SAMPLE BUSINESS CONTINUITY PLAN

PREFACE
The purpose of this plan is to define the recovery process developed to restore [your
compnay]s critical business functions. The plan components detail [your compnay]s
procedures for responding to an emergency situation, which affects [your

compnay]s ability to deliver core services to our customers or our ability to meet
investors, legal or regulatory requirements.
Objectives of the Plan

Facilitate timely recovery of core business functions

Protect the well being of our employees, their families and customers

Minimize loss of revenue/customers

Maintain public image and reputation

Minimize loss of data

Minimize the critical decisions to be made in a time of crisis

The following Business Contingency Plan and all related procedures are approved by
the president and senior management of [your compnay] effective the date signed
below.

__________________________

_______________

Name Title

Date

___________________________

_______________

Name Title

Date

Page 2

TABLE OF CONTENTS
PREFACE .................................................................................................. 2
TABLE OF CONTENTS ................................................................................. 3
RECOVERY STRATEGIES ............................................................................. 4
BUSINESS CONTINGENCY PLANNING TEAM .................................................. 5
OFFSITE DATA STORAGE............................................................................ 6
VENDOR READINESS PLAN ......................................................................... 7
COMMUNICATIONS .................................................................................... 8
TEMPORARY FACILITIES ............................................................................ 9
PROPERTY PROTECTION ............................................................................. 10
FIRE HAZARDS .................................................................................... 10
HAZARDOUS MATERIAL HANDLING ........................................................ 11
FACILITY SHUTDOWN PROCEDURES ...................................................... 12
INSURANCE ............................................................................................. 13
SITE MAP DOCUMENTATION ....................................................................... 14
PLAN ACTIVATION ..................................................................................... 15
EMERGENCY ALERT .............................................................................. 15
DAMAGE ASSESSMENT ......................................................................... 15
RESUMING OPERATIONS ............................................................................ 16
TRAINING ................................................................................................ 17
APPENDICES ............................................................................................. 18 - 34
VULNERABILITY ANALYSIS CHART ......................................................... 19
CORE FUNCTION REVIEW WORKSHEET .................................................. 21
DISASTER DECLARATION PROCEDURES ................................................. 23
DISASTER PROCEDURES CHECKLIST ..................................................... 25
NOTIFICATION SCRIPTS ....................................................................... 27
EMERGENCY CONTACTS INFORMATION SHEET ........................................ 30
TRAINING DRILLS & EXERCISES ............................................................ 32
ANNUAL AUDIT .................................................................................... 34

Page 3

RECOVERY STRATEGIES
Recovery strategies identified for [your compnay]s equipment and services:

Business functions will be recovered in priority sequence based upon

the classification of the function as agreed with business senior
management and implemented jointly.

Communications concerning the recovery status will be coordinated

through the Business Contingency Planning Team so that those
executing the recovery will not be interrupted repeatedly for status.

Purchase and acquisition of equipment and supplies needed for the

recovery effort will be coordinated through company Department
Heads.

The contingency planning infrastructure will provide for coordination of

travel arrangements, food and accommodations for individuals
supporting the recovery effort.

Non-critical [your compnay] functions, such as Development and Test

environments, will be cleared without backup as necessary to support
the recovery efforts.

[your compnay] personnel from other sites may be called in to support

the recovery efforts.

Page 4

BUSINESS CONTINGENCY PLANNING TEAM

The following individuals are designated plan coordinators for their respective
departments and are responsible for the execution of this plan in a qualified disaster.
Name

Title

Phone

Email

[b_phone]

[bc_email]

Plan Coordinator

Sr. Management

Line Management

Human Resources

Safety Director

Security

Community Relations

Sales/Marketing

Finance

Legal

[bc_fname]
[bc_lname]

[b_commonname]
Insurance

Page 5

OFFSITE DATA STORAGE

Backup data facilities have been identified at the follow location:
Name of company:
Main contact:
Phone number:
Email address:
Street address:
City:
State and zip:

The identified location of the backup site will be accessible for a minimum period of
six (6) weeks from initial date of occupancy after disaster declaration. It will be
available for 24-hour access and retrieval and be protected by: security, fire
suppression, water detectors, heating, air and ventilation.
[your compnay] will have access to the backup site facility within [ x ] hours after
notification and guaranteed occupancy shall be at least six (6) weeks.
This storage facility will be reviewed for effectiveness annually. Storage facilities for
electronic documentation to be considered via MyWavePortal - provided to [your
compnay] by [b_officialname].
Offsite storage process will include, but is not limited to, the following. All
documentation of importance to the operations of [your compnay] will be stored via
this backup site.

