Inside a Sample Company Business Recovery Plan
The fundamental goal of any business continuity plan document is to: 1) identify the business impact of a disaster scenario, and 2) outline the procedures for both prevention and recovery. But what exactly does that document look like? We’ve created this company business recovery plan template to help you get started.
- Tip: Keep in mind that this business continuity plan sample is just an example. No two plans are exactly the same, and the scope will vary by business and industry. A business continuity plan template for banks, for instance, may look a bit different from a plan for manufacturing. However, the core objective is the same.
Here’s what a typical plan may look like …
Example Company Business Recovery Plan
a) List of Emergency Contacts
Consider starting your document with a tabled list of personnel who may need to be contacted in an emergency. This may include key stakeholders, department managers and operations staff. It’s also a good idea to include the team members who wrote (and maintain) this plan.
Each entry should include a column for:
- Title & department
- Work location (if applicable)
- Home phone
- Mobile phone
- Home address
Some company business recovery plans will also include a space for the “role” of each person in an emergency. But this information can also be included throughout the sections that follow.
b) Plan objectives
The opening section should state the specific objectives of the plan. It’s important to define the scope. For example, is this merely your IT business recovery plan, or does it apply to the entire organization?
Consider adding a bullet-point list of the objectives:
- State the purpose of the plan
- Identify how the plan will assist personnel in a disaster scenario
- These bullets should essentially be a rough introductory outline of what’s included in the document and why
Provide clear direction on how to implement and use the plan. This section briefly outlines what needs to happen when a disaster occurs. It should answer some of these questions:
- When and how exactly does the plan become effective? Who activates it? When does it end?
- What specific problems need to occur for the plan to become active? For example, what differentiates a simple electrical outage from a prolonged disruption to critical utilities?
- How many systems need to go down (and for how long) for the situation to be deemed a disaster?
- Does a press release need to be created? Who is responsible to speaking to the media and other external organizations?
d) Disaster-specific scenarios, business impact and procedures
This is the meat of your document, where you’ll identify specific risks and the steps that must be taken when various disasters occur. In this sample company business recovery plan, we’ve combined the scenarios, impact and procedures into a single section. However, a more comprehensive plan could easily devote entire sections to each of these.
Here’s what just one entry could look like:
- Business impact: Smoke and fire at your facility are a serious threat to both people and business systems. Identify how so: what IT infrastructure, for example, is most critical, and how would operations be affected? How quickly could operations be restored?
- Definition: What kind of fire (how big) warrants the emergency procedures below? For example, what if it’s a small fire that’s easily extinguished by on-site personnel?
- Create a specific list of steps that must be taken
- Don’t take any steps for granted: Step 1 is to evacuate and call 9-1-1
- Alert your disaster recovery personnel
- Work with fire responders to identify scope of damage
- Contact third-party vendors to initiate recovery process (insurance providers, infrastructure repair, back-up office location, etc.)
Repeat this section for each additional risk: data loss, malware, floods, tornados, human error – every plausible disaster that could impact your operations.
e) Preventative measures and action plans
Include everything that is already being done to prevent or mitigate the consequences of a disaster, as well as what still needs to be addressed. This can be included within your event-specific section above or separated into its own section.
- List the processes, tools and technologies that are already in place
- For example: what is your fire prevention and education plan? Where are fire extinguishers located and do staff know about them?
- In IT, consider things like how often your data backups are being performed, and where they are stored. What virus and malware tools are being used?
No business continuity plan is 100% airtight, especially on the first draft. You will likely discover several areas of weakness that require further action. This is the place to list them. Identify all the risks that are not fully covered and what solutions need to be explored as soon as possible.
Be sure that you also set a timetable for updating the plan on a regular basis to ensure all the information is accurate.
For more information on business continuity planning, come visit us.