Add to collection(s) Add to saved
  1. Business
  2. Management

BCP_Template_-Generic 160.5 KB

advertisement 
Business Continuity Plan
Department Name
Address
Version 1.0
Date
Prepared for: Plan Owner Name
Plan Owner Title
Plan Owner Address
Prepared By: BCP Prime Name
BCP Prime Title
BCP Prime Address
TABLE OF CONTENTS
PREFACE ......................................................................................................................................... 3
0
0.1
0.2
0.3
0.4
1
1.1
1.2
1.3
1.4
1.5
1.6
2
2.1
2.2
2.3
2.4
2.5
2.6
3
3.1
3.2
3.3
3.4
3.5
3.6
4
4.1
4.2
4.3
4.4
4.5
4.6
Business Unit name -Management Summary .................................................................... 6
Objective & Scope at time of disaster
Roles & Responsibilities at time of disaster
Vital Records
Plan Exposures
6
7
9
9
Team 1 name –Recovery Plan ........................................................................................... 10
Objective & Scope at time of disaster
Roles & Responsibilities at time of disaster
Actions to be taken by Recovery Team Leads
Recovery Requirements at Alternate site
Metrics / SLAs
Vital Records
10
10
10
11
11
11
Team 2 name –Recovery Plan ........................................................................................... 12
Objective & Scope at time of disaster
Roles & Responsibilities at time of disaster
Actions to be taken by Recovery Team Leads
Recovery Requirements at Alternate site
Metrics / SLAs
Vital Records
12
12
12
13
13
13
Team 3 name –Recovery Plan ........................................................................................... 14
Objective & Scope at time of disaster
Roles & Responsibilities at time of disaster
Actions to be taken by Recovery Team Leads
Recovery Requirements at Alternate site
Metrics / SLAs
Vital Records
14
14
14
15
15
15
Team 4 name –Recovery Plan ........................................................................................... 16
Objective & Scope at time of disaster
Roles & Responsibilities at time of disaster
Actions to be taken by Recovery Team Leads
Recovery Requirements at Alternate site
Metrics / SLAs
Vital Records
16
16
16
17
17
17
APPENDIX A: Contact Information ............................................................................................... 18
APPENDIX B: Directions to Alternate Site ................................................................................... 19
APPENDIX C: Supporting Documentation ................................................................................... 20
Department Name
Department Address
Plan Number & Name
PREFACE
i) Document Information
Document
Document Name
ID
BCP x.x.x A
BCP x.x.x B
BCP x.x.x C
BCP x.x.x D
ii)
Physical Location
This Document:
Site A Document Name
Related Document
Site B Document Name
Related Document
Site C Document Name
Related Document
Site D Document Name
Compltd or
in-Progress
Location A
Location B
Location C
Location D
Document Primes
Prime
Executive Sponsor
Plan Owner
Name
Title
VP
Director
Director
Director
Director
Manager
Manager
Manager
Manager
Manager
Director, Business Continuity
Manager, Business Continuity
SMEs or Delegates
SMEs or Delegates
SMEs or Delegates
SMEs or Delegates
Departmental
Prime(s)
Recovery Team
Primes
Certification Director
Certification Prime
Additional
Distribution List
iii)
Plan
Status
Change Record
Version
Date
No.
V 0.1
Business Continuity Plan
Editor(s)
Page 3 of 20
Key Changes
2/9/2016
Department Name
iv)
Department Address
Plan Number & Name
Plan Maintenance
All Business Continuity Plans are required to be reviewed on an annual basis. As such
the next review date for this plan is Insert date.
If upon review of this plan, it is necessary to make minor revisions, such as changes to
the contacts in Appendix A, the document subversion should be incremented. For
example V 1.0 should be revised to V 1.1. Minor revisions must be communicated to all
document primes; however, Plan Owner sign-off is not required.
If it is necessary to make major revisions, such as changes to the recovery plan in section
1, the document version should be incremented. For example, V 1.1 should be revised to
V 2.0. Major revisions must be communicated to all document primes and the revised
document must be certified by the certification prime and signed-off by the Plan Owner.
v)
Introduction
This BCP documents the business plans to recover critical business functions in priority
order at time of disaster. It is organized into sections as follows:

Section 0 -Management Summary
o Details the high level objectives, roles and responsibilities and actions to be taken
to manage and coordinate recovery efforts.
o Lists exposures which could potentially hinder the effective execution of this plan.

