Вы находитесь на странице: 1из 77

Template BIA : Business Impact Analysis

4. Impact Over Time, Recovery Objectives and Priority (Template BIA 3-4)

a. Business Function

Business Function is referred to as the business process carried out by the


Business Unit.
b. Business Function Code

The code that the will be allocated to the business function.

c. Impact Over Time

Based on the Impact Rating Descriptor (Table BIA 3-1 : Descriptor for Impact
Rating and Impact Area), indicate the degree of impact to the organization that will
be caused buy the unavaibility of this business function at the respective time frames
after taken into consideration the worst case situation of both the financial and non-
financial impacts. This will be based on a scale of 1 to 5 and the impactdescriptor
illustrated in Table BIA 3-1.
d. Recovery Time Objective (RTO)

The period of time within which systems, applications, or functions must be


recovered after a disruption has occurred. For the conduct of this business impact
analysis, the RTO is the point in time where the impact reaches a 3 that warrants a
disaster declaration by the crisis management team.
e. Recovery Point Objective (RPO)

The point in time before a disaster to which system and data must be covered to.

f. Maximum Tolerable Period of Disruption (MTPD)

The Maximum Tolerable Period of Disruption (MTPD) is the time it would take for
adverse impacts, which might arise as a result of not providing aproduct/service or
performing a functio, to become unacceptable. For the conduct of this Business
Impact Analysis, the MTPD stands for the point in time where the impact reaches a
5.
g. Vulnerable Periods

Estimate and explain when the function is most critical or vulnerable? E.g. during
a particular day of the week/ Week of the month/ Month of the year.

Page 17 of 87
Template BIA : Business Impact Analysis

Template BIA 3-4 : Impact Over Time, Recovery Objectives and Priority (Risk Impact page 6 over time)

The first “5”

Business Impact Over Time MTPD Vulnerable


Business Function 4 8 1 2 3 5 7 10 14 21 30 60 90 (Day) Periods
Function Code hrs hrs day days days days days days days days days days days RTO RPO
(4-a) (4-b) (4-c) (4-d) (4-e) (4-f) (4-g)

Business
Functions
(eg.Consumer 7 Every end
creatif) 2 2 2 2 3 4 5 5 5 5 5 5 5 4 days 1 day days of month

Page 18 of 87
Template BIA : Business Impact Analysis

5. Inter-dependencies (Template BIA 3-5)


a. Business Function

Business Function is referred to as the business process carried out by the


Business Unit.
b. Business Function Code

The code that the will be allocated to the business function.

c. Name of Business Unit (Internal Dependency) or Vendor/Supplier/Outsource


Partner (External Dependency) {X}
The internal business unit or external vendor, supplier or outsource partner that
each business function has a dependency with.
d. Type of Dependency

The various types of dependencies that each business function may have as below :

X is Upstream to the business function


X is downstream from the business function
X has mutual dependency with the business function

e. Description on Nature of Dependency


Indicate the nature of dependency and flow of information/ transaction, i.e. hardcopy
report, faxes and emails between business units and external parties for each
business fuction. Examples are :
Customer is Upstream to Sales for order confirmation via email or fax.
Payroll outsourced vendor and HR has Mutual Dependency on payroll
processing as HR, will provide monthly payroll changes via email and
payroll data on thumb drive via manual dispatch to outsourced vendor,
subsequently outsourced vendor will confirm completion of payroll data
processing via email and return processed payroll data back to HR on thumb
drive via manual dispatch.
Citibank is downstream from HR as HR will provide monthly payroll release
instructions via email and the processed data on thumb drive vial manual
dispatch

Page 19 of 87
Template BIA : Business Impact Analysis
Template BIA 3-5 : Inter- dependencies
Type of Dependency
{X} is Upstream to the
Name of Business Unit (Internal Dependency) Business function. Description on Nature of
Business Function Business or Vendor/Supplier/Outsource Partner {X} is Downstream from Dependency
Function (External Dependency). the Business Function.
Code {X} has mutual dependency
{X} with the business function
(5-a) (5-b) (5-c) (5-d) (5-e)
* NOTE :
Upstream (people who depend on us)
Downstream (people who are dependent on us)

Page 20 of 87
Template BIA : Business Impact Analysis

6. Vital Records (Template BIA 3-6)

a. Business Function

Business Function is referred to as the business process carried out by the


Business Unit.
b. Business Function Code

The code that the will be allocated to the business function.

c. Description of Vital Records

Description of critical physical records and original document in hard and/or


softcopy that are required to support each business function, e.g. company license,
board meeting minutes, signed tender document, signed contract / MOU / SLA,
signed employment letter, approved critical reports, approved BCP and IT DRP,
company letter head, cheque book, insurance policy, backup tape, system emergency
ID / password, application license key, SOP, inventory/stock card, and etc.
d. Media Type

Identification of media type e.g. document, disk, tape, report, forms, microfiche, etc.

e. Location

Identification of the storage location of records onsite and at the offsite


backup storage.
f. In Whose Care

The person who is responsible to maintain or keep the vital records.

Template BIA 3-6 : Vital Records

Business
Business Function Description of Vital Media Location (onsite/offsite
Function Code Records Type storage) In Whose Care
(6-a) (6-b) (6-c) (6-d) (6-e) (6-f)

If records held with an offsite storage contractor, give contact details here. It will be
necessary to have a service level agreement to ensure that you can access them out of office
hours.
Name of Contractor Contact Name IN-hours' phone OUT-hours'phone

Page 21 of 87
Name of Business Unit : Date of Submission :

Name of Business Unit


BCM Coordinator : Signature :

Name of Head of BU : Signature :

1. Preventive Options and Justifications (Template BCS 4-1)

This template is to be filled up by the Organisation BCM Coordinator to assess Preventive


Options against the identified threats with residual risks not fully mitigated in the RA stage,
as residual risks are more organisational relevant, thus should be treated at the
organisational level.

a. Threat with Residual Risk

Please refer to Template RA 2-2 : Risk Likelihood, Rating, Level, Treatment and
Controls to retrieve the threats remain with residual risks not fully mitigated in the Risk
Assessment (RA) stage.

b. Treatment of Residual Risk

Risk Treatment is the selection and implementation of appropriate options for dealing
with risk. The risk treatment measures stated here is to address the residual unmitigated
risk derived from the RA stage. The Risk Treatment measures include Risk :
 Avoidance
 Reduction
 Transference
Refer to Table RA 2-5 : Description for Risk Treatment Measures for detailed
description of risk treatment measures.

c. Summary of Preventive Options


A summary of the preventive options that are being considered may include but not
limited to the following options :
1. Buy insurance (buy insurance is a preventive option, whilst claim insurance is a
recovery option).
2. Install fire detection / suppression devices.
3. Install monitoring and intruder detection devices.
4. Implement safety protocols.
5. Provide basic security awareness and training for staff.
6. Move to higher gound or safer place; and/or
7. Outsource selected activities to third party (while retaining accountability).
Template BCS : Business Continuity Strategy

d. Proventive Options Selected and Justification (Set of Criterion)

Which are the preferred preventive options and explain why were they selected over the
other alternative. The considerations may include but not limited to as below :
1. Build-out cost
2. Maintenance effort / cost
3. Availability of support personnel, high skill set and competency level
4. Readiness of facilities and/or resources availability
5. Urgency or safety requirements
6. Elevated awareness
7. Risk avoidance or removal; and/or
8. Costs of prevention options vs.estimated benefits.
Note :
1. As threats are site specific, if an organisation has business units operating in
multiple sites, the organisation BCM Coordinator shall perform this assessment for
respective site where they have a presence.