Backup Tapes - Weekly tape backups of ALL your disk files. These
include: mainframe, mid-range, servers and PCs ( mandatory and with at
least two generations)
System, program product, and in-house developed software manuals and
guides
Legal - Copies of contracts, leases, legal and critical correspondences
Insurance Policies, riders, and addendums
Financial - General and private ledgers, year end financial statements, tax
returns, bank records
Recovery Plans - A complete set
Assets - Complete fixed asset listings
Referenced Items - Copies of any item referenced within your recovery
team plans
Floor plans
Architectural drawings that should include mechanical plans
Photos of facility and various work areas
Other critical documents or data critical to the operation of your business

Page 6

VENDOR READINESS PLAN

[your compnay] relies on vendors to provide us certain equipment, supplies,
materials, goods or services. Some of these vendors are considered more critical
than others.
To minimize our potential exposure to a disruption by our vendor(s), there are
several steps provided to take in advance:
1. [your compnay] will avoid a single source (sole source) provider of any
equipment, supplies, materials, goods or services. That is, [your compnay]
will always have at least two vendors that can provide each of our critical
goods and services required to support our business.
Key vendors identified: (list key vendors and backup vendors)
Vendor

Main Contact

Phone

Email

Plan

[your compnay] will request that the vendor complete the survey and return it to our
attention within 30 days.
When the survey is returned, review the responses:
A. If the vendor indicates that they have a plan,
i.

Request a copy of the section that addresses their ability to recover

the processes that delivers the equipment, supplies, materials, goods
or services you use.
ii. If the vendor declines to provide you with a copy, request additional
information.
iii. If the vendor does not provide the additional information, [your
compnay] will contact the appropriate backup vendor.

Page 7

COMMUNICATIONS
Communications are key within [your compnay]s business environment. A three-prong approach
will be utilized:
1) Key [your compnay] personnel call list
2) Identified vendor for offsite call center operations
3) Identified vendor for recovery of communications and equipment repair/replacement
Key personnel cellular phone contact list:

Contact

Title

Home #

Cellular #

Email

Provided vendors will supply offsite call center capabilities to handle incoming calls. This offsite
communications facility will be reviewed for effectiveness annually.
Vendor Name:
Phone:
Email address:
Street address:
City:
State and Zip:

Main Contact:
Cellular Phone Number:

Provided vendors will provide communication recovery establishing a new core communications
center and equipment. This communication recovery vendor will be reviewed for effectiveness
annually.
Vendor Name:
Phone:
Email address:
Street address:
City:
State and Zip:

Main Contact:
Cellular Phone Number:

A current copy of this plan will be stored on MyWavePortal provided to [your compnay] by
[b_officialname]. Please contact [bc_fname] [bc_lname] at [b_commonname], [b_phone], for
details.

Page 8

TEMPORARY FACILITIES
An offsite business operations center has been predetermined where members of the
various business contingency teams and other [your compnay] personnel will
assemble immediately after they receive notification.
Access to this facility is controlled by the members of the Business Contingency
Planning Team.
The offsite business operations center is located at:
Building name:
Street address:
City:
State and zip:
Phone:
Directions to the facility:

This offsite business operations center contains:

Phones/facsimile and circuits

Internet capabilities

PCs for documentation, letters and cc:Mail

Work area space

Portable generator

Normal business type supplies

Emergency supplies, including bottled water

Basic set of tools

Coordination with hot and cold sites for Information Systems

Telephone forwarding mechanisms

The identified location of the temporary facilities will be accessible for an extended
period of time. [your compnay] will have access to the facility when it is determined
that normal business operations will be non-functional for an extended period of
time. The facility must be made available within twenty-four (24) hours after [your
compnay] provides written or verbal notice to vendor of intent to occupy the facility,
and guaranteed occupancy shall be at least twelve (12) months.

Page 9

PROPERTY PROTECTION
Protecting facilities, equipment and vital records is essential to restoring [your
compnay]s operations once an emergency has occurred.
Only members of the Business Contingency Planning team will authorize, supervise
and perform a facility shutdown.
Employees will be trained to recognize when to abandon the effort.
The forthcoming procedures will be followed as a course of action for the stated
emergency. Best judgment is to be used as unique factors surround any emergency
situation.
Fire Hazards
The following materials have been identified that could cause or fuel a fire:
Material

Facility

Stored

MSDS Sheet

Attributes

Fire safety information will be distributed to employees: how to prevent fires in the
workplace, how to contain a fire, how to evacuate the facility, where to report a fire.
Maps of evacuation routes will be posted in prominent places.
Smoke detectors will be checked for proper operation once per month. And batteries
will be replaced every 6 months.

