|GuidancePrivacy policies for ChildrenSafe Harbor CertificationFacebook Instant PersonalizationPrivacy BreachThe Importance of Safe Harbor CertificationNHS care.data delayedCASL - Canadian Anti Spam LegislationChanges to Safe Harbor certificationSafe Harbor vs Binding Corporate RulesSafe Harbor 2.0Safe Harbor 2GDPR - General Data Protection RegulationSafe Harbor CertificationGDPR - General Data Protection RegulationSafe Harbor CertificationGDPR - General Data Protection RegulationSafe Harbor 2Safe Harbor 2|
The best way to prepare for a disaster is to avoid the disaster. Therefore, look for any potential problems you can find and correct them. You should address those issues that you can solve and which will provide benefit.
You may not have direct control over some of the above, but you can, and should, encourage those who do have authority to take appropriate action. Consider encouraging security-training sessions where appropriate.
The team plan has been developed by the Business Continuity Group to the point that it is almost ready for use. Team Leaders are responsible for part of the plan development process. The documents used in plan development, beside this guide, are the plan development checklist and the team plan. The information gathered in the Plan Development Guide is used to populate the team plan.
The form is a tool to chart the progress in developing your business resumption plan. Each plan segment is listed with the development responsibility. Segments with “*” denote team level development responsibility.
The plan segments are broken out into three development modules listed below. The development tasks for modules one and two should take no more than one to two weeks to complete. Module three includes plan segments that are potentially more complex.
The Business Continuity Group will participate in a development meeting at the beginning of each module. Each plan segment will be discussed in detail. The discussion will include potential sources of information and the expected end result for each segment.
During each of the three development meetings the task duration and objective date will be established for each segment in that module. Development meetings 2 and 3 will also include a review of the completed segments in the previous module.
The final development meeting will be conducted after the plan segments in module 3 have been completed. This meeting will review the completed segments and also walk through a disaster recovery exercise.
The plan segments and modules are listed on the next page. The rest of this guide contains the individual modules and the data collection forms needed to complete each module.
Team Alert Description
Instructions for completing the form:
For emergencies: “Contact” is the name of the person to call, “Relationship” relates to spouse, parent, son or daughter etc. “Phone” is the number where the person is most likely to be reached.
If team members do not have pagers or cellular phones - leave those entries blank.
Some staff members may be concerned about having their home information published. They may, for example, have an unlisted home number. It is essential that all employees provide a means to be contacted following an incident. These team members must be assured that this information will only be distributed on a “need to know” basis, and that the information will have limited access.
This information is most easily gathered by distributing the attached Team Alert List to the employees for them to complete. Accuracy of the information is most easily assured in this way. The information gathered can be keyed directly to the Team Alert List on page 2 of the plan.
Product or service provided should be a description of the product or service provided to you. Along with “Comments”, this helps to indicate the reason that this vendor should be contacted following the event.
For some vendors, there may not be a specific contact person’s name to list. The “Service Representative on Call” may be appropriate response in some cases. In other cases, a title or department, such as “Sales Representative” or “Service Department” may suffice.
Contact phone numbers should include all possible ways to reach the vendor including fax, cellular, pager, after hours number if different from the normal number and toll-free numbers in addition to the normal number.
Alternate names and numbers should also be listed wherever possible. Alternate names are alternates to the primary contact person’s name, if listed.
Some vendors may not have 24-hour service. If your incident occurred on a Sunday afternoon, you might need to contact the vendor at that time. Discuss your concerns with the vendor representative to determine how to contact them during off-hours. After reassuring him or her that the information will have limited distribution, ask for home telephone numbers if cellular or pager numbers are not sufficient.
Comments can be used for any information significant to this vendor, such as the reason this vendor should be contacted following an incident, instructions the vendor would need or any appropriate notes.
List only Key Customers, those who would need and expect personal notification from you. Include those customers who would be offended or take their business elsewhere if they were not contacted. Being pro-active in contacting important customers can go a long way in mitigating losses. Your Sales and Marketing Departments and others who could help in assuring the outside world that you have things under control should be listed here.
Specific information needed for Key Customers is the same as for Vendors.
Other Business Partners or Support Providers
When an incident occurs, you may need to contact some organizations that do not fall into one of the earlier categories. You should create a list of any of those additional entities too. Some of those entities include:
The information needed to contact these entities is the same as for Vendors or Key Customers.
Meeting Place Description
Select a place to meet in case your facility is unavailable. Make sure key people know the location, and have maps if necessary. This pre-defined meeting place will serve as a location for you and your key staff to plan your response to the incident.
In choosing this meeting place, think about any key resources you would need there, and consider its location. Some of the resources and location considerations are:
When documenting your meeting place, you should include its name, street address, who to contact to get in, and any security requirements. You should also consider appending a map to the location and a floor plan of the facility if they are not well known to the staff.
© 2002 - 2016 PrivacyTrust