Page 23 of 87
Business Continuity Strategy Template

Template BCS 4-1 : Preventive Options and Justifications (for Organisation BCM Coordinator only)

Threat with Residual Risk


Treatment of Residual Risk Summary of Additional Preventive Options (if any) Preventive Options Selected and Justification
(Site Name : ________ )
(1-a) (1-b) (1-c) (1-d)

Page 24 of 87
Business Continuity Strategy Template

2. Recovery Options and Justifications (Template BCS 4-2)


Recovery Options are to be assessed for critical business functions, as only critical business
functions need to be recovered during a crisis/disaster.
a. Business Function

Business Function is referred to as the business process carried out by the


Business Unit.
b. Business Function Code

The code that the will be allocated to the business function. E.g Human Resources –
Payroll Processing will be HR-01 and Human Resources – Recruitment will be HR-
2. Finance – Accounts payable will be FIN-01, Finance – Accounts Receivable
will be FIN- 02.
c. Recovery Time Objective (RTO)

The RTO is the maximum acceptable length of time that can elapse before the
unavailability of a business function severely impacts the organization. Refer to
Business Impact Analysis Template to retrieve the RTOs that have been defined in
the Business Impact Analysis stage.
d. Recovery Point Objective (RPO)

The point in time before a disaster to which system and data must be covered.
Refer to Business Impact Analysis Template to retrieve the RPOs that have been
defined in the Business Impact Analysis stage.
e. Recovery Priority

Recovery priority must be defined for critical business functions operating in the
same site according to their RTO hierarchy.
If a business unit has critical business function operating in multiple sites,
recovery priority will be defined at site specific level not business unit level.
f. Summary of Recovery Options

A summary of the recovery options that are being considered may include but
not limited to the following options :
8. Do nothing

9. Provide degrade services

10. Close shop

Page 25 of 87
Business Continuity Strategy Template

11. Claim insurance

12. Appy manual process

13. Suspend function temporarily

14. Work from alternate site

15. Work from home

16. Work from another office (local/overseas)

17. Standby at home

18. Transfer function/outsource

19. A combination of the above

g. Recovery Options Selected and Justification (Set of Criterion)

Which are the preferred recovery options and explain why were they selected over
the other alternative. The considerations may include but not limited to as below :
9. Build-out cost

10. Maintenance effort / cost

11. Availability of support personnel, high skill set and competency level

12. Readiness of facilities and / or resources availability

13. RTO or SLA requirements

14. Costs of recovery options vs.estimated benefits.

Note :
1. If a business unit has business functions operating in multiple site, the Recovery
Options and Justifications are to be assessed for respective site where they have a
presence in order to provide a business unit consolidated view.
2. Critical business functions are defined according to the Planning Time Horizon of
the Key Planning Scenario that has been determined in the RA stage.

Page 26 of 87
Business Continuity Strategy Template

Template BCS 4-2 : Recovery Options and Justifications


Business RTO RPO Recovery Priority By Recovery Options Selected and
Business Function Code
Function Summary of Recovery Options
(days) (days) Site Justification
(2-a) (2-b) (2-c) (2-d) (2-e) (2-f) (2-g)
Site 1 :

Site 2 :

Page 27 of 87
Business Continuity Strategy Template

3. Minimum Resources Required for Critical Business Functions During a


Disaster (Template BCS 2-3)
This template is used to assess minimum resoursed required to recover this business unit’s
critical business functions during a disaster.
Minimum Recovery Resources are established for critical business functions, as only
critical business functions shall be recovered during a disaster.
a. Business Function Code

The code that the will be allocated to the business function. E.g Human Resources – Payroll
Processing will be HR-01 and Human Resources – Recruitment will be HR-02. Finance –
Accounts payable will be FIN-01, Finance – Accounts Receivable will be FIN- 02.

b. Skill Set

State the skills, experience, education and qualification required to perform this critical
business functions (CBF).

c. Selected Recovery Options

The preferred recovery options selected for this critical business function.

d. Recovery Time Objective (RTO)

The period of time within which the CBF must be recovered, and so as its supporting
resources such as staff, systems, applications, or equipment after a disruption has occurred.

Indicate another RTO if certain number of resources could be recovered at a different


timeline, as not all recovery resources must be recovered at the same RTO as the CBF’s.

e. Number of Staff

Indicate the minimum number of staff required to perform the CBF at a specific RTO.

f. Number of Seats

Indicate the minimum number of staff required to perform the CBF at an offsite location.
Offsite location may include alternate site, displacement site, and business centre.

g. Number of Telephones

Page 28 of 87
Business Continuity Strategy Template

Indicate the minimum number of telephones (fixed line) required to continue the CBF at a
specific RTO.

h. Number of PCs

Indicate the minimum number of PCs required to perform the CBF at a specific RTO.

i. Commercial Software

Software that is readily available on the open market. E.g.MS Office, Photoshop.

j. Application/ Systems

Specific applications or systems required for the business process. E.g. SAP, CRM, shared
point.

k. External Info System or Service

External information system and service that is subscribed to E.g.Reuters,


Bloomberg,Abacus.

l. Other Resources or Special Equipment

Other office equipment and electronic devices required but not listed above. E.g. Digital
Camera, company stamp, walkie talkie, all-in-one printer/fax/copier/scanner machine.

m. Site 1

State office building’s name where this business unit has critical business functions operate.

n. Site 1 Rationalized Total

This is a ratonalized total for site 1 rather than a cumulative otal after taking into
consideration that resources could be shared among multiple functions within the same site.

o. Site 2

If this business unit has critical functions operate in more than one office building, state
name of the 2nd office building where it has a presence.

p. Site 2 Rationalized Total

Page 29 of 87
Business Continuity Strategy Template

This is a rationalized total for site 2.

q. Grand Total

This is a rationalized total at business unit level in consideration of all critical business
functions’ recovery requirements from multiple sites.

If this business unit has critical functions operate in 2 sites, e.g. Site 1 and Site 2,
considerations should be given as below :

1. If both sites locate in the same disaster zone,i.e.both are subject to the same threat
as they are in the same flood or earthquate zone or in the same power grid or telecom.
Exchange, the Grand Total would be a cumulative total of both sites’s total.

2. If both sites are not in the same disaster zone, thus are not subject to the same
threat, the Grand Total shall be the highest number of each site.

