Best Practice Checklist For Business Continuity
No one can predict the future; however, you can be ready with a sound business continuity plan. The business continuity checklist is the first step in the BCP process. The checklist is not an exhaustive list, it is a simple tool that can be used to ensure that the basic BCP process has been initiated and the Division management has considered what needs to be done to keep essential functions operating if an adverse event occurs. The checklist is somewhat “information centric” as organisation’s reliance on information is increasing and its successful management provides competitive advantage.
Program Initiation and Management (Pre-Planning)
- Establish the need for Business Continuity Program
- Scope of legal and regulatory authority
- BCP Sponsor (Senior Management)
- Business Continuity Steering Committee (5-8 people)
- BCP protects core assets
Risk Evaluation and Control (Pre-Planning)
- Prioritize planning and resource allocation
- Identify and mitigate exposures
- Identify the threats, risks and vulnerabilities
- Gather information
- Controls/Safeguards
- Annualized Loss Exposure (Ale) Risk=Frequency x Exposure
- Quantitative and qualitative
- Protecting physical property, information, company reputation
- Risk tolerance and probabilities
Business Impact Analysis (Pre-Planning)
- BIA determines critical, time sensitive, prioritized business processes
- Interdependencies of these functions (intradepartmental, interdepartmental and external)
- Establish RTOs (disaster and minimum acceptable level) and RPOs (last good data)
- Plan and coordinate data gathering and analysis
- Questionnaires
- Financial impact, customer impact, legal impact, regulatory impact
- Disruption<RTO
- Disaster >RTO
- Vital records management
- Data backup strategies
- Prepare and present BIA
Developing Business Continuity Strategies (Planning)
- Assess strategies, maximum recovery impact in RTO window
- Support services/resources needed
- Alternate strategies (combo, displacement, alternate site, work from home)
- Cost (advantages and disadvantages)
- Develop a cost/benefit analysis
- Other requirements
Emergency Preparedness and Response (Planning)
- Types of emergencies
- Tactical and strategic planning
- Evacuation/SIP
- Facility stabilization
- Identify and review existing emergency response procedures
- Life safety
- Command and control
- ICS
- Crisis management
- Notification and protocols
Developing and Implementing Business Plans (Planning)
- Types of plans (crisis mgt, COOP, DRP, ERP, BCP, etc)
- Introduction, policy statements, scope, assumptions, essential business functions and processes)
- BCP structure (base plan)
- Checklists
- Disaster recovery management
- Critical continuity functions
- Human resource responsibilities
- Recovery communications
- Insurance/Emergency funds
- Plan implementation
- Plan distribution
Awareness and Training Programs (Post-Planning)
- Importance of BCP
- Awareness activities
- Training activities
- Audience needs
- Delivery tools
Business Continuity Plan Exercise, Audit, and Maintenance (Post-Planning)
- Exercise and test the plan
- Tabletop, walkthrough, backup, integrated, comprehensive, standalone, call trees, line of business, facilities)
- Timeline
- AAR/IP
- Maintain BCP
- Establish an audit process
Crisis Communications (Post-Planning)
- Sources of communication
- Methods of communication
- Internal vs. external
- Stakeholders
- Media and role of spokesperson
- Key messaging
- Crisis communication plan
Coordination with External Agencies (Post-Planning)
- Identify and establish the organizational emergency management procedures
- Coordination with external agencies
- Current laws and regulations
- ICS
Business Continuity Checklist :MITIGATION PLANNING CHECKLISTS
Mitigation Planning
| Generic planning tasks (please add other business specific actions points) | Completed Y/N |
| Identify minimum resource requirements | |
| Identify critical supplies – Ensure sufficient stocks are in place, source alternative suppliers and product | |
| Contact critical suppliers to identify whether they have contingency plans in place. | |
| Use more than one supplier, on a regular basis, for all critical services and materials | |
| Identify interdependencies between other businesses, business units, services and organisations, to ensure service delivery can be maintained | |
| Identify tasks that support business critical functions | |
| Identify all business critical services and tasks that must continue during a disruptive event | |
| Consider the impact of greater demand on the critical services you provide and the plan to manage the increased workload, if appropriate | |
| Determine the potential impact of a disruptive event such as Influenza pandemic, on your business related travel |
| Staff Issues (please add other business specific actions points) | Completed Y/N |
| Identify key members of staff in critical roles | |
| Prepare a skills matrix to identify transferable skills | |
| Provide and maintain cross-training | |