Section 1, 2, 3, 4 etc. -Recovery Plans.
o Each section details the specific objectives, roles, responsibilities and actions to
be taken by a recovery team to recover their critical business functions.
o Critical business functions are defined as those which have a Recovery Time
Objective (RTO) of less than 7 days.
o If a team’s business functions have a RTO > 7 days, those functions are not
considered critical and that team is not required to be included in this BCP.

Appendices A, B & C
o Respectively provide contact numbers, directions to the alternate site and
supporting documentation such as the Business Impact Analysis.

Communicating During a Crisis
o DO NOT talk to the media.
o All inquiries regarding event details should be directed to Corporate
Communications.
o When notifying affected external parties (vendors/suppliers specifically for
business recovery) of disruption in service, speak only of the path forward.
o Do not communicate with external parties about event details until you have
received an approved message from Corporate Communications.
o Use caution when speaking to families of unaccounted employees.
Business Continuity Plan
Page 4 of 20
2/9/2016
Department Name
vi)
Department Address
Plan Number & Name
Plan Relationships
Pandemic Preparedness Plan
(PPP)
Outbreak
Occurs
Pandemic Declared
Emergency Response
Plan
(ERP)
Incident
Occurs


Owned by the Facilities
Management Team
Implemented by
Emergency Response
Teams at each building
Corporate Incident
Management Plan
(CIMP)




Business Continuity Plan
(BCP)
Owned and implemented by
Corporate Incident
Management Team (Senior
Leaders)
Purpose is to manage
corporate response and
communications across
business units
Crisis Declared






Page 5 of 20
Owned by department Crisis Management Team
Implemented by their Recovery Teams
Purpose is to recover critical business functions
Disaster Recovery Plan
(DRP)
Crisis Declared
Business Continuity Plan
Owned by department Crisis Management Team
Implemented by their Recovery Teams
Owned by IT Services Crisis Management Team
Implemented by their Recovery Teams
Purpose is to recover critical IT services
2/9/2016
Department Name
Department Address
Plan Number & Name
0 Business Unit name -Management Summary
0.1
Objective & Scope at time of disaster
The objective of each department is to recover their critical business functions in
priority order. Below is a list of all departments in the order in which their business
functions need to be restored:
Department Name
Department Description
1
2
3
4
RTO
>7d
Recovery
Strategy
See section 1
See section 2
See section 3
Not Required*
Exposure?
Dept #
Recovery Time Objective (RTO)
Y**
N
* Recovery plans are not required for departments with a RTO greater than 7 days.
**See section 0.5 for exposure details
Business Continuity Plan
Page 6 of 20
2/9/2016
Department Name
0.2
Department Address
Plan Number & Name
Roles & Responsibilities at time of disaster
Roles & Responsibilities
Team
Role
Responsibilities
CIMT Members
(Senior Leaders)
 Follow CIMP to manage corporate response for
incidents impacting more than one business unit
 Follow Crisis Communications Plan for
communications to all external audiences
CIMT
(Corporate
Incident
Mgmt.
Team)
CMT
(Crisis Mgmt.
Team)
 Initiate Corporate Incident Management
Process (if not already initiated)
 Tell Recovery Team Leads to invoke their plans
 Record date & time of incident declaration
 Record date & time of confirmation of receipt of
declaration by recovery teams
 Schedule and attend first CMT meeting
 Ensure CMT meeting minutes are captured for
Post Incident Review
Incident

