loss control business continuity management

LOSS CONTROL

Business Continuity Management

Prepare for the unexpected

BUSINESS CONTINUITY MANAGEMENT

The Hartford’s Business Continuity Management Plan © 2008

1

TABLE OF CONTENTS

SECTION 1: UNDERSTANDING YOUR BUSINESS.........................................................................................................8

1.1 BUSINESS IMPACT ANALYSIS (BIA) .............................................................................................................................8

1.2 RISK ASSESSMENT (RA) ................................................................................................................................................11

SECTION 2: DEVELOPING A BCM RESPONSE ............................................................................................................14

2.1 CRISIS MANAGEMENT PHASE .....................................................................................................................................14

2.2 BUSINESS RECOVERY PHASE ......................................................................................................................................30

SECTION 3: TESTING & MAINTENANCE .....................................................................................................................53

3.1 TESTING THE BCM PLAN...............................................................................................................................................53

3.2 MAINTENANCE OF THE BCM PLAN............................................................................................................................55

SECTION 4: APPENDICES .................................................................................................................................................57

APPENDIX ...............................................................................................................................................................................58

GLOSSARY..............................................................................................................................................................................93

NOTES ....................................................................................................................................................................................110

REFERENCES CITED ...........................................................................................................................................................113



2

OVERVIEW

Introduction

Risk managers and safety professionals are not generally thought of as “gamblers.” After all, their professions are founded in the avoidance and control of risk. Still, many take enormous gambles in failing to understand or plan for the biggest, most costly, and most serious risks of all: crises or disasters that could put their companies out of business for weeks or months – or forever! In a recent survey, half of risk managers surveyed reported that their organizations had experienced natural or human disasters. Despite the need, many risk managers failed to prepare adequately for crises. While business continuity planning is important to most companies, a sizable number do not necessarily view it as important and may be unprepared to deal with an emergency, either natural or man-made. Consider these statistics:

• In the U.S., 68% of disasters that affect businesses are caused by human error; 25% by technology (hardware and software) failures, 5% by natural disasters; and 2% by intentional causes.

In terms of business survival, the results can be devastating. Consider these facts:

• Of companies that experience a disaster but have no business continuity plan in place, 43% never reopened. • 70% of businesses that closed for a month or more failed to reopen – or failed altogether – within three

years. • Most companies that must operate 10 or more days without their computers will never fully recover.

And the costs can be enormous:

• Within eight days of an extended computer outage, a company loses an estimated 2% to 3% of its gross sales.

• Three-quarters of businesses reach critical or total loss of functionality within two weeks of losing computer support.

Objective This document is intended to help you develop a business continuity management plan for your facility. It is not intended to be used in place of an actual business continuity plan, or when responding to or recovering from an actual crisis situation. Each entity, business, or group of individuals has special needs that cannot be fully addressed within the scope of this document. Review your facilities, employees, products and processes carefully to create the best business continuity management plan for your operation.



3

WHAT IS BUSINESS CONTINUITY MANAGEMENT Business continuity management (BCM) is defined as ensuring the continuity or uninterrupted provision of operations and services. It is an ongoing process with several different but complementary elements, including crisis management, business recovery, testing, and maintenance and auditing the plans. While business continuity objectives may differ from one organization to another, they are almost always directed toward protection of people, protection of property, and preparation for the organization to resume productive operations as soon as possible. Making the case for business continuity management (BCM)

In recent years, a series of major, well-publicized natural disasters and terrorist attacks has focused attention on the need for effective business continuity management and planning. Hurricanes Katrina and Rita had devastating and lasting effects on the communities, businesses and people of the Southeast states. The 9/11 attacks and the Oklahoma City bombing were tragic examples of the destruction and terror that can be caused by human hands. As important as business continuity planning is, it is often given a low priority, or is nonexistent. After all, effective planning requires time and money, as well as a commitment to maintain a plan once it has been developed. In addition, the task of actually creating a plan can be enormously challenging, depending on the size and nature of the organization. This document is designed to make this big job a little easier and to assist you as you develop a customized BCM plan for your facility. It provides you with an overview of the BCM process and describes the essential elements of an effective plan. This document will help you to understand:

• Why BCM is essential to the success of your organization • How to identify and prioritize potential hazards to which your organization may be vulnerable • How to create an effective plan for crisis management and business recovery • How to keep your plan current and your facility ready for crisis situations.

This document is for you if you are a: • risk manager • safety professional • building owner • real estate manager • person responsible for developing and maintaining BCM

How will BCM help my organization? Disasters can strike at any time. Although most people think of disasters as naturally occurring events, such as hurricanes or earthquakes, other events or conditions can have disastrous effects. For example, consider the impact on your facility should your major supplier experience a strike, or should a hazardous spill in your neighborhood force you to shut down your operations even for several hours.



4

Changes in how business is conducted can exacerbate emergency situations. Corporations, government agencies and other entities have become more dependent on outside resources and agencies, as downsizing and outsourcing become more common. For example, when businesses merge facilities for manufacturing, storage, or offices, thereby concentrating assets in fewer locations, they become more vulnerable to the effects of disasters. As their organizations shrink, risk managers must assume new and additional roles and responsibilities, including overall responsibility for business continuity planning. In another example, “just-in-time” manufacturing – in which only very small inventories of supplies and stock are kept on-site – may be compromised if an essential supplier is knocked out of business by a tornado or other disaster. How long could your facility maintain operations without its main suppliers? Do you have a plan for alternative sources? If your firm is one that supplies critical inventory, what is your liability if you are unable to meet your commitments, even if the delay is due to an emergency situation? The growing dependence on technology and the increasingly complex hazards of various manufacturing operations and processes increase the frequency, immediacy, and severity of disasters – both natural and technological – and contribute to the difficulty of recovery. Insurance does not fully cover the cost of crises. The costs of property damage and business interruption can normally be offset by adequate insurance, but uninsured losses can also occur, including:

• Loss of market share and customers • Loss of business relationships with vendors • Increased insurance costs • Increased costs following resumption of operations • Severance pay and unemployment insurance costs • Loss of employees (injury, disability, death, quitting) • Cost of equipment and facilities used during recovery • Delayed accounts payable and receivable, and associated costs • Impaired communications with customers, employees, vendors, etc. • Loss of goodwill and support from the community

In today’s business climate, it is more important than ever to have a well-considered, comprehensive BCM plan in place and ready to be activated.

MANAGEMENT SUPPORT Underlying an effective BCM plan is the strong support of your organization’s upper management. The plan must become part of your corporate culture. Your organization’s management must perceive it as an essential and integral part of the organization’s strategy and operations.



5

In addition to providing approval and enthusiasm, upper management must:

• Allocate financial and human resources to develop, implement and maintain the plan • Appoint and support qualified individuals for the plan effort (especially the person who serves as health,

environment and safety leader • Provide oversight to align the plan with other corporate programs, policies and plans (such as the corporate

mission statement, strategic and operating plans, health and safety program, regulatory compliance, security, and recall programs, etc.)

Potential challenges to the development and implementation of the plan include:

• Insufficient resources (money, staff, material) to develop, implement and support the plan • Inadequate coordination and follow-through (between departments, from management, etc.) • Inadequate coordination among prevention plans (e.g., safety and health, security, fire prevention) and

response plans

ESTABLISHING POLICY AND ORGANIZATIONAL STRUCTURE

Introduction

The first steps to take in developing a plan to create a written policy statement, establish the organization of the BCM process (appointing a Health, Environment & Safety (HE&S) Leader, HE&S Team, and alternates and backups), and begin the documentation process to create the formal plan.

Written Policy Statement

Each organization should have, as the first element in its plan, a written BCM policy statement that clearly reflects the organization’s commitment to the process. The policy statement should:

• Define the purpose and objective of the policy • Define the lines of authority • Be fully endorsed by top management

Organizational Structure: Roles and Responsibilities

When setting up the organization:

• Clearly define the roles, responsibilities and chains of command for all individuals who participate in developing, implementing, and maintaining the plan.

• Designate leaders and teams for crisis management and business recovery. These positions should be appointed by senior management. If the primary team members are ill, unavailable or directly affected by the crisis, fully trained alternates and backups are essential. These positions should also be appointed by senior management. Similarly, the HE&S leader should appoint alternates for all representatives. All alternates or backups should receive full training and should participate in all exercises, drills, and other business continuity activities.



6

• Be sure to include information about the alternates in all the contact lists and other emergency information resources.

Documentation

• Gather all policies, procedures, resource lists, etc., into one well-organized document, which becomes the formal plan.

• Maintain this plan in writing, and keep multiple copies. Keep current copies of the plan in designated locations at the facility and at a secure location off-site.

• Provide copies to local authorities (fire, police, etc). • Establish a schedule for review and maintenance of each element of the plan. A formal review of the policy

and plan is likely to be triggered by a change in the external environment in which the organization operates. Such change could be regulatory or market changes.

PROGRAM MANAGEMENT Introduction

It is the responsibility of a company’s board and senior management to ensure that the company identifies, assesses, prioritizes, manages and controls risks as part of the BCM process. They should establish policies that define how the company will manage and control the risks that are identified. Once policy is established, the board and senior management should understand the consequences of these identified risks and continually support continuity management.

Purpose

The purpose of the management process is to provide the effective ongoing management of the organization’s BCM program.

Process

The board and senior management should:

• Assign knowledgeable personnel to implement a company-wide business continuity plan. • Define the scope of the management process and program • Allocate sufficient financial resources to properly implement the plan • Review and approve the plan • Ensure that the plan is independently reviewed by internal or external audit at least annually • Ensure that a comprehensive business continuity training program has been established • Ensure company-wide tests are conducted at least annually

Once the board and senior management have assigned appropriate personnel to manage the BCM process, the designated personnel should:

• Integrate BCM into every business decision • Incorporate BCM responsibilities in applicable employee job descriptions and personnel evaluations • Perform regular audits and conduct tests annually or more frequently



7

Review

An organization’s BCM process should include regular updates. The plan should be updated based on changes in business processes, audit recommendations and lessons learned from testing.



8

SECTION 1: UNDERSTANDING YOUR BUSINESS

Introduction

How quickly your company can get back to business after a crisis often depends on the planning done today. You must first understand your business and the critical processes to ensure continuity of business activity.

Process

Carefully assess how your company functions – both internally and externally – to determine which staff, materials, procedures and equipment are required to keep the business operating. The tools that can help you understand your business are the business impact analysis and risk assessment (RA) (see sections 1.1 & 1.2). They will provide the information you need to develop BCM strategies.

You will need to:

• Review your business process flow chart, if one exists. • Identify operations critical to survival and recovery. • Include emergency payroll, systems to accelerate financial decision-making, and accounting systems to track

and document costs in the event of a crisis. • Establish management succession procedures, and try to include at least one person who is not at the

company headquarters. • Identify your suppliers, shippers, resources and other businesses you must interact with on a daily basis. • Develop professional relationships with more than one company to use in case your primary contractor/

vendor is unable to provide service. A disaster that shuts down a critical supplier can be devastating to your business.

• Create a contact list for existing critical contactors/vendors and others you plan to use in a crisis. Discuss your expectations with them. Keep the list with other important documents readily available at an off-site location.

• Plan what you will do if your facility is not accessible. Consider if you can run the business from a different location(s). Develop relationships with other companies to use their facilities in case of a crisis.

1.1 BUSINESS IMPACT ANALYSIS (BIA)

Introduction

The business impact analysis is the part of the BCM process that helps a business understand its financial and operational exposures in the event of an interruption. It identifies business processes that are critical to the survival of business and defines the time in which these processes must be returned to order to avoid significant impact to the overall recovery time objectives.

The BIA becomes the source of record business requirements document for all business continuity-related activities. The RTO that you record is the guideline you will use across your company to determine your continuity requirements and build your business continuity plan. It is important to emphasize that the BIA process is designed to identify business requirements and therefore is business-driven and not technology-driven.



9

The following questionnaire template can help you perform a BIA on each business function and the organization as a whole. The template is meant only as a basic guide. You can modify this template of the general business impact analysis approach as required to best accommodate your specific industry. However, this template includes a few basic principles that should be considered in order to develop your organization’s strategies. Please refer to Appendix 4.1 for a complete template.

Business Function:

Date BIA Completed:

Business Function Owner(s)/Title(s): Business Function Owner Work Phone & Email Address:

Description of business function: (Describe the functions performed and their purpose. If the organization is part of a group, identify the relationship between the various parts of the organization, performed in multiple locations, key business objectives and success criteria):

A BIA should consider the four individual scenario assumptions outlined at the end of this section.

The BIA Process

There are three key steps in the BIA process:

Step 1 - Identify appropriate business functions/processes to analyze

Step 2 - Identify appropriate participants for the analysis process

Step 3 - Conduct and validate the BIA information and obtain sign-off

Step 1 • A business function is a logical grouping of related business processes. • Identify business functions in a way that makes sense to you. One way would be starting with an

organizational chart and working your way down to the department level. At the department level, consider whether (based on size and criticality) there should be one or more functions within that department.

• Only break up a department into multiple functions if the breadth of activities in that department warrants multiple BIA documents.

Step 2

• The participants who cover a specific business function should be the business owners of that function. • The participants should be extremely familiar with department business processes. • The participants should have a basic understanding of the IT systems those processes depend on (from a business perspective, not a technical perspective)



10

• The participants should understand how those processes affect their function as a whole and interact with other business functions.

• The participant should have the authority to identify recovery time objectives for the business process and recovery point objectives for the business systems that support those processes.

• Participants from the IT staff should have a high-level understanding of the business applications and their interactions.

• Members of upper management who can provide a view across various business functions should also be consulted and advised.

Step 3

• Conduct/collect BIA data • Validate BIA data • Obtain sign-off – The finalized BIA should be presented to the appropriate senior level manager for

discussion and sign-off Vendor Assessment Needs

As part of your BIA, you should make sure you are assessing your business continuity throughout the business process supply chain. When completing the BIA, business areas should conduct an analysis of their vendor dependencies as they apply to critical business processes. The first priority should be those vendors/suppliers that support the most critical business processes. Consider vendors who:

• Provide services that support your critical business processes • Perform critical business processes • Perform development, maintenance and production support for business applications • Provide business recovery services, such as an offsite location for your employees if your facility is inaccessible. • Provide medical services – hospitals, medical, nursing and other health services such as worker’s compensation,

pharmacy and medical benefits, etc. Review

A BIA should be reviewed annually at a minimum but more frequently in the event of:

• A principally aggressive pace of business change • Significant change in the internal business processes, location or technology • Significant change in the external business environment – such as market or regulatory change



11

BIA Scenario Assumptions

Business Impact Analysis – Scenario Assumptions Scenario Assumption #1

• A major disruption has occurred at your location, and all business functions supported at your location have been disrupted for up to 30 days.

• Personnel cannot physically access their primary location for anything other

than damage assessment.

• Network connection to share drives at your primary location are no longer available.

Scenario Assumption #2

• Your data center(s) supporting business functions at your location also have been disrupted and are unavailable for up to 30 days.


• Use of overtime, outside services, and employee food, travel and lodging expenses, etc., are authorized to assist in re-establishing business operations.


• Assume that this event happens at the “worst possible time of the year, quarter, or month.”

1.2 RISK ASSESSMENT (RA)

Introduction

The foundation of the RA methodology is the definition of a critical outage. A large financial institution can experience major losses within minutes of an interruption, while an insurance company may withstand an interruption of 12 hours or more before being seriously impacted. A manufacturing operation could possibly be interrupted for as long as 24 hours without severe effects.

The definition of a critical outage for your specific business process establishes the basis for the assessment of interruption events. Once more, based on the operation, facility, or process under review, specific areas of concern should be selected for evaluation as part of the RA.

As a rule of thumb, the BIA should be completed before the RA to identify the critical functions that the RA should address.

The following sample RA Form is designed to assist the user in performing a RA for each critical business function and the organization as a whole. The form is meant only as a basic guide. The user may modify this form to best accommodate the specific industry. However, this form includes a few basic principles that should be considered in order to effectively assess your organization’s business functions. Please refer to Appendix 4.2 for a complete form.



