It’s very helpful if a planning document includes policy statement content as guidance and to clarify the planners’ intent. The better time to establish policy guidance is before an event occurs – while things are calm. It’s valuable to begin each plan section with policy statements that set the stage for that section. Here are a few samples of continuity policies and statements to get you thinking about what to include in your plan.
Who does the planning:
- The Business Continuity Plan (BCP) Team is responsible for current and comprehensive Business Continuity Planning. When implemented, the BCP should include procedures and support agreements that ensure on-time availability and delivery of the organization’s functions, products or services. [Find out about team makeup in post #4 in this series]
Updating the plan:
- The BCP must be reviewed and certified annually with the BCP policy compliance process through the BCP team.
- The organization employs several technologies for data backups. The method used is determined by the recovery requirements of the application.
Activating the plan:
- The BCP should be executed in the event of a short term (one to five days) and long term (five days or longer) interruption to our daily business whether it be our physical location, health of our staff, integrity of and access to our data, and other situations that impede our ability to perform work and serve our clients.
- The Executive Committee (whether collectively or individually) has the responsibility and authority to activate all or part of the plan.
Plan activation goals:
- Our goal is to be operational within 12 hours from the time the BCP is activated and for potentially up to a 30-day period or until normal operations can be resumed.
- The organization’s primary concern for staff is ‘safety first.’ If traveling to the office poses a safety hazard it is advised that you stay home until such time as it is safe to travel. If the office is officially closed, staff will be paid for the day. If the office remains open and staff members are unable to make it to the office, they will need to use sick leave or vacation pay. In the event the office is uninhabitable for an extended period of time (more than two days), the Board of Directors will determine how staff time will be recorded and paid.
- Staff will be asked to confirm/update their personal information once per year at the beginning of each year, and provide updates as they occur throughout the year.
- The HR Manager is responsible for maintaining an updated Emergency Email Contact List containing email addresses of all staff and contract staff. He/she will provide the IT Director an updated list each time there is a change.
Testing the Plan:
- Twice a year the Emergency Response Team (ERT) will meet to test the BCP. The test will be a table-top exercise in which a variety of scenarios are presented and talked through. Per the guidelines stated above the plan will be updated as needed and re-distributed to the ERT.
- In addition to testing this plan, the Emergency Preparedness Committee will continue to provide First Aid/CPR/AED training to committee members and conduct semi-annual fire drills.
You will certainly develop your own policies as you work on your plan. Of course, policy will be revisited to reflect lessons learned from an event or changes in the organization. Testing your plan, whether intentionally or as a result of some event, will certainly identify policy areas that will benefit from enhancement or clarification.
If you develop a useful policy, feel free to post a comment and we’ll share it with others.