Record time taken to recover critical business
Commander (VP)
functions. -Were Critical business functions
recovered within RTO?
 Record date & time of incident termination.
(Return of business operations to full PreIncident, Business As Usual, levels.)
 Conduct Post Incident Review and submit
report to Corporate Business Continuity within
14 days after incident termination.
 Single point of contact between CIMT and CMT
Owner/s
Senior
Leaders
Insert
name
VP
Departmental
Primes
(Directors)
 Single point of contact between CMT and IRTs
 Provide regular updates from CMT to IRTs (9
am daily)
 Establish regular business operations cycle
meeting for IRTs (10 am & 3 pm daily)
 Coordinate incident response among IRTs
Insert
names
Director 1
Director 2
Director 3
Communications
Coordinator
(Director /
Manager)
 Coordinate internal departmental
communications between CMT, RT & Non-RT
managers and staff
 Ensure communication to critical
vendors/suppliers is appropriately delegated to
relevant individuals
?
Other Role (If
required. If not,
delete this row. )
 Insert responsabilities if required
Insert
Name
Business Continuity Plan
Page 7 of 20
2/9/2016
Department Name
Department Address
Team
Role
Plan Number & Name
Responsibilities
Owner/s
Incident
Recovery Team
Leads
(Managers)
 Follow departmental BCP to recover Critical
Business Processes within RTO
 Ensure thorough understanding of messages to
be relayed to staff from CMT
 After conference call schedule has been
established with CMT, set up conference call
schedule for other managerial staff for the
purpose of providing information
 Update CMT on status at defined times
 Attend any meeting requests from CMT
Insert
names
Manager 1
Manager 2
Manager 3
Manager 4
Other
Managers
 Attend conference calls per IRT schedule
 Report any issues which may affect recovery
 Ensure thorough understanding of message to
be relayed to staff.
 Establish meeting schedule for staff.
Insert
names
Manager 1
Manager 2
Manager 3
Manager 4
Critical Staff
 Report to work at alternate site
 Follow instructions of Recovery Team Leads to
Recover Critical Business Processes within RTO
Staff *
Non-Critical
Staff
 Remain at home until provided with further
instructions from your manager
Staff *
(Real Estate
Incident
Mgmt Team)
Real Estate
Managers
 Follow Real Estate IMP
 Liaise with ERT and CIMT
ERT
Facilities
Managers &
Volunteers
 Follow Site Level ERP to stabilize and contain
threats and incidents
 Conduct evacuation if required
 Liaise with RE-IMT
Business
Continuity
Planning Team
 Manage Corporate Emergency Operations
Centre (CEOC)
 Facilitate meetings
 Assist CIMT, CMT & IRT with incident response
as required
IRT
(Incident
Recovery
Team)
RE-IMT
(Emergency
Response
Team)
BCP
Insert
Director
Sr. Mgr.
*See Appendix A for Names and Contact Information.
Business Continuity Plan
Page 8 of 20
2/9/2016
Department Name
0.3
Plan Number & Name
Vital Records


0.4
Department Address
List of vital records from BIA or N/A
Plan Exposures
Exposures are existing situations or conditions that pose a threat to the successful
implementation of the recovery plan. Some exposures will always exist as it is too
expensive to reduce the risk, or the risk is so low that senior management is
comfortable with the situation and will accept the exposure. The Crisis Management
Team should review the exposures during plan implementation to become familiar will
the plan gaps.
No
Exposure
Affected Team
Owner
Resolution
Date
1
2
3
4
Business Continuity Plan
Page 9 of 20
2/9/2016
Department Name
Department Address
Plan Number & Name
1 Team 1 name –Recovery Plan
1.1
Objective & Scope at time of disaster
Business functions which have a high or medium impact to the business in the first
seven days after a disaster are considered Critical. Functions with low or no impact
are considered non-critical. (See BIA in Appendix C) The objective at time of disaster is
to recover all critical business functions within the Recovery Times specified below:
Recovery Time Objective (RTO)
BF #
1
2
3
1.2
Business Function
Business Function Description
RTO
Roles & Responsibilities at time of disaster
The responsibility for recovery of critical business functions is as follows:
Roles & Responsibilities
BF #
1
2
3
Business Function
Owner
See Appendix A for Names and Contact Information.
1.3
Actions to be taken by Recovery Team Leads