12

Risk Assessment Form

Risk Assessment Form Date: ___________________________ Division: ________________________________________________________________________ Department: _____________________________________________________________________ Business Function: _______________________________________________________________ Purpose

The purpose of the RA is to identify the inherent risk of performing various business functions. The two primary questions to consider when assessing the risk in a business function are: 1. What is the probability that things can go wrong? (the probability of one event) 2. What is the cost of those things going wrong? (the exposure of one event) Risk is assessed by answering the above questions for various risk factors and assessing the exposure of failure and the impact of exposure for each risk factor. Risk is the probability times the exposure.

Areas to be considered

The RA should consider critical business functions such as:

• Personnel • Equipment • Automation (software, hardware, data) • Raw and finished stock • Supplies and materials • Cash • Facilities • Transportation, including vehicles • Customers • Vendors • Contractors • Interdependent companies (e.g. manufacturers, distributors, etc.) • Vital records



13

Review

At a minimum, a risk assessment should be reviewed annually – and more frequently in the event of:

• A principally aggressive pace of business change • Significant change in the internal business processes, location or technology • Significant change in the external business environment, such as market or regulatory change



14

SECTION 2: DEVELOPING A BCM RESPONSE

Introduction

This section can help you identify many of the actions and resources needed to enable the organization to manage an interruption - whatever its cause.

The actions outlined in the plan are not intended to cover every event. By their nature, all incidents are different. Likewise, the predefined procedures may need to be flexible and adapted to the specific event that has occurred and the opportunities it may have created. If the event falls outside the scope of the assumptions on which the BCP was based then the situation should be escalated to those responsible for implementing the crisis management plan.

Crisis Management Plan

A crisis management plan defines how the strategic issues of a crisis affecting the organization would be addressed and managed. Crisis management can be considered the prevention and/or response phase of planning for and/or implementing the organization’s reaction to an incident. This may be when the incident is not entirely in the scope of the BCP. The primary goals of this phase include the protection of life, ensuring safety, and heath of personnel; to limit and contain damage to facilities and equipment, to stabilize operational and public image impacts of an event and to manage and communicate information about the incident.

Business Recovery Plan

A business recovery plan outlines the processes and procedures an organization establishes to ensure that essential business processes can continue during and after a disaster until normal operations are restored. Business recovery plans are created to respond to and prevent a significant interruption of critical business processes as quickly and efficiently as possible.

2.1 CRISIS MANAGEMENT PHASE Introduction

What constitutes a “crisis?”

A “crisis” is any activity that focuses immediate public attention on an organization or has the immediate capability of doing so. This plan is to be initiated in any crisis situation that runs the risk of: • Jeopardizing an organization’s positive image • Generating news media coverage • Initiating governmental or regulatory intervention • Interfering with normal business operations

Examples of a potential crisis situation may include:

• Government investigation and/or action



15

• Action by a consumer activist or terrorist group • Employee accident, disaster, and/or workplace violence • Legal action (e.g., discrimination, harassment, workplace violence, fraud) • Natural disasters

The titles used in this plan are not universally applied; specifically the “Health, Environment and Safety” (HE&S) team may also be called a crisis team or emergency response team. The important issue for any business, regardless of which titles they use, is to choose names that fit into their structure, ensure that the roles described in this plan are covered, and to communicate consistently the chosen names with the proper roles. Given the strong potential for intense outside interest from the news media, governmental or regulatory agencies, investors, customers and others and the need to respond in a timely and appropriate manner, inquiries must be handled properly.

The following table describes event severity levels, examples, and gives descriptions of actions to be taken. Severity levels are listed in order of lowest to highest. This system contains general examples; actual conditions may warrant different results.

Severity Level

Description Details Emergency Operations Center Action

Green – Low

No incidents or events – business as usual.

• Refine and exercise preplanned protective measures.

• Ensure personnel receive training on company, department, or office-specific protective measures.

• Regularly assess facilities for vulnerabilities and take measures to reduce them.

Blue – Guarded

Minor Any local events causing slight interruption of normal operations with low potential for additional impact. Examples: • Primary power source off-line

– backup power systems functioning normally; restoration of primary power expected shortly.

• Small fire – contained with minimum damage and site still operational; no impact to

All “low” level protective measures with the additional items: • Review and update emergency

response procedures. • Provide offices and employees

with necessary information. • Check communications with

designated emergency response or command locations.

• Notification to Emergency Operations Center (EOC) is optional.



16

Severity Level


customers. • Minor computer system

failure; system restoration expected without major impact.

• Network outages that do not affect other business operating units.

Yellow – Elevated

Moderate Any local events causing interruption of normal business operations with potential for additional impact. Examples: • Primary power source off-line

– backup power source questionable; potential for major failure.

• Small fire – contained, minimum damage; site still operational, minimal impact to customers.

• Hurricane or tropical storm – landfall not expected within 72 hours; no immediate evacuation.

• Minor earthquake or flooding – no impact to buildings or personnel.

• External hazardous chemical spills – being contained; no impact to Hartford sites.

• Network outages – other business operating units impacted; no external customers impacted.

All “guarded” level protective measures with the additional items: • Notification required to EOC. • Assess further refinement of

protective measures within the context of the current threat information.

• Implement contingency and emergency response plans, as appropriate.

Orange – High

Significant Any local or regional event causing interruption to normal operations with potential for additional impact to one or more sites. This event is serious to operations, but with minimal impact to the community.

EOC activated. All “elevated” level protective measures with the additional items: • Implement contingency and

emergency response plans, as appropriate.

• Coordinate necessary security



17

Severity Level


Examples: • Primary power source off-line

– backup failed and power restoration not expected within 24 hours.

• Fire, flood, earthquake – severe impact to site and/or personnel; site recovery not expected within 24 hours.

• Computer system failure – no potential for system restoration within 24 hours.

• Hurricane or tropical storm with landfall expected within 72 hours; evacuation reduced operations expected; shutdown possible.

• Hazardous chemical spills – sites/personnel impacted resulting in damage, contamination and/or evacuation.

• Civil unrest – impact to site and/or personnel.

• Any other weather-related events resulting in building closures.

efforts with local building security agencies.

• Prepare to work at an alternate site or with a dispersed workforce.

• Restrict access to essential personnel only.

Red – Severe

Major Any local or regional event causing interruption of normal operations with the probability of additional impact to one or more company sites. Long-term damage has occurred to one or more of sites and/or the community within which business operates. Examples: • Primary and secondary power

source destroyed – power restoration not expected soon.

• Fire occurred – massive impact to multiple sites

All “high” level protective measures with the additional items: • Operating the EOC on a 24/7

basis. • Monitoring, redirecting or

constraining business-related travel.

• Closing specific company facilities, as appropriate.

• Increasing or redirecting personnel to address critical infrastructure.



18

Severity Level


and/or personnel. • Computer system failure – no

possible system restoration soon.

• Hurricane with landfall expected within 24 hours – evacuation pending; shutdown and/or reduced operations mandatory.

• Hazardous chemical spills – long term impact to sites/personnel resulting in damage and/or evacuation.

In the event of Severity Level 3 Yellow – Elevated, or higher, the HE&S Leader/Emergency Manager, or their representative, must notify the Emergency Operations Center. Additionally, the Emergency Operations Center must be notified whenever there is a building closure (e.g., weather related, air quality, etc.)



19

2.1.1 BUILDING EVACUATION/SHELTER-IN-PLACE In an emergency situation, specific steps should be taken to ensure the safety and well-being of all staff. Depending on the type of emergency situation, you may be required to evacuate specific floors, evacuate the entire building, or remain in place. The HE&S leader and emergency manager should evaluate the specific circumstances and communicate which course of action is most appropriate.

• All staff should know how to leave the building in a safe and orderly manner. Once outside the building, all employees should gather in pre-established locations to allow the site HE&S Team to account for the safety of everyone. Each location will specify a minimum of one primary and one secondary assembly point. Based on the number of staff at a location, multiple sites may be needed to facilitate the smooth and efficient accounting of staff members. These gathering points should be at least 1.5 times the height of the building, away from the building. The secondary location should be at least the same distance away but in the opposite direction from the primary site. Consideration should be given to prevailing winds, land grades, etc.

• Certain circumstances may dictate that employees should remain in their normal work areas or relocate to

another area within the building until otherwise directed. HE&S team shelter-in-place procedures include: Keeping all personnel within their normal work areas or relocating to a safe area in the building, checking elevators for personnel and maintaining order.

• Some factors, such as geographic location or adjacent properties, may pose a risk for your facility. These

risks could include: tornadoes, earthquakes, floods, heavy snow, hazardous material release, or nuclear incidents. Employees should be informed of the types of potential emergencies at your facility and familiarize themselves with the specific procedures that should be followed. This may include employees remaining in the building and moving to a predetermined relocation point. An alternate location also should be available.

In the emergency assembly/relocation points list (below), you can list the primary and alternate assembly points and relocation points for your office. Example – Refer to Appendix Section 4.4 for the actual form to be used.

Evacuation Assembly Points Shelter-In-Place Relocation Points Primary

Alternate

In addition to identifying assembly points for all employees, the HE&S team (including the HE&S leader and emergency manager) will gather in a predetermined location as soon as possible following an incident. This location will serve as the local coordination point for the incident response and should be located in the same building as the office. However, in case your facility is damaged, an alternate location should be identified offsite, a safe distance from the primary location.



20

In the emergency assembly/relocation points list (below), you can list the primary and alternate HE&S Team assembly locations for your office. Example – Refer to Appendix Section 4.4 for the actual form to be used. Primary HE&S Team Location

Alternate HE&S Team Location

2.1.2 MEDICAL EMERGENCIES Purpose of Medical Emergency Response To respond to employees who are experiencing any of the following:

• Difficulty breathing • Chest pain • Loss of consciousness • Bleeding • Falls/traumatic injuries • Choking • Cardiac arrest

Definitions CPR – Cardiopulmonary Resuscitation. Automated External Defibrillator (AED) - A device that provides a measured electrical shock that can disrupt the abnormal electrical rhythm in the heart of a person in cardiac arrest. The U.S. Food and Drug Administration has classified these as Class 3 medical devices that require authorization by a licensed medical doctor. Lifelink MD (LLMD) - A nationally established organization of physicians who provide the necessary medical authorization, support and assistance with AED/emergency response programs. They assist in assuring program implementation and ongoing success by providing training, program management support and post event services. Program Administrator - The person responsible for coordinating, implementing and maintaining the emergency response program for all locations. HE&S Leader/Emergency Manager - An employee who serves as the main point of contact between their respective site and the program administrator. He or she is responsible for communicating emergency response procedures to all employees at the site. Emergency Medical Responder/Sweeper - Employee volunteers who respond to specified medical emergencies at their facility. All emergency medical responders must hold a current certification in an approved CPR/AED



21

training program. All emergency medical responders are required to attend a yearly training program conducted by the American Heart Association (AHA) in CPR/AED and prevention of disease transmission. Personal Protective Equipment (PPE) - All qualified emergency medical responders/sweepers should receive an OSHA required and approved bloodborne pathogen protection kit, which contains - at a minimum - a bonnet, face and eye shield, non-latex gloves, and a micro shield CPR barrier device. It should be the responsibility of all members to have their PPE with them at all times in emergency responses. Since members may not receive the Hepatitis B vaccine, they are required to attend yearly training in bloodborne pathogen prevention and use their PPE as instructed. In the event of a bloodborne pathogen exposure, OSHA’s post exposure protocol should be strictly adhered to. 2.1.3 AUTOMATED EXTERNAL DEFIBRILLATOR (AED) PROGRAM For purposes of continuity and efficiency of retrieval, AEDs should be located in a common, central location and these sites should be communicated to all employees during their orientation, as well as included in the organization’s facilities emergency protocol. The AED should be brought to all emergencies by properly trained personnel only. The AED can only be used on individuals at least 8 years of age or older, and they must display all of the symptoms of cardiac arrest: the individual must be unresponsive, not breathing, with no pulse or signs of circulation (i.e., normal breathing, coughing, or movement). 2.1.4 ACCOUNTING FOR VISITORS A method of informing and accounting for visitors (i.e., employee acquaintances, customers, agents, vendors) should be established at your facility. At a minimum, visitors should be made aware of the evacuation procedures and the designated assembly areas. A visitor handout detailing emergency procedures and designated assembly areas can be distributed during the sign-in process.



22

2.1.5 HE&S TEAM ROLES AND RESPONSIBILITIES As depicted in the diagram below, the HE&S Team is responsible for all emergency and non-emergency aspects of health, environment, safety and, ultimately, business continuity, within the location.

HE&S Leader

Emergency Manager

HE&S Emergency Roles

-Floor Coordinators -Sweepers -Medical Response

HE&S Non-Emergency Roles

-OSHA Compliance -Fire Prevention -Auto Fleet Program

The HE&S Team will include volunteers to implement emergency response protocols and focus on:

• Ensure a safe, orderly emergency response • Proper use of resources • Reduce confusion • Improve safety • Organize and coordinate actions to facilitate effective management of an incident

The size and configuration of the facility, as well as hours of operation, will ultimately determine the number of team members needed. If there is more than one shift, each shift should have sufficient volunteers to perform the responsibilities. At a minimum, the team should include: Floor Coordinator 1 for each floor or 1:4 sweepers Sweeper 1 for every 10 employees Evacuation Assistant 2 for each individual in need of assistance Stairwell/Exit Monitor 2 for each stairwell or exit Assembly Coordinator 2 for each primary assembly area



23

To assist in identifying the most appropriate and qualified volunteers, the primary roles of the emergency response function are listed below. 2.1.6 HE&S Leader The HE&S leader should be the local senior official responsible for overall local management. The HE&S leader’s responsibilities are to: • Ensure the business continuity plans (crisis management and business recovery) are complete and

reviewed/updated at least annually. • Distribute the business continuity plans to the HE&S team and ensure all employees are educated regarding

its contents. • Champion the BIA and RA activities. • Ensure the HE&S team members are properly trained and prepared to respond when needed. • Activate the HE&S team when necessary. • Notify the emergency operations center. • Communicate status as requested. The HE&S leader will be the local decision maker, manage the local response to the crisis, and provide the single point of contact to the emergency operations center. 2.1.7 Emergency Manager While the HE&S leader has the overall responsibility for the safety and health of on-site personnel, the emergency manager is responsible for managing this task. • The emergency manager should be a member of management and/or have the necessary skill sets to control

emergency situations, such as:

1. Certified on-scene incident commander (8-hour introduction course of principal features of incident command system)

2. Certified emergency response training (EMTs, paramedics, firefighters, auxiliary police officers) 3. Certified first responder – operations level 4. Environment & safety knowledge, specifically OSHA standards 29 CFR 1910.120 Hazardous waste

operations and emergency response, or 1910.38 employee emergency plans and fire prevention plans 5. Working knowledge of local facility, systems and business operations

• In the event an incident occurs during the absence of the HE&S leader, the emergency manager will assume

this function and must have the authority and skills to oversee all duties of the HE&S leader. • It is critical that employees know who the emergency manager is and understand that he or she has the

authority to make decisions during emergencies.



24

The emergency manager will manage the local crisis, bring in the appropriate support resources from the office and/or local community, and communicate relevant information throughout the organization. The emergency manager’s responsibilities are to: • Encourage volunteers to join the HE&S team membership. • Coordinate and manage all activities of the local HE&S team and communicate with the HE&S leader and all

employees. • Lead and coordinate all emergency response, damage assessment and business recovery/resumption efforts

with the assistance of the HE&S team. • Coordinate with local property managers/security, and external emergency response services as necessary. • When necessary, ensure that qualified personnel are on-site to perform damage assessments and/or hazardous

material decontamination. • Ensure the damaged area/facility is secured. • Coordinate all business recovery and resumption activities with the emergency operations center. • Conduct periodic drills and simulations. In addition to the HE&S leader and emergency manager, the HE&S team is composed of two primary roles – emergency response, and non-emergency response; the emergency response role will be described in following sections. Team members can fill one or both roles. The HE&S team assists the HE&S leader and emergency manager during the incident and supports all local incident-related activities. If the emergency manager assumes the leader function, the most qualified person on the team (to control emergency situations) should be designated to assume the function of manager. 2.1.8 Floor Coordinator The floor coordinator creates a central focal point to organize and educate team members and new employees within the area. He or she represents the floor in communications with the emergency manager. Floor Coordinator Recommended Skill Sets • Should be at

supervisor or management level

Responsibilities • Establish and maintain an educated and efficient HE&S

team for the floor. • Orient (or delegate orientation) of new employees to the

emergency response procedures, especially all emergency exit routes.