Note :

1. Resources required for recovering non-critical business functions will only be established
during the Extended Planning stage if the organization’s Top Management decides to
recover certain non-critical business functions due to adjustment on recovery priority or
they detect the disaster time period may last longer than the original planning time horizon
of the Key Planning Scenario.

Page 30 of 87
Business Continuity Strategy Template

Template BCS 4-3 : Minimum Resources Required for Critical Business Functions During a Disaster

Minimum Recovery Resources


Business Selected Commercial External
Function Skill Recovery RTO No of No Of No Of No Of Software on Info System
Code Set Options Staff Seat Tel PCs PC (state or Service
(Min (Min (Min (Min Name & Qty Application/System (Name & Other Resources or Special Equipment
Qty) Qty) Qty) Qty) of Software) (Name & Qty) Qty) (Name & Qty)
(3-a) (3-b) (3-c) (3-d) (3-e) (3-f) (3-g) (3-h) (3-i) (3-j) (3-k) (3-l)
Site 1 (State Building Name) (3-m) :
Work from
XXX-1 home
Work from
alternate site
Work from IT
DR site
Transfer
function to
another office
Standby at
home
Work from
XXX-2 home
Work from
alternate site
Work from IT
DR site
Transfer
function to
another office
Standby at
home
Page 31 of 87
Business Continuity Strategy Template

Minimum Recovery Resources


Business Selected Commercial External Info
Function Skill Recovery RTO No of No Of Software on System or
Code Set Options Staff Seat No Of No Of PC (state Service
(Min (Min Tel (Min PCs (Min Name & Qty Application/System (Name & Other Resources or Special Equipment
Qty) Qty) Qty) Qty) of Software) (Name & Qty) Qty) (Name & Qty)
(3-a) (3-b) (3-c) (3-d) (3-e) (3-f) (3-g) (3-h) (3-i) (3-j) (3-k) (3-l)
Site 1 Rationalized Total (3-n) :
Site 1 (State Building Name) (3-o) :
Work from
XXX-3 home
Work from
alternate site
Work from IT
DR site
Transfer
function to
another office
Standby
at home
Site 2 Rationalized Total (3-p) :
GRAND TOTAL
(Business Unit Rationalized) (3-q)

Page 32 of 87
Template PD 5-1 : Business Unit Business Continuity Plan

(INSERT ORGANISATION LOGO)

(INSERT ORGANISATION NAME)


CONFIDENTIAL

(INSERT BUSINESS UNIT NAME)


BUSINESS CONTINUITY PLAN

Project ID : ABC/2015/XYZ
Date :

Version :

Page 33 of 87
Template PD 5-1 : Business Unit Business Continuity Plan

Revision History

Revision Amendments Updated By Date

<insert full name>

Business Unit BCM


Coordinator (BUC)

Page 34 of 87
Template PD 5-1 : Business Unit Business Continuity Plan

Table of Contents
PART C : BUSINESS UNIT RECOVERY PROCEDURES

Annex 1 : GRAB LIST

Annex 2 : SALVAGE AND RESTORATION LIST

Annex 3A : Business Unit Call Procedures

Annex 3B : Business Unit Call Tree

Annex 4A : Status Report (Immediate Response)

Annex 4B : Status Report (RTO)

Annex 4C : Status Report (Resumption)

Annex 4D : Status Report (Restoration)

Annex 5 : Alternate Site Layout and Equipment List

Annex 6 : Checklist of Recovery Resources amd Vital Records

Annex 7 : Key Contacts (Internal and External)

Annex 8 : Procedures of Manual Process

Annex 9 : Service Level Agreement (SLA)

Annex 10 : Inter-dependencies

Annex 11 : Distribution and Approval

Page 35 of 87
Template PD 5-1 : Business Unit Business Continuity Plan

PART C : BUSINESS UNIT RECOVERY PROCEDURES


These procedures describe the activities to be performed by each Business Unit during BCP
activation. These activities will be executed until normal business operations can be resumed.
Primary and Alternate team members are to be assigned and listed below against their
responsible tasks. Only critical Business Functions are to be recovered / resumed after plan
activation, whilst all business functions including the non-critical ones must be restored during
return to normal operations.

BUSINESS UNIT RECOVERY PROCEDURES WHO ?


Team Members
WHAT function to be
recovered ? (Function Code
and Name of Critical Business
Functions)

PRE- CRISIS PREPARATION

HOW? (elaborate in detail the


action steps)

IMMEDIATE RESPONSE

HOW? (elaborate in detail the


action steps)

Page 36 of 87
Template PD 5-1 : Business Unit Business Continuity Plan

BUSINESS UNIT RECOVERY PROCEDURES WHO ?


Team Members
RECOVERY / RESUMPTION

Within T + ( ) Hours
T = the point in time when disaster strikes
HOW? (elaborate in detail the
action steps)

Within T + ( ) Days

HOW? (elaborate in detail the


action steps)

Within T + ( ) Days

HOW? (elaborate in detail the


action steps)

Page 37 of 87
Template PD 5-1 : Business Unit Business Continuity Plan

BUSINESS UNIT RECOVERY PROCEDURES WHO ?


Team Members
RESTORATION AND RETURN

WHAT function to be restored


? (Function Code and Name of
ALL Functions)

HOW? (elaborate in detail the


action steps)

Page 38 of 87
Template PD 5-1 : Business Unit Business Continuity Plan

ANNEX 1 : GRAB LIST


1. The items to be included in this list are those which must be taken during an evacuation.
The items must relate to business needs and can be hand-carried from the office to the
evacuation assembly point.
2. Each BUC is to appoint minimum two staff to be responsible for the grab list.

No Description Person Responsible Physical Location


of Item

Page 39 of 87
Template PD 5-1 : Business Unit Business Continuity Plan

ANNEX 2 : SALVAGE AND RESTORATION LIST


1. The items to be included in this list are those which should be recovered from the
primary location after re-entry to the site is permitted. If salvages is not possible, proceed
to restore the item.
2. The retrieval of items on the salvage list from the primary location is the responsibility of
the Salvage and Restoration Team (SRT).

No Description Person Responsible Physical Location


of Item

Page 40 of 87
Template PD 5-1 : Business Unit Business Continuity Plan

Annex 3A : Business Unit Call Procedures

1. Call Procedures
1.1. Instructions

1.1.1. These procedures are to be used as a guide when notifying staff of BCP activation
and the action to be taken.
1.1.2. No one person should call more than 6 names. By keeping each call to less than 3
minutes, 40 people can be contacted in less than 30 minutes.
1.2. Upon Activation, the BUC is to contact his or her Head of BU, and proceed to activating
the other staff in the business unit call tree.
1.3. If person called is available, relay the following information :

1.3.1. Disaster status

1.3.2. Action to be taken :

(a) Stand by until contacted with further instructions OR

(b) Report to (location) at (time) and bring Staff ID and Security Access Card.

1.3.3. Emphasize that the situation should not be publicized.

1.4. If person called is not available, leave a message for the person to return call. Call the
next person that this person is assigned to notify. If leaving a message is not possible, call
back every minutes.
1.5. If person remains uncontactable for 20 minutes, report list of uncontactable persons to
your BUC.
1.6. The BUC will then complete and return the Status Report (Annex 4A) to the Command
Centre.

