Business Continuity Checklist

The business continuity checklist is the first step in the BCP process.  The checklist is not an exhaustive list, it is a simple tool that can be used to ensure that the basic BCP process has been initiated and the Division management has considered what needs to be done to keep essential functions operating if an adverse event occurs.  The checklist is somewhat “information centric” as organisation’s reliance on information is increasing and its successful management provides competitive advantage.

Business Continuity ChecklistPlanning and preparing for various types of unfortunate events represents a fair portion of what you do.  It is equally important that each United Way have its own viable plan for what to do if it is impacted in a crisis. Every year crises take a toll on organizations – in both lives and dollars.  But organizations are not helpless.  Injuries and damage can be limited, and you can get back to normal operations more quickly by planning ahead.  That is what this document is about: planning to limit damage and resume operations as quickly as possible when you are caught up in a crisis.  This is why it is important to prepare a detailed business continuity checklist, below we go over a few points to think about when building your business continuity checklist.

Page Contents

Business Continuity Checklist

Program Initiation and Management (Pre-Planning)

  • Establish the need for Business Continuity Program
  • Scope of legal and regulatory authority
  • BCP Sponsor (Senior Management)
  • Business Continuity Steering Committee (5-8 people)
  • BCP protects core assets

 

Risk Evaluation and Control (Pre-Planning)

  • Prioritize planning and resource allocation
  • Identify and mitigate exposures
  • Identify the threats, risks and vulnerabilities
  • Gather information
  • Controls/Safeguards
  • Annualized Loss Exposure (Ale) Risk=Frequency x Exposure
  • Quantitative and qualitative
  • Protecting physical property, information, company reputation
  • Risk tolerance and probabilities

 

Business Impact Analysis (Pre-Planning)

  • BIA determines critical, time sensitive, prioritized business processes
  • Interdependencies of these functions (intradepartmental, interdepartmental and external)
  • Establish RTOs (disaster and minimum acceptable level) and RPOs (last good data)
  • Plan and coordinate data gathering and analysis
  • Questionnaires
  • Financial impact, customer impact, legal impact, regulatory impact
  • Disruption<RTO
  • Disaster >RTO
  • Vital records management
  • Data backup strategies
  • Prepare and present BIA

 

Developing Business Continuity Strategies (Planning)

  • Assess strategies, maximum recovery impact in RTO window
  • Support services/resources needed
  • Alternate strategies  (combo, displacement, alternate site, work from home)
  • Cost (advantages and disadvantages)
  • Develop a cost/benefit analysis
  • Other requirements

 

Emergency Preparedness and Response (Planning)

  • Types of emergencies
  • Tactical and strategic planning
  • Evacuation/SIP
  • Facility stabilization
  • Identify and review existing emergency response procedures
  • Life safety
  • Command and control
  • ICS
  • Crisis management
  • Notification and protocols

 

Developing and Implementing Business Plans (Planning)

  • Types of plans (crisis mgt, COOP, DRP, ERP, BCP, etc)
  • Introduction, policy statements, scope, assumptions, essential business functions and processes)
  • BCP structure (base plan)
  • Checklists
  • Disaster recovery management
  • Critical continuity functions
  • Human resource responsibilities
  • Recovery communications
  • Insurance/Emergency funds
  • Plan implementation
  • Plan distribution

 

Awareness and Training Programs (Post-Planning)

  • Importance of BCP
  • Awareness activities
  • Training activities
  • Audience needs
  • Delivery tools

 

Business Continuity Plan Exercise, Audit, and Maintenance (Post-Planning)

  • Exercise and test the plan
  • Tabletop, walkthrough, backup, integrated, comprehensive, standalone, call trees, line of business, facilities)
  • Timeline
  • AAR/IP
  • Maintain BCP
  • Establish an audit process

 

Crisis Communications (Post-Planning)

  • Sources of communication
  • Methods of communication
  • Internal vs. external
  • Stakeholders
  • Media and role of spokesperson
  • Key messaging
  • Crisis communication plan

 

Coordination with External Agencies (Post-Planning)

  • Identify and establish the organizational emergency management procedures
  • Coordination with external agencies
  • Current laws and regulations
  • ICS

Business Continuity Checklist :MITIGATION PLANNING CHECKLISTS

 

Mitigation Planning

 

Generic planning tasks (please add other business specific actions points) Completed Y/N Reference Sub- appendix
Identify minimum resource requirements Appendix 1.1
Identify critical supplies – Ensure sufficient stocks are in place, source alternative suppliers and product Appendix1.2
Contact critical suppliers to identify whether they have contingency plans in place. If applicable, refer external organisations to Cabinet Office Guidance available on UK Resilience website:  UK Resilience Appendix1.2
 Use more than one supplier, on a regular basis, for all critical services and materials
 Identify interdependencies between other businesses, business units, services and organisations, to ensure service delivery can be maintained Appendix 1.3
Identify tasks that support business critical functions Appendix 1.4
Identify all business critical services and tasks that must continue during a disruptive event Appendix 1.5
Consider the impact of greater demand on the critical services you provide and the plan to manage the increased workload, if appropriate
Determine the potential impact of a disruptive event such as Influenza pandemic, on your business related travel

 

 

Staff Issues (please add other business specific actions points)  Completed Y/N Reference Sub- appendix
Identify key members of staff in critical roles Appendix 1.4
Prepare a skills matrix to identify transferable skills Appendix 1.6
Provide and maintain cross-training Appendix 1.7
Document operational procedures for all tasks supporting a critical service to enable tasks to be undertaken by other staff Appendix 1.8