• Maintain communication between the team as a whole and the emergency manager.

• Report all changes regarding team member status to the emergency manager.

• Lead individuals down the stairs/out of the building and to the designated assembly areas.



25

2.1.9 Sweeper The sweeper checks for personnel within the designated area and provides support to individuals needing assistance. As the last person out of the building from the area, the sweeper serves as a designated contact for the assembly coordinator to report that the area has been cleared. Sweeper(s) Recommended Skill Sets • Certified Emergency

Responder OR • Certified First Aid/CPR

training

Responsibilities • Proceed to the nearest enclosed area (bathroom, conference

room, etc.) and notify occupants of the emergency and the appropriate actions to take. Continue searching for personnel within the designated area from the furthest point of that area toward the appropriate exit (s).

• Remind people to remain calm, orderly and in single file. • Check for visible presence of persons rather than a voice

response from a possible person who might not hear, be temporarily indisposed, or rendered unconscious.

• Provide support to any individual needing assistance and escort them to the nearest area of refuge.

• Be the last individual out of the building from their designated areas.

• Get to the designated assembly area. • Notify the Assembly Coordinator that you are out and your

area has been cleared. 2.1.10 Stairwell/Exit Monitor The exit monitor controls the designated stairwell or exit route, eliminating congestion and disorder within the area, and ensures the stairwell or exit is open and safe. If not, redirects to another route, avoiding exposure to additional hazards. Stairwell/Exit Monitor(s) Responsibilities

• Report to the assigned stairwell/exit(s) and ensure that the stairwell/exits are open and free of obstructions.

• Direct personnel to exit in a calm, orderly manner while keeping to the right in single file.

• Advise/remind exiting personnel about where to assemble while outside.

• Maintain a holding pattern at the exit, if directed to do so. • Instruct exiting personnel where to hold in the stairwell, if

that has been advised. 2.1.11 Evacuation Assistant



26

The evacuation assistant ensures that individuals who need assistance are safely evacuated or relocated to the area of refuge. Evacuation Assistant Recommended Skill Sets • Certified Emergency Responder

OR • Certified First Aid/CPR

Training

Responsibilities • Facilitate the safe relocation of any individual in need of

assistance during an emergency situation. • Coordinate with the individuals in need of assistance to

ensure a thorough understanding of the procedures and methods.

• Periodically, during normal working hours, follow exercise the evacuation or relocation route with the individual in need of assistance.

• Go to the location of the individual in your area that requires assistance.

• Assist the individual in getting to the designated area of refuge.

2.1.12 Assembly Coordinator The assembly coordinator acts as a record keeper to account for all areas being cleared of personnel during an emergency. The assembly coordinator is responsible for determining that all areas have been cleared. Assembly Coordinator Recommended Skill Sets • Supervisor Or Management level

Responsibilities • Proceed directly to the designated assembly point. • All Sweepers and elevator monitors will report to the

assembly coordinator that their areas are all clear. • Determine that all areas have been cleared

2.1.12 Employee Training To ensure all employees have the experience and knowledge to safely and efficiently exit the building, all employees will need to be trained in their roles and responsibilities during emergencies. Training should be conducted initially when the plan is developed, when responsibilities or designated actions under the plan change, and whenever the plan changes. Additionally, training programs are needed to educate HE&S leader/emergency manager, HE&S teams, and the local management in their roles and responsibilities during emergencies. Educating employees about emergency situations is a critical part of an effective crisis management plan. All employees - regardless of the size of the local facility - should attend a training session.



27

By the end of the training session, each individual should have a basic knowledge level of: evacuation procedures, alarm notification systems, reporting procedures for emergencies, and types of potential emergencies.

2.1.13 Facility Signage

Maps that show at least two appropriate routes of exit from your building and include areas of refuge should be conspicuously located within your building(s) as part of your program. Evacuation signage effectively reduces confusion within an area by increasing the efficiency to navigate the best possible exit route. 2.1.14 Individuals in Need of Assistance Special needs may exist for those persons affected by mobility, visual, or hearing impairment, such as those who cannot walk at a reasonable pace and those who may not see or hear an alarm. However, there are many who may not appear to have a disability but may require special assistance. Permanent conditions such as arthritis, or temporary conditions such as a sprained ankle, may limit one’s ability to evacuate quickly and safely. Heart disease, emphysema, asthma, or pregnancy may reduce stamina. The controlling standard is:

• Whether or not one can move at a reasonable pace during an emergency, or • Whether or not a condition exists that impedes the ability to be aware of an alarm

Identification of individuals in need of assistance is appropriate under the guidelines of the Equal Employment Opportunities Commission, and the Americans with Disabilities Act. No specific information regarding an individual’s medical condition need be reported. Information must be kept confidential and shared only with those who have responsibilities for emergency planning, which may include medical professionals, emergency coordinators, floor coordinators, colleagues who have volunteered to act as assistants, and security officers. Once an individual in need of assistance is identified, the information should be disseminated to the HE&S team. This information should include only:

• Name of the individual • Work location • Type of assistance the individual requires

The following procedures should be reviewed to determine the most appropriate site-specific actions to take for individuals requiring assistance. The review and implementation of these procedures are necessary to assure a safe evacuation from the building for the individual in need of assistance. From these procedures, the HE&S Team, the identified individuals, the local Fire Department or other emergency responders and, if applicable, the building owners, can make an informed decision on which approach would work best for the specific conditions present. All concerned should operate with a common understanding of the options so that a safe, efficient, and orderly emergency response can occur.



28

1. All individuals requiring assistance will relocate to a designated area of refuge with their evacuation assistant.

2. An area of refuge serves as a staging area for the occupants while potential emergencies are assessed. The

refuge serves as a safe area between the threatened area and exit to a public way. An area of refuge can be another building connected by a bridge or balcony, a compartment of a subdivided story, an elevator lobby, or an enlarged story-level exit stair landing.

3. If a determination to stay in place is made, the evacuation assistant will stay with employees at the area of

refuge to await the arrival of the Fire Department or other emergency responders. 4. The last evacuation alternative for individuals requiring assistance is to descend the stairs with the evacuation

assistant using an evacuation chair if necessary.

2.1.15 Evacuation Drill Preparation The primary reason to conduct a building evacuation drill is to educate employees about the procedures to follow in the event of an emergency that requires an evacuation. It provides employees the opportunity to practice what they have learned under non-threatening conditions and assists in the evaluation of the plan effectiveness. The building evacuation drill will be a culmination of a successful implementation process and involves a coordinated effort by the HE&S leader, the emergency manager, and HE&S team. The following items should be reviewed, completed, and checked off prior to a building evacuation drill. Roles and Responsibilities

□ Ensure the following positions have been identified using the recommended ratios and skill sets and that these individuals have been properly trained with their specific roles.

□ Floor coordinator □ Emergency medical responder/sweeper □ Stairwell/exit monitors □ Evacuation assistants □ Assembly coordinators

□ Ensure individuals in need of assistance have been identified and the appropriate evacuation procedures have been discussed with those needing assistance.

□ Identify two-way radio operators, if appropriate, and provide appropriate training. □ Identify primary and secondary points of assembly. □ Validate that the fire alarm system has been tested. □ Validate that the public address system (if applicable) has been tested. □ Coordinate the site evacuation drill with the local fire and police departments.



29

Emergency Evacuation Tools

• Validate that wall-mounted evacuation maps have been installed in conspicuous locations. • Ensure that HE&S team members are easily identifiable to employees, distinguishing their specific

emergency response roles. This could be hats, vests, arm bands, etc. • Ensure the appropriate number of two-way radios and that they are adequately charged, if applicable.

Pre-Drill Assessment

• Conduct a pre-drill assessment to verify that all exit components (i.e., stairs, exit doors, emergency lighting, exit signs, etc.) are in proper order and that employees can use them safely.


The Hartford’s Business Continuity Plan 30

BUSINESS RECOVERY PLAN DETAILS This section contains the forms and information for the completed business recovery plan of a specified business location. This information should be developed in conjunction with designated local staff. This material is placed as the first section of this manual for quick reference. Additional information regarding the process used to complete this plan is contained in the remaining sections of this manual and should be reviewed to ensure a thorough understanding of the planning process. 2.2 BUSINESS RECOVERY PHASE After the safety and well-being of the staff has been verified as outlined in the crisis management phase, the HE&S leader/emergency manager and members of the HE&S team will begin the business recovery phase.


The Hartford’s Business Continuity Management Plan © 2008 31

2.2.1 What is Business Recovery? Business recovery is the second part of a BCM process. It follows the crisis management response. This part of BCM deals with restoring processes and operations necessary to continue business interactions with policyholders, customers, business partners, etc. This process needs to be carefully managed and controlled in order to ensure optimum use of resources with correct prioritization applied to key tasks. From a business perspective, this is a critical phase of the entire BCM process. The efficiency and effectiveness of the procedures contained within this section could have a direct bearing on the organization’s ability to survive the emergency. The business recovery phase focuses on two (2) major items: Infrastructure and business processes. Infrastructure is further broken down into its two major components, information technology and physical plant. When discussing business recovery, consideration must be given to two (2) major scenarios.

• Scenario 1: A crisis event has occurred at a location that has impacted the physical building.

This prevents the occupancy and/or use of the facility for some period of time. Examples of this include:

o Fire o Severe weather condition (ice storm, major snow fall, hurricane) o Power or other utility failure o Contamination of building interior

• Scenario 2: A crisis event has occurred at one or more data center locations or at the location of a

vendor or supplier of critical services. This event may impact the delivery of centralized systems and/or data necessary to conduct business at multiple locations.

Crises associated with Scenario 1 are more likely to occur, and will impose greater severity on the impacted location. This is due to the fact that it often requires the physical movement of staff, resources and workflow to other locations and can continue for longer periods of time. Crises associated with Scenario 2, while less likely to occur, can have a greater affect on the business process because they could impact all business operations and remote locations at the same time. Most of the remaining sections of this manual will focus on those items that must be addressed to respond to an event consistent with Scenario 1. However, it should not be taken as an indication that those same response techniques would not apply in the event of a Scenario 2 situation, if warranted.



2.2.2 Business Recovery Phase – Roles/Responsibilities The primary responsibility during the business recovery phase is to insure the continued operations of the critical business processes at the impacted location. During the business recovery phase, the primary responsibilities of the HE&S team include:

• Identifying and communicating the current status of: o Employees: status, communications, relocation, releasable, relief o Customers: impact, alternate processing, communications o Operations: impact, shutdown, defer, relocation, reductions, shifts o Assets: damage, loss, replacement, protection

• Determining priorities / strategies for recovery • Participating in business recovery off-line meetings as warranted • Activating individual business recovery processes



2.2.3 Business Process Classifications The names used in this plan are not universally applied. It is important for businesses to choose names that fit into their structure, ensure that the roles described in this plan are covered and to communicate the chosen names with the proper roles consistently. All operations should be grouped into pre-determined categories with assigned sensitivity level indicators for recovery operations (For example: Category A operations must be resumed immediately following an interruption; Category B must be recovered after Category A operations are resumed; and Category C recovery may be deferred pending time and resource availability.

• Category A - Business transactions relating to direct customer contact and/or service. AND

With sufficient volume to significantly impact the financial stability of your organization as a whole.

Additionally, Survival Critical includes: Business processes and Business Partners necessary to the financial stability of your organization.

--------------------------------------------------------------------------------------------------------------------- • Category B - Business transactions relating to direct customer contact and/or service.

BUT NOT With sufficient volume to significantly impact the financial stability of your organization as a whole.

--------------------------------------------------------------------------------------------------------------------- • Category C - All remaining business processes that are not classified as survival critical or

mission critical. This is a sample only for illustration purposes and should not be viewed as a complete list for any specific operation or individual business group. 2.2.4 Damage Assessment Roles/Responsibilities Once local emergency services provide clearance for re-entry into the facility, the HE&S team members assigned to damage assessment should do an inspection of the facility. In some cases, limited access may be provided by local emergency services to the facility before clearance for general access is given. The damage assessment members should identify themselves to local emergency services and request access as soon as possible. Damage assessment should be done in groups of no fewer than two people and should provide information on the structure, contents and environment. For HE&S team members who are assigned to damage assessment, their primary responsibilities should include: • Verify communication methods (types, #'s, etc.) to be used during the assessment (e.g., two-way

radios, cell phones, etc.) • Meet at the primary or secondary HE&S team location or pre-determined access location



• Establish liaison with local emergency services (fire department, police, etc.) as warranted • Obtain access into damaged area as warranted • Perform on-site walk-through and report status (verbally) to the emergency manager • Take photographs of the damage if possible • Complete a written preliminary damage assessment report and deliver to the emergency manager • Complete a written detailed damage assessment report and deliver to the emergency manager • Maintain liaison with local emergency services and continue updates as warranted 2.2.5 Damage Assessment Activation The HE&S leader/emergency manager should activate the damage assessment process. In every incident, some form of damage assessment should be performed. This may require nothing more than a validation that there is no damage at the site. Formal procedures do not have to be followed for a minor or moderate activation. A minimum of two team members should be required for all responses. Procedures to activate the role should include calling / paging each team member or their alternate to the HE&S team location or participation in a teleconference, as appropriate. 2.2.6 Damage Assessment Decision Making / Status Reporting Once the Damage Assessment process has been activated, the team should follow the damage assessment roles/responsibilities. A preliminary damage assessment survey should be completed to estimate the type and amount of effort that may be required to recover and/or restore the impacted site. A detailed damage assessment should then be completed. Once it has been determined what structural damage has occurred, what environmental issues need to be addressed, what equipment (power, UPS, air conditioning, raised floor, etc.) must be repaired or replaced, that information should be communicated to the EOC. Note: No equipment should be discarded or moved (unless necessary to prevent or minimize further damage), unless instructed by the EOC. In some cases, special care may be needed to remove or dispose of damaged property and/or equipment. In addition, damaged property may need to be retained for inspection to support insurance claim submissions or to comply with equipment lease terms and conditions. The EOC shall determine the appropriate response and provide direction accordingly.



2.2.7 Preliminary Damage Assessment (High Level) The preliminary damage assessment form should be completed first to provide a high level view of the building damage. Upon completion, the HE&S leader/emergency manager should contact the EOC to discuss the damage information. A sample of the preliminary damage assessment form is illustrated below. Refer to Appendix 4.6 for a complete form. Preliminary Damage Assessment (High Level) Location: 123 Main Street, Anytown, CT Completed By: Jack Smith

Date: May 11, 2008 Time: 11:50 AM

Area OK? Damaged? Comments Structural

X Fire and water damage in building lobby. No damage to the occupied space.

Utilities

X Electrical service to the building has been shut off temporarily but there is no actual damage to the services. Service is scheduled to be restored this afternoon.



2.2.8 Detailed Damage Assessment (Low Level) Depending on the amount of damage as determined by the HE&S leader/emergency manager and/or the EOC staff, a detailed damage assessment may be required. Upon completion, the HE&S leader/emergency manager should contact the EOC to discuss the damage information. A sample of the detailed damage assessment form is illustrated below. Refer to Appendix 4.7 for a complete form. Detailed Damage Assessment (Low Level) Location: 123 Main Street, Anytown, CT Completed By: Jack Smith

Date: May 11, 2008 Time: 12:30 PM Code Key: 1 = Needs replacement; 2 = Needs repair; 3 = No action needed; functioning properly Code Description Comments/Recommendation

2 Structural [ 3 ] Foundation [ 3 ] Exterior Walls [ 3 ] Roof [ 2 ] Ceiling [ 1] Floor [ NA ] Stairs [ 3 ] Doors [ NA ] Windows

Fire and water damage in building lobby. No damage to the occupied space.

2.2.9 Unique Equipment Unique equipment refers to equipment needed to complete a specific function or task within the business unit. This equipment generally includes items that are not easily replaced in the event of damage. Therefore, it is important to keep an accurate record of this equipment. 2.2.10 Unique Equipment Requirements The unique equipment requirements form is used to facilitate the quick identification of specialized equipment used by the business unit. A sample of the Unique Equipment Requirements form is illustrated below. Refer to Appendix 4.8 for a complete form.