Page 10

PROPERTY PROTECTION
Hazardous Material Handling
Hazardous materials are substances that are flammable or combustible, explosive,
toxic, noxious, corrosive, oxidizable, an irritant or radioactive. A hazardous material
spill or release can pose a risk to life, health or property. An incident can result in the
evacuation of a few people, a section of a facility or an entire neighborhood.
Identify and label all hazardous materials stored, handled, produced and disposed of
by your facility. Follow government regulations that apply to your facility. Material
safety data sheets (MSDS) for all hazardous materials at your location will be stored
on the MyWavePortal.
Hazardous Material Handling Plan
Below procedures confirm procedures to notify management and emergency
response organizations of an incident.
(insert notification procedures)
Establish procedures to warn employees of an incident.
(insert procedures to warn employees)
Establish evacuation procedures.
(insert emergency evacuation plan)
List government agencies required to be notified of a hazardous materials spill
(insert government agency phone numbers and contact names)

[your compnay] has identified the below vendors for hazardous material containment
and clean up. Vendor effectiveness will be reviewed annually.
Company

Main Contact

Phone

Email

Notes

Page 11

PROPERTY PROTECTION
Facility Shutdown Procedures
Facility shutdown is generally a last resort but always a possibility. Improper or
disorganized shutdown can result in confusion, injury and property damage.
Department heads are to establish shutdown procedures. Include information about
when and how to shut off utilities. Shutdown procedures will be available to all via
MyWavePortal. Identify:

The conditions that could necessitate a shutdown

Who can order a shutdown
Who will carry out shutdown procedures
How a partial shutdown would affect other facility operations
The length of time required for shutdown and restarting

Department

Dept Head

Phone

Email

Plan Confirmed

Page 12

INSURANCE
All business interruption coverage and disaster planning resources are coordinated
through [bc_fname] [bc_lname] from [b_officialname] at [b_phone].
Active policies are noted:
Coverage

Carrier

Contact Name

Phone

Limits

Effective
Dates

An exposure analysis will be conducted annually through [bc_fname] [bc_lname]

from [b_officialname] at [b_phone]. A formal assessment will be completed to
determine appropriate coverage levels and review additional risk management
strategies to mitigate exposures.

Page 13

SITE MAP DOCUMENTATION

Attach all appropriate information pertaining to building and site maps that indicate:

Utility shutoffs

Water hydrants

Water main valves

Water lines

Gas main valves

Gas lines

Electrical cutoffs

Electrical substations

Storm drains

Sewer lines

Location of each building (include name of building, street name and

number)

Floor plans

Alarm and enunciators

Fire extinguishers

Fire suppression systems

Exits

Stairways

Designated escape routes

Restricted areas

Hazardous materials (including cleaning supplies and chemicals)

High-value items

All pertinent documentation will be stored via MyWavePortal provided by

[b_officialname]. Your agency contact, [bc_fname] [bc_lname], can be reached at
[b_phone].

Page 14

PLAN ACTIVATION
Emergency Alert
In the event that a situation or disaster occurs at [your compnay], the Business
Contingency Planning Team is responsible for contacting the Management Team and
assessing the emergency situation.
An Alert will be sent to all Department Heads. Status updates will be provided by
the Business Contingency Planning Team to the Department Heads for dissemination
of pertinent information.

Damage Assessment
During the damage assessment phase, the Business Contingency Planning Team will
identify specifically who and what has been affected by the disaster. The Business
Contingency Planning Team will evaluate the event that has occurred and determine
what Department Heads will be required to respond to the situation. The decision to
activate the disaster recovery plan for the affected areas may be made at this point
or after notification and review with the Business Contingency Planning Team.
As part of the damage assessment process, the risk assessment to the business will
be evaluated. Considerations of engaging temporary facilities, equipment and
vendors will be reviewed and a determination to enact recovery procedures will be
determined by the Business Contingency Planning Team and Department Heads.
If after assessment it is determined that activation of the recovery plan is required,
notification to the Executive Team will be made. An authorized individual will
immediately notify the affected site that the disaster has been DECLARED.

