The business continuity plan has been developed to minimize disruption to Northeast Data, Inc.'s services in times of crisis. It lays out what the business should do if normal business activities cannot be continued due to a disabling event such as loss of technology, the building, or a large proportion of staff.
The business continuity plan;
During an emergency these are the priorities and responsibilities for Northeast Data, Inc.
| Function | Description |
| General |
All Northeast Data, Inc Staff are safe and accounted for Northeast Data, Inc. manages the situation by ensuring that:
|
| Critical Business Function |
Critical business functions of Northeast Data, Inc.:
|
| Civil Emergency |
Northeast Data, Inc. is not an organization which manages major resources essential for an effective response in the event of a civil emergency. Northeast Data, Inc.'s objective during a civil emergency is the safety of its staff and the maintenance of the essential functions of the office. |
Because Northeast Data, Inc. operates from a single office, it is possible that the whole of Northeast Data, Inc.'s core business could be disrupted.
Business support systems failure could disrupt business, but the assumption is that serious disruption is not likey to occur at least after 1-day. The business continuity plan takes this into account.
This plan concentrates on the events that are most likely to occur. These four events (in order of impact) are:
A key risk for staff is inability to access or leave the office building. Departure or access may be denied as a result of transporation failure, nature (e.g. floods, eatherquake), personnel or political reasons.
The key response for responding to inability to depart or access the buildingis outlined below. Specific instructions for particular issues are detailed in the specific business continuity plans (see Section 7)
| Characteristics of interruption | Risk Assessment Rating | Actions for short term interruption (up to 7-day recovery location) |
| No Access to the General Area | Medium |
Short Term: This would be a civic Emergency and beyond the business continuity plan Long Term: Staff to relocate to the business recovery office. |
| Staff unable to leave the building | Low-Medium |
Short Term: Staff work off-site or remain at home Long Term: Staff to relocate to business recovery office. |
| No access to the Town of Tunkhannock | Medium |
Short Term: Staff work off-site or remain at home Long Term: Staff to relocate to business recovery office. |
| No access to the block on which office is located | Low-Medium |
Short Term: Staff work off-site or remain at home Long Term: Staff to relocate to business recovery office. |
Staff should be continually cross training in the unlikely event of:
Employees will immediately advise their direct department manager if the employee or any of the employee's immediate family members have tested positive for the COVID-19 Virus.
The department manager is to immediately and quickly inform the customer of the positive test and areas the employee may have frequented
| System | Tolerable Outage | Tolerable data loss |
| Payroll | Three Days | Three Days |
| One Day | One Day | |
| Network (Including remote access) | One Day | One Day |
| File Server / Sharing | One Day | One Day |
| Phones (Landlines) | One Day | One Day |
| Phones (Mobile) | One Day | One Day |
| Accounting System | One Day | One Day |
| Website | One Day | One Day |
During an emergency these are the roles and responsiblities
| Role | Who | Responsiblity |
| Business Continuity Manager (BCM) | Position: CEO/CFO |
Contacting the Chief Review Officer at first knowledge of an emergency. Arrange the initial meeting of the Emergency Decision Group (BCM, CRO and Technology advisor)to:
Reinstating services at Northeast Data, Inc. |
| Chief Review Officer (CRO) | Position: CEO/CFO |
Contacting the BCM at first knowledge of an emergency Ratifying the decisions of the Emergency Decision Group Leading Northeast Data Managment Team Communicating to Northeast Data, Inc. (Including the board) |
| Business Recover Office Manager | Position: CFO / Exec Administrative Assistant |
Co-ordinate the setting-up of the business recover office along with the managers. |
| Technology Advisor | Position: Network Manager / Network Director |
Co-ordinate the management of ICT BCP |
| Communication Contact Role | Position: CEO/CFO |
Communicating with:
|
|
When |
Who |
Procedure |
|
As soon as you are informed of the emergency situation |
The Business Continuity Manager (BCM) |
The building is cleared of all staff using Emergency Evacuation Procedures |
|
When |
Who |
Procedure |
Action |
|
As soon as you are informed of the emergency situation |
The Business Continuity Manager (BCM) in conjunction with the Chief Review Officer (CRO) if available |
The BCM follows this procedure to activate and implement the BCP |
1. Take details of the emergency from the initial call:
|
|
2. Check that the Evacuation Procedures are underway and request regular updates are provided to the BCM. |
|||
|
3. Convene a meeting of the Emergency Decision Group (BCM, CRO, and Technology Advisor) which assesses the impact of the emergency on the business and decides the following:
|
|||
|
4. Advise managers of decisions made and have them relay the information to their staff members. |
|||
|
5. Contact staff members to take on the Business Recovery Office Manager and Communication Contact Roles. |
|||
|
6. Ensure appropriate delegated authorities are in place. |
|
When |
Who |
Procedure |
Action |
|
You will need to manage your staff during an emergency to ensure they are safe, kept informed and scheduled for work or released to go home. |
Department Managers |
Department Managers use the following procedures to manage staff after the Emergency Evacuation Procedures have been completed. |
1. Note the physical location of all staff - confirm who was due to work today, who is on leave, who is not accounted for. |
|
2. Ensure that staff are congregated in a central location and have been given access to telephones to advices family they are safe. Check that food & beverages have also been provided. |
|||
|
3. Liaise with the Department Manager to organize private counseling and transport when and where necessary. |
|||
|
4. Send home those staff who are not required with instructions when the will be contacted to advise of any changes and when/where to return to work. |
|||
|
5. Provide regular updates as advised by the BCM. (use staff call tree in Section 9.1) |
|
When |
Who |
Action |
|
Immediately after you have received a call from the CRO or Department Manager |
CRO to contact the Department Manager and the Department Managers to contact team Members |
1. Take all relevant details from the caller; what has happened. Is there access to the building? Who you need to contact and what information to relay? |
|
2. Check the call tree to find out whom you need to contact (use Staff call tree on page 24) |
||
|
3. Make a list for each person that includes:
|
||
|
4. Make the calls - passing on information prepared above (use Staff call tree in section 9.1) |
Northeast Data, Inc. may need to set up a business recovery office as a temporary place to carry out business following an emergency where access to the office is restricted for longer than one week.
|
When |
Who |
Procedure |
Action |
|
As soon after the emergency as possible, following instructions from the BCM. |
Business Recovery Office Manager |
Co-ordinate the setting up of the Business Recovery Office with the Vice President and Staff |
1. Work with real estate companies to rent temporary office space for all staff. |
|
2. Gather the staff members from each of the departments that will be setting up in the business recovery office. |
|||
|
3. Check that resources are available for use by the departments and make necessary allowances if not all resources are available. Where required arrange for the purchase of items. |
|||
|
|
|
4. Allocate resources to each of the departments. Assign designated work areas and stations for each department. Label each work station with the staff name. |
|
|
5. Co-ordinate the setting up of computer equipment and phones. Prevent any safety hazards (e.g. tripping on loose cabling) |
|||
|
6. Obtain contact numbers for each department and circulate to the Communication Contact. |
|||
|
7. Co-ordinate the orientation of staff to their new environment. |
|
When |
Who |
Action |
|
Immediately |
Communication Contact Role |
1. Receive confirmation of the business recovery location and go directly to the location. |
|
2. Provide regular recovery status information to CRO, particularly Northeast Data's services are available and where, and those services not available and an anticipated recovery time. |
||
|
One day later |
3. Set up the alternative phone links for Northeast Data, Inc. and have a staff member staffing the phone or ensuring all callers receive a recorded message advising that the office is closed and anticipated reopening. |
|
|
One day later |
4. Contact major external stakeholders and Northeast Data to establish communication. |
|
|
As required |
5. Handle calls from stakeholders, and media s received. |
|
When |
Who |
Action |
|
Once access and services at the office are available |
BCM |
1. Ensure all insurance needs have been covered |
|
2. Ensure that the usability of the office will still meet the needs of Northeast Data. |
||
|
3. Assess the technology requirements to reinstate services at the office. |
||
|
4. Assess furniture and fixture needs for the reinstatement of services in the office. |
||
|
5. Ensure all health and safety requirements are in place. |
||
|
6. Ensure all general office services are in place. |
||
|
7. Arrange for staff to return to the office. |
|
Core Business Functions |
Characteristics of Interruption |
Short Term (2-weeks) |
Long Term (More than 2-weeks) |
|
Payroll |
No access to building |
Team will process payroll from outside of the location using Northeast Data issued PC’s to enter their time into Prime Pay. Payroll will be processed by the administrators outside of the office using the Prime Pay system. |
Employees will be able to log into the payroll system outside of the office using either Northeast Data equipment or provided smart phone to log into payroll. Administrators will process payroll using the Prime Pay portal |
|
No access to building & to the payroll system |