Unique Equipment Requirements Location: 123 Main Street, Anytown, CT Completed By: Jack Smith

Date: May 11, 2008

Equipment Type Brand Model Number Current Quantity



2.2.11 Developing Technology Recovery Team This team is activated during the recovery phase. The purpose of the technology recovery team during this phase is to establish a centralized point of technology control, support and coordination at the emergency operations center (EOC). This team should be activated upon notification that a business interruption has escalated and that the EOC is currently being established. The following recommended descriptions are provided for use in defining technology team leaders, alternate team leader and member positions as they may apply to your specific business operations.

• Mainframe/midrange hardware/software analysts • PC/LAN hardware/software analysts • Telecommunications analysts • Business system analysts • Client services support analysts • Information/data security analysts • Equipment operations analysts • Electronics hardware/software analysts • Vendor representatives and specialists as required • Mechanical equipment managers and engineers

Development tasks for the technology recovery team include:

• Identify team membership and compile contact information for the recovery phase of your BCM plan

• Compile team tasks by team position fore recovery phase of your BCM plan • Determine how the technology recovery team will be activated during the recovery phase and

what their initial actions will be • Coordinate all EOC technology support requirements • Contact all vendors, utility and service providers, and other parties regarding technology support

requirements • Coordinate the acquisition, pre-positioning and availability of resources required at the EOC for

technology support • Develop plans and procedures for telecommunications and technology capabilities at the EOC

and other activated locations • Coordinate technology recovery team requirements for training • Coordinate process for exercises and follow-up actions

Recovery tasks for the technology recovery team during an interruption include:

• Report to technology recovery area within the EOC • Obtain briefing on current status of interruption situation, extent of damage, estimated length of

interruption, and expectations and priorities



• Acquire and install required technology at the EOC • Work with damage assessment teams as required • Provide technology support and assistance at the EOC as required • Implement plans for expansion/extension of technology team support if necessary

Technology recovery team training includes:

• Participate in plan exercises as directed by the HE&S Leader • Review existing BCM policies and procedures • Review team recovery tasks and procedures • Periodically review technology recovery team procedures with all members • Schedule and conduct reviews after significant maintenance changes • Train team members, at scheduled intervals, on changes to their duties and responsibilities during

recovery, and include vendors in the training as appropriate • Ensure training includes changes to the current technology environment

Plan maintenance tasks includes:

• Maintain a list of all vendors and service providers • Maintain a current list of service specialists and their areas of expertise in the recovery phase of

your BCM plan • Maintain team member names and contact information in the recovery phase of your BCM plan • Maintain a current list of all technology resources and requirements at the EOC

2.2.12 Application Requirements The application requirements form should be completed for all applications used by your office/business function. The form should include the name of the application, its category and indicate whether it operates out of your local office (local), a company controlled location other than your office (Data Center) or a third party such as a vendor or application service provider (Vendor). A sample of the application requirements form is illustrated below. Refer to Appendix 4.10 for a complete form. Application Requirements Location: 123 Main Street, Anytown, CT Completed By: Jack Smith

Date: May 11, 2008 Business Unit:

Application Name Category Location



2.2.13 Workgroup Recovery Options There are various options to facilitate workgroup recovery. The HE&S leader, working in concert with each specific business process owner, should review these options and select those that are appropriate for each organization. These options are intended to provide necessary input to the business recovery planning process to demonstrate the viability / realism of the different solutions over a given period of time. Consideration must be given to:

• The criticality of the business operation • The severity of the impact to the location • The anticipated length of the outage

The workgroup recovery options are aligned with the same category timeframes that apply to business process recovery. They address the staff and services necessary to maintain an acceptable (but not necessarily complete) level of business operations. Technology infrastructure (networks, data centers, central application services, etc.,) should be addressed in the technology recovery plan and is assumed to be available. Examples of potential workgroup recovery options include:

Within 2 Days 3 – 7 Days 8 – 30 Days Telephone service (30 Minutes) Mail (1 Day) Transfer of work (2 Days) Work from home – upgrade (2 Days) Hot site (1 Day)

Use pre-config. space (3 Days) Use common space (4 Days) Low speed VPN (3 Days) Trailers (3 Days)

High speed VPN (30 – 45 Days)

Acquire temporary space in market

Business recovery may be implemented in waves, with some options being stopped when other options begin. Below is a detailed description of each workgroup recovery option. It will discuss:

• The specific option • A description of what the option provides • The estimated implementation time (from the time the decision is made to its implement) • The best practice(s) associated with the option • Risks associated with this option



2.2.14 Transfer of Outbound Telephone Service

Description

Estimated Implementation Time

Best Practice

Risks

Transfer outbound phone traffic to an alternate provider or alternate technology. Option A Maintain alternate providers for local and long distance service. Option B Pre-identify staff members who have personal or company issued cell phones. If outbound phone service is interrupted, cell phone should be used to establish outbound communications. This option is appropriate for all offices.

30 minutes Procedures to transfer service to alternate carriers should be well documented. Offices that have a voice system analyst (SA) on staff should have a contact with the required vendor(s) to implement the changes. Offices that do not have a voice SA on staff should get support from the internal voice technology area, if applicable.

Failure to maintain outbound telephone service may result in decreased service to your customers and business partners. Potential cost of business interruption must be measured against the cost to maintain dual provider presence at a site.



2.2.15 Transfer of Inbound Telephone Service

Description


Best Practice

Risks

Transfer inbound telephone service to alternate location(s).

30 minutes Offices should maintain predefined “alternate routing tables” to enable inbound telephone traffic to be redirected to another location for “live voice” response. As an alternative or for outages of a relatively short duration, the office may choose to place a message on the network that gives information and/or instructions to the callers. Offices that have a voice SA on staff should have a contact with the required vendor(s) to implement the changes. Offices that do not have a voice SA on staff should get support from their internal voice technology area, if applicable.

Failure to move inbound traffic could result in decreased service to customers and business partners. This could result in a negative image for your company.

2.2.16 Transfer of Outgoing Mail Service

Description


Best Practice

Risks

Use an alternate post office facility to process outbound mail and packages.

30 minutes All locations should maintain a list of alternate post offices in close proximity to their office. In the event the primary post office is unavailable, outbound mail should be diverted to an alternate site for processing and delivery. Locations should use their normal method of outbound mail pick-up to redirect mail. As an alternative, the HE&S leader/emergency manager should designate an appropriate staff member to take the mail to the alternate post office.

Failure to process outgoing mail may result in a backlog of work, a decline in customer service, and a negative impact on corporate image and reputation.



2.2.17 Transfer of Incoming Mail Service

Description


Best Practice

Risks

Transfer incoming mail to alternate location(s).

1 day Inbound mail should be redirected to a nearby facility if applicable. The alternate location should either process the mail or redistribute it to an appropriate location. When possible, staff from the impacted office should move to the alternate mail site to process the additional mail volume. Locations should initiate a temporary “change of address” with their local post office. Offices should keep a “change of Address” form in the office or process a change of address on line at: http://www.usps.com.

Failure to process incoming mail may result in a backlog of work, a decline in customer service, and a negative impact on corporate image and reputation.



2.2.18 Transfer Work to Another Facility

Description


Best Practice

Risks

Transfer workload from impacted office to other location(s).

2 days – This timeframe contemplates the possible need to transfer files, system access, etc.

Workload from the impacted office is transferred to other locations that have the skill sets and capacity to assimilate the extra volume into their existing processes. This may be accomplished through the use of extended shifts, 2nd shifts, weekends, etc. Staff from the impacted office is not expected to supplement the increased volume at the new location. Volume of work able to be transferred will be determined by the available capacity of the office(s) selected as response sites. The percentages should be part of the business continuity planning process.

Failure to process continuing workloads may result in a backlog of work, a decline in customer service and a negative impact on corporate image and reputation. Transfer of too large a volume could result in a decrease in staff morale and performance at the assisting office.

2.2.19 Use Available Pre-configured Internal Space

Description


Best Practice

Risks

Transfer staff to one or more internal location(s) with available configured workspace. These locations should have available workstations already configured and outfitted with PCs, active network connections, phone service, etc. that are not being used by existing staff. This may require a

3 days - This timeframe contemplates the possible need to transfer files, system access, etc., as well as the time needed to get the transferred staff settled with living arrangements, personal family plans, etc.

Staff from the impacted office will transfer to one or more designated internal location(s) to continue their regular business process. Where possible, these sites should be the same location(s) where the telephone and mail services are being directed. Volume of staff to be transferred will be determined by the available configured space in the office(s) selected as response sites. The quantities should be part of the business continuity planning

Transfer of too much staff could result in a decrease in staff morale and performance of the assisting office.



second shift for locations that normally only operate a single shift.

process.

2.2.20 Use Available Internal Space (Available Common Area)

Description


Best Practice

Risks

Transfer staff to one or more internal location(s) with available common areas. These locations have available common space (such as cafeterias, conference rooms, training rooms, etc.) already configured and outfitted with data connections, phone service, etc., to accept additional staff.

4 days - This timeframe contemplates the possible need to set up voice and data services in the designated location(s), transfer files, system access, etc., as well as the time needed to get the transferred staff settled with living arrangements, personal family plans, etc.

Staff from the impacted office will transfer to one or more designated internal location(s) to continue their regular business process. These locations have available common areas (atriums, cafeterias, etc.) that can be outfitted quickly to accept the additional staff. In cases where common areas have not been pre-wired for network connectivity, a wireless solution may be deployed. Volume of staff to be transferred will be determined by the available common space in the office(s) selected as response sites, and the ability to deploy voice, data and equipment to the location(s). The quantity should be part of the business continuity planning process.

Transfer of too much staff could result in a decrease in staff morale and performance of the assisting office. Deployment of additional network volume may have a negative impact on system performance.



2.2.21 Work From Home – Hardware/VPN Upgrade

Description


Best Practice

Risks

Staff from impacted office, with existing (personal) high speed internet access should work from home.

2 days - This timeframe contemplates the possible need to acquire and deploy additional hardware to the home worker’s location and set up the VPN(Virtual Private Network) services.

Many employees may already have high speed Internet access installed in their homes for personal use. Staff with this service should be provided with the required hardware and/or software to allow them to connect to your internal network and work from home. Volume of staff to use this option will depend on number of staff that has high speed Internet service already installed in their homes, and capacity available on the internal network. Staff members with this service should be pre-identified by the HE&S leader/emergency manager.

Staff members not familiar with working from home may be uncomfortable and not fully productive. Use of VPN software, required to connect to your internal network is intended for use on company issued hardware. Installation on other hardware may be problematic. The ability to support and resolve issues may be limited. Increased remote user population may put an increased burden on IT support organizations.

2.2.22 Work From Home (Low Speed VPN)

Description


Best Practice

Risks

Staff from impacted office will work from home using dial-up Internet service.

3 days - This timeframe contemplates the possible need to acquire and deploy additional hardware to the home worker’s location and set up the VPN services, as necessary.

Selected staff will be set up as home workers using low speed (dial-up) VPN Internet service. Selected workers will need a PC (desktop or laptop) with appropriate applications, internally issued VPN software and an available phone line. Volume of staff using this option will depend on ability to deploy hardware to the remote worker, and capacity available on the internal network. Hardware may be deployed from local office inventory or “quick ship” from a vendor.

Staff members not familiar with working from home may be uncomfortable and not fully productive. Low speed Internet access may prove ineffective for some business applications(s) resulting in increased staff frustration. Increased remote user population will put additional burden on IT support organizations.



2.2.23 Work From Home (High Speed VPN)

Description


Best Practice

Risks

Staff from impacted office should work from home using high speed Internet service (Broadband Cable or DSL).

30 to 45 days – This timeframe contemplates the time required to provide high speed service from available providers. It is expected that workers may begin with low speed service and convert to high speed service as it becomes available.

Selected staff should be set up as Home Workers using high speed VPN Internet service. Selected workers will need a PC (desktop or laptop) with appropriate applications and a router. Volume of staff to use this option should depend on availability of high speed Internet service to individual locations, the ability to deploy hardware to the remote worker, and capacity available on the internal network. Hardware can be deployed from local office inventory or “quick ship” from a vendor.

Failure to process continuing workloads may result in a backlog of work, a decline in customer service, and a negative impact on corporate image and reputation. Staff members not familiar with working from home may be uncomfortable and not fully productive. Your company may not have a single service provider for all locations. High speed Internet service may not be available in all areas. Increased remote user population may put an increased burden on Technology support organizations.

2.2.24 Hot Sites

Description


Best Practice

Risks

Staff may work at a nearby “hot site”.

1 day – This timeframe contemplates the need to notify the hot site vendor of your need to use the facility and the time the vendor requires to prepare the site.

Contract with a hot site vendor (SunGARD, IBM, etc.) for space at a hot site. Hot sites are generally available for periods of 6 to 10 weeks, but consideration should be given to shorter periods due to costs associated with this option. This option is generally appropriate for workgroups between 25 to 100 people.

Space at a particular site is often oversubscribed. In the event of a regional event, space may not be available at the anticipated location. This option requires a contract be in place prior to the event. This results in ongoing expense for your organization. Use of the site requires a formal declaration of a “disaster,” which may have both monetary and business practice ramifications.



2.2.25 Mobile Trailers

Description


Best Practice

Risks

Deploy self-sufficient trailer units, with satellite capabilities, to an appropriate site to act as a replacement office environment.

2 to 3 days to deploy initial 100 seats; additional 100 seats every 24 hours thereafter.

Trailers may be deployed to appropriate site to act as a temporary office. Trailers should be self-sufficient with generator power and satellite communication for voice and data. Trailers should be configured to meet your specific business needs. Mobile trailers are usually appropriate for use up to 12 weeks. This option is generally appropriate for a 48-seat minimum and 400 to 600 seat maximum capacity.

Not all locations are suitable, as trailers require open space, (i.e. parking lot) to be positioned for extended periods. Use of trailers requires a formal declaration of a “disaster,” which may have both monetary and business practice ramifications.

2.2.26 Acquire Temporary Space

Description


Best Practice

Risks

Acquire temporary space in the local marketplace.

7 to 21 Days – This timeframe is for the acquisition of the physical location with only minor improvements to accommodate staff. The ability to invoke this decision and locate space should begin within hours of the event. However, the ability to actually occupy the space may not occur for a minimum of several days.

Working with your real estate department, displaced staff should relocate to a new facility in the local marketplace. Volume of staff to use this option may depend on availability of alternative space in the marketplace.

Based on the size of the impacted office, one new facility may not be available. Staff may need to be divided among several physical locations. Network connectivity (voice and data) may not be available for some time after physical space is available to be occupied.



2.2.27 Business Recovery Plan Activation The HE&S leader and business process owners should pre-determine the appropriate workgroup recovery options for a location. Each business process owner should be allowed to activate their individual work group recovery plan at any point during the incident. For example, during a 5-hour power outage, one business unit or business process may have requirements to be up and running within the hour, while another business unit or business process may not need to be up for 2 weeks. In the event of an emergency situation that affects the integrity of the facility, it may become necessary to conduct business operations from alternate locations for some period of time. Different options may be more viable given the duration and extent of the outage. When considering appropriate workgroup recovery options, HE&S leaders must keep in mind previously established recovery time guidelines. In the event of an enterprise or regional-level data center disaster, business applications will be available in concert with those guidelines. 2.2.28 Workgroup Recovery Worksheets The worksheets are provided to assist the business process owner(s) in selecting the most appropriate workgroup recovery options and collecting the information necessary for the selections. Not all options may be appropriate for all locations. All business units at a particular location should prepare a worksheet with selections appropriate for their business functions. Once this information is collected, work with the appropriate departments, vendors, etc., to ensure the necessary actions are taken to execute on these plans if needed. Recognizing that the length of an outage/disruption may vary based on the individual circumstances, consider when the selected options will be invoked (i.e., the office will accept an outage of 1 business day before moving telephone service). A sample of the worksheet is provided below. Refer to Appendix 4.11 for the complete selection of forms. Workgroup Recovery Worksheets Office Overview

Business Unit Name: Address:

Main Telephone Number: Primary Business

Function:

Current Staff Count: Business Impact:



Office Services Telephone Service - Outbound Transfer outbound phone traffic to an alternate provider or use of personal cell phones. (In the space provided, please identify your primary local and long distance phone service providers.) Primary Local Service Provider: Primary Long Distance Provider:

Expected Outage Duration: In the event of loss of phone service the following will be implemented:

Mail Service - Outbound Use an alternate post office facility to process outbound mail and packages. (In the space provided below, identify the address of an alternate U.S. Postal Service location.) Expected Outage Duration: Outbound mail is picked up by a vendor service. Vendor should deliver mail to any available USPS location. The following USPS facilities serve this address:

USPS Location Distance from Office 2.2.29 Business Recovery Communication Plan One of the keys to your operation’s success is the relationship you have with your customers and business partners. In the event of a crisis, it is important to keep these entities appropriately informed so that they understand how you will continue the business relationship, as well as what, if any, impact the situation will have on them. The local business leaders or designated individuals should establish communication with key parties as soon as practical after a crisis has occurred. To ensure that the information needed to make contact is readily available, the HE&S leader should work with the appropriate business process owners to compile and maintain a “critical contact call list.”