Page 15

RESUMING OPERATIONS
The previously identified Department Heads will act as the Recovery Teams with the
utmost attention of ensuring the safety of personnel and property.
The Recovery Team for the affected operations will assess any remaining hazards
and maintain security at the incident scene.
The Recovery Team will conduct an employee briefing relaying pertinent details of
what happened, what business operations were affected and the plan for recovery.
Additional notifications will be made to:
Employees families about the status of personnel on the property
Off-duty personnel about work status
Insurance carriers about incident details
Appropriate government agencies
An investigation will be conducted by the Recovery Team notating details of the
incident scene via video recording and digital photography.
Damage related costs will be recorded to include charges for purchases and repair
work. Protection of undamaged facility operations will be approached by the
following procedures:
Procedures

Responsible Party

Complete
(Y/N)

Comments

Close up buildings
Remove smoke, water and
debris
Protect equipment from
moisture
Restore sprinkler system
Secure the property
Restore power
Conduct investigation
Notify Government
Separate damaged from
undamaged goods
Store damaged goods
Record inventory of
damaged goods
Restore equipment and
property
Assess value of damaged
property
Assess impact of business
interruption
Report findings to
Department Head
Maintain contact with
clients/vendors

Page 16

TRAINING
All employees will review disaster preparation and emergency action plan procedures
with their Department Heads.
New employees will be introduced to our emergency action plans via employee
orientation.
Mock disaster training will be conducted annually and will involve local police and fire
authorities.
Quarterly training will approach a walk through to functional drills to an evacuation
drill leading to full-scale mock disaster training.
o

Walk-Through Drill -- The Business Contingency Planning Team,

Department Heads and Recovery Teams will perform their emergency
response functions.

Functional Drills -- These drills will test specific functions such as

medical response, emergency notifications, warning and
communications procedures and equipment, though not necessarily at
the same time. Facility shutdown procedures will be tested, reviewed
and modified as needed. Personnel are asked to evaluate the
systems and identify problem areas.

Evacuation Drill -- Personnel walk the evacuation route to a designated

area where procedures for accounting for all personnel are tested.
Participants are asked to make notes as they go along of what might
become a hazard during an emergency, e.g., stairways cluttered with
debris, smoke in the hallways. Plans are to be modified accordingly.

Full-Scale Exercise -- A real-life emergency situation is simulated as

closely as possible. This exercise involves company emergency
response personnel, employees and management, and community
response organizations.

Page 17

Appendix A
Vulnerability Analysis Chart

Vulnerability Analysis Chart

TYPE OF EMERGENCY

Probability

High
5

Human
Impact

Property
Impact

Business
Impact

Internal
Resources

Weak
Resources 5

Low
1
High Impact 5

External
Resources

Strong

Total

1 Resources

1 Low Impact

0
0
0
0
0
0
0
0
Overall
Results
The lower the score the better

Appendix B
Core Function Review Worksheet

Core Function Review Worksheet

Core Business Function

Payroll

Communications

Production and Equipment

Customer Service

Shipping and Receiving

Information Systems

Emergency Power

Site Function Performed At:

Recovery Strategy

Appendix C
Disaster Declarations Procedures

Disaster Declarations Procedures

The following individuals, in the order shown, are authorized to declare a disaster for
[your compnay]:
List the individuals name, title and emergency contact phone number.
Name and Title
-

Insert name/title here

Insert name/title here

Insert name/title here

Insert name/title here

Insert name/title here

Phone

To declare a disaster, execute the following procedures (outline procedures on how

to declare a disaster below):

Appendix D
Disaster Procedures Checklist

Disaster Procedures Checklist

Action

By whom

Comments

1.

Receive Communication on emergency

situation

log time

2.

Contact [your compnay] Business

Contingency Planning Team and
Department Team Leader
Contact temporary facilities site and alert
them that disaster may be declared.

Bus Cont
Planning Team
Leader
Bus Cont
Planning Team
Leader
Bus Cont
Planning Team
Leader
Bus Cont
Planning Team
& Dept Heads

3.

4.

Assess Damage

5.

Estimate Length of Outage

Bus Cont
Planning Team
& Dept Heads

6.

Estimate Business Risk

Bus Cont
Planning Team
& Dept Heads
Bus Cont
Planning Team
& Dept Heads

7.

