Image 1 of 1
Image 1 of 1
Image 1 of 1
Image 1 of 1
Here's a summary of its key sections:
Introduction and Purpose: Outlines the BCP's goal to minimise disruption from unforeseen incidents, protect assets, ensure critical service delivery, and facilitate rapid recovery.
Key Personnel and Contact Information: Identifies roles such as BCP Lead, Communications Lead, IT Support, Finance Lead, and Operations Lead, along with their responsibilities and contact details. It also includes an external emergency contact list (e.g., emergency services, local council, IT support provider).
Critical Functions and Processes: Requires identifying essential services and operations, defining their Recovery Time Objective (RTO – maximum tolerable downtime) and Recovery Point Objective (RPO – maximum tolerable data loss). Examples include beneficiary support and payroll processing.
Risk Assessment and Impact Analysis: A table for identifying potential threats (e.g., loss of premises, IT system failure, key staff absence, data loss), assessing their likelihood and impact, and listing existing mitigation strategies.
Response Procedures (During an Incident): Details immediate actions, including incident detection and assessment, activation of the BCP, internal and external communication protocols (e.g., staff, volunteers, beneficiaries, media), safety and security measures, and alternative work arrangements (remote work, alternative locations).
Recovery Procedures (Post-Incident): Outlines steps to restore normal operations, covering data backup and restoration, IT systems recovery, financial continuity (e.g., access to banking, critical payments), and premises recovery.
Testing and Review: Emphasises the BCP as a living document, requiring annual reviews and regular testing (e.g., tabletop exercises) to ensure effectiveness, with a section to record test details and lessons learned.
Appendices: Lists supplementary documents that should be included, such as staff/volunteer contact lists, critical asset inventories, supplier/partner contacts, insurance details, and IT system configuration details.
Here's a summary of its key sections:
Introduction and Purpose: Outlines the BCP's goal to minimise disruption from unforeseen incidents, protect assets, ensure critical service delivery, and facilitate rapid recovery.
Key Personnel and Contact Information: Identifies roles such as BCP Lead, Communications Lead, IT Support, Finance Lead, and Operations Lead, along with their responsibilities and contact details. It also includes an external emergency contact list (e.g., emergency services, local council, IT support provider).
Critical Functions and Processes: Requires identifying essential services and operations, defining their Recovery Time Objective (RTO – maximum tolerable downtime) and Recovery Point Objective (RPO – maximum tolerable data loss). Examples include beneficiary support and payroll processing.
Risk Assessment and Impact Analysis: A table for identifying potential threats (e.g., loss of premises, IT system failure, key staff absence, data loss), assessing their likelihood and impact, and listing existing mitigation strategies.
Response Procedures (During an Incident): Details immediate actions, including incident detection and assessment, activation of the BCP, internal and external communication protocols (e.g., staff, volunteers, beneficiaries, media), safety and security measures, and alternative work arrangements (remote work, alternative locations).
Recovery Procedures (Post-Incident): Outlines steps to restore normal operations, covering data backup and restoration, IT systems recovery, financial continuity (e.g., access to banking, critical payments), and premises recovery.
Testing and Review: Emphasises the BCP as a living document, requiring annual reviews and regular testing (e.g., tabletop exercises) to ensure effectiveness, with a section to record test details and lessons learned.
Appendices: Lists supplementary documents that should be included, such as staff/volunteer contact lists, critical asset inventories, supplier/partner contacts, insurance details, and IT system configuration details.
