Business Continuity and Recovery Plan – a must for any business
Our team will develop a comprehensive business continuity plan based on these guiding principles. We will customize this to needs and outcomes
To develop a Plan and corresponding Business Continuity Policy that provides the organization with comprehensive step by step actions, procedures and authorities for implementing reliable, continuous business operations and effective recovery from a disastrous event or specific business disruption (SBD).
This Plan would apply to all officers, directors, employees, agents and service providers that need to be involved based on the level of disruption.
Plan and Policy Documents:
This plan will be designed to encompass three phases:
- Response Phase – to a specific event that causes, or may cause a significant business disruption.
- Recover Phase – from the significant disruption.
- Resumption of Operations – (at a set level of efficiency) after recovery.
Once developed, a completed policy and procedures document will be developed as a roadmap to be used should such an event occur.
Effective Response Process
This will entail an outline of processes, procedures, resources and activities needed to respond to three levels of disruption; low, medium and high impact. It will include:
- Matching the effective response with the level of SBD.
- Identification of critical systems, including but not limited to service delivery systems, technology, supply chain, logistics, financial, human resources, management and customer service that may be effected by the level of SBD..
- Identification and responsibilities of key personnel and essential back-up personnel for each system.
- Alternate physical location(s) of employees and key personnel identification based on level of SBD.
- Identifying and planning for back-up systems, data backup and recovery activities crucial to response and recovery.
- Identifying and setting up primary and alternative phone, internet, data retrieval records retrieval and other data points as well as access to secure storage centers.
- Assignment of responsibility for the ongoing maintenance of these systems and information. This includes, but is not limited to, a list of document types and forms that are stored at the primary and back-up sites.
- Ensure secure electronic record backups are conducted in the required manner and frequency.
- Ensure capturing of all paper records and lists of essential paper records that are or will be needed are backed-up effectively/electronically.
- Accessibility to secure data points and back-up systems, responsible employees and back-ups.
- Communications process and responsibilities to employees and stakeholders
This will cover time, activities and responsibilities to ensure effective recovery of critical systems. This will depend on a set of objectives (RTOs) set by the organization that provide concrete goals to plan for and test against required deadlines that must be met. This may include:
- Identifying various external factors, surrounding the disruption, that need to be recovered, and the critical infrastructure needed to recover them.
- The recovery of financial information and activities.
- The recovery time and resumption objectives needed to resume business as soon as possible – given the requirements of geographically diverse centers of service or employees – to allow for rapid transfer of work to alternate locations.
- Identifying critical resources needed to continue the operations at a designated level of performance and productivity.
- Ensuring that any alternative communication requirements are implemented in order to keep all stakeholders connected.
Resumption of Operations
This will entail identifying and planning for the resumption of core business activities at the required level to meet the primary business objectives of the organization. Once the recovery period is operational and moving towards a resumption timeframe, the organization’s plan will encompass how to move effectively from recovery to resumption of business; ensuring the health and safety of all stakeholders.
This will depend on the severity of the disruption, but the plan should focus on resumption of core business activities; after a medium to high disruptive event (such as Covid-19) that may, or will have caused severe risks to the organization and its stakeholders.
The level of resumption of core business activities will depend on many factors and people in and about the organization. It will depend on the identification and attainment of key resources, key financial and critical infrastructure requirements, critical management requirements and the ability to maintain and achieve desired business competencies and programs.