2.2.30 Critical Contact Call List This list should contain the names of the individuals to be contacted, the organization they belong to or their role, and a phone number to contact them. Because of the level of importance associated with these communications, it is recommended that they be done by telephone rather than email or other method of communication. A sample of the Critical Contact Call List is provided below. Refer to Appendix 4.12 for a complete form. Critical Contact Call List Location: 123 Main Street, Anytown, CT Completed By: Jack Smith Date: May 11, 2008 Business Unit:

Contact Name Company or Affiliation Role Phone Number

2.2.31 Alternate Business Processes Most of the planning to this point has centered on the need to respond to an event that impacts the physical location where the work is performed. However, another less likely, but equally important, event may eliminate some central source of technology or support (a Data Center, outside vendor service, etc.). This type of event has no direct impact on the physical location, staff or local services but requires that business processes have been prepared to implement manual work-arounds to replace the loss of these centralized services. 2.2.32 Alternate Business Process List The alternate business process list should be completed for all major business processes/functions in your location that normally depends on some form of remote technology and/or automation. The list should contain the name of the business process, concise explanation of the alternate manual process to be employed and an indication of any special materials needed to implement the alternative. A sample of the Alternate Business Process List is illustrated below. Refer to appendix 4.13 for a complete form.



Alternate Business Process List Location: 123 Main Street, Anytown, CT Completed By: Jack Smith Date: May 11, 2008 Business Unit:

Business Process Dependencies Alternative Support Items



SECTION 3: TESTING & MAINTENANCE

3.1 Testing the BCM Plan

Introduction

A successful BCM must have a testing program which begins simply and escalates progressively. This consists of rehearsing procedures with team members and staff.

It’s important that all employees understand their roles and that they have the knowledge and skills to react promptly and effectively in a crisis situation. They will acquire this understanding during planned, structured training drills and exercises coordinated by the HE&S team. It is important to express that testing is an opportunity to measure the quality of planning, preparedness of individuals, and effectiveness of capabilities.

Use any or all of the training techniques described below. Customize the training exercises to the specific needs of the employees and the facility.

It is better to test and understand how the plan functions before a crisis, than to test it during a crisis.

Purpose

The purposes of testing are to evaluate overall effectiveness, identify strengths and weaknesses, develop understanding and cohesiveness with team members, and determine the efficiency of recovery procedures.

Employee Training

General training for all employees should take into account: • Individual roles and responsibilities • Information about threats, hazards and protective actions • Notification, warning, reporting and other communications procedures • Crisis management procedures • Evacuation, shelter and accountability procedures • Location and use of emergency equipment (AEDs, radios, fire extinguishers, etc.) • Emergency shutdown procedures

Training Schedules

Training should be conducted when:

• The plan is first completed • The plan is revised • On a regular basis, or at least once a year • Drills or exercises have not had satisfactory results • There is a new employee or when employees change jobs • There are new HE&S leaders, team members or alternates • Equipment and processes have been updated or altered



Testing and Drills

For all test and drill exercises, consider these items:

• Know exactly what you want to test, and who, when, why, etc. • Identify who will observe, record, judge and evaluate • Identify supplies, etc., needed for tests • Relay relevant information to employees, community agencies and the media • Keep records of dates, actions, etc. • Evaluate performance using a critique form and correct weaknesses • Include key personnel in the review • Identify action items; make plans to correct them; establish target dates for completion • Re-test and re-evaluate all changes to the Plan • Include employees on all shifts – including nights and weekends – don’t forget telecommuters or other mobile workers

Drills should:

• Help evaluate the adequacy of the plan • Identify weak spots and reveal missing resources • Give employees a chance to practice and improve their skills • Give community responders a chance to become familiar with the plan, the facility and the HE&S team members

Training Methods and Techniques Orientation and Education Sessions Orientation and education sessions are regularly scheduled with employees to provide information, answer questions, and identify and respond to employees’ needs and concerns. Tabletop Exercises

In tabletop exercises, HE&S team members meet in a conference room setting to discuss their responsibilities and how they would react to various crisis situations. This is a cost-effective and efficient way to identify areas of overlap and confusion before conducting more demanding training activities. Walk-Through Drills

In walk-through drills, HE&S team members actually perform their functions. This activity generally involves more people and is more thorough than a table top exercise.



Functional Drills

These drills test specific functions such as medical response, warning and communications procedures, and equipment - though not necessarily all at the same time. Personnel can evaluate the systems and identify the problem. Evacuation Drills

Personnel walk the evacuation route to a designated gathering area. Test the procedures for accounting for personnel. Ask participants to take notes on hazards (i.e. obstructed exits, inadequate lighting). Modify the plan as needed to reflect the changes. Full-Scale Exercises

During a full-scale exercise, a real-life emergency situation is simulated as closely as possible. This exercise involves all the employees, HE&S team members and appropriate community response agencies.

Documentation

Records of training activities should include:

• What training was given • To whom the training was given • Who did the training • What exercises or tests took place • Results of the exercises • Changes made to the plan as a result of the outcome of the training

3.2 Maintenance of the BCM Plan

Introduction

Even after you have created, documented, tested, and implemented your BCM, the work isn’t done. The plan must remain a living document that is always current and ready to be activated should the need arise. In effect, the Plan is more of a process than a document.

Review, audit, evaluate, revise and test your plan regularly to be sure it keeps pace with changes at your facility.

Conduct a formal audit of the entire plan at least once a year. The HE&S leader should have the authority and responsibility for review of the plan. The HE&S leader can delegate maintenance of specific portions of the Plan to the appropriate HE&S Team members.



Review Considerations

During the review of the BCM, the responsible party should:

• Identify areas to update • Determine completeness • Assess chain of command • Evaluate employee knowledge and awareness • Assess trigger mechanisms • Evaluate inventory resources

Maintenance Frequency

Update the plan whenever there are:

• New HE&S team members or alternates • New operations, processes, equipment or materials • New or renovated sites or changes in layout • Changes with outside agencies • New suppliers or vendors • Mergers or acquisitions



SECTION 4: APPENDICES This section contains samples of the forms used to complete the plan details in Section 3, as well as additional forms needed at the time of crisis response. Forms may be copied to make revisions to this plan, as needed.



Appendix



4.1 Business Impact Analysis (BIA) Questionnaire Form

The business impact analysis is the foundation upon which the whole BCM process is built. It identifies, quantifies and qualifies the business impact of a loss, interruption or disruption of business processes on an organization and provides the data from which appropriate continuity strategies can be determined.

This sample questionnaire template is designed to assist the user in performing a BIA on each business function and the organization as a whole. The template is meant only as a basic guide. The user may modify this template of the general BIA approach as required to best accommodate the specific industry. However this template includes a few basic principles that should be considered in order to develop your organization’s strategies.

Business Function:

Date BIA Completed:

Business Function Owner(s)/Title(s): Business Function Owner Work Phone & E-mail Address:

Description of Business Function: (Describe the functions performed by this are and its purpose. If the organization is part of a group, identify the relationship between the various parts of the organization, performed in multiple locations, key business objectives and success criteria):



List of Key BIA Respondents Role Internal (Identify the individual, inside your organization who contributed answers and guidance in completing this BIA. Be sure to include their titles.)

List of Key BIA Respondents Role External (Identify the individuals, positions or offices outside your organization that contributed answers and guidance in completing this BIA)

Workflow Input (Identify the items that are work inputs into your functional area. Include the contributor of each work item and whether they are an external or internal contributor)

Functional Area Workflow Input Description

Contributor Type (internal or external)

Contributor Name



Workflow Output (Identify the items that are work outputs from your functional area. Include the recipient of each work item and whether they are an external or internal recipient)

Functional Area Workflow Output Description

Recipient Type (internal or external)

Recipient Name

Financial Impacts (Enter a value for each financial impact)

Financial Impact Exposure Importance (1-10)

Use the following options:

10 = Extreme Importance 5 = Moderate Importance

1 = No Importance

No Assessment Completed

Time Period Financial Impact (in dollars)

Notes

Less than 1 day Day 1 Day 2 Day 3 Day 4 Day 5 Week 1 Week 2 Week 3 Week 4

Over 30 days

Less than 1 day Day 1 Day 2 Day 3 Day 4 Day 5 Week 1

Week 2



Week 3 Week 4 Over 30 days


Over 30 days


Over 30 days

Intangible Impacts (These are impacts that are difficult to quantify but can have a significant long- term effect on the organization. Enter a value for each intangible impact, such as: competitive advantage, shareholder confidence, industry image, employee morale, customer service, 3rd party relationships, regulatory compliance, legal)

Intangible Impact Exposure Importance (1-10)

Use the following options:

10 = Extreme Importance 5 = Moderate Importance

1 = No Importance

No Assessment Completed

Time Period Scale of Severity (1-5)

Use the following

options:

5 = Severe Impact 4 = Significant Impact

3 = Some Impact 2 = Little Impact 1 = No Impact

Notes

Less than 1 day Day 1 Day 2 Day 3

Day 4



Day 5 Week 1 Week 2 Week 3 Week 4 Over 30 days


Over 30 days




Over 30 days


Over 30 days


More than 30 days

Application Mapping (Identify the applications used that support the business functions, including Maximum Tolerable Objectives (MTO) and Recovery Point Objectives (RPO). See glossary for definitions.)

Application Used MTO RPO



Application Used MTO RPO

Alternate Workaround (Manual) Processes (For each business process, document if there is an alternate process available to accomplish the work without support of applications, and how long that process can function in an alternate mode).

Business process Do you have a documented/executable alternate

workaround?

Use the following options: (Y/N)

Alternate workaround description

Amount of time the alternate workaround can be performed before significant

business impact



Vital Records (List any vital records that support your business process. Vital records are either hard copy documents or documents that are not in a backed up data source. These documents, if lost, could not be recovered at all).

Business Process Vital Record

Completed by: __________________________________________________ Date: ______________

Position: __________________________________________________



4.2 Risk Assessment Form Date: ___________________________ Division: ________________________________________________________________________ Department: _____________________________________________________________________ Business Function: _______________________________________________________________ PURPOSE OF THE RISK ASSESSMENT The purpose of the risk assessment is to identify the inherent risk of performing various business functions. Audit resources will be allocated to the functions with the highest risk. The risk assessment will directly affect the nature, timing and extent of audit resources allocated. The two primary questions to consider when assessing the risk inherent in a business function are: What is the probability that things can go wrong? (The probability of one event) What is the cost if something does go wrong? (The exposure of one event) Risk is assessed by answering the above questions for various risk factors and assessing the probability of failure and the impact of exposure for each risk factor. Risk is the probability times the exposure. The risk factors inherent in business include the following: Access risk Business disruption risk Credit risk Customer service risk Data integrity risk Financial/external report misstatement risk Float risk Fraud risk Legal and regulatory risk Physical harm risk These risk factors cause potential exposures. The potential exposures include (but are not limited to): Financial loss Legal and regulatory violations/censorship Negative customer impact Loss of business opportunities Public embarrassment Inefficiencies in the business process The evaluation should NOT consider the effectiveness of the current internal control environment. The evaluation should focus on the risks and exposures inherent to the function being evaluated. However, while performing the risk evaluation, the auditor should consider what controls are needed in order to minimize - if not eliminate - the risks and exposures.



DEFINITION OF SCOPE OF THE BUSINESS FUNCTION UNDER ASSESSMENT

Provide a definition of the scope of the risk assessment.

____________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________

BUSINESS FUNCTION / BUSINESS REASON

Provide a high-level overview of the area, function or application being assessed.

_____________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________ ACCESS RISK Probability Exposure Access risk refers to the impact of unauthorized access to any company assets, such as customer information, passwords, computer hardware and software, confidential financial information, legal information, cash, checks, and other physical assets. When evaluating access risk, the nature and relative value of the company's assets need to be considered.

High

Medium

Low

N/A

High

Medium

Low

N/A Rationale _________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________



BUSINESS DISRUPTION RISK Probability Exposure Business disruption risk considers the impact if the function or activity was rendered inoperative due to a system failure or a disaster situation. Consideration is given to the impact on company customers, as well as other company operations.

High

Medium

Low

N/A

High

Medium

Low

N/A Rationale _________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________ CREDIT RISK Probability Exposure Credit risk considers the potential that extensions of credit to customers may not be repaid. There is an element of credit risk in each extension of credit. When setting lending policies and procedures, the company must consider what level of credit risk is acceptable. Extension of credit includes the use of debit cards and credit cards by customers to make EFT purchases.

High

Medium

Low

N/A

High

Medium

Low

N/A Rationale _________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________



CUSTOMER SERVICE RISK Probability Exposure Customer service risk refers to the impact on customers if a control should fail. A customer may be external or internal. For example, the line units are customers of the support units. When the customer is internal, assessment of customer service risk should also consider how problems with internal services might impact the level of service offered to the outside customer.

High

Medium

Low

N/A

High

Medium

Low

N/A Rationale _________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________ DATA INTEGRITY RISK Probability Exposure Data integrity risk addresses the impact of inaccurate data being used to make inappropriate business or management decisions. This risk also addresses the impact of incorrect customer information such as account balances, transaction histories or inaccurate data used in payment to/from external entities. The release of inaccurate data outside the company to customers, regulators, shareholders, the public, etc. could lead to a loss of business, possible legal action or public embarrassment.

High

Medium

Low

N/A

High

Medium

Low

N/A Rationale _________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________



FINANCIAL/EXTERNAL REPORT MISSTATEMENT RISK Probability Exposure Financial/external report misstatement risk is similar to data integrity risk, but this risk focuses specifically on the company's general ledger and the various external financial reports which are created from the G/L. Consideration of generally accepted accounting principles and regulatory accounting principles is an important factor in evaluating financial report misstatement. This risk includes the potential impact of negative comments on the external auditor’s notes to financial statements or management letter.

High

Medium

Low

N/A

High

Medium

Low

N/A

Rationale _________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________ FLOAT RISK Probability Exposure Float risk considers the lost revenues if funds are not processed or invested in a timely manner, and the additional expenses if obligations are not met on a timely basis. Receivables, payables and suspense accounts are subject to float risk.

High

Medium

Low

N/A

High

Medium

Low

N/A Rationale _________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________



FRAUD RISK Probability Exposure Both internal and external fraud risks need to be considered. Internally, employees may misappropriate company assets, or manipulate or destroy company records. External parties may perpetrate fraud by tapping into communication lines, obtaining confidential company information, misdirecting inventories or assets, etc.

High

Medium

Low

N/A

High

Medium

Low

N/A Rationale _________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________ LEGAL AND REGULATORY RISK Probability Exposure In evaluating legal and regulatory risk, consideration should be given to whether the product, service or function is subject to legal and regulatory requirements. Regulatory requirements may be federal, state or local. The relative risk level of an objective may be high if the related law/regulation is currently on the most dangerous violation list. Legal risk also considers whether the company might be sued under a civil action for breach of contract, negligence, misrepresentation, product liability, unsafe premises, etc.

High

Medium

Low

N/A

High

Medium

Low

N/A

Rationale _________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________



PHYSICAL HARM RISK Probability Exposure Physical harm risk considers the risk of harm to both employees and customers while on the company premises or while performing company business. This risk also applies to company assets such as computers or other equipment that may be damaged due to misuse or improper set-up and storage, or negotiable instruments and other documents that may be damaged or destroyed.

High

Medium

Low

N/A

High

Medium

Low

N/A Rationale _________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________ OTHER CONSIDERATIONS Probability Exposure Consider the impact of all other relevant risk factors. Consider, for instance, the transaction volumes (items and dollars) and financial impact on the balance sheet and income statement.

