Patrick Domingues

No one can predict the future; however, you can be ready with a sound business continuity plan. The business continuity checklist is the first step in the BCP process.  The checklist is not an exhaustive list, it is a simple tool that can be used to ensure that the basic BCP process has been initiated and the Division management has considered what needs to be done to keep essential functions operating if an adverse event occurs.  The checklist is somewhat “information centric” as organisation’s reliance on information is increasing and its successful management provides competitive advantage.

Program Initiation and Management (Pre-Planning)

• Establish the need for Business Continuity Program
• Scope of legal and regulatory authority
• BCP Sponsor (Senior Management)
• Business Continuity Steering Committee (5-8 people)
• BCP protects core assets

 

Risk Evaluation and Control (Pre-Planning)

• Prioritize planning and resource allocation
• Identify and mitigate exposures
• Identify the threats, risks and vulnerabilities
• Gather information
• Controls/Safeguards
• Annualized Loss Exposure (Ale) Risk=Frequency x Exposure
• Quantitative and qualitative
• Protecting physical property, information, company reputation
• Risk tolerance and probabilities

 

Business Impact Analysis (Pre-Planning)

• BIA determines critical, time sensitive, prioritized business processes
• Interdependencies of these functions (intradepartmental, interdepartmental and external)
• Establish RTOs (disaster and minimum acceptable level) and RPOs (last good data)
• Plan and coordinate data gathering and analysis
• Questionnaires
• Financial impact, customer impact, legal impact, regulatory impact
• Disruption<RTO
• Disaster >RTO
• Vital records management
• Data backup strategies
• Prepare and present BIA

 

Developing Business Continuity Strategies (Planning)

• Assess strategies, maximum recovery impact in RTO window
• Support services/resources needed
• Alternate strategies  (combo, displacement, alternate site, work from home)
• Cost (advantages and disadvantages)
• Develop a cost/benefit analysis
• Other requirements

 

Emergency Preparedness and Response (Planning)

• Types of emergencies
• Tactical and strategic planning
• Evacuation/SIP
• Facility stabilization
• Identify and review existing emergency response procedures
• Life safety
• Command and control
• ICS
• Crisis management
• Notification and protocols

 

Developing and Implementing Business Plans (Planning)

• Types of plans (crisis mgt, COOP, DRP, ERP, BCP, etc)
• Introduction, policy statements, scope, assumptions, essential business functions and processes)
• BCP structure (base plan)
• Checklists
• Disaster recovery management
• Critical continuity functions
• Human resource responsibilities
• Recovery communications
• Insurance/Emergency funds
• Plan implementation
• Plan distribution

 

Awareness and Training Programs (Post-Planning)

• Importance of BCP
• Awareness activities
• Training activities
• Audience needs
• Delivery tools

 

Business Continuity Plan Exercise, Audit, and Maintenance (Post-Planning)

• Exercise and test the plan
• Tabletop, walkthrough, backup, integrated, comprehensive, standalone, call trees, line of business, facilities)
• Timeline
• AAR/IP
• Maintain BCP
• Establish an audit process

 

Crisis Communications (Post-Planning)

• Sources of communication
• Methods of communication
• Internal vs. external
• Stakeholders
• Media and role of spokesperson
• Key messaging
• Crisis communication plan

 

Coordination with External Agencies (Post-Planning)

• Identify and establish the organizational emergency management procedures
• Coordination with external agencies
• Current laws and regulations
• ICS

Business Continuity Checklist :MITIGATION PLANNING CHECKLISTS

Mitigation Planning

Generic planning tasks (please add other business specific actions points)	Completed Y/N
Identify minimum resource requirements
Identify critical supplies – Ensure sufficient stocks are in place, source alternative suppliers and product
Contact critical suppliers to identify whether they have contingency plans in place.
Use more than one supplier, on a regular basis, for all critical services and materials
Identify interdependencies between other businesses, business units, services and organisations, to ensure service delivery can be maintained
Identify tasks that support business critical functions
Identify all business critical services and tasks that must continue during a disruptive event
Consider the impact of greater demand on the critical services you provide and the plan to manage the increased workload, if appropriate
Determine the potential impact of a disruptive event such as Influenza pandemic, on your business related travel

 

Staff Issues (please add other business specific actions points)	Completed Y/N
Identify key members of staff in critical roles
Prepare a skills matrix to identify transferable skills
Provide and maintain cross-training
Document operational procedures for all tasks supporting a critical service to enable tasks to be undertaken by other staff

 

Staff Issues – home-working	Completed Y/N
Identify which staff could operate from home
Test home-working arrangements
Check Human Resources working at home policy
Maintain staff contact details including home/mobile phone numbers and e-mail addresses
Liaise with IT Services regarding IT requirements Hardware, Software, instructions, training etc.
Prepare Matrix of IT critical equipment requirements in emergency for Critical Tasks/Critical Users