Insert special instructions if applicable -eg call forward phones
Insert specific instructions (optional) such as:
Dispatch 3 team members to begin working from home on the following day
Dispatch 4 team members to alternate site A location name immediately
Dispatch 1 team member to alternate site B name after 5 days
Advise remaining 6 team members to go home and wait for further instructions
Staffing Requirements
Business as Usual
BAU Address
BF #
Work from Alternate Site:
Work
from
Home
Business Function
BAU
WFH
VPN
A: Location of Alt Site A
B: Location of Alt Site B
C: Location of Alt Site C
D: Location of Alt Site D
8h
24h
48h
72h
5d
7d+
Alt
Site
1
2
3
4
5
Totals
Business Continuity Plan
Page 10 of 20
2/9/2016
Department Name
1.4
Plan Number & Name
Recovery Requirements at Alternate site

x number of workspaces have been reserved to recover critical business
processes at room, floor, building, street, city. (See Appendix B for directions.)
To confirm use of these workspaces at time of disaster, the IRT Lead must contact
Contact Name.
Each workspace is comprised of a desk, chair, phone and standard networked
computer with standard company software applications. Printing and photocopying
stations are nearby. (If team requires any special, non-standard hardware or
applications, this should be Itemized separately below)
It is the sole responsibility of the IRT Lead to ensure the availability of any
additional hardware, software, tools, storage or resources that may be required to
recover critical business functions. (Please note: these workspaces do not come
with secure storage for any such tools.)
List additional hardware, software, tools, storage or resources (if required)
The IRT Lead is responsible to liaise with security / facilities management at the
alternate site with regards to building access / pass cards or parking requirements
as necessary.





1.5
Department Address
Metrics / SLAs
Metrics / SLAs
BF#
Business Function
Metric / SLA 1
At Time of
BAU
Disaster
Metric / SLA 2
At Time of
BAU
Disaster
1
2
3
4
5
1.6
Vital Records
All vital records should be stored in soft copy format on a backed up networked drive that
can easily be accessed from alternate site. Any vital records that are not backed up in
this fashion (eg. paper records or records on “personal” hard drives) should be captured
as an exposure and steps taken to resolve this exposure.

Insert address
Business Continuity Plan
Page 11 of 20
2/9/2016
Department Name
Department Address
Plan Number & Name
2 Team 2 name –Recovery Plan
2.1
Objective & Scope at time of disaster
Business functions which have a high or medium impact to the business in the first
seven days after a disaster are considered Critical. Functions with low or no impact
are considered non-critical. (See BIA in Appendix C) The objective at time of disaster is
to recover all critical business functions within the Recovery Times specified below:
Recovery Time Objective (RTO)
BF #
1
2
3
2.2
Business Function
Business Function Description
RTO
Roles & Responsibilities at time of disaster
The responsibility for recovery of critical business functions is as follows:
Roles & Responsibilities
BF #
1
2
3
Business Function
Owner
See Appendix A for Names and Contact Information.
2.3
Actions to be taken by Recovery Team Leads






Insert special instructions if applicable -eg call forward phones
Insert specific instructions (optional) such as:
Dispatch 3 team members to begin working from home on the following day
Dispatch 4 team members to alternate site A location name immediately
Dispatch 1 team member to alternate site B name after 5 days
Advise remaining 6 team members to go home and wait for further instructions
Staffing Requirements
Business as Usual
BAU Address
BF #
Work from Alternate Site:
Work
from
Home
Business Function
BAU
WFH
VPN
A: Location of Alt Site A
B: Location of Alt Site B
C: Location of Alt Site C
D: Location of Alt Site D
8h
24h
48h
72h
5d
7d+
Alt
Site
1
2
3
4
5
Totals
Business Continuity Plan
Page 12 of 20
2/9/2016
Department Name
2.4
Plan Number & Name
Recovery Requirements at Alternate site

x number of workspaces have been reserved to recover critical business
processes at room, floor, building, street, city. (See Appendix B for directions.)
To confirm use of these workspaces at time of disaster, the IRT Lead must contact
Contact Name.
Each workspace is comprised of a desk, chair, phone and standard networked
computer with standard company software applications. Printing and photocopying
stations are nearby. (If team requires any special, non-standard hardware or
applications, this should be Itemized separately below)
It is the sole responsibility of the IRT Lead to ensure the availability of any
additional hardware, software, tools, storage or resources that may be required to
recover critical business functions. (Please note: these workspaces do not come
with secure storage for any such tools.)
List additional hardware, software, tools, storage or resources (if required)
The IRT Lead is responsible to liaise with security / facilities management at the
alternate site with regards to building access / pass cards or parking requirements
as necessary.