Make Decision. If no declaration then

contact the temporary facilities site and
inform them alert is over If decision is to
declare, proceed to step 8.
8. Declare Disaster, notify Executive Team
immediately and declare disaster at site
operations
9. Notify Emergency Response Team Leader
identified in Emergency Notification List
10. Activate Command Center

11. Report to Command Center

Business
Contingency
Planning Team
Mgmt Team
LEADER
Business
Contingency
Planning Team
Business
Contingency
Planning Team

log time

Network
Equipment
Building
Employees
Length of outage
< 1 Hour
> 1 Hour - ,< 2 hours
> 2 hours, <12 hours
>12 hours, < 24 hours
>24 hours, <48 hours
>48 hours
Unknown

Log time

Log time
Log time

Log time

Check
when done

Appendix E
Notification Scripts

Notification Scripts
This procedure is to be used by all [your compnay] Company employees when
contacting other employees at home to notify them of the occurrence of a disaster.
The purpose of this procedure is to standardize the information given to employees
regarding a disaster and to prevent disclosure of information regarding the disaster
to anyone outside of [your compnay].
Individuals making notification phone calls as a result of a disaster should also be
aware of the fact that it is possible that the employee was at the site of the disaster
when it occurred. Using this script will prevent unnecessary panic for the family
members of the employee.
Contacting Via Direct Phone Contact
Hello, may I speak with _________________________________________
please?
If employee is not home, state the following:
When he/she returns, would you ask them to please contact me immediately at
the following number _____________________.
If employee is at home, explain the following:
Give the employee a brief description of the situation that has occurred and what
it has impacted and estimate of the length of outage, if known.
Tell the employee where to report and when and how long they should expect to
stay.
Remind them to bring any recovery procedures with them.
If travel arrangements have been made for the employee, inform them of what
they are.
If travel arrangements are to be made by the employee, inform them of where
and when they are expected and verify they have the information to make the
arrangements.
If employee is to remain at home, inform them that they are to remain on-call
and prepared to report to work.
Remind the employee that they are not to speak to anyone regarding the
situation.
Contacting Employees via Email
To all employees of [your compnay],
Please be advised we have experienced a disruption of our critical core business
functions. (Provide general details as to what happened, what it has impacted
and the estimated length of downtime.)

We have taken the appropriate steps in planning for such events, and have
activated our recovery plan procedures.
Please contact your Supervisor at (insert telephone number) for further
instructions as to where to report. Be prepared to bring along your recovery
procedures.
Be aware the local news media might try to contact you regarding details of this
event. Please do not speak directly to the news media regarding this event. It is
our policy to refer any inquiries to our Media Communications contact (insert
name and telephone number).
Your attention to this matter is truly appreciated. Adherence to our recovery
procedures are of the utmost importance for the protection of our most valued
asset, our employees.
Sincerely,
(senders name)

Appendix F
Emergency Contacts Information Sheet

[your compnay] EMERGENCY CONTACTS SHEET

AGENCY INFORMATION
[B_Officialname]
[B_address]
[B_City] [B_State] [B_Zip]
Phone: [B_phone]
After Hours #:
Insurance Carrier:
Line of Insurance
Address:
City/State/Zip:
Phone #:
After Hours #:

Insurance Carrier:
Line of Insurance
Address:
City/State/Zip:
Phone #:
After Hours #:

Insurance Carrier:
Line of Insurance
Address:
City/State/Zip:
Phone #:
After Hours #:
FIRE:

POLICE:

HAZMAT:

Appendix G
Training Drills and Exercises Timeline

Training Drills and Exercises Timeline

Jan

Feb

Mar

Apr

May

Management
Orientation Review
Employee
Orientation
Contractor
Orientation
Community Media
Orientation
Management
Tabletop
Exercise
Response
Team
Tabletop
Exercise
WalkThrough Drill
Functional
Drills
Evacuation
Drill
Full-Scale
Exercise

Source: Federal Emergency Management Agency (FEMA)

June

July

Aug

Sept

Oct

Nov

Dec

Appendix H
Annual Audit

EVALUATING AND MODIFYING THE BUSINESS CONTINGENCY PLAN

[your compnay] conducts a formal audit of its entire plan at least once a year on [insert
date here]. The issues to consider when reviewing our current plan include:
YES
Are the problem areas and resource shortfalls identified in the vulnerability
analysis being sufficiently addressed?
Does the plan reflect lessons learned from drills and actual events?
Do members of the emergency management group and emergency
response team understand their respective responsibilities? Have new
members been trained?
Does the plan reflect changes in the physical layout of the facility? Does it
reflect new facility processes?
Are photographs and other records of facility assets up to date?
Is the facility attaining its training objectives?
Have the hazards in the facility changed?
Are the names, titles and telephone numbers in the plan current?
Are steps being taken to incorporate emergency management into other
facility processes?
Have community agencies and organizations been briefed on the plan? Are
they involved in evaluating the plan?

In addition to a yearly audit, [your compnay] will evaluate and modify the plan at these
times:

After each training drill or exercise

After each emergency
When personnel or their responsibilities change
When the layout or design of the facility changes
When policies or procedures change
Remember to brief personnel on changes to the plan

NO