High

Medium

Low

N/A

High

Medium

Low

N/A Rationale _________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________



OVERALL RATING Probability Exposure Overall RiskBased on the assessment of: what can go wrong? (Probability), and what is the cost if something does go wrong? (Exposure), assess the overall magnitude of the risk in the area/function. Assess the probability and exposure, and then combine the two for an estimate of overall risk of business mission failure.

High

Medium

Low

High

Medium

Low

High

Medium

Low

Rationale ___________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________ AUDIT APPROVALS Prepared by: __________________________________________________ Date: ______________ Approved by: __________________________________________________ Date: ______________ CLIENT APPROVAL Approved by: __________________________________________________ Date: ______________



4.3 Emergency Contact List

Agency Contact Number Emergency Operations Center (EOC)

Landlord – Emergency xxx-xxxx County Emergency Management xxx-xxxx FEMA (Federal Emergency Management Agency) xxx-xxxx Fire xxx-xxxx Police xxx-xxxx Local xxx-xxxx County xxx-xxxx State xxx-xxxx Ambulance Service xxx-xxxx Water Company xxx-xxxx Power Company xxx-xxxx Gas Company xxx-xxxx FBI (Federal Bureau of Investigation) xxx-xxxx U.S. Weather Service xxx-xxxx Post Office xxx-xxxx Prosecutor or Attorney General’s Office xxx-xxxx Local Office of Federal Bureau of Alcohol, Tobacco and Firearms xxx-xxxx Shelters xxx-xxxx Hazardous Material xxx-xxxx Poison Control Hotline xxx-xxxx Hospital(s) xxx-xxxx Local TV Stations xxx-xxxx Local Radio Stations xxx-xxxx U.S. Embassy (for international locations) xxx-xxxx Other Means of Communication to Employees: Local 1-800 Number: Local Voice Mail Tree: Other:

(N/A is an acceptable response)



4.4 HE&S Team Roster

Name - P/A Role Work Home Cell Pager E-Mail DOE, Jane - P xxx-xxx-

xxxx xxx- xxx-xxxx

xxx- xxx-xxxx

xxx- xxx-xxxx - xxxxxxx

xx@xxxx

SMITH, John - A xxx-xxx-xxxx

xxx- xxx-xxxx

xxx- xxx-xxxx

xxx- xxx-xxxx - xxxxxxx

xx@xxxx

mailto:xx@xxxx

mailto:xx@xxxx



4.5 Emergency Assembly/Relocation Points

Location Primary Evacuation Assembly Point

Alternate Evacuation Assembly Point

Primary Protect-in-Place Relocation Point

Alternate Protect-in-Place Relocation Point

Primary HE&S Team Assembly Point

Alternate HE&S Team Assembly Point



4.6 Building Evacuation Drill Debriefing List

The following items should be reviewed after a building evacuation drill. (Note: “No” responses should be supported with comments)

General Announcement and Fire Alarm System Yes No N/A Description

Was the pre-announcement on the PA (Public Address) system audible? Were the instructions on the pre-announcement clear on what to do? Were the horns for the fire alarm system audible? Were the strobe lights for the fire alarm system visible?

Comments:

Evacuation Yes No N/A Description

Were all means of egress (i.e., hallways, stairwells, doors, etc.) clear and unobstructed for employees to exit the building?

Did all employees evacuate the building? Was the evacuation orderly for those in need of assistance? Did all employees meet at the primary point of assembly?

Minutes: How long did it take to fully evacuate the building? Minutes: How long did it take to meet at the primary point of assembly?

Was the means of communication (i.e., verbal, bullhorn, two-way radios, etc.) effective during the evacuation?

Comments:

Accountability Yes No N/A Description

Were all employees and visitors in the building accounted for? Was it clear to all employees when to re-enter the building?

Comments:

Emergency Response Team Yes No N/A Description

Did all HE&S team members understand their emergency roles? Did the designated HE&S team members wear appropriate apparel? Did employees respond favorably to the HE&S team members?

Comments:

Future Drills Suggestions for things to test in the next drill:



4.7 Preliminary Damage Assessment (High Level) Location: Completed By:

Date: Time:

Area OK? Damaged? Comments Structural

Utilities

Elevator

HVAC

Generator

Telecommunications

Contents

Physical Security

Property/Land

People

Other



4.8 Detailed Damage Assessment (Low Level) Location: Completed by:

Date: Time: Code Key: 1 = Needs replacement; 2 = Needs repair; 3 = No action needed, functioning properly Code Description Comments/Recommendations Structural

[ ] Foundation [ ] Exterior Walls [ ] Roof [ ] Ceiling [ ] Floor [ ] Stairs [ ] Doors [ ] Windows

Utilities - Electrical [ ] Site connection [ ] Box [ ] Feeds/lines [ ] Connections to equipment [ ] Fixtures

Utilities - Natural gas [ ] Site connection [ ] Feeds/lines [ ] Connections to equipment

Utilities – Water [ ] Site connection [ ] Feeds/lines [ ] Connections to fixtures

Elevator HVAC

[ ] Air conditioning system [ ] Heating system [ ] Ventilation/duct work system

• Do not begin recovering damaged material unless cleared by the EOC. • Do not call vendors, suppliers or other organizations unless authorized by the EOC. • If possible, estimate the time until damaged components can be repaired. • If possible, estimate the resources required to repair damaged components.



Code Key: 1 = Needs replacement; 2 = Needs repair; 3 = No action needed; functioning properly

Code Description Comments/Recommendations Generator Telecommunications

[ ] Site connection [ ] Feeds/lines [ ] Connections to equipment

Contents [ ] Furniture [ ] Office equipment (copiers, fax machines, etc.) [ ] Office supplies [ ] Vital records / files / manuals [ ] Storage [ ] Personal items [ ] Other

Physical Security Property/Land People

[ ] Injuries [ ] Death

Other

• Do not begin recovering damaged material unless cleared by the EOC. • Do not call vendors, suppliers or other organizations unless authorized by the EOC. • If possible, estimate the time until damaged components can be repaired. • If possible, estimate the resources required to repair damaged components.



4.9 Unique Equipment Requirements Location: Completed By:

Date:

Equipment Type Brand Model Number Current Quantity



4.10 Client Software Requirements Location: Completed By:

Date: Business Unit:

Software Title Copies In Use Description (Purpose)



4.11 Application Requirements Location: Completed By:

Date: Business Unit:

Application Name Category Location



4.12 Workgroup Recovery Worksheets Office Overview

Business Unit Name: Address:

Main Telephone Number: Primary Business

Function:

Current Staff Count: Business Impact:

Office Services Telephone Service - Outbound

• Transfer outbound phone traffic to an alternate provider, measured business lines or use of personal cell phones. (Identify your primary local and long distance phone service providers here.)

Primary Local Service Provider Primary Long Distance Provider

Expected Outage Duration: In the event of loss of phone service the following will be implemented:

Telephone Service - Inbound

• Transfer of inbound telephone service to alternate location(s). (Identify the alternate location(s) for inbound phone traffic, along with the percentage of calls for each.)

Expected Outage Duration: Inbound Phone Number(s) Redirect traffic to (office name) Percentage of calls



Mail Service - Outbound • Use an alternate post office facility to process outbound mail and packages. (Identify the address

of an alternate U.S. Postal Service location.) Expected Outage Duration: The following USPS facilities serve this address:

USPS Location Distance from Office Mail Service - Inbound

• Transfer incoming mail to alternate internal location(s). (Provide the current address(es) where you receive mail and an alternate delivery address.)

Expected Outage Duration:

Current Office Mailing Address Alternate Office Mailing Address



Transfer of Work

• Transfer workload from impacted office to other internal location(s). (Identify the office(s) that will accept work from your office.)

Description of Work: Expected Outage Duration: Business Unit Alternate Office Address

• Transfer staff to one or more internal location(s) with available configured workstations outfitted with PCs, active network connections, phone service, etc. that are not being used by existing staff. This may include use as a second shift for locations that normally only operate a single shift. (Identify the office(s) you will send staff to.)


Business Unit Staff Count Alternate Office Address

• Transfer staff to one or more internal location(s) with available common area. These locations have available common space (such as cafeterias, conference rooms, training rooms, etc.) already configured and outfitted with data connections, phone service, etc. to accept additional staff. (Identify the office(s) you will send staff to.)


Business Unit Staff Count Alternate Office Address



Work From Home

• Staff from impacted office, who have existing personal Internet access will work from home. (Identify the staff members who will work from home.)


Business Role Staff Count

• Staff from impacted office should work from home using dial-up Internet service. Selected staff should be set up as home workers using low speed (dial-up) VPN Internet service. Selected workers should have a PC (desktop or laptop) with appropriate applications, company-issued VPN software and an available phone line. (Identify the staff members who will work from home.)


Business Role Staff Count

• Staff from impacted office should work from home using high speed Internet service. The selected staff members may be some of the employees initially set up for low speed access. (Identify the staff members who will work from home.)


Business Unit Staff Member Name



4.13 Critical Contact Call List Location: Completed By:

Date: Business Unit

Contact Name Company or Affiliation Role Phone Number



4.14 Alternate Business Process List Location: Completed By: Date: Business Unit:

Business Process Dependencies Alternative Support Items



4.15 Business Pandemic Influenza Planning Checklist

Plan for the impact of a pandemic on your business: Completed

In Progress

Not Started

Identify a pandemic coordinator and/or team with defined roles and responsibilities for preparedness and response planning. The planning process should include input from labor representatives.

Identify essential employees and other critical inputs (e.g. raw materials, suppliers, subcontractor services/products and logistics) required to maintain business operations by location and function during pandemic.

Train and prepare ancillary workforce (e.g. contractors, employee in other job titles/descriptions, retirees).

Develop and plan for scenarios likely to result in an increase or decrease in demand for your products and/or services during a pandemic (e.g. effect of restriction on mass gatherings, need for hygiene supplies).

Determine potential impact of a pandemic on company business financials using multiple possible scenarios that affect different product lines and/or production sites.

Determine potential impact of a pandemic on business-related domestic and international travel (e.g. quarantines, border closures).

Find up-to-date, reliable pandemic information from community public health, emergency management, and other sources, and make sustainable links.

Establish an emergency communications plan and revise periodically. This plan includes identification of key contacts (with back-ups), chain of communication (including suppliers and customers), and processes for tracking and communicating business and employee status.

Implement an exercise/drill to test your plan and revise periodically.

Plan for the impact of a pandemic on your employees and customers: Completed

In Progress

Not Started

Forecast and allow for employee absences during a pandemic due to factors such as personal illness, family member illness, community containment measures and quarantines, school and/or business closures, and public transportation closures.

Implement guidelines to modify the frequency and type of face-to-face contact (e.g. hand-shaking, seating in meetings, office layout, shared workstations) among employees and between employees and customers (refer to CDC recommendations).

Encourage and track annual influenza vaccination for employees. Evaluate employee access to and availability of healthcare services during a pandemic, and

improve services as needed. Evaluate employee access to and availability of mental health and social services during a

pandemic, including corporate, community, and faith-based resources, and improve services as needed.

Identify employees and key customers with special needs, and incorporate the requirements of such persons into your preparedness plan.

Establish policies to be implemented during a pandemic: Completed

In Progress

Not Started

Establish policies for employee compensation and sick-leave absences unique to a pandemic (e.g. non-punitive, liberal leave), including policies on when a previously ill person is no longer infectious and can return to work after illness.

Establish policies for flexible worksite (e.g. telecommuting) and flexible work hours (e.g. staggered shifts).

Completed

In Progress

Not Started

Establish policies for employees who have been exposed to pandemic influenza, are suspected to be ill, or become ill at the worksite (e.g. infection control response, immediate mandatory sick leave).



Establish policies for restricted travel to affected geographic areas (consider both domestic and international sites), evacuating employees working in or near an affected area when an outbreak begins, and guidance for employees returning from affected areas (refer to CDC travel recommendations).

Set up authorities, triggers and procedures for activating and terminating the company’s response plan, altering business operations (e.g. shutting down operations in affected areas), and transferring business knowledge to key employees.

Allocate resources to protect your employees and customers during a pandemic: Completed

In Progress

Not Started

Provide sufficient and accessible infection control supplies (e.g. hand-hygiene products, tissues and receptacles for their disposal) in all business locations.

Enhance communications and information technology infrastructures as needed to support employee telecommuting and remote customer access.

Ensure availability of medical consultation and advice for emergency response. Communicate to and educate your employees: Completed

In Progress

Not Started

Develop and disseminate programs and materials covering pandemic fundamentals (e.g. signs and symptoms on influenza, modes of transmission), personal and family protection and response strategies (e.g. hand-hygiene, coughing/sneezing etiquette, contingency plans).

Anticipate employee fear and anxiety, rumors and misinformation, and plan communications accordingly.

Ensure that communications are culturally and linguistically appropriate. Disseminate information to employees about your pandemic preparedness and response plan. Provide information for the at-home care of ill employees and family members. Develop platforms (e.g. hotlines, dedicated websites) for communicating pandemic status and

actions to employees, vendors, suppliers, and customers inside and outside the worksite in a consistent and timely way, including redundancies in the emergency contact system.

Identify community sources for timely and accurate pandemic information (domestic and international) and resources for obtaining counter-measures (e.g. vaccines and antivirals).

Coordinate with external organizations and help your community: Completed

In Progress

Not Started

Collaborate with insurers, health plans and major local healthcare facilities to share your pandemic plans and understand their capabilities and plans.

Collaborate with federal, state and local public health agencies and/or emergency responders to participate in their planning processes, share your pandemic plans, and understand their capabilities and plans.

Communicate with local and/or state public health agencies and/or emergency responders about the assets and/or services your business could contribute to the community.

Share best practices with other businesses in your communities, The Chamber of Commerce and associations to improve community response efforts.



GLOSSARY Alert: Notification that a potential disaster situation is imminent, exists or has occurred; usually includes a directive for personnel, to stand by for possible activation. Alternate Site: An alternate operating location to be used by business functions when the primary facilities are inaccessible. 1) Another location, computer center or work area designated for recovery. 2) Location, other than the main facility, that can be used to conduct business functions. 3) A location, other than the normal facility, used to process data and/or conduct critical business functions in the event of a disaster. Related terms include: cold site, hot site, interim site, internal hot site, recovery site, warm site. Alternate Work Area: Recovery environment complete with necessary infrastructure such as: desk, telephone, workstation, and associated hardware and equipment, communications, etc. Application Recovery: The component of disaster recovery that deals specifically with the restoration of business system software and data after the processing platform has been restored or replaced. Similar term is: business system recovery. Area of Refuge: A location in a building designed to hold occupants during a fire or other emergency when evacuation may not be safe or possible. Occupants can wait there until rescued by firefighters. Assembly Area: The designated area where employees, visitors and contractors assemble if evacuated from their building/site. Assembly Coordinator: As part of the HE&S team, proceeds directly to the designated assembly area, and acts as a record-keeper to account for all areas being cleared of personnel during an evacuation. Asset: An item of property and/or component of a business activity/process owned by an organization; includes: physical assets (e.g. buildings and equipment), financial assets (e.g. currency, bank deposits and shares), and non-tangible assets (e.g. goodwill, reputation). Backup (Data): A process in which electronic or paper based data, is copied in some form so it can be available and used if the original data from which it originated is lost, destroyed or corrupted. Backup Generator: An independent source of power, usually fueled by diesel or natural gas. Business Continuity: The ability of an organization to provide service and support for its customers and to maintain its viability before, during and after a business continuity event. Business Continuity Coordinator: A role within the BCM program that coordinates planning and implementation for overall recovery of an organization or unit(s). Business Continuity Management (BCM): A holistic management process that identifies potential impacts that threaten an organization and provides a framework for building resilience with the capability for an effective response that safeguards the interests of its key stakeholders, reputation, brand and value



creating activities. It also addresses the management of recovery or continuity in the event of a disaster, and the management of the overall program through training, rehearsals and reviews, to ensure the plan stays current and up-to-date. Business Continuity Plan Administrator: The designated individual responsible for plan documentation, maintenance and distribution. Business Continuity Management Program: An ongoing management and governance process supported by senior management and resourced to ensure that the necessary steps are taken to identify the impact of potential losses, maintain viable recovery strategies and plans, and ensure continuity of products/services through exercising, rehearsal, testing, training, maintenance and assurance. Business Continuity Management Team: A group of individuals functionally responsible for directing the development and execution of the business continuity plan, as well as responsible for declaring a disaster and providing direction during the recovery process, both pre-disaster and post-disaster. Similar terms include: disaster recovery management team, and business recovery management team. An associated term is: crisis management team. Business Continuity Plan (BCP): The process of developing and documenting arrangements and procedures that enable an organization to respond to an event that lasts for an unacceptable period of time and return to performing its critical functions after an interruption. Similar terms include: business resumption plan, continuity plan, contingency plan, disaster recovery plan, recovery plan. Business Continuity Steering Committee: A committee of decision-makers, process owners, technology experts and continuity professionals charged with making strategic recovery and continuity planning decisions for the organization. Business Continuity Strategy: An approach by an organization that will ensure its recovery and continuity in the face of a disaster or other major outage. Plans and methodologies are determined by the organization’s strategy, and more than one solution may fulfill an organization’s strategy. Examples include: internal or external hot-site or cold-site, alternate work area reciprocal agreement, mobile recovery, quick ship / drop ship, consortium-based solutions, etc. Business Continuity Team: Designated individuals responsible for development, execution, rehearsals and maintenance of the business continuity plan, including the processes and procedures. Similar terms include: disaster recovery team, business recovery team and recovery team. An associated term is: crisis response team. Business Impact Analysis (BIA): A process designed to prioritize business functions by assessing the potential quantitative (financial) and qualitative (non-financial) impacts that might result if an organization experiences a business continuity event. Business Interruption: Any event – whether anticipated (i.e., public service strike) or unanticipated (i.e., blackout) – that disrupts the normal course of business operations at an organization’s location.