2.5
Department Address
Metrics / SLAs
Metrics / SLAs
BF#
Business Function
Metric / SLA 1
At Time of
BAU
Disaster
Metric / SLA 2
At Time of
BAU
Disaster
1
2
3
4
5
2.6
Vital Records
All vital records should be stored in soft copy format on a backed up networked drive that
can easily be accessed from alternate site. Any vital records that are not backed up in
this fashion (eg. paper records or records on “personal” hard drives) should be captured
as an exposure and steps taken to resolve this exposure.

Insert address
Business Continuity Plan
Page 13 of 20
2/9/2016
Department Name
Department Address
Plan Number & Name
3 Team 3 name –Recovery Plan
3.1
Objective & Scope at time of disaster
Business functions which have a high or medium impact to the business in the first
seven days after a disaster are considered Critical. Functions with low or no impact
are considered non-critical. (See BIA in Appendix C) The objective at time of disaster is
to recover all critical business functions within the Recovery Times specified below:
Recovery Time Objective (RTO)
BF #
1
2
3
3.2
Business Function
Business Function Description
RTO
Roles & Responsibilities at time of disaster
The responsibility for recovery of critical business functions is as follows:
Roles & Responsibilities
BF #
1
2
3
Business Function
Owner
See Appendix A for Names and Contact Information.
3.3
Actions to be taken by Recovery Team Leads






Insert special instructions if applicable -eg call forward phones
Insert specific instructions (optional) such as:
Dispatch 3 team members to begin working from home on the following day
Dispatch 4 team members to alternate site A location name immediately
Dispatch 1 team member to alternate site B name after 5 days
Advise remaining 6 team members to go home and wait for further instructions
Staffing Requirements
Business as Usual
BAU Address
BF #
Work from Alternate Site:
Work
from
Home
Business Function
BAU
WFH
VPN
A: Location of Alt Site A
B: Location of Alt Site B
C: Location of Alt Site C
D: Location of Alt Site D
8h
24h
48h
72h
5d
7d+
Alt
Site
1
2
3
4
5
Totals
Business Continuity Plan
Page 14 of 20
2/9/2016
Department Name
3.4
Plan Number & Name
Recovery Requirements at Alternate site

x number of workspaces have been reserved to recover critical business
processes at room, floor, building, street, city. (See Appendix B for directions.)
To confirm use of these workspaces at time of disaster, the IRT Lead must contact
Contact Name.
Each workspace is comprised of a desk, chair, phone and standard networked
computer with standard company software applications. Printing and photocopying
stations are nearby. (If team requires any special, non-standard hardware or
applications, this should be Itemized separately below)
It is the sole responsibility of the IRT Lead to ensure the availability of any
additional hardware, software, tools, storage or resources that may be required to
recover critical business functions. (Please note: these workspaces do not come
with secure storage for any such tools.)
List additional hardware, software, tools, storage or resources (if required)
The IRT Lead is responsible to liaise with security / facilities management at the
alternate site with regards to building access / pass cards or parking requirements
as necessary.





3.5
Department Address
Metrics / SLAs
Metrics / SLAs
BF#
Business Function
Metric / SLA 1
At Time of
BAU
Disaster
Metric / SLA 2
At Time of
BAU
Disaster
1
2
3
4
5
3.6
Vital Records
All vital records should be stored in soft copy format on a backed up networked drive that
can easily be accessed from alternate site. Any vital records that are not backed up in
this fashion (eg. paper records or records on “personal” hard drives) should be captured
as an exposure and steps taken to resolve this exposure.

Insert address
Business Continuity Plan
Page 15 of 20
2/9/2016
Department Name
Department Address
Plan Number & Name
4 Team 4 name –Recovery Plan
4.1
Objective & Scope at time of disaster
Business functions which have a high or medium impact to the business in the first
seven days after a disaster are considered Critical. Functions with low or no impact
are considered non-critical. (See BIA in Appendix C) The objective at time of disaster is
to recover all critical business functions within the Recovery Times specified below:
Recovery Time Objective (RTO)
BF #
1
2
3
4.2
Business Function
Business Function Description
RTO
Roles & Responsibilities at time of disaster
The responsibility for recovery of critical business functions is as follows:
Roles & Responsibilities
BF #
1
2
3
Business Function
Owner
See Appendix A for Names and Contact Information.
4.3
Actions to be taken by Recovery Team Leads






