Purpose

This plan outlines the strategies and procedures for maintaining business operations and recovering from a disaster or significant disruption. It aims to minimize the impact on our operations, employees, and customers.

Scope

This plan applies to all business functions, critical operations, technology systems, and personnel.

Definitions

– Business Continuity (BC): Procedures and instructions an organisation must follow in the face of disaster to continue business operations.
– Disaster Recovery (DR): Specific steps taken to resume operations in the aftermath of a catastrophic natural disaster or a man-made event.
– Recovery Time Objective (RTO): The targeted duration of time within which a business process must be restored after a disaster to avoid unacceptable consequences.
– Recovery Point Objective (RPO): The maximum tolerable period in which data might be lost due to a major incident.

Responsibilities

– BCDR Committee: Oversee the development and implementation of the BCDR plan.
– IT Department: Responsible for data backup, system recovery, and technology infrastructure.
– Department Heads: Ensure their teams are prepared and trained for business continuity and disaster recovery.

Business Continuity Plan

1. Risk Assessment and Impact Analysis
  • 1.1. Conduct a thorough risk assessment to identify potential threats and vulnerabilities.
  • 1.2. Perform a business impact analysis to determine the criticality of business functions and processes.
2. Strategy Development
  • 2.1. Develop strategies for maintaining operations during short-term and long-term disruptions.
  • 2.2. Include alternative business practices, remote work options, and resource requirements.
3. Plan Development and Documentation
  • 3.1. Document specific procedures for maintaining critical operations during a disruption.
  • 3.2. Assign roles and responsibilities for executing the BC plan.
4. Communication Plan
  • 4.1. Establish a communication strategy to keep employees, stakeholders, and customers informed during a disruption.
  • 4.2. Include emergency contact information, communication channels, and protocols.

Disaster Recovery Plan

1. IT Infrastructure and Data Backup
  • 1.1. Implement regular backups of all critical data and systems.
  • 1.2. Store backups in a secure, offsite location.
2. Recovery Procedures
  • 2.1. Document detailed procedures for restoring IT systems and data.
  • 2.2. Establish RTO and RPO for each critical system and process.
3. Alternate Site
  • 3.1. Identify an alternate site for business operations if the primary site is unavailable.
  • 3.2. Ensure the alternate site is equipped with necessary resources and technology.

Testing and Maintenance

1. Regular Testing
  • 1.1. Test the BC and DR plans at least bi-annually.
  • 1.2. Conduct different types of tests, including tabletop exercises, simulation tests, and full-scale drills.
2. Plan Review and Update
  • 2.1. Review and update the plans annually or after any significant change in business operations or technology.
  • 2.2. Document all changes and communicate them to relevant parties.

Recovery Objectives

– RTO: Aim for an RTO of 4 hours for critical systems and 24 hours for non-critical systems.
– RPO: Maintain an RPO of 24 hours for critical data and 72 hours for non-critical data.

Compliance

Non-compliance with this plan may result in increased risk and impact during a disruption.

Documentation and Records

Maintain documentation of all BC and DR activities, including test results, plan updates, and training records.

Revision History

Document revisions must be reviewed and approved by the BCDR Committee.

This BCDR plan is crucial for ensuring the resilience of our operations. All employees must familiarize themselves with their roles and responsibilities outlined in this plan. Regular testing and updating are vital for the plan’s effectiveness.