Similar terms include: outage and service interruption. Associated terms include: business interruption costs and business interruption insurance. Business Interruption Costs: The impact to the business caused by different types of outages, normally measured by revenue lost. Associated terms include: business interruption and business interruption insurance. Business Interruption Insurance: Insurance coverage for disaster related expenses that may be incurred until operations are fully recovered after a disaster. Business interruption insurance generally provides reimbursement for necessary, ongoing expenses during this shutdown, plus loss of net profits that would have been earned during the period of interruption, within the limits of the policy. Associated terms include: business interruption and business interruption costs. Business Recovery Timeline: The chronological sequence of recovery activities, or critical path that must be followed to resume an acceptable level of operations following a business interruption. This timeline may range from minutes to weeks, depending upon the recovery requirements and methodology. Business Recovery Team: A group of individuals responsible for maintaining the business recovery procedures and coordinating the recovery of business functions and processes. A similar term is: disaster recovery team. Business Unit Recovery: A component of business continuity that deals specifically with the recovery of a key function or department in the event of a disaster. Call Tree: A document that graphically depicts the calling responsibilities and the calling order used to contact management, employees, customers, vendors and other key contacts in the event of an emergency, disaster or severe outage situation. Cold Site: An alternate facility that already has in place the environmental infrastructure required to recover critical business functions or information systems, but does not have any pre-installed computer hardware, telecommunications equipment, communication lines, etc. These must be provisioned at the time of disaster. Related terms are: alternate site, hot site, interim site, internal hot site, recovery site, and warm site. Command, Control, and Coordination: A crisis management process; command means the authority for an organization or part of an organization to direct the actions of its own resources (both personnel and equipment). Control means the authority to direct strategic, tactical and operational operations in order to complete an assigned function. This includes the ability to direct the activities of others engaged in the completion of that function, i.e. the crisis as a whole or a function within the crisis management process. The control of an assigned function also carries with it the responsibility for the health and safety of those involved. Coordination means the integration of the expertise of all the agencies/roles involved with the objective of effectively and efficiently bringing the crisis to a successful conclusion.



Command Center: A physical or virtual facility located outside of the affected area used to gather, assess and disseminate information and to make decisions to affect recovery. A related term is: Emergency Operations Center (EOC). Communications Recovery: The component of disaster recovery that deals with the restoration or rerouting of an organization’s telecommunication network or its components in the event of loss. Similar terms include: telecommunications recovery and data communications recovery. Computer Recovery Team: A group of individuals responsible for assessing damage to the original system, processing data in the interim and setting up the new system. Contact List: A list of team members and/or key personnel to be contacted, including backups. The list includes the necessary contact information (i.e. home phone, pager, cell, etc.) and often is considered confidential. Continuity of Operations Plan (COOP): A COOP provides guidance on the system restoration for emergencies, disasters, mobilization, and for maintaining a state of readiness to provide the necessary level of information processing support commensurate with the mission requirements/priorities identified by the respective functional proponent. The federal government and its supporting agencies traditionally use this term to describe activities otherwise known as disaster recovery, business continuity, business resumption or contingency planning. Continuous Availability: A system or application that supports operations which continue with little to no noticeable impact to the user. For instance, with continuous availability, the user will not have to re-log in or re-submit a partial or whole transaction. Continuous Operations: The ability of an organization to perform its processes without interruption. Corporate Governance: The system/process by which the directors and officers of an organization are required to carry out and discharge their legal, moral and regulatory accountabilities and responsibilities. Corporate Risk: A category of risk management that looks at ensuring an organization meets its corporate governance responsibilities takes appropriate actions and identifies and manages emerging risks. Crisis: A critical event, which, if not handled in an appropriate manner, may dramatically impact an organization’s profitability, reputation or ability to operate. It also covers an occurrence and/or perception that threatens the operations, staff, shareholder value, stakeholders, brand, reputation, trust and/or strategic/business goals of an organization. See: Event and Incident. Crisis Management: The overall coordination of an organization’s response to a crisis in an effective, timely manner, with the goal of avoiding or minimizing damage to the organization’s profitability, reputation and ability to operate.



Crisis Management Team: A team consisting of key executives, key role players (i.e., media representative, legal counsel, facilities manager, disaster recovery coordinator, etc.), and the appropriate business owners of critical functions who are responsible for recovery operations during a crisis. Critical Business Functions: Business activities or processes that can not be interrupted or unavailable for 24 hours or less without significantly jeopardizing the organization. Critical Data Point: The point in time to which data must be restored in order to achieve recovery objectives. Critical Infrastructure: Physical assets whose incapacity or destruction would have a debilitating impact on the economic or physical security of an organization, community, nation, etc. Damage Assessment: The process of assessing damage to computer hardware, vital records, office facilities, etc., and determining what can be salvaged or restored and what must be replaced following a disaster. Data Backups: The copying of production files to media that can be stored on and/or offsite and can be used to restore corrupted or lost data or to recover entire systems and databases in the event of a disaster. Data Backup Strategies: Strategies that determine the technologies, media and offsite storage of the backups necessary to meet an organization’s data recovery and restoration objectives. Data Center Recovery: The component of disaster recovery that deals with the restoration of data center services and computer processing capabilities at an alternate location and the migration back to the production site. Data Mirroring: A process whereby critical data is replicated to another device. Data Protection: The process of ensuring confidentiality, integrity and availability of data. Data Recovery: The restoration of computer files from backup media to restore programs and production data to the state that existed at the time of the last safe backup. Database Replication: The partial or full duplication of data from a source database to one or more destination databases. Declaration: A formal announcement by pre-authorized personnel that a disaster or severe outage is predicted or has occurred and that triggers pre-arranged mitigating actions (e.g., a move to an alternate site.) Similar terms include: activation and invocation. Declaration Fee: A fee charged by a commercial hot site vendor for a customer-invoked disaster declaration. Dependency: The reliance or interaction of one activity or process upon another.



Disaster: A sudden, unplanned catastrophic event causing unacceptable damage or loss. 1) An event that compromises an organization’s ability to provide critical functions, processes or services for some unacceptable period of time 2) An event in which an organization’s management invokes its recovery plans. Disaster Recovery: The ability of an organization to respond to a disaster or an interruption in services by implementing a disaster recovery plan to stabilize and restore the organization’s critical functions. Disaster Recovery or Business Continuity Coordinator: The role of the BCM program that coordinates planning and implementation for overall recovery of an organization or unit(s). Similar roles include: business recovery coordinator, business recovery planner, disaster recovery planner and disaster recovery administrator. Drop Ship: A strategy for 1) Delivering equipment, supplies and materials at the time of a business continuity event or exercise. 2) Providing replacement hardware within a specified time period via prearranged contractual arrangements with an equipment supplier at the time of a business continuity event. A similar term is: quick ship. Electronic Vaulting: Electronic transmission of data to a server or storage facility. Emergency: An unexpected or impending situation that may cause injury, loss of life, destruction of property, or cause the interference, loss, or disruption of an organization’s normal business operations to such an extent that it poses a threat. Emergency Manager: The person designated to plan, exercise, and implement the activities of sheltering in place or the evacuation of occupants of a site with the HE&S team and emergency services agencies. The emergency manager will manage the local crisis, bring in the appropriate support resources from the office and/or local community, and communicate appropriate information throughout the organization. The emergency manager coordinates and manages all activities of the local HE&S team and communicates with the HE&S leader and all employees. Emergency Operations Center (EOC): The command center used by the crisis management team during the first phase of an event. An organization should have both primary and secondary locations for an EOC in case one of them becomes unavailable or inaccessible. It is a site from which response teams/officials provide direction and exercise control in an emergency or disaster. Emergency Preparedness: The capability of an organization or community to respond to an emergency in a coordinated, timely and effective manner to prevent the loss of life and minimize injury and property damage. Emergency Procedures: A documented list of activities to begin immediately to prevent the loss of life and minimize injury and property damage. Emergency Response: The immediate reaction and response to an emergency situation commonly focusing on ensuring life safety and reducing the severity of the incident.



Emergency Response Plan: A documented plan usually addressing the immediate reaction and response to an emergency situation. Emergency Response Procedures: The initial response to any event – focused on protecting human life and the organization’s assets. Emergency Response Team (ERT): Qualified and authorized personnel who have been trained to provide immediate assistance. Enterprise-Wide Planning: The overarching master plan covering all aspects of business continuity within the entire organization. Escalation: The process by which event-related information is communicated upward through an organization’s established chain of command. Evacuation: The movement of employees, visitors and contractors from a site and/or building to a safe place (assembly area) in a controlled and monitored manner at the time of an event. Evacuation Assistant: The designated person who ensures that an individual in need of assistance safely evacuates or relocates to the area of refuge. Event: Any occurrence that may lead to a business continuity incident. See: Crisis and Incident Executive/Management Succession Plan: A predetermined plan for ensuring the continuity of authority, decision-making, and communication in the event that key members of executive management unexpectedly become incapacitated. Exercise: A people-focused activity designed to execute business continuity plans and evaluate the individual’s and/or organization’s performance against approved standards or objectives. Exercises can be announced or unannounced and are performed for the purpose of training and conditioning team members and validating the business continuity plan. Exercise results identify plan gaps and limitations and are used to improve and revise the Business Continuity Plans. Types of exercises include: table top exercise, simulation exercise, operational exercise, mock disaster and full rehearsal. Exercise Auditor: An appointed role that is assigned to assess whether the exercise aims/objectives are being met and to measure whether activities are occurring at the right time and involve the correct people to facilitate their achievement. The exercise auditor is not responsible for the mechanics of the exercise. This independent role is crucial in the subsequent debriefing. Exercise Controller: See Exercise Owner Exercise Coordinator: This role is responsible for the mechanics of running the exercise. The coordinator must lead the exercise and keep it focused within the predefined scope and objectives of the exercise, as well as on the disaster scenario. The coordinator must be objective and not influence the outcome. This person makes sure appropriate exercise participants have been identified and that exercise



scripts have been prepared before, utilized during, and updated after the exercise. Similar terms include: exercise facilitator and exercise director. Exercise Observer: An exercise observer has no active role within the exercise but is present for awareness and training purposes. An exercise observer might make recommendations for procedural improvements. Exercise Owner: An appointed role that has total management oversight and control of the exercise and has the authority to alter the exercise plan. This includes early termination of the exercise for reasons of safety or if the aims/objectives of the exercise cannot be met due to an unforeseen or other internal or external influence. Exercise Plan: A plan designed to periodically evaluate tasks, teams and procedures that are documented in a business continuity plan to ensure its viability. This can include all or part of the BC plan, but should include mission-critical components. Exit/Stairwell Monitor: As part of the HE&S team, the exit monitor controls a designated stairwell or exit route, eliminating congestion and disorder within the area. He or she ensures the stairwell or exit is open and safe and if not, redirects to another route, avoiding exposure to additional hazards. Exposure: The potential susceptibility to loss; the vulnerability to a particular risk. Extra Expense: The extra cost necessary to implement a recovery strategy and/or mitigate a loss. An example is the cost to transfer inventory to an alternate location to protect it from further damage, cost of reconfiguring lines, overtime costs, etc. It is typically reviewed during BIA and is a consideration during insurance evaluation. Floor Coordinator: Creates a central focal point to organize and educate HE&S team members and new employees within the area. He or she represents the floor in communications with the emergency manager. This person is responsible for ensuring that all employees, visitors and contractors evacuate a floor within a specific site. Full Rehearsal: An exercise that simulates a business continuity event in which the organization or some of its component parts are suspended until the exercise is completed. See: Exercise Gap Analysis: A detailed examination to identify risks associated with the differences between business/operations requirements and the current available recovery capabilities. Health, Environment and Safety: The process by which the well-being of all employees, contractors, visitors and the public is safeguarded. All business continuity plans and planning must be cognizant of H&S statutory and regulatory requirements and legislation. Health, environment and safety considerations should be reviewed during the risk assessment. Health, Environment and Safety (HE&S) Leader: The HE&S leader is the local senior official responsible for overall local management. Responsible to ensure the business continuity plans are



complete and reviewed/updated, the HE&S leader will be the local decision-maker, manage the local response to the crisis, and provide the single point of contact to the EOC. High Availability: Systems or applications requiring a very high level of reliability and availability. High availability systems typically operate 24/7 and usually require built-in redundancy to minimize the risk of downtime due to hardware and/or telecommunication failures. High-Risk Areas: Areas identified during the risk assessment that are highly susceptible to a disaster situation or might be the cause of a significant disaster. Hot Site: An alternate facility that already has in place the computer, telecommunications and environmental infrastructure required to recover critical business functions or information systems. Related terms are: alternate site, cold site and warm site. Human Threats: Possible disruptions in operations resulting from human actions (i.e., disgruntled employee, terrorism, blackmail, job actions, riots, etc.). Impact: The effect – acceptable or unacceptable – of an event on an organization. The types of business impact are usually described as financial and non-financial and are further divided into specific types of impact. See: Business Impact Analysis Incident: An event that is not part of a standard operating business which may impact or interrupt services and, in some cases, may lead to disaster. Incident Command System (ICS): Combination of facilities, equipment, personnel, procedures, and communications operating within a common organizational structure with responsibility for the command, control and coordination of assigned resources to effectively direct and control the response and recovery to an incident. The flexible design of the ICS allows its span of control to expand or contract as the scope of the situation changes Incident Management: The process by which an organization responds to and controls an incident using emergency response procedures or plans. Incident Manager: Commands the local emergency operations center (EOC) reporting up to senior management on the recovery progress. This person has the authority to invoke the recovery plan. Incident Response: The response of an organization to a disaster or other significant event that may significantly impact the organization, its people or its ability to function productively. An incident response may include evacuation of a facility, initiating a disaster recovery plan, performing damage assessment, and any other measures necessary to bring an organization to a more stable status. Individuals in Need of Assistance: Special needs may exist for those persons affected by mobility, visual or hearing impairment. The controlling standard is: 1) Whether or not one can move at a reasonable pace during an emergency or 2) Whether or not a condition exists that impedes the ability to



be aware of an alarm. Identification of individuals in need of assistance is appropriate under the guidelines of the Equal Employment Opportunities Commission and the Americans with Disabilities Act. Information Security: The securing or safeguarding of all sensitive information – electronic or otherwise – which is owned by an organization. Infrastructure: The underlying foundation, basic framework or interconnecting structural elements that support an organization. Integrated Exercise: An exercise conducted on multiple interrelated components of a business continuity plan, typically under simulated operating conditions. Examples of interrelated components may include interdependent departments or interfaced systems. Integrated Test: See Integrated Exercise Interim Site: A temporary location used to continue performing business functions after vacating a recovery site and before the original or new home site can be occupied. Move to an interim site may be necessary if ongoing stay at the recovery site is not feasible for the period of time needed or if the recovery site is located far from the normal business site that was impacted by the disaster. An interim site move is planned and scheduled in advance to minimize disruption of business processes. Equal care must be given to transferring critical functions from the interim site back to the normal business site. See Alternate Site, Cold Site, Hot Site, Internal Hot Site, Recovery Site, Warm Site. Internal Hot Site: A fully equipped alternate processing site owned and operated by the organization. Key Tasks: Priority procedures and actions in a business continuity plan that must be executed within the first few minutes or hours of the plan invocation. Lead Time: The time it takes for a supplier to make equipment, services or supplies available after receiving an order. Business continuity plans should try to minimize lead time by creating service level agreements (SLA) with suppliers or alternate suppliers in advance of a business continuity event rather than relying on the suppliers’ best efforts. See: Service Level Agreement. Logistics/Transportation Team: A team comprised of various members representing departments associated with supply acquisition and material transportation, responsible for ensuring the most effective acquisition and mobilization of hardware, supplies and support materials. This team is also responsible for transporting and supporting staff. Loss: Unrecoverable resources that are redirected or removed as a result of a business continuity event. Such losses may be loss of life, revenue, market share, competitive stature, public image, facilities or operational capability. Loss Adjuster: Designated position activated at the time of a business continuity event to assist in managing the financial implications of the event; should be involved as part of the management team whenever possible.