Insert special instructions if applicable -eg call forward phones
Insert specific instructions (optional) such as:
Dispatch 3 team members to begin working from home on the following day
Dispatch 4 team members to alternate site A location name immediately
Dispatch 1 team member to alternate site B name after 5 days
Advise remaining 6 team members to go home and wait for further instructions
Staffing Requirements
Business as Usual
BAU Address
BF #
Work from Alternate Site:
Work
from
Home
Business Function
BAU
WFH
VPN
A: Location of Alt Site A
B: Location of Alt Site B
C: Location of Alt Site C
D: Location of Alt Site D
8h
24h
48h
72h
5d
7d+
Alt
Site
1
2
3
4
5
Totals
Business Continuity Plan
Page 16 of 20
2/9/2016
Department Name
4.4
Plan Number & Name
Recovery Requirements at Alternate site

x number of workspaces have been reserved to recover critical business
processes at room, floor, building, street, city. (See Appendix B for directions.)
To confirm use of these workspaces at time of disaster, the IRT Lead must contact
Contact Name.
Each workspace is comprised of a desk, chair, phone and standard networked
computer with standard company software applications. Printing and photocopying
stations are nearby. (If team requires any special, non-standard hardware or
applications, this should be Itemized separately below)
It is the sole responsibility of the IRT Lead to ensure the availability of any
additional hardware, software, tools, storage or resources that may be required to
recover critical business functions. (Please note: these workspaces do not come
with secure storage for any such tools.)
List additional hardware, software, tools, storage or resources (if required)
The IRT Lead is responsible to liaise with security / facilities management at the
alternate site with regards to building access / pass cards or parking requirements
as necessary.





4.5
Department Address
Metrics / SLAs
Metrics / SLAs
BF#
Business Function
Metric / SLA 1
At Time of
BAU
Disaster
Metric / SLA 2
At Time of
BAU
Disaster
1
2
3
4
5
4.6
Vital Records
All vital records should be stored in soft copy format on a backed up networked drive that
can easily be accessed from alternate site. Any vital records that are not backed up in
this fashion (eg. paper records or records on “personal” hard drives) should be captured
as an exposure and steps taken to resolve this exposure.

Insert address
Business Continuity Plan
Page 17 of 20
2/9/2016
Department Name
Department Address
Plan Number & Name
APPENDIX A: Contact Information
i)
Crisis Management Team (CMT)
Role
Name
Incident Commander
Department Prime
Department Prime
Department Prime
Department Prime
Communictns Prime
ii)
Title & Contact #
VP xxx
Director xxx
Director xxx
Director xxx
Director xxx
Recovery Team prime (RT)
Name
iii)
Title & Contact #
Business Continuity Team
Name
Title
iv)
Emergency Operations Centre (EOC)
 Insert location & contact info
v)
Business Teams
 Insert link to contact list on shared drive
vi)
Vendor List at Current Site
Vendor Name
Services
Business Continuity Plan
Page 18 of 20
Office
Mobile
Contact Name
Home
Number
2/9/2016
Department Name
Department Address
Plan Number & Name
APPENDIX B: Directions to Alternate Site
Insert Link to Google Map
Insert picture of map
Insert floor plan / seating arrangement
Address
Phone Number
How to get there by
Car/Taxi/Car-Pool
How to get there by
Public Transit
How to get there by
Shuttle Buses (if
arranged by Real
Estate)
Business Continuity Plan
Page 19 of 20
2/9/2016
Department Name
Department Address
Plan Number & Name
APPENDIX C: Supporting Documentation
Insert copy of BIA, emails etc.
Business Continuity Plan
Page 20 of 20
2/9/2016
Related documents
Letter to parents of elementary and middle school students
Letter to parents of elementary and middle school students
Open Data at the World Bank - Group on Earth Observations
Open Data at the World Bank - Group on Earth Observations
Disaster Zone Spelling Homework
Disaster Zone Spelling Homework
Storyboard Template - QI Planning
Storyboard Template - QI Planning
x -2
x -2
Letter to Parents of Secondary Students school principal will
Letter to Parents of Secondary Students school principal will
Business Continuity and Disaster Preparedness Plan
Business Continuity and Disaster Preparedness Plan
Disaster Recovery Awareness PowerPoint
Disaster Recovery Awareness PowerPoint
How to prepare for a disaster
How to prepare for a disaster
Download
advertisement