| Document operational procedures for all tasks supporting a critical service to enable tasks to be undertaken by other staff |
| Staff Issues – home-working | Completed Y/N |
| Identify which staff could operate from home | |
| Test home-working arrangements | |
| Check Human Resources working at home policy | |
| Maintain staff contact details including home/mobile phone numbers and e-mail addresses | |
| Liaise with IT Services regarding IT requirements Hardware, Software, instructions, training etc. | |
| Prepare Matrix of IT critical equipment requirements in emergency for Critical Tasks/Critical Users |
| Document Management | Completed Y/N |
| Liaise with IT Services to set up shared directories for access to key documents. Prepare table of detail of directories | |
| Ensure key documents are stored in shared directories. Prepare list of key documents |
| E-Mail Management | Completed Y/N |
| Liaise with IT Services to set up shared Outlook mailboxes for critical user groups. Prepare table of detail of shared mailboxes | |
| Where appropriate set up secondary user access to personal Outlook mailboxes. Prepare table of detail of secondary users | |
| Establish routine of sending e-mails/copies to shared Outlook mailboxes |
| Communications | Completed Y/N |
| Collate and create mobile telephone directory |
| Service planning tasks | Completed Y/N |
| Identify services which could be stopped or reduced during a disruption | |
| Identify staff from non critical task areas who could act as temporary support cover to assist in critical task areas | |
| Identify how internal resources could be reallocated to ensure those activities connected to critical tasks are maintained during a disruptive event |
Business Continuity Checklist: RESPONSE ACTIONS
Plan Checklists of Initial Actions for each high risk threat (complete a checklist for each high risk threat)
Response Checklists
| Loss of Staff (Temporary/Permanent) | Completed Y/N |
| Staff illnessStaff absence due to illness of dependent children/closure of schoolsLoss of large numbers of staff
Loss of small numbers of key staff (managers/specialists) Industrial action. |
|
| Liaise with Human Resources | |
| Review staffing arrangements | |
| Appropriate managers and staff to be re-deployed from other areas as required | |
| Staff temporarily re-deployed – cover by agency staff if appropriate | |
| For industrial action – Human Resources to provide strategic guidance for managers |
| Influenza Pandemic | Completed Y/N |
| Consider the impact of greater demand on the critical services you provide and plan to manage the increased workload if appropriate | |
| Determine the potential impact of the pandemic on your business-related travel | |
| Consider planning for the use of audio or video conferencing as alternatives to traveling/attending meetings to reduce person-to-person contact | |
| Forecast potential employee absence during a pandemic. For InfluenzaPandemic planning purposes, the estimated worst case scenario is for a cumulative clinical attack rate of 50% of the population over 15 weeks for each phase. |
| Damage to premises | Completed Y/N |
| Liaise with the Council building control department regarding dangerous structures, if appropriate | |
| Notify utility companies (e.g. gas, water, electricity, telecommunications) | |
| Consider impact on staff and public health and safety e.g.
|
|
| If structure is dangerous, take advice and reasonable action to remove/reduce immediate danger to staff and the public. Action may include:
|
|
| Identify alternative premises if required | |
| Contact your IT department regarding implications for IT and communications infrastructure | |
| Implement arrangements to maintain building security |
| Loss of Premises/Access Denied | Completed Y/N |
| Identify alternative premises if appropriate. | |
| Notify staff:Advise of action to take for next working day (e.g. staff for high criticality functions go to alternative location, staff from lower criticality functions call in for further information) | |
| Staff may need practical assistance e.g. to get home, obtain spare keys, notify relatives/friends to assist | |
| If you are unable to contact all staff, (e.g. if incident occurs out of working hours) arrange for staff to be met on arrival at site on next working day and advise them what to do and where to go (as above) | |
| Establish staff ‘information line’ number with recorded message of action to take (Use Reception until a dedicated line can be set up and details publicised to staff) |
| Loss of IT and /or Communications | Completed Y/N |
| Contact your IT department regarding impact on IT and communications infrastructure | |
| Publicise alternative contact details to staff and public | |
| Identify alternative premises if unable to | |
| Prolonged incident consider alternative supply |
| Loss of Supplier | Completed Y/N |
| Identify alternative material resources | |
| Identify alternative human resources | |
| Identify alternative service provider |
Loading ...
Informative piece on the why and what of business continuity and how to go about the same…
http://www.wings2i.com