Business Continuity Plan (BCP) ([RES-PROC-006])
1. Purpose
To outline the procedures for activating emergency response, managing communications, and continuing critical business functions during a disruption.
2. Scope
This plan applies to all personnel and covers the processes and resources mandated to continue critical business functions identified in the Business Impact Analysis (BIA).
3. Overview
This plan provides a framework for responding to a business disruption. It details the procedures for plan activation, establishing an Emergency Operations Center (EOC), crisis communications, and implementing alternate work arrangements and manual backup procedures to ensure business continuity.
4. Procedure
| Step | Who | What |
|---|---|---|
| 1 | BCDR Steering Committee | Activate the Business Continuity Plan upon declaration of a significant business disruption. |
| 2 | Emergency Response Team | Establish and staff the Emergency Operations Center (EOC) to serve as the central command for the response. |
| 3 | Communications Lead | Use the emergency notification system to disseminate critical information and instructions to all employees. |
| 4 | Business Unit Leaders | Instruct teams to implement alternate work arrangements (e.g., remote work) as outlined for their functions. |
| 5 | All Affected Personnel | Utilize manual backup procedures and workarounds for critical processes if systems are unavailable. |
5. Standards Compliance
| Procedure Step(s) | Standard/Framework | Control Reference |
|---|---|---|
| 1-5 | SOC 2 | A1.1 |
| 1-5 | HIPAA Security Rule | 45 CFR § 164.308(a)(7)(ii)(C) |
6. Artifact(s)
- Emergency response team activation logs.
- Copies of all emergency communications sent via the notification system.
7. Definitions
Emergency Operations Center (EOC): A central command and control facility responsible for carrying out the principles of emergency preparedness and emergency management, or disaster management functions at a strategic level during an emergency.
Emergency Notification System: A platform used to rapidly communicate with employees, stakeholders, and other contacts in the event of an emergency.
8. Responsibilities
| Role | Responsibility |
|---|---|
| BCDR Steering Committee | Authorizes the activation of the BCP. |
| Emergency Response Team | Manages the overall business response to the disruption from the EOC. |
| Communications Lead | Manages all internal and external communications during the event. |
| Business Unit Leaders | Direct their teams in executing continuity strategies and manual workarounds. |