Page 41 of 87
Template PD 5-1 : Business Unit Business Continuity Plan

ANNEX 3B : Business Unit Call Tree

< Insert Business Unit Call Tree >

Page 42 of 87
Template PD 5-1 : Business Unit Business Continuity Plan

Annex 4A : Status Report (Immediate Response)

Reported By :

Business Unit : Date :

Contact Telephone : Time :

This is to be sent to the Business Continuity Manager at the Command Centre (Fax:
+XX XXXX-XXXX). Please report on the following :

1. Evacuation from office premises (office hours activation)

2. The business unit call tree (non-office hours activation)

(Please list down the names of uncontactable staff)

3. Initial activation of business unit recovery procedures.

4. Any other issues. Please state if you need assistance from the Command
Centre.

Page 43 of 87
Template PD 5-1 : Business Unit Business Continuity Plan

Annex 4B : Status Report (at RTO)

Reported By :

Business Unit : Date :

Contact Telephone : Time :

This is to be sent to the Business Continuity Manager at the Command Centre (Fax:
+XX XXXX-XXXX). Please report on the following :

1. Any problems faced in relocating to the offsite office ?

2. Problems with facilities, equipment or materials in the offsite office (e.g.


equipment shortfall or unserviceability)

3. Any other issues. Please state if you need assistance from the Command
Centre.

Page 44 of 87
Template PD 5-1 : Business Unit Business Continuity Plan

Annex 4C : Status Report (Resumption)

Reported By :

Business Unit : Date :

Contact Telephone : Time :

This is to be sent to the Business Continuity Manager at the Command Centre (Fax:
+XX XXXX-XXXX). Please report on the following :

1. Any problems faced in continuing operations at the offsite office ?

2. Any problems in external liaison, e.g.with counter parties or vendors?

3. Any other issues. Please state if you need assistance from the Command
Centre.

Page 45 of 87
Template PD 5-1 : Business Unit Business Continuity Plan

Annex 4D : Status Report (Restoration)

Reported By :

Business Unit : Date :

Contact Telephone : Time :

This is to be sent to the Business Continuity Manager at the Command Centre (Fax:
+XX XXXX-XXXX). Please report on the following :

1. Any problems faced in returning home to the main office ?

2. Any problems with re-input of the backlogged and lost transactions ?

3. Any other issues. Please state if you need assistance from the Command
Centre.

Page 46 of 87
Template PD 5-1 : Business Unit Business Continuity Plan

Annex 5 : Alternate Site Layout and Equipment List

<Insert Alternate Site Layout and Detailed Equipment List>

Page 47 of 87
Template PD 5-1 : Business Unit Business Continuity Plan

Annex 6 : Checklist of Recovery Resources and Vital Records


1. This is a recovery resources checklist of the facilites (e.g.desks, chairs, phone lines),
equipment (e.g.PCs, laptops, copiers, fax machines), materials (e.g. manuals, stationeries)
and vital records (e.g cheque book, forms, deal tickets) that need to be on hand in order to
continue operations at the offsite office during a disaster.

2. BUCs are to coordinate with the Organisation BCM Coordinator on the business unit
requirements and ensure that all items listed here will be available at the offsite office.
Changes to the business unit’s requirements must be relayed to the Organisation BCM
Coordinator as part of the annual plan review exercise.

3. For equipment that is not present at the alternate site when required, please contact the
Organisation BCM coordinator.

Page 48 of 87
Template PD 5-1 : Business Unit Business Continuity Plan

Quantity
To be Person Tick if present during a disaster.
Location
Item Name delivered responsible for If not, contact Org BCM
Physically available at Alternate Site or during a the delivery (alternate/home) Coordinator
Home (from the designed RTO and onward) disaster
T+4 hrs T+1 day T+3 days T+7 days T+1day
Staff
Seat
PC
Laptop
Telephone (fixed line)
Internet
Multipurpose
Fax/printer/copier/scanner

Systems and Applications

Page 49 of 87
Template PD 5-1 : Business Unit Business Continuity Plan

Quantity
To be Person Tick if present during a disaster.
Location
Item Name delivered responsible for If not, contact Org BCM
Physically available at Alternate Site or during a the delivery (alternate/home) Coordinator
Home (from the designed RTO and onward) disaster
T+4 hrs T+1 day T+3 days T+7 days T+1day

Special Equipment

Stationeries

Vital Records
<to retrieve the information from BIA template>

Page 50 of 87
Template PD 5-1 : Business Unit Business Continuity Plan

Annex 7 : Key Contacts (Internal and External)


This table is to record contacts of emergency services, staff (all staff in this business unit),
internal parties (headquarter, IT, HR, Facilities, admin supports, organisation BCM Coordinator,
etc), customers, suppliers and contractors.

Name of Person and Organisation Tel No. After Office Tel No. Fax No. Email
Emergency Services
Fire / Police Emergency 999
Ambulance 995
Ambulance – private
Hospital – public
Hospital – private
Insurance
Taxi
Van
Staff

Internal Parties

Customers

Suppliers / Contractors / Service Providers

External Parties

Page 51 of 87
Template PD 5-1 : Business Unit Business Continuity Plan

Annex 8 : Procedures of Manual Process

Page 52 of 87
Template PD 5-1 : Business Unit Business Continuity Plan

Annex 9 : Service Level Agreement (SLA) for Recovery Support

Page 53 of 87
Template PD 5-1 : Business Unit Business Continuity Plan

Annex 10 : Internal and External Inter-dependencies

<to retrieve the information from BIA template>

Page 54 of 87
Template PD 5-2 : Corporate Business Continuity Plan

Annex 11 : Distribution and Approval


1. DISTRIBUTION

1.1. This plan is to be distributed as follows :

1.1.1. Business Unit BCM Coordinator (2 copies)

One at office Copy 1 of 8

One at alternate site Copy 2 of 8

1.1.2. Alt Business Unit BCM Coordinator (2 copies)

One at office Copy 3 of 8

One at alternate site Copy 4 of 8

1.1.3. Head of Business Unit (2 copies)

One at the office Copy 5 of 8

One at the offsite office Copy 6 of 8

1.1.4. Organisation BCM Coordinator (2 copies)

One at the office Copy 7 of 8

One at the offsite office Copy 8 of 8

Note : All plan holders must discard all obsolete copies upon receipt of the latest version.