Loss Reduction: The technique of instituting mechanisms to lessen the exposure to a particular risk. Loss reduction involves planning for, and reacting to, an event to limit its impact. Examples of loss reduction include sprinkler systems, insurance policies and evacuation procedures. Lost Transaction Recovery: Recovery of data (paper within the work area and/or system entries) destroyed or lost at the time of the disaster or interruption. Paper documents may need to be requested or re-acquired from original sources. Data for system entries may need to be recreated or re-entered. Manual Procedures: An alternative method of working following a loss of IT systems. As working practices rely more and more on computerized activities, the ability of an organization to fall back to manual alternatives lessens. However, temporary measures and methods of working can help mitigate the impact of a business continuity event and give staff a productive feeling.

Maximum Tolerable Outage: (MTO) – The timeframe during which a recovery must become effective before an outage compromises the ability of the organization to achieve its business objectives and threatens its short- or long-term survival.

Mission-Critical Activities: The critical operational and/or business support activities (either provided internally or outsourced) required by the organization to achieve its objective(s), i.e. services and/or products. See Critical Service. Mission-Critical Application: An application that supports business activities or processes that could not be interrupted or unavailable for 24 hours or less without significantly jeopardizing the organization. Mobile Recovery: A mobilized resource purchased or contracted for the purpose of business recovery, including: computers, workstations, telephone, electrical power, etc. Mobile Standby Trailer: A transportable operating environment – often a large trailer – that can be configured to specific recovery needs such as office facilities, call centers, data centers, etc. It can be contracted to be delivered and set up at a suitable site at short notice. Mobilization: The activation of the recovery organization in response to a disaster declaration. Mock Disaster: One method of exercising teams in which participants are challenged to determine the actions they would take in the event of a specific disaster scenario. Mock disasters usually involve all, or most, of the applicable teams. Under the guidance of exercise coordinators, the teams walk through the actions they would take according to their plans, or simulate performance of these actions. Teams may be at a single exercise location, or at multiple locations, with communication between teams simulating actual disaster mode communications. A mock disaster will typically operate on a compressed timeframe representing many hours, or even days. Network Outage: An interruption of voice, data or Internet provider network communications.



Off-site Storage: Any place physically located a significant distance away from the primary site, where duplicated and vital records (hard copy or electronic and/or equipment) may be stored for use during recovery. Operational Exercise: See: Exercise Operational Risk: The risk of loss resulting from inadequate or failed procedures and controls. This includes loss from events related to technology and infrastructure, failure, business interruptions, staff-related problems, and from external events such as regulatory changes. Outage: The interruption of automated processing systems, infrastructure, support services or essential business operations, which may result in the organization’s inability to provide services for some period of time. Peer Review: A review of a specific component of a plan by personnel (other than the owner or author) with appropriate technical or business knowledge for accuracy and completeness. Plan Administrator: The individual responsible for documenting recovery activities and tracking recovery progress. Plan Maintenance: The management process of keeping an organization’s business continuity management plans up-to-date and effective. Maintenance procedures are a part of this process for the review and update of the BC plans on a defined schedule. Preventative Measures: Controls aimed at deterring or mitigating undesirable events from taking place. Prioritization: The ordering of critical activities and their dependencies are established during the BIA and strategic-planning phase. The business continuity plans will be implemented in the order necessary at the time of the event. Qualitative Assessment: The process for evaluating a business function based on observations and does not involve measures or numbers. Using descriptive categories such as customer service, regulatory requirements, etc., to allow for refinement of the quantitative assessment, this is normally done during the BIA phase of planning. Quantitative Assessment: The process for placing value on a business function for risk purposes. This systematic method evaluates possible financial impact of losing the ability to perform a business function, and uses numeric values to allow for prioritizations. This is normally done during the BIA phase of planning. Quick Ship: See Drop Ship. Reciprocal Agreement: Agreement between two organizations (or two internal business groups) with similar equipment/environment that allows each one to recover at the other’s location.



Recoverable Loss: Financial losses due to an event that may be reclaimed in the future, e.g. through insurance or litigation. This is normally identified in the risk assessment or BIA. Recovery: Implementing the prioritized actions required to return the processes and support functions to operational stability following an interruption or disaster. Recovery Management Team: See: Business Continuity Management (BCM) Team. Recovery Period: The time period between a disaster and a return to normal functions during which the disaster recovery plan is employed. Recovery Point Objective (RPO): From a business perspective this is the maximum amount of data loss the business can incur in an event and is the targeted point in time to which systems and data must be recovered after an outage as determined by the business unit. Recovery Services Agreement \ Contract: A contract with an external organization guaranteeing the provision of specified equipment, facilities or services, usually within a specified time period, in the event of a business interruption. A typical contract will specify a monthly subscription fee, a declaration fee, usage costs, method of performance, amount of test time, termination options, penalties and liabilities, etc. Recovery Site: A designated site for the recovery of business unit, technology, or other operations that are critical to the enterprise. Related terms are: alternate site, cold site, hot site, interim site, internal hot site, and warm site. Recovery Strategy: See Business Continuity Strategy. Recovery Teams: A structured group of teams ready to take control of the recovery operations if a disaster should occur. Recovery Time Objective (RTO): The period of time within which systems, applications or functions must be recovered after an outage (e.g. one business day). These are often used as the basis for the development of recovery strategies and in determining whether or not to implement the recovery strategies during a disaster situation. A similar term is: maximum allowable downtime. Recovery Timeline: The sequence of recovery activities – or critical path – which must be followed to resume an acceptable level of operation following a business interruption. The timeline may range from minutes to weeks, depending upon the recovery requirements and methodology. Resilience: The ability of an organization to absorb the impact of a business interruption and continue to provide a minimum acceptable level of service. Response: The reaction to an incident or emergency to assess the damage or impact and to ascertain the level of containment and control activity required. In addition to addressing matters of life safety and evacuation, it also addresses the policies, procedures and actions to be followed in the event of an



emergency. Similar terms include: emergency response, disaster response, immediate response, and damage assessment. Restoration: Process of planning for and/or implementing procedures for the repair of hardware, relocation of the primary site and its contents, and returning to normal operations at the permanent operational location. Resumption: The process of planning for and/or implementing the restarting of defined business processes and operations following a disaster. This process commonly addresses the most critical business functions within BIA specified timeframes. Risk: Potential for exposure to loss. Risks – either man-made or natural – are constant. The potential is usually measured by its probability in years. Risk Assessment/Analysis: The process of identifying the risks to an organization, assessing the critical functions necessary for an organization to continue business operations, defining the controls in place to reduce organization exposure, and evaluating the cost for such controls. Risk analysis often involves an evaluation of the probabilities of a particular event. Risk Categories: Risks of similar types are grouped together under key headings, otherwise known as risk categories. These categories include reputation, strategy, financial, investments, operational infrastructure, business, regulatory compliance, outsourcing, people, technology and knowledge. Risk Controls: All methods of reducing the frequency and/or severity of losses, including exposure avoidance, loss prevention, loss reduction, segregation of exposure units and non-insurance transfer of risk. Risk Management: The culture, processes and structures that are put in place to effectively manage potential negative events. As it is not possible or desirable to eliminate all risk, the objective is to implement cost-effective processes that reduce risks to an acceptable level, reject unacceptable risks and treat risk by financial interventions, i.e. transfer other risks through insurance or other means, or by organizational intervention. Risk Transfer: A common technique used by risk managers to address or mitigate potential exposures of the organization; a series of techniques describing the various means of addressing risk through insurance and similar products. Roll Call: The process of identifying that all employees, visitors and contractors have been safely evacuated and accounted for following an evacuation of a building or site. Salvage and Restoration: The act of performing a coordinated assessment to determine the appropriate actions to be performed on impacted assets. The assessment can be coordinated with insurance adjusters, facilities personnel or other involved parties. Appropriate actions may include: disposal, replacement, reclamation, refurbishment, recovery or receiving compensation for unrecoverable organizational assets.



Scenario: A pre-defined set of business continuity events and conditions that describe – for planning purposes – an interruption, disruption, or loss related to some aspect(s) of an organization’s business operations to support conducting a BIA, developing a continuity strategy, and developing continuity and exercise plans. Note: Scenarios are neither predictions nor forecasts. Security Review: A periodic review of policies, procedures and operational practices maintained by an organization to ensure that they are followed and effective. Self Insurance: The pre-planned assumption of risk in which a decision is made to bear losses that could result from a business continuity event, rather than purchasing insurance to cover those potential losses. Service Level Agreement (SLA): A formal agreement between a service provider (whether internal or external) and their client (whether internal or external), which covers the nature, quality, availability, scope and response of the service provider. It should cover day-to-day situations and disaster situations, as the need for the service may vary in a disaster. Service Level Management (SLM): The process of defining, agreeing to, documenting and managing the levels of any type of service provided by service providers, whether internal or external, that are required and cost-justified. Simulation Exercise: One method of exercising teams in which participants perform some or all of the actions they would take in the event of plan activation. Simulation exercises, which may involve one or more teams, are performed under conditions that at least partially simulate disaster mode. They may or may not be performed at the designated alternate location, and typically use only a partial recovery configuration. Single Point of Failure: A unique pathway or source of a service, activity and/or process. Typically, there is no alternative and a loss of that element could lead to a failure of a critical function. Stand Down: Formal notification that the response to a business continuity event is no longer required or has been concluded. Standalone Test: A test conducted on a specific component of a plan in isolation from other components to validate component functionality, typically under simulated operating conditions. Structured Walkthrough: Types of exercise in which team members physically implement the business continuity plans and verbally review each step to assess its effectiveness, identify enhancements, constraints and deficiencies. See: Exercise. Subscription: See: Recovery Services Agreement\Contract Supply Chain: All suppliers, manufacturing facilities, distribution centers, warehouses, customers, raw materials, work-in-process inventory, finished goods, and all related information and resources involved in meeting customer and organizational requirements.



Sweeper: Part of the HE&S team who is responsible for checking for personnel within a designated area and provides support to individuals needing assistance. As the last person out of the building from their area, he or she serves as a designated contact for the assembly coordinator to report the area has been cleared. System: Set of related technology components that work together to support a business process or provide a service. System Recovery: The procedures for rebuilding a computer system and network to the condition in which it is ready to accept data and applications and to facilitate network communications. System Restore: The procedures necessary to return a system to an operable state using all available data, including data captured by alternate means during the outage. System restore depends on having a live, recovered system available. Table Top Exercise: One method of exercising plans in which participants review and discuss the actions they would take without actually performing the actions. Representatives of a single team, or multiple teams, may participate in the exercise typically under the guidance of exercise facilitators. Task List: Defined mandatory and discretionary tasks allocated to teams and/or individual roles within a business continuity plan Test: A pass/fail evaluation of infrastructure (i.e., computers, cabling, devices, hardware) and\or physical plant infrastructure (i.e., building systems, generators, utilities) to demonstrate the anticipated operation of the components and system. Tests are often performed as part of normal operations and maintenance. Tests are often included within exercises. (See Exercise). Test Plan: See Exercise Plan Threat: A combination of the risk, the consequence of that risk, and the likelihood that the negative event will take place. Associated term is: risk. Threats can be: natural, man-made, technological, and political disasters.) Trauma Counseling: Providing counseling assistance by trained individuals to employees, customers and others who have suffered mental or physical injury as the result of an event. Trauma Management: The process of helping employees deal with trauma in a systematic way following an event by providing trained counselors, support systems and coping strategies with the objective of restoring employees’ psychological well-being. Unexpected Loss: The worst-case financial loss or impact that a business could incur due to a particular loss event or risk. The unexpected loss is calculated as the expected loss plus the potential adverse volatility in this value. It can be thought of as the worst financial loss that could occur in a year over the next 20 years.



Uninterruptible Power Supply (UPS): A backup electrical power supply that provides continuous power to critical equipment in the event that commercial power is lost. The supply (usually a bank of batteries) offers short-term protection against power surges and outages. It usually only allows enough time for vital systems to be correctly powered down. Validation Script: A set of procedures within the business continuity plan to validate the proper function of a system or process before returning it to production operation. Warm Site: An alternate processing site equipped with some hardware, and communications interfaces, electrical and environmental conditioning only capable of providing backup after additional provisioning, software or customization is performed. Workaround Procedures: Alternative procedures that may be used by functional unit(s) to enable them to continue to perform its critical functions during temporary unavailability of specific application systems, electronic or hard copy data, voice or data communication systems, specialized equipment, office facilities, personnel, or external services.



NOTES



References Cited

1. The American Heritage Dictionary, Houghton Mifflin Company, Boston, MA © 1991. 2. Merriam-Webster Online Dictionary, Merriam-Webster, Corporation © 2008. 3. Disaster Recovery Journal 2008, Business Continuity Glossary © Disaster Recovery Journal 4. Tacoma-Pierce County Health Department, Bird Flu Info – Part 2 – Business Continuity Planning 5. The Department of Health and Human Services and the Center for Disease Control and Prevention, Business

Pandemic Influenza Planning Checklist, December 6, 2006, Version 3.6 6. Planning Protective Action Decision-Making: Evacuation or Shelter-In-Place? Oak Ridge National Laboratory,

page 10-11, June 2002. 7. Brian D. Black. ‘Life Safety, Fire Protection and Mobility Impaired Persons’ Fire Protection Engineering, Issue

No.16, p. 37-42 8. ‘How to Plan for Workplace Emergencies and Evacuations’, U.S. Department of Labor, Occupational Safety and

Health Administration. OSHA 3088, 2001 (Revised) 9. Department of Labor. Occupational Safety and Health Administration. “Employee emergency plans and fire

prevention plans.” 29 Code of Federal Regulations 1910.38. 10. Life Safety Code. (National Fire Codes, NFPA 101). Quincy, MA: National Fire Protection Association, 2006

Edition. 11. Standard on Disaster/Emergency Management and Business Continuity Programs. (NFPA 1600). Quincy,

MA: National Fire Protection Association, 2007 Edition.



Disclaimer The information provided in these materials is of a general nature, based on certain assumptions. The content of these materials may omit certain details and cannot be regarded as advice that would be applicable to all businesses. As such, this information is provided for informational purposes only. Readers seeking resolution of specific safety, legal or business issues or concerns regarding this topic should consult their safety consultant, attorney or business advisors. The background presented is not a substitute for a thorough loss control survey of your business or operations or an analysis of the legality or appropriateness of your business practices. The information provided should not be considered legal advice. The Hartford does not warrant that the implementation of any view or recommendation contained herein will: (i) result in the elimination of any unsafe conditions at your business locations or with respect to your business operations; or (ii) will be an appropriate legal or business practice. Further, The Hartford does not warrant that the implementation of any view or recommendation will result in compliance with any health, fire, or safety standards or codes, or any local, state, or federal ordinance, regulation, statute or law (including, but not limited to, any nationally recognized life, building or fire safety code or any state or federal privacy or employment law). The Hartford assumes no responsibility for the control or correction of hazards or legal compliance with respect to your business practices, and the views and recommendations contained herein shall not constitute our undertaking, on your behalf or for the benefit of others, to determine or warrant that your business premises, locations, operations or practices are safe or healthful, or are in compliance with any law, rule or regulation.

loss control business continuity management

Documents