Business Continuity Procedures

Strategy

Incident Response Structure

Summarise your incident response structure, perhaps with the aid of a diagram. Refer out to a document or subordinate web pages as appropriate. Your purpose is to ensure that a suitable incident response structure is in place in advance of any disruption to ensure effective response and recovery from such disruption.

<<>>

Recovery

Summarise your strategy for recovering each critical activity within its recovery time objective, your overall BCM arrangements, resource and supplier/outsource partner constraints. Refer out to a document or subordinate web pages as appropriate. If you do refer out to a document, make sure that any hyper link goes to the correct place in the document.

<<>>

Key Stakeholder and External Party Relationships

Summarise here your strategy for managing relationships with the key stakeholders and external parties involved in the recovery. Refer out to a document or subordinate web pages as appropriate.

<<>>

Business Continuity Plans

List here your Business Continuity Plans, hyperlink to them and describe how you have organised them. Note that how you organise your business continuity plans is up to you. BS 25999 has a number of requirements (see below) that these plans must meet collectively. There could be just one plan. Alternatively, there could be several plans, each of which addresses all of BS 25999's requirements but only in respect of certain critical activities. For example, you could have a "complete" plan for different geographical sites. You might also have different plans, each of which addresses all of your critical activities but only in respect of certain BS 25999 requirements. For example, you might have different plans for different groups of people according to their respective organisational roles. Of course, you might even have a diversity of plans in which each one covers a subset of critical activities and BS 25999 requirements.

<<>>