 

 

Staff Issues – home-working Completed Y/N Reference Sub- appendix
Identify which staff could operate from home Appendix 1.9
Test home-working arrangements Appendix 1.9
Check Human Resources working at home policy
Maintain staff contact details including home/mobile phone numbers and e-mail addresses Contact details Annex D
Liaise with IT Services regarding IT requirements Hardware, Software, instructions, training etc.
Prepare Matrix of IT critical equipment requirements in emergency for Critical Tasks/Critical Users Appendix 1.10

 

 

 

Document Management  Completed Y/N Reference Sub- appendix
Liaise with IT Services to set up shared directories for access to key documents. Prepare table of detail of directories Appendix 1.11
Ensure key documents are stored in shared directories. Prepare list of key documents Appendix  1.12

 

 

E-Mail Management Completed Y/N Reference Sub- appendix
Liaise with IT Services to set up shared Outlook mailboxes for critical user groups. Prepare table of detail of shared mailboxes Appendix  1.13
Where appropriate set up secondary user access to personal Outlook mailboxes. Prepare table of detail of secondary users Appendix  1.14
Establish routine of sending e-mails/copies to shared Outlook mailboxes

 

 

Communications  Completed Y/N Reference Sub- appendix
Collate and create mobile telephone directory Appendix 1.15

 

 

  Service planning tasks  Completed Y/N Reference Sub- appendix
Identify services which could be stopped or reduced during a disruption Appendix 1.16
Identify staff from non critical task areas who could act as temporary support cover to assist in critical task areas Appendix 1.17
Identify how internal resources could be reallocated to ensure those activities connected to critical tasks are maintained during a disruptive event Appendix 1.18

 

 

Business Continuity Checklist: RESPONSE ACTIONS

Plan Checklists of Initial Actions for each high risk threat (complete a checklist for each high risk threat)

Response Checklists

Loss of Staff (Temporary/Permanent) Completed Y/N
Staff illnessStaff absence due to illness of dependent children/closure of schoolsLoss of large numbers of staff

Loss of small numbers of key staff (managers/specialists)

Industrial action.

Liaise with Human Resources
Review staffing arrangements
Appropriate managers and staff to be re-deployed from other areas as required
Staff temporarily re-deployed  – cover by agency staff if appropriate
For industrial action – Human Resources to provide strategic guidance for managers

 

 

 

 

 

 

 

 

 

Influenza Pandemic Completed Y/N
Consider the impact of greater demand on the critical services you provide and plan to manage the increased workload if appropriate
Determine the potential impact of the pandemic on your business-related travel
Consider planning for the use of audio or video conferencing as alternatives to traveling/attending meetings to reduce person-to-person contact
Forecast potential employee absence during a pandemic. For Influenza Pandemic planning purposes, the estimated worst case scenario is for a cumulative clinical attack rate of 50% of the population over 15 weeks for each phase.

 

          Damage to premises Completed Y/N
Liaise with the Council building control department  regarding dangerous structures, if appropriate
Notify utility companies (e.g. gas, water, electricity, telecommunications)
Consider impact on staff and public health and safety e.g.

  • Loss of electrical power affecting fire detection and alarms, lighting, emergency lighting, heating, swipe card access, intruder alarms/security
  • Loss of water supply affecting catering, sanitation, e.g. toilets and hand washing facilities etc
If structure is dangerous, take advice and reasonable action to remove/reduce immediate danger to staff and the public. Action may include:

  • Barricade off
  • Arrange for repair
  • Removal of the hazard if appropriate.
  • Scaffolding or shoring to make the building safe until permanent work can be arranged may have to be organised
  • Have the premises secured to prevent unauthorised access
Identify alternative premises if required
Contact your IT department regarding implications for IT and communications infrastructure
Implement arrangements to maintain building security

 

 

Loss of Premises/Access Denied  Completed Y/N
Identify alternative premises if appropriate.
Notify staff:Advise of action to take for next working day (e.g. staff for high criticality functions go to alternative location, staff from lower criticality functions call in for further information)
Staff may need practical assistance e.g. to get home, obtain spare keys, notify relatives/friends to assist
If you are unable to contact all staff, (e.g. if incident occurs out of working hours) arrange for staff to be met on arrival at site on next working day and advise them what to do and where to go (as above)
Establish staff ‘information line’ number with recorded message of action to take (Use Reception until a dedicated line can be set up and details publicised to staff)

 

 

Loss of Utility Supply (Gas, Water, Electricity)

 

Completed Y/N
Contact service provider to establish:

  • Extent of disruption.
  • Remedial action being taken.
  • Length of time before restoration of service
Consider impact on staff and public health and safety e.g.

  • Loss of power affecting fire detection and alarms, lighting, emergency lighting, heating, swipe card access/security.
  • Loss of water supply affecting catering, sanitation e.g. toilets and hand washing facilities
Contact your IT department regarding implications for IT and communications infrastructure
Identify alternative premises if necessary

 

 

 

Loss of IT and /or Communications Completed Y/N
Contact your IT department regarding impact on IT and communications infrastructure
Publicise alternative contact details to staff and public
Identify alternative premises if unable to
Prolonged incident consider alternative supply

 

 

Loss of Supplier Completed Y/N
Identify alternative material resources
Identify alternative human resources
Identify alternative service provider

 

We hope this information will help you prepare for you business continuity checklist.