One moment please... Business Continuity Plan | Havoc Shield
Select Page

Business Continuity Plan

{Company name as you\’d like it to appear in your policy:6} Business Continuity Plan

Last Updated:

Created By:


Business Continuity Plan

This plan is designed to help our company continue performing our critical business functions, which are the functions that support the organization’s mission, comply with legal requirements, and support life-safety, under all circumstances.

The plan is applicable once the life safety of employees, customers, and guests has been verified. It can be active during normal business hours and after hours, with and without warning.

Critical Business Functions

Critical business functions are those functions and critical activities that an organization must maintain in a continuity situation, when there has been a disruption to normal operations, in order to sustain the mission of the organization, comply with legal requirements and support life-safety.

Our company has documented our critical business functions in an associated document made available to all employees titled Business Continuity Plan Critical Business Functions. This associated document describes each critical business function, and associated information that is essential to activating this business continuity plan:

  • Function Description: the title of the critical business function that is essential to maintaining business continuity.
  • Point of Contact: the staff point of contact for the critical business function.
  • Alternate Point of Contact: the alternate point of contact if the primary point of contact is unavailable.
  • Vital Records: a list of information assets that are essential to the critical business function
  • Recovery Procedures: the steps that the point of contact for the critical business function should take to restore the business function
  • Maximum Downtime: the amount of downtime that the business could sustain for this particular business function, before causing the business irreparable harm.

Resuming these business functions in the case of unexpected downtime is essential to the company’s operation.

Business Continuity Coordinator

The company has named a Business Continuity Coordinator and a Business Continuity Coordinator Altenerate who serves as the central liaison and project manager disruptions to business continuity.  These personnel are identified in the associated Business Continuity Plan Critical Business Functions document. In the normal course of preparing for the responsibilities of the Business Continuity Plan, the coordinators must take proactive measures to ensure that the company reduces their risk exposure for potential incidents, including:

  • Ensuring that suitable data backup policies are in place, including offsite storage of critical data
  • Ensuring that a disruption to any single physical facility maintained by the company would not cause the company to be unable to resume critical business functions within the maximum downtime threshold

The coordinator must establish sufficient internal controls to ensure that proactive measures are adopted in a timely manner as the company’s risk exposure evolves both in terms of personnel, physical assets, and information assets.

Contact List

The company has made an Employee Contact List and a Vendor Contact List available to the Business Continuity Coordinator and the Business Continuity Coordinator Alternate. The coordinator and alternate may request the involvement of personnel in their normal area of operational responsibility or otherwise, within their normal business hours or otherwise. Personnel are asked to participate to the maximum level that they are able, should their involvement be requested by the coordinator or alternate.

Impact Analysis

The coordinator or alternate must complete a business impact analysis of the disruption to normal operations. Within the bounds of the maximum downtime specified in the Business Continuity Plan Critical Business Functions document, the coordinator or alternate must use contextual information from the disruption to establish:

  • Recovery Point Objective (RPO): to the extent that the coordinator determines that some recent window of business activity (such as recent database activity) cannot be readily restored, the coordinator will establish an RPO that specifies the point-in-time to which systems are required to be restored.
  • Recovery Time Objective (RTO): although the maximum downtime for the critical business function serves as an outer bound of allowable downtime, the coordinator may choose to establish an RTO for portions of the recovery effort, with contextual knowledge of operational processes needed to restore certain aspects of the critical business function.

The coordinator or alternate will also conduct an analysis of the financial and reputational risk associated with the disruption, and circulate the results of that analysis to senior management.

Plan Activation

The Business Continuity Coordinator or Business Continuity Coordinator Alternate, or a designee thereof, can activate this plan inside or outside of business hours, when needed, once the life safety of employees, customers, and guests has been verified.

Internal Communication Procedures

The plan is activated with the coordinator or alternate sends a companywide message using the company’s standard companywide communication mechanism, informing all team members of the critical business function that has been disrupted.  The communication will specify which point of contact is operationally responsible for restoring the critical business function, as well as the mechanism that other employees should use to communicate related information that may be relevant to restoration.

Team Obligations

All team members should give the coordinator and alternate, as well as the point of contact for the disrupted critical business function, priority over all non-critical business activities.

Plan De-Activation

The Business Continuity Coordinator or Business Continuity Coordinator Alternate, or a designee thereof, may deactivate the plan when all critical business functions are restored. The goal of plan deactivation is to reestablish full critical business function capability in the most efficient manner. This may or may not involve the operational restoration of the same resources that were in use prior to the interruption.  For example, if an essential customer support system becomes unavailable, the coordinator my choose either to work towards restoring that customer support system, or establishing an alternate customer support system — even as an intermediary process — as long as it restores the critical business function.

Internal Communication Procedures

The plan is deactivated with the coordinator or alternate sends a companywide message using the company’s standard companywide communication mechanism, informing all team members of the critical business function that has been restored.  The communication will specify the mechanism that other employees should use to communicate related information that may be relevant to the coordinator, including any observations that may signify that the critical business function has not been fully restored.

Team Obligations

All team members should give the coordinator and alternate, as well as the point of contact for the disrupted critical business function, priority over all non-critical business activities.

Operational Improvement Planning

Following plan deactivation, the Business Continuity Coordinator or Business Continuity Coordinator Alternate will establish a process for incorporating improvements to the company’s operational plans with a focus on reducing the risk of a recurrence of the downtime observed in the critical business function that caused plan activation.

Business Continuity Testing

Separate from the activation of the business continuity plan for an actual disruption, the Business Continuity Coordinator will schedule recurring tests of the plan. In each such case, the coordinator will establish a realistic scenario of a disruption that the business could potentially face, inform stakeholders that a test of the business continuity plan will be conducted, and manage the process of simulating the scenario including all aspects of the plan contained herein. The coordinator will be responsible for ensuring that testing includes:

  • Realistic incident scope
  • Adequate frequency
  • Evaluation of the effectiveness of the simulated response
  • Inclusion of lessons learned, in revisions to the plan and associated documents

Business continuity testing will occur no less than annually. 

You don't have credit card details available. You will be redirected to update payment method page. Click OK to continue.