2. Signoff

Plan Updated By :
Signature of Business Unit BCM
Coordinator <insert full name here>
(Name of Business Unit BCM Coordinator)
Date :
Signature of Business Unit BCM
Coordinator <insert full name here>
(Name of Business Unit BCM Coordinator)
Plan Approved By :
Signature of Business Unit BCM
Coordinator <insert full name here>
(Name of Business Unit BCM Coordinator)

Date :
Page 55 of 87
Template PD 5-2 : Corporate Business Continuity Plan

(INSERT ORGANISATION LOGO)

(INSERT ORGANISATION NAME)


CONFIDENTIAL

(CORPORATE)
BUSINESS CONTINUITY PLAN

Project ID : GMH/ABC/2012/DEF
Date :

Version :

Page 56 of 87
Template PD 5-2 : Corporate Business Continuity Plan

Revision History

Revision Amendments Updated By Date


<insert full name here>
(Name of Organisation
BCM Coordinator)

Page 57 of 87
Template PD 5-2 : Corporate Business Continuity Plan

Table of Contents

PART A : INTRODUCTION
1. How to use the Business Continuity Plan

2. Planning Scenarios and Assumptions

3. Scope

4. Exemptions

5. Extended Planning

6. Communication with External Parties

7. Location of Alternate Site and BCP Command Centre

8. Alternate Site Layout and Equipment List

9. BCP Command Centre Layout and Equipment List

10. Alternate Site and BCP Command Centre Activation and Deactivation Procedures, and list
of Authorised Personnel
11. Location of Evacuation Assembly Points

11.1 Primary Assembly Points

11.2 Alternate Assembly Points (if wet weather)

12. Corporate Call Tree

13. BC Plan Execution Team Structure

14. Other Emergency Response and Crisis Management Related Procedures

15. Amendments

PART B : CORPORATE CRISIS PROCEDURES


1. Sequential Flowchart

2. Overall Incident Response and Recovery Timeline

3. Detailed Procedures

Distribution and Approval

Page 58 of 87
Template PD 5-2 : Corporate Business Continuity Plan

PART A : INTRODUCTION

1. How to use the Business Continuity Plan

1.1. Business Continuity Plan (BC Plan) is written for the Business Unit (BU) BCM
Coordinator or BUC and the Alternate Business Unit BCM Coordinator (Alt BUC). In
the event that the Business Continuity Plan (BC Plan) is activated, the BUC or the Alt
BUC (if the BUC is not available) is to follow the procedures in this manual.
1.2. BC Plan is divided into two levels, i.e. Corporate and Business Unit. Corporate BC Plan
contains two parts,i.e. Part A is the introduction to the BC Plan, and Part B sets out the
sequential immediate response procedures to be undertaken upon activation for the entire
organisation. Information in both Part A and Part B are compiled by the Organisation
BCM Coordinator (BCP Manager).
In the event of a disaster, each BUC or the Alt BUC is to refer to Part B and follow
through with the procedures that he or she is responsible for.
1.3. Part C is then Business Unit BC Plan which sets out the recovery procedures to be
undertaken upon activation by the business unit. This section of BC Plan is compiled by
the BUC or Alt BUC. In the event of a disaster, each BUC, appointed Recovery Team
Laeader and the Recovery Team members are to refer to Part C and follow through with
the business unit’s procedures that he or she is responsible for.
2. Planning Scenarios and Assumptions

2.1 Business disruptions to ABC’s business critical functions could arise from the
following scenarios :
 Unavailable of or inaccessible to the primary office (including fire,
building collapse, bomb scare, power failure or pandemic outbreak, etc.)
 Data centre outage

 Absence of key staff

 Human or operational errors

2.2 Business disruptions to ABC’s Critical Business Functions are defined based on
the following Key Planning Scenario and assumptions.
 “Operations will be disrupted, and/or access to the ABC’s office will be denied
for a period of up to seven (7) calender days”.
 Only critical business functions will be accorded priority for restoration.

 Alternate site will be used to continue business continuity activitiesfor


critical business functions.
Page 59 of 87
Template PD 5-2 : Corporate Business Continuity Plan

3. Scope

3.1 The scope of this business continuity plan (BCP) includes ABC’s business unit operated
at the following office :

<Insert office address>

ABC’s business units not located at the above office will be out of scope of this project.

4. Exemptions

4.1 This BC Plan EXCLUDES the planned activities under national level emergency
planning.
5. Extended Planning

5.1 Should the crisis be projected to exceed 7 days , extended planning will commence
after day 2 or 3.
6. Communication with External Parties

6.1 At all stages of a crisis, Organisation BCM Coordinator (BCP Manager) must be
consulted before any information pertaining to the crisis in conveyed to external parties,
e.g.journalists, vendors, members of the public.
7. Location of Alternate Site and BCP Command Centre

7.1 The Alternate Site and BCP Command Centre will be located in the following location :

 Alternate Site (see Section 8 for layout and equipment list)

<Insert address, tel and fax number, route and map to alternate site>

 BCP Command Centre {Aka Emergency Operation Centre (EOC), see section 9
for layout and equioment list}.
<Insert address, tel and fax number, route and map to Command Centre>

Page 60 of 87
Template PD 5-2 : Corporate Business Continuity Plan

8. Alternate Site Layout and Equipment List

Page 61 of 87
Template PD 5-2 : Corporate Business Continuity Plan

9. BCP Command Centre Layout and Equipment List

Page 62 of 87
Template PD 5-2 : Corporate Business Continuity Plan

10. Alternate Site and BCP Command Centre Activation and Deactivation
Procedures, and List of Authorised Personnel.

Page 63 of 87
Template PD 5-2 : Corporate Business Continuity Plan

11. Location of Evacuation Assembly Points


11.1 Primary Assembly Point

<Insert address, route and map to assembly point>

11.2 Alternate Assembly Point (if wet weather)

<Insert address, route and map to assembly point>

Page 64 of 87
Template PD 5-1 : Corporate Business Continuity Plan

12. Corporate Call Tree


During a crisis, the Command Centre will active the following corporate call tree. Subsequently, each Head of Business Unit is to activate
his or her business unit’s call tree (please refer to Part C – Annex 3B).

<Insert Corporate Call Tree>

Page 65 of 87
Template PD 5-1 : Corporate Business Continuity Plan

13. BC Plan Execution Team Structure

Page 66 of 87
Template PD 5-1 : Corporate Business Continuity Plan

14. Other Emergency Response and Crisis Management Related Procedures


Refer to ABC’s Emergency Response Plan (ERP), Crisis Management Plan (CMP) and Crisis
Communication Plan (CCP) where applicablefor details of the below-listed actions :
1. Emergency Response and Evacuation (to retrieve the ERP from the facility Management
or Estate Manager)
a. Emergency Response Team Structure and Roles and Responsibilities

2. Crisis Management (refer to CMP)

a. Crisis Management Team Structure and Roles and Responsibilities

3. Incident Notification and Monitoring (refer to CMP for incident notification flow chart
and hotline)
4. Activation Criteria (refer to CMP for impact levels and activation criteria in relation to
incident detection, disaster declaration and plan activation).
5. Impact and Damage Assessment (refer to CMP for damage assessment
procedures/checklist).
a. Damage Assessment Team Structure and Roles and Responsibilities

6. Salvage and Restoration (refer to CMP for damage assessment procedures/checklist).

a. Salvage and Restoration Team Structure and Roles and Responsibilities

7. Crisis Communication (refer to CCP, which shall cover employees, their relatives, key
interested parties, media, emergency contacts, emergency authorities, regulators).
a. Crisis Communication Team Structure and Roles and Responsibilities

b. Media communication should include :

i. Preferred interface with the media

ii. Guideline or template for drafting a statement for the media

iii. Appropriate spokespeople

iv. A communication strategy

c. Communication Centre Layout and Equipment List (where applicable) – (refer to


CCP)

Page 67 of 87
Template PD 5-1 : Corporate Business Continuity Plan

15. Amendments
15.1 Any amendments to Parts A and B of this plan has to be made through the
Organisation BCM Coordinator.
15.2 BUCs may amend the Annexes in this corporate plan, subject to their Heads of
Business Units’approval. The signing off for amendments is in Annex.
15.3 A copy of each amended Annex is to be sent to the Organisation BCM
Coordinator.

