Scribd
Upload
66 views8 pages

Business Continuity Plan (Insert Classification)

Uploaded by

MedHelmi
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
66 views8 pages

Business Continuity Plan (Insert Classification)

Uploaded by

MedHelmi
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 8

Business Continuity Plan

[Insert Classification]

[Insert Company Logo Here]

Business Continuity
Plan

© NT Business Consulting & Training

Document Classification [Insert Classification]


Document Reference ISMS-Doc-A17-2
Version 1
Dated [Insert Date]
Document Author [Insert Name]
Document Owner [Insert Name/Role]

Version 1 Page 1 of 8 [Insert Date]


Business Continuity Plan
[Insert Classification]

Revision History

Version Date Revision Author Summary of Changes

Distribution

Name Title

Approval

Name Position Signature Date

Version 1 Page 2 of 8 [Insert Date]


Business Continuity Plan
[Insert Classification]

Contents

1 Plan Purpose and Scope .................................................................................................................... 5


2 Plan Objectives................................................................................................................................... 6
3 Activation Criteria and Procedures ................................................................................................... 7
3.1 As Part of The Incident Response Procedure ................................................................................ 7
3.2 Localised Activation........................................................................................................................ 7
3.3 Activation Procedure...................................................................................................................... 7
4 Implementation Procedure ............................................................................................................... 9
4.1 Overview ......................................................................................................................................... 9
4.2 Recovery Checklists ...................................................................................................................... 10
4.2.1 Business Team Recovery Checklist ...................................................................................... 10
4.2.2 IT Recovery Team Checklist ................................................................................................. 11
5 Roles, Responsibilities and Authorities .......................................................................................... 12
5.1 IT Recovery Team ......................................................................................................................... 12
5.2 Business Recovery Team .............................................................................................................. 12
6 Communication Requirements and Procedures ............................................................................. 14
6.1 Communication Procedures ......................................................................................................... 14
6.1.1 Means of Communication ................................................................................................... 14
6.1.2 Communication Guidelines ................................................................................................. 14
6.1.3 Internal Communication ...................................................................................................... 15
6.1.4 External Communication ..................................................................................................... 15
6.1.5 Communication with The Media ......................................................................................... 15
7 Internal and External Interdependencies and Interactions ........................................................... 16
8 Resource Requirements................................................................................................................... 17
9 Information Flow and Documentation Processes .......................................................................... 18
10 Restoration of Normal Service ........................................................................................................ 19
10.1 Restoration to Normal Service Checklists ................................................................................... 19
10.1.1 Business Team Checklist ...................................................................................................... 19
10.1.2 IT Team Checklist ................................................................................................................. 20
11 Appendix A: Plan Activation Contact Sheet .................................................................................... 21
12 Appendix B: Blank Activity Logging Form ....................................................................................... 22
13 Appendix C: Blank Message Logging Form ..................................................................................... 23
14 Appendix D: Internal Contact Telephone Numbers ....................................................................... 24

Version 1 Page 3 of 8 [Insert Date]


Business Continuity Plan
[Insert Classification]

15 Appendix E: Useful External Contacts ............................................................................................ 25


16 Appendix F: The Phonetic Alphabet ................................................................................................ 26

List of Tables

Table 1 Business Team Recovery Checklist……………………………………………………………………………………………10

Table 2 IT Recovery Team Checklist………………………………………………………………………………………………………11

Table 3 IT Recovery Team Members…………………………………………………………………………………………………….12

Table 4 Business Recovery Team Members………………………………………………………………………………………….12

Table 5 Plan Interdependencies………………………………………………………………………………………………………….16

Table 6 Plan External Interactions……………………………………………………………………………………………………….16

Table 7 Plan Resource Requirements………………………………………………………………………………………………….17

Table 8 Business Team Restoration to Normal Service Checklist…………………………………………………………….19

Table 9 IT Team Restoration to Normal Service Checklist……………………………………………………………………20

Version 1 Page 4 of 8 [Insert Date]


Business Continuity Plan
[Insert Classification]

1 Plan Purpose and Scope

This document sets out a detailed plan to provide business continuity in the following situation:

A disruptive incident has occurred that significantly affects the major IT systems of [Organization Name]
making them unavailable to users. This may be due to hardware or software failure, loss of power,
physical damage or some other reason.

The purpose of this plan is to recover the IT systems at an alternative location and to provide user access
to them.

The procedures set out in this document should be used only as guidance when responding to an
incident. The exact nature of an incident and its impact cannot be predicted with any degree of certainty
and so it is important that a good degree of common sense is used when deciding the actions to take.

However, it is intended that the plan set out here will prove useful in allowing the correct actions to be
taken more quickly and based on more accurate information.

All members of staff named in this document will be given a copy which they must have available when
required.

Contact details will be checked and updated at least three times a year. Changes to contact or other
relevant details that occur outside of these scheduled checks should be sent to
[email protected] as soon as possible after the change has occurred.

All personal information collected as part of the business continuity process and contained in this
document will be used purely for the purposes of business continuity planning and is subject to relevant
data protection legislation.

Version 1 Page 5 of 8 [Insert Date]


Business Continuity Plan
[Insert Classification]

2 Plan Objectives

The objectives of this business continuity plan are to:

• Recover the IT systems at an alternative location within a Response Time Objective of 48 hours

• Ensure that business operations can continue in limited form until IT systems are restored

• Provide a detailed description of how [Organization Name] will respond to a disruptive incident
affecting the IT systems covered by this plan

• Ensure that information security controls always remain in place to protect classified information

• Set out who will respond to an incident and how the service continuity plan will be activated

• Describe the facilities that are in place to help with the implementation of the plan

• Define how decisions will be taken regarding our response to an incident

• Explain how communication within the organization and with external parties will be handled

• Provide contact details for key people and external agencies and suppliers

• Define what will happen once the incident is resolved, and the team is stood down

Version 1 Page 6 of 8 [Insert Date]


Business Continuity Plan
[Insert Classification]

3 Activation Criteria and Procedures

There are two main scenarios in which this plan may be activated:

1. In response to a major disruptive incident that has resulted in the organization's Incident
Response Procedure being activated

2. As a recovery for a smaller, more localised event which although not serious enough to result in
activation of the Incident Response Procedure, requires action to address its impact

3.1 As Part of The Incident Response Procedure

Notice will be received from the Incident Response Team ORT) by telephone to the main plan owner (or
deputy) if this plan is required to be activated. This will depend upon the incident that has occurred and
the scope of its effects.

It is likely that this plan will be one of several that will be activated and co-ordination across the various
plans will be needed.

3.2 Localised Activation

It will be up to the main plan owner (or deputy) to request of top management that the plan be activated
and to inform them once this has been done.

3.3 Activation Procedure

Once the decision has been taken to activate the plan, the plan owner (or deputy) will contact the
members of the recovery team using the contact details at Appendix A. They will then be made aware of
the nature of the incident and asked to assemble at the primary location specified below.

[Enter the address of the primary assembly location]

If the primary location is unavailable, the plan owner will request that the team assemble at the
alternative location specified below.

[Enter the address of the alternative assembly location]

An initial briefing will then be held at which the plan owner will:

• Explain why the plan has been activated

• Describe the impact of the incident

Version 1 Page 7 of 8 [Insert Date]


Business Continuity Plan
[Insert Classification]

• Outline what needs to be achieved by the team

• Allocate tasks according to the checklists detailed in the plan

• Address any questions the team may have

• Set out the method and frequency of communication within the team

Version 1 Page 8 of 8 [Insert Date]

You might also like