 

Document Management	Completed Y/N
Liaise with IT Services to set up shared directories for access to key documents. Prepare table of detail of directories
Ensure key documents are stored in shared directories. Prepare list of key documents

 

E-Mail Management	Completed Y/N
Liaise with IT Services to set up shared Outlook mailboxes for critical user groups. Prepare table of detail of shared mailboxes
Where appropriate set up secondary user access to personal Outlook mailboxes. Prepare table of detail of secondary users
Establish routine of sending e-mails/copies to shared Outlook mailboxes

Communications	Completed Y/N
Collate and create mobile telephone directory

 

Service planning tasks	Completed Y/N
Identify services which could be stopped or reduced during a disruption
Identify staff from non critical task areas who could act as temporary support cover to assist in critical task areas
Identify how internal resources could be reallocated to ensure those activities connected to critical tasks are maintained during a disruptive event

Business Continuity Checklist: RESPONSE ACTIONS

Plan Checklists of Initial Actions for each high risk threat (complete a checklist for each high risk threat)

Response Checklists

Loss of Staff (Temporary/Permanent)	Completed Y/N
Staff illnessStaff absence due to illness of dependent children/closure of schoolsLoss of large numbers of staff   Loss of small numbers of key staff (managers/specialists) Industrial action.
Liaise with Human Resources
Review staffing arrangements
Appropriate managers and staff to be re-deployed from other areas as required
Staff temporarily re-deployed  – cover by agency staff if appropriate
For industrial action – Human Resources to provide strategic guidance for managers

 

 

 

 

 

 

 

 

Influenza Pandemic	Completed Y/N
Consider the impact of greater demand on the critical services you provide and plan to manage the increased workload if appropriate
Determine the potential impact of the pandemic on your business-related travel
Consider planning for the use of audio or video conferencing as alternatives to traveling/attending meetings to reduce person-to-person contact
Forecast potential employee absence during a pandemic. For InfluenzaPandemic planning purposes, the estimated worst case scenario is for a cumulative clinical attack rate of 50% of the population over 15 weeks for each phase.

 

Damage to premises	Completed Y/N
Liaise with the Council building control department  regarding dangerous structures, if appropriate
Notify utility companies (e.g. gas, water, electricity, telecommunications)
Consider impact on staff and public health and safety e.g.   Loss of electrical power affecting fire detection and alarms, lighting, emergency lighting, heating, swipe card access, intruder alarms/security Loss of water supply affecting catering, sanitation, e.g. toilets and hand washing facilities etc
If structure is dangerous, take advice and reasonable action to remove/reduce immediate danger to staff and the public. Action may include:   Barricade off Arrange for repair Removal of the hazard if appropriate. Scaffolding or shoring to make the building safe until permanent work can be arranged may have to be organised Have the premises secured to prevent unauthorised access
Identify alternative premises if required
Contact your IT department regarding implications for IT and communications infrastructure
Implement arrangements to maintain building security

 

Loss of Premises/Access Denied	Completed Y/N
Identify alternative premises if appropriate.
Notify staff:Advise of action to take for next working day (e.g. staff for high criticality functions go to alternative location, staff from lower criticality functions call in for further information)
Staff may need practical assistance e.g. to get home, obtain spare keys, notify relatives/friends to assist
If you are unable to contact all staff, (e.g. if incident occurs out of working hours) arrange for staff to be met on arrival at site on next working day and advise them what to do and where to go (as above)
Establish staff ‘information line’ number with recorded message of action to take (Use Reception until a dedicated line can be set up and details publicised to staff)

 

Loss of Utility Supply (Gas, Water, Electricity)	Completed Y/N
Contact service provider to establish:   Extent of disruption. Remedial action being taken. Length of time before restoration of service
Consider impact on staff and public health and safety e.g.   Loss of power affecting fire detection and alarms, lighting, emergency lighting, heating, swipe card access/security. Loss of water supply affecting catering, sanitation e.g. toilets and hand washing facilities
Contact your IT department regarding implications for IT and communications infrastructure
Identify alternative premises if necessary

 

Loss of IT and /or Communications	Completed Y/N
Contact your IT department regarding impact on IT and communications infrastructure
Publicise alternative contact details to staff and public
Identify alternative premises if unable to
Prolonged incident consider alternative supply

Loss of Supplier	Completed Y/N
Identify alternative material resources
Identify alternative human resources
Identify alternative service provider

 

• How to Add a Large Disk Partition as Storage in Proxmox VE
• How to Remove Radmin Viewer with PowerShell
• How to Automate Ubuntu Server System Updates and Package Installation
• Introducing Zevonix: Your Pathway to Smarter IT
• How to Remove User Pin with PowerShell