Page 68 of 87
Template PD 5-1 : Corporate Business Continuity Plan

PART B : CORPORATE CRISIS PROCEDURES


1. Sequential Flowchart

Page 69 of 87
Template PD 5-1 : Corporate Business Continuity Plan

2. Overall Incident Response and Recovery Timeline


The below-listed timeline should be amended corresponding to ABC’s overal timeline
for incident response and recovery operations.

Page 70 of 87
Template PD 5-1 : Corporate Business Continuity Plan

3. Detailed Procedures
3.1 The following table shows the detailed procedures for each part of the flowchart shown
in paragraph 1.
3.2 Tasks to be performed by the BUCs/Alt BUCs are in bold.

Task Person
Ref. Tasks Responsible Document Annex
PRE-CRISIS (PREPARATION)
Update Corporate and business unit Business Org BCM
Continuity (BC) Plan on a nnual basis or upon Coordinator/ Corporate & BU BC
A01 major changes BUCs/Alt.BUCs Paln -
Annex
A02 Store vital records at offiste storage facilities BUCs/Alt.BUCs Vital Records 7
Org BCM
Agree Vital Records Retrieval SLA with offsite Coordinator/ Annex
A03 storage vendor BUCs/Alt.BUCs SLA 10
Alternate
Pre-arrange with vendors for delivery of additional Site/Command
equipment to Alternate Site/Command Centre Centre Equipment Annex
A04 during a crisis Admin/IT List 5&6
Agree Alternate Site/Command Centre Setup and Org BCM Annex
A05 support SLA with relevant parties Coordinator SLA 10
Familiarize business unit staf with BU BC Plan
A06 contents BUCs/Alt.BUCs BU BC Plan -
Familiarize business unit staf with procedures for Manual Process Annex
A07 manual process, if any BUCs/Alt.BUCs Procedures 9
Check and ensure facilities and equipment in
Alternate site are adequate to support business Alternate Site Annex
A08 requirements BUCs/Alt.BUCs Equipment List 5
Check and ensure facilities and equipment in Org BCM Command Centre Annex
A09 Command Centre are operational. Coordinator Equipment List 6
Pre-arrange transportation for staff relocation
during emergency with relevant vendors (where Annex
A10 necessary and applicable) Admin SLA 10

Page 71 of 87
Template PD 5-1 : Corporate Business Continuity Plan

Task Person
Ref. Tasks Responsible Document Annex
CRISIS OCCURS
IMMEDIATE RESPONSE
During Office Hours
B01 Evacuate all staff if needed Fire Wardens Fire Evacuation Plan
Remind staff during the evacuation to retrieve Annex
B02 items under the ‘Grab List’ BUCs/Alt.BUCs Grab List 1
Assemble at Primary Assembly Point <insert Part A
address>. If wet weather, evacuate to Alternate Evacuation –
B03 Assembly Point <insert address> All Staff Assembly Points No.6
B04 Check premises for full evacuation Fire Wardens - -
Conduct roll call at Assembly point to ensure
B05 everyone is out of the building Fire Wardens -
Organisation BCM
Coordinator/ CMT
B06 Active damage assessment team (DAT) Leader
Assess damage of premises by Damage Damage Assessment
B07 Assessment team (DAT) DAT Checklist -
Organisation BCM Part A
Activate Corporate Call Tree Notification to Coordinator/ CMT –
B08 convene CMT Leader Corporate Call Tree No.7
Organisation BCM
Declare disaster and activate corporate BC Plan/ Coordinator/ CMT Part A
B09 Alternate Site Leader Corporate BC Plan &B
Liaise with Corp Comm to release statements on
crisis situation to key stakeholders, e.g.media,
customers, shared holders, public, staff,etc.as
B10 necessary CMT
Activate Business Unit Call Tree notification and
BC Plan, and advise recovery team to arrive Annex
B11 alternate site by <time> hour. BUCs/Alt.BUCs BU Call Tree 3
Salvage & Annex
B12 Perform salvage and restoration if possible SRT Restoration List 2
Arrange transfer/storage/treatment of salvaged
B13 items SRT
Review actions to be taken for
B14 repair/renovation/restoration SRT
Annex
B15 Report status to Command Centre periodically BUCs/Alt.BUCs Status Report 4A

Page 72 of 87
Template PD 5-1 : Corporate Business Continuity Plan

Task Person
Ref. Tasks Responsible Document Annex
Outside Office Hours
Command Centre /
Notify Organisation BCM Coordinator when crisis Fire Command
BB01 occurs to primary office Centre - -
Organisation BCM
Notify Crisis Management Team (CMT) Leader of Coordinator/ CMT
BB02 crisis Leader - -
Organisation BCM
Coordinator/ CMT
BB03 Activate Damage Assessment Team (DAT) Leader - -
Damage Assessment
BB04 Assess damage of premises DAT Checklist -
Organisation BCM Part
Activate Corporate Call Tree Notification to Coordinator/ CMT A-
BB05 convene CMT Leader Corporate Call Tree No.7
Organisation BCM
Declare disaster and activate Corporate BC Coordinator/ CMT Part A
BB06 Plan/Alternate Site Leader Corporate BC Plan &B
Liaise with Corp Comm to release statements on
crisis situation to key stakeholders, e.g.media,
customers, shared holders, public, staff,etc.as
BB07 necessary CMT
Activate Business Unit Call Tree notification and
BC Plan, and advise recovery team to arrive
alternate site by <time> hour. Non-recovery team Business Unit Call Annex
BB08 to stay at home and await further instructions BUCs/Alt.BUCs Tree 3
If staff arrive at office and observe that they are
denied access to the building, they will gather at
Primary Assembly Point at <insert address>. If wet Part
weather, gather at Alternate Assembly Point at Individual staff Evacuation A-
BB09 <insert address> and await for instructions. members Assembly Points No.6
BB10 Activate the Business Unit BC Plan BUCs/Alt.BUCs BU BC Plan Part C
Salvage & Annex
BB11 Perform salvage and restoration if possible SRT Restoration List 2
Arrange transfer/storage/treatment of salvaged
BB12 items. SRT
Arrange transfer/storage/treatment of salvaged
itemsAActivate transportaion arrangement with
relevant vendors where necessary to relocate Organisation BCM Part A
BB13 recovery teams to the alternate work locations. Coordinator Corporate BC Plan &B
Review actions to be taken for
BB14 reapir/renovation/restoration SRT
Annex
BB15 Report status to Command Centre periodically BUCs/Alt.BUCs Status Report 4A

Page 73 of 87
Template PD 5-1 : Corporate Business Continuity Plan

Task Person
Ref. Tasks Responsible Document Annex
RECOVERY AND RESUMPTION
Advise phone company to route office phone lines
C01 to alternate site. Admin/IT
Display a notice at the primary office giving
C02 directions to the Alternate Site. Admin
Coordinate any necessary transportation
C03 requirements if needed Admin
Arrange Mail Routing with courier/mail services to
C04 the alternate site Admin
Alternate Site Part A
C05 Recovery team occupy Alternate Site BUCs/Alt.BUCs Address –No.5
CMT occupy Command Centre and be ready to Part A
C06 operate CMT/IT –No.5
Facilities,
Check that all facilities, equipment and materials Equipment, and Annex
C07 are available in the Alternate Site BUCs/Alt.BUCs Materials Inventory 5
Equipment Inventory
Active delivery of equipment to Alternate Site if & Vendor Contact
C08 needed IT/Admin Team List -
Re-input backlogged, lost transaction and manual
C09 data BUCs/Alt.BUCs
Notify all business partners, customers and Annex
C10 suppliers of relocation of business operations BUCs/Alt.BUCs Key Contact List 8
Liaise with Corp Comm to release statements on
crisis situation to key stakeholders, e.g.media,
customers, shared holders, public, staff,etc.as
C11 necessary CMT
Annex
3B or
C12 Report status to Command Centre periodically BUCs/Alt.BUC Status Report 3C
RESTORATION AND RETURN
Restore primary office to ensure facilities, office
and IT equipment are operational once decision for Admin / Facilities
D01 restoration is made by CMT. / IT - -
Organisation BCM
D02 Brief BUCs to restore normal operations Coordinator - -
D03 Check and verify primary office, facilities BUCs/Alt.BUCs

Page 74 of 87
Template PD 5-1 : Corporate Business Continuity Plan

Task Person
Ref. Tasks Responsible Document Annex
Implement System restoration and data
E04 synchronization procedures IT Team IT DRP -
Check and verify all recovery data have loaded
E05 back to production systems BUCs/Alt.BUCs - -
Advise phone company to route office phone lines
E06 to alternate site Admin/IT
E07 Advise all staff to return to primary office BUCs/Alt.BUCs
Restore business functions in the primary office by
batches and ensure parallel run on both the primary Org BCM
and backup site for a period of 7 days before Coordinator /
E08 complete fallback to normal mode of operations BUCs/Alt.BUCs
Annex
E09 Report status to Command Centre periodically BUCs/Alt.BUCs Status Report 3D
E10 Re-commence normal mode of operations BUCs/Alt.BUCs - -
Announce closure of alternate site and stand down CMT Leader/ Org
E11 CMT BCM Coordinator

Liaise with Corp Comm to release statements on


crisis situation to key stakeholders, e.g.media,
customers, shared holders, public, staff,etc.as
E12 necessary CMT
Notify all business partners, customers and Annex
E13 suppliers of return to normal operations BUCs/Alt.BUCs Key Contact List 8

Page 75 of 87
Template PD 5-1 : Corporate Business Continuity Plan

Distribution and Approval

1. DISTRIBUTION

1.1 This plan is to be distributed as follows :

1.1.1 All Business Unit BCM Coordinators

1.1.2 All Alternate Business Unit BCM Coordinators

1.1.3 All Business Unit Heads

1.1.4 All Crisis Management Team Members

1.1.5 Primary and Alternate Organisation BCM Coordinators

Note : All plan holders must discard all obsolete copies upon receipt of the latest version

2. SIGNOFF

Plan Updated By :
Signature of Business Unit BCM Coordinator

<insert full name here>


(Name of Business Unit BCM Coordinator)

Date :
Signature of Business Unit BCM Coordinator

<insert full name here>


(Name of Business Unit BCM Coordinator)

Plan Approved By :
Signature of Business Unit BCM Coordinator

<insert full name here>


(Name of Business Unit BCM Coordinator)

Date :

Page 76 of 87
Template TE : Testing and Exercising

Template TE 6-1 : Design Profile

The “Design Profile” template is used t describe how the test or exercise will be conducted,
the resources required, and the necessary documentation.

Exercise Information
Objective
Type of Exercise
Scope
Scenario
Elements to be tested
Plans
People
Infrastructure (IT,
Facilities) Resources
Success Criteria
Pre-Conditions
Participants
Internal
External
Conduct of Exercise
Date
Time of Exercise (start and end time)
Duration
Location
Frequency
Mandatory
Desirable
Notice/Warning Requirement
Briefing of Participants
Write Exercise Plan
Budget for Exercise
Controllers
Documentation / Post Exercise Actions
Exercise Report
Post Exercise Actin Plan and Tracking
Supporting Document

Page 77 of 87
Template TE : Testing and Exercising

Template TE 6-2 : Design Profile for Call Notification Test

The design profile will describe how the exercise will be conducted, the resources required,
and the necessary documentation.

Exercise Information
Exercise staff notification procedures contained in plan (s)
Objective and validate accuracy of staff contact details.
Type of Exercise Telephone Contact
Scope All business units located in the primary office
Scenario A disaster occurs after office hour
Elements to be tested
Plans Yes
People Yes
Infrastructure (IT, Facilities) No
Resources Home telephone or personal mobile phone
( ) % successful contact to all staff located in the primary
office with return acknowledgement received in ( ) hour /
Success Criteria minutes
All staff maintains out-of-hour contacts with the
Pre-Conditions organisation
Participants
Internal Yes
External No
Conduct of Exercise
Date TBA
Time of Exercise (start and end
time) TBA
Duration Maximum 2 hours
Location Anywhere could make the call
Frequency
Mandatory Once a year
Desirable After each key staff movement
Notice/Warning Requirement None except for the first exercise
Briefing of Participants None except for the first exercise
Write Exercise Plan No, only requires Call Tree
Budget for Exercise None
Controllers Name (1), Name (2),etc
Documentation / Post Exercise Actions
Exercise Report Call NotificationLog and Call Notification Summary Report
Post Exercise Actin Plan and
Tracking Will be included if re-test is required
Call Notification Log and Call Notification Summary
Supporting Document Report. Page 78 of 87
Template TE : Testing and Exercising

Template TE 6-3 : Design Profile for Walkthrough Exercise

The design profile will describe how the exercise will be conducted, the resources required,
and the necessary documentation.

