no.] / BCMS[insert no.] Expenditure Logbook
BS ISO 22301:2012 Societal security - Business continuity management systems – Requirements
BS ISO 22313:2012 Societal security. Business continuity management systems – Guidance

All printed copies are uncontrolledFOR INTERNAL USEPage 1 / 20