Northeast Data will process payroll by contacting Prime Pay and having the previously processed payroll run. |
Employees will submit time directly to their managers if the portal isn't working and time will be collected as usual being sent to the administrative assistance and to be processed by calling in the hours to Prime pay or emailing a spreadsheet of hours to Prime Pay for processing |
|
|
Access to building but not to payroll system |
Northeast Data will process payroll by contacting Prime Pay and having the previously processed payroll run. |
Northeast Data will move to the QuickBooks payroll system to process the payroll of the employees until the Prime Pay system is back up an operational |
|
Core Business Function |
Characteristics of interruption |
Short term (up to 1-day) |
Long term (more than 1-day |
|
|
No Access to building |
Employees will utilize their company provided laptop / pc to access their outside email or their company provided smart phone. There is also a webportal with ptd that employees will be able to check and respond to emails |
Employees will utilize the ptd portal to access their emails. |
|
PTD email server down |
Technology Advisor will advise ISP of server down. Accounts will be set up or accessing email via webmail if the outage is extended Use of laptops and PCs at home to access webmail accounts or smart phones |
Have ISP change downed accounts to different ISP server |
|
Core business functions |
Characteristics of Interruption |
Short term (up to 1-hour) |
Long Term (More than 1-hour) |
|
Email, Accounting, Client management & general business application |
No access to building but servers operating |
IT to assist staff to access network remotely. |
Work offsite Temporary IT systems will be arranged at business recovery office if necessary. VPN access to be set up for offsite personnel to work remotely. |
|
No access to building and server not running. There will be no access to shared drives, print services or (Specialist & financial system)/(Specialist application.) |
Unitrends on demand back up to be moved over to new server for up and ready rebuild. Rebuild will take an hour and employees will then be able to remote into the system with IT staff assistance. |
New implemented backup server will run Unitrends instant rebuild and employees will have to remote into system with IT staff assistance. |
|
|
Access to building but Terminal Server not running. There will be no access to shared drives, print services or (Specialist & financial system)/(Specialist application) |
Unitrends on demand back up to be moved over to new server for up and ready rebuild. Rebuild will take an hour Employees will be able to work with new configuration |
New implemented back up server will run Unitrends instant rebuild. |
|
|
Access to building and server but user PC down |
IT to set up temporary PC to user and rebuild user applications with new configuration |
Encryption keys to be kept in safe on USB drive with print outs of keys kept on offsite location in preparation to unencrypt data on hard drive if necessary IT pc image kept on site and off site for quick load of basic pc functions with imagining |
|
Core business functions |
Characteristics of Interruption |
Short Term - (4 - hours) |
Long Term (more than 4-hours) |
|
Phone Calls |
No access to building and phone system down |
Contact Telco provider to report system down Contact Voice Tech to attempt remote repair but unlikely as phone system must be running for remote access to work. Arrange for the telco lines to be diverted to mobile phone or a landline in the business recovery office. |
If phone system is unrepairable, purchase a new system. The implementation or repair of the phone system will have to wait until access to the building has been restored. Arrange for telco to remove the phone diversions. |
|
Access to building but phone system down. |
Contact Telco provider to report system down Contact Voice Tech to attempt remote repair but unlikely as phone system must be running for remote access to work. Arrange for the telco lines to be diverted to mobile phone or a landline in the business recovery office. |
If phone system is unrepairable, purchase a new system. Temporarily relocate phone lines to old cisco phone system and change out NEC phones with Cisco system. The implementation or repair of the phone system will have to wait until access to the building has been restored. Arrange for telco to remove the phone diversions. |
|
Core business functions |
Characteristics of Interruption |
Short Term (up to 4-hours) |
Long term (more than 4-hours) |
|
Phone Calls |
No access to building and mobile phones not working |
Contact Verizon to access extent of issue. Arrange for Verizon to setup diversions of the mobile numbers to business recovery office or to staff home phones if this is possible. |
Contact Verizon to access extent of issue. Arrange for mobile telco to remove diversions |
|
Access to building but mobile phones not working |
Contact Verizon to access extent of issue. Arrange for Verizon to set up diversions of the mobile numbers to business recovery office or to staff home phones if this is possible |
Contact Verizon to access extent of issue. Arