Your organisation name here Business Continuity & Resilience Management Plan Version Control Version number Date produced Name of Editor Plan Distribution List Name of recipient Date provided Contents Section 1 2 3 4 5 6 7 8 9 10 Title Aim of the Plan Objectives of the Plan Critical Function Analysis and Recovery Process Emergency Response Checklist Emergency Pack/ Grab Bag Contents Security/Facilities Management Policy I.T. Policy Contact Lists Threats and Suspicious Packages Actions and Expenses Log 1 Page 2 2 3 7 7 8 8 9 10 12 1. Aim of the Plan The aim of this plan is to prepare (organisation name) for the effects of an emergency or crisis and enable a recovery process to return to ‘business as usual’. This plan is just a guide and may or may not fit the nature of your business. Sections should be added to this plan or amendments should be made at your own discretion to best meet your needs. 2. Objectives of the Plan To understand the critical functions and activities of the organisation Analyse and respond to potential risks to the organisation Provide a response to a situation affecting business continuity Identify key roles, responsibilities and contacts pertinent to business continuity 2 3. Critical Function Analysis & Recovery Process The details listed within this section have been identified via a risk assessment of the components necessary to run the business. This process will enable contingency arrangements to be made and to aid in the recovery process in the event of an incident affecting the business. Critical Functions and Personnel The following functions have been identified as critical to the day to day running of the business, as have the employees who undertake them and the employees who can cover these roles in their absence: Function/ Task and/or specific training (see examples below) Employee Responsible (Primary) Employee Responsible (Secondary) Fire Warden First Aid Security Asset Management Facilities Management Maintenance Contracts Records/Accounts Management IT Maintenance/Anti-Virus Software Insurance Facilities If the primary business location is not available and secondary locations have been identified/ contracted, they should be listed below: Primary Site Secondary Site Mobile working/ working from home 3 Utilities The following information is useful if utilities fail or need to be switched off: Utility Gas Electric Water Telephone/ Broadband Supplier Details Location of Infrastructure Cut off Valve: Meter: Name: Tel: Website: Emergency Number: 0800 111 999 Name: Tel: Website: Emergency Number: 0800 668 877 Name: Tel: Website: Emergency Number: 0845 717 1100 Name: Tel: Website: Fuse Box: Meter: Stopcock: Meter: Equipment The following equipment has been assessed as essential to the day to day running of the business: Equipment Type I.T. Details/checks/audits in place Telephony Mechanical Vehicle(s) Furniture Other 4 Secondary Arrangements Files/Records The files and records for the business are stored and backed up at: Record Type Employee(s) Primary Store Secondary Store Customer(s) Supplier(s) Accounts Other Suppliers The following list comprises of suppliers critical to day to day business and the secondary arrangements in place should their business fail: Supplier of Primary Supplier Name: Tel: Name: Tel: Name: Tel: Name: Tel: Name: Tel: Name: Tel: Name: Tel: Name: Tel: 5 Secondary Supplier Name: Tel: Name: Tel: Name: Tel: Name: Tel: Name: Tel: Name: Tel: Name: Tel: Name: Tel: Distribution The following list comprises of distributers critical to the logistics of day to day business and the secondary arrangements in place should their business fail: Distributer of Primary Distributer Name: Tel: Name: Tel: Name: Tel: Name: Tel: Name: Tel: Name: Tel: Name: Tel: Name: Tel: Secondary Distributer Name: Tel: Name: Tel: Name: Tel: Name: Tel: Name: Tel: Name: Tel: Name: Tel: Name: Tel: Insurance The business has the following insurance Policies in place: Insurance Policy Covered by Policy: Building Insurer: Tel: Policy Number: Contents/Assets Insurer: Tel: Policy Number: Other Insurer: Tel: Policy Number: 6 4. Emergency Response Checklist In the event of an emergency affecting the business, the following checklist will be used: Fire Alarm/ Evacuation Signal (State what your evacuation signal is – detail/ record fire drill/training in this plan) 2. Coordination of Evacuation (State what your evacuation procedure is - detail/ record fire drill/training in this plan) 3. Exits (State where exits are, how they are marked – would be useful to include a floor plan of the premises) 4. Extinguishers (State where extinguishers are stored and the purpose of the extinguisher – i.e. chemical fires, electrical fires, etc. and who has been trained to use them) 5. Assembly Point (State where your primary and secondary (if applicable) assembly points are and how to get there safely – detail/record fire drill/training in this plan) 6. Roll Call (State how occupants of the building have been recorded (i.e. staff, visitors, contractors, etc.) to allow an accurate roll call to be taken once evacuated.) 7. Key Contacts (State process/arrangements to ensure all employees/ next of kin/others can be contacted in the event of an emergency?) 8. Utilities (State process for shutting off utilities in an emergency, including person(s) responsible) 9. Grab Bag (State location of ‘grab bag’ and responsible employee(s)) 10. Insurance (State process for contacting insurance company(ies)) 11. Responsibility (who is responsible for all of the above actions?) 1. 5. Emergency Pack/ Grab Bag Contents In the event of an emergency/evacuation of the building, it is recommended that a named individual(s) takes a ‘grab bag’ when evacuating the building. This will contain items that will be useful and could potentially safeguard those evacuated. The recommended contents of this bag are as follows: A wind up torch/torch with fresh batteries A mobile phone (only required if evacuees not in possession of own/work phones) A copy of this plan/key contacts list A pen (to check individuals off the roll call list) Clothing items (i.e. waterproof ponchos (something light/easily carried), space blankets for warmth) 7 6. Security/Facilities Management Policy This section should contain the details of your security policy and who is responsible for various tasks. Examples of items to be included are listed below: Building access Thefts Threats to premises End of day inspections (i.e. lights out, equipment switched off, doors and windows locked, etc.) Maintenance checks (i.e. utilities, air conditioning, security system, etc.) 7. I.T. Policy This section should contain the details of your I.T. policy and who is responsible for various tasks. Examples of items to be included are listed below: Induction for employees (i.e. appropriate usage of email/internet) System(s) maintenance Upkeep of anti-virus software Files/information back up Alternative arrangements 8 8. Key Contact List The following list should be reviewed and updated annually and also as changes are notified: Name Employees Home Number Mobile Next of Kin Name Suppliers Office/Site Number Mobile Name Customers Office/Site Number Mobile Utility Type Utilities Number Emergency Number Company Insurers Policy Number Telephone Number 9 9. Threats and Suspicious Packages Upon receipt of a suspect package you must take the following actions: DO NOT MOVE THE OBJECT Ring 999 immediately and notify the Police and follow their instructions The police will need your details – provide all information requested Notify management/security immediately so they are on standby to assist with evacuation If the package is in/near a reception/public area: Arrange to clear the area by directing/escorting visitors away from the vicinity or evacuate them as directed by management/security Place a cordon around the package so that it is easily identified – DO NOT MOVE IT consider access and exits and lock where necessary It is important that the following is also carried out: Manage car park access/egress and ensure the emergency services can easily access Be ready to evacuate! Meet the emergency services as they arrive and relay all available information (service representative who found the package and management/ security). BOMB THREATS STAY CALM LISTEN CAREFULLY If possible, ask the caller the following questions & write down the answers Where is the bomb? When is it going to explode? What does it look like? What will cause it to explode? Did you (the caller) place the bomb? Why? What is your name or organisation? What is your telephone numbers? Record time call completed: Contact the police on 999. Time informed: The following part should be completed once the caller has hung up and the Security Co-ordinator and the police have been informed: Time and date of call: Length of call: Number at which the call was received (i.e. your extension number): 10 AFTER THE CALL Write down the following details. Was the caller male or female? What nationality was the caller? Approximately what age was the caller? Was the caller well spoken, irrational, foul or incoherent? What was the caller’s voice like? Was there any background noise? Tick where appropriate Language Well spoken Irrational Taped message Offensive Incoherent Message ready by threat-maker Background Sounds Street noises House noises Animal noises Crockery Motor Clear Voice Static PA system Booth Music Factory machinery Office machinery Other (specify) Caller’s voice Calm Crying Clearing throat Angry Nasal Slurred Excited Other Remarks Stutter Disguised Slow Lisp Disguised Slow Lisp Accent Type of accent Rapid Deep Hoarse Laughter Familiar If so, whose voice did it sound like? 11 10. Actions and Expenses Log During an emergency it might be useful to keep a record of the actions taken or damage incurred from an early stage. This could be useful for tracking financial impacts and also costs recoverable from insurance policies. Action Undertaken Cost Incurred Damage/Issue Identified Cost Incurred Total 12