Exercise Information
Confirm the feasibility of the business unit’s recovery
Objective procedures without invoking recovery resources.
Type of Exercise One-to-one walkthrough of the approach to recovery
Scope All business units located in the primary office
Scenario TBA
Elements to be tested
Plans Yes
People Yes
Infrastructure (IT, Facilities) No
Resources No
There should be NO disagreement between controller and
Success Criteria Business Unit Representatives
The Plan has been developed and must have been agreed by
Pre-Conditions both BU Representative and his/her Business Unit Head.
Participants
Internal Yes
External No
Conduct of Exercise
Date
Time of Exercise (start and end TBA
time) (at a pre-arranged time during office hours)
Duration Maximum 2 hours
Location TBA
Frequency
Mandatory Once a year
Desirable After each review
Notice/Warning Requirement Yes
Briefing of Participants Yes – short intouction prior to the exercise
Write Exercise Plan No
Budget for Exercise No
Controllers TBA
Documentation / Post Exercise Actions
Exercise Report Walkthrough Exercise Critique Form as attached
Post Exercise Actin Plan and Tracking Will be included if follow-up or corrective action is required
Supporting Document Walkthrough Exercise Critique Form as attached

Page 79 of 87
Template TE : Testing and Exercising

Template TE 6-4 : Call Notification Log

This template can be used to record the result of a call notification test for a section in a business
unit. This log should be signed by the Caller and be sent to the BUC for consolidation and record.

Call Notification Log


Bussiness Unit
Name of BU
BCM Coordinator
(BUC)
Contacted By (the
Caller)
Signature
Date/Time of Log
Message

Time first Time last Via which channel? (SMS,


contact Contact email, phone call, voice Contactable Uncontactable
Staff Name made made message) (Yes/No) / Reason

Total No.Of Staff in this call tree :


No.of staff contactable :
No.of staff uncontactable :

Page 80 of 87
Template TE : Testing and Exercising

Template TE 6-5 : Business Unit Call Notification Test Summary Report

Name of BU : Date of Test : Name of BU BCM Coordinator (BUC) : Signature / Date :


SUCCESS CRITERIA
Start & End Time of Test : Name of Head of BU : Signature/ Date
% of Staff contacted in Minutes
Time Last
Name of Contact Contactable Uncontactable Reason for
Staff Time First Contact Made Made (Yes/No) (Yes/No Uncotactable Re-test Required? Remarks

IMPORTANT

This report is to be compiled by the BUC and should be signed off by the BUC and the Head of BU. One copy should be retained in the
BU BCM testing file and the other copy sent to the Organisation BCM Coordinator.

Page 81 of 87
Template TE : Testing and Exercising

Template TE 6-6 : Organization Call Notification Test Summary Report


Name of Organisation : Date of Test : Name of Organisation BCM Coordinator : Signature / Date :
SUCCESS CRITERIA
Start & End Time of Test : Name of Head of Organisation : Signature/ Date
% of Staff contacted in Minutes
Total Total No Of
Name of No.of Staff Staff Total No.Of Staff % of BU
BU Name of BUC in BU Contactable Uncontactable Contactability Re-test Required? Remarks

Organisation Total No.of BU Total No. Total No Of Total No.Of Staff % of BU Re-test Required? Remarks
Summary Of Staff in Staff Uncontactable Contactability
Organisati Contactable
on

IMPORTANT

This report is to be compiled by the Organisation BCM Coordinator and should be signed off by the Organisation BCM Coordinator and
the Head of Organisation. This report should be retained in the Organisation BCM testing file .

Page 82 of 87
Template TE : Testing and Exercising

Template TE 6-7a : Walkthrough Exercise Critique Form

This template can be used to report the performance during the conduct of a walkthrough
exercise and identify areass of improvement. This from must be signed off by the BUC and the
Head of BU. One copy should be retained in the BU BCM testing file, the other copy sent to the
Organisation BCM Coordinator.

Business Unit (BU)

BU BCM Coordinator (BUC)

Signature / Date

Head of BU

Signature / Date

General Comments

Phase 1 : Pre-Crisis

Observations (what did well, what did not go so well) Recommended Actions for Improvement

Amendments to Plan

Phase 2 : Immediate Response (when disaster occurs)

Observations (what did well, what did not go so well) Recommended Actions for Improvement

Page 83 of 87
Template TE : Testing and Exercising

Template TE 6-7b : Walkthrough Exercise Critique Form

Amendments to Plan

Phase 3 : Recovery and Resumption (elaborate according to critical function’s RTO)

Observations (what did well, what did not go so well) Recommended Actions for Improvement

Amendments to Plan

Phase 4: Return to Normal Operations

Observations (what did well, what did not go so well) Recommended Actions for Improvement

Amendments to Plan

Suggestions for the next exercise/test

Page 84 of 87
Template TE : Testing and Exercising

Template TE 6-8 : Post Exercise Action Plans

This template can be used to record and track the completion status of the recommended actions identified for the walkthrough exercise or the
call notification test. This document should be signed off the by Organisation BCM Coordinator and the Head of Organisation, and kept in the
Organisation BCM testing file.

Summary of Recommended Action Action Owner / Business Unit Action Due Date Completion Status (Completed/ In Remarks
Progress / Overdue)

Name of Organisation BCM Coordinator : Name of Head of Organization :

Signed / Date : .......................................................... Signed / Date : ..................................................

Page 85 of 87
Template TE : Testing and Exercising

Template TE 6-9a : Overall Test and Exercise Schedule

This template can be used to document the entire test and exercise schedule for an organization. This form is developed by the Organisation
BCM Coordinator and must be signed off by the BCM Steering Committee. In order for an organization to constantly upgrade the readiness of
the plan, a series of corporate-wide progressive testing with increasing extent and scope is needed. This template is a sample of this
progressive testing.
Frequency Year 1 Year 2 Year 3
Category of Test (Quarter) 1 2 3 4 1 2 3 4 1 2 3 4

1. Component Tests :
a. Confirm version nad currency of plan
b. Confirm Contactability of staff, suppliers & other contacts
c. Confirm offsite storage vital records retrieval
d. Confirm alternate (recovery) site readiness Each component must be tested
e. Confirm availability of recovery resources, i.e.staff, seat, once During a 12-month period
PC, equipment, systems, data and etc.
f. Test recovery team's knowledge of BU's BC plan, procedures
and roles and responsibilities
g. Confirm accuracy of interdependencies
h. Confirm Internal and external teams' recovery timeline is carried
out according to plan
i. Confirm distribution and approval of plan
Page 86 of 87
Template TE : Testing and Exercising

Template TE 6-9b : Overall Test and Exercise Schedule

Frequency Year 1 Year 2 Year 3


Category of Test
(Quarter) 1 2 3 4 1 2 3 4 1 2 3 4
1. Telephone Notification Call Tree Once, twice or every quarter per year
On Plan Completion, and whenever significant
2. Walk – through changes occur
3. Component Integration (by business unit,
Once per year
application)
Once per year from last component integration
4. Full Integration (alternate site, IT DR site) test
5. Partial Incident Simulation Once per year from last full integration test
6. Full Incident Simulation Once per year from last partial simulation test
As required by applicable BCM regulatory or
7. Live Test Policy requirements

Page 87 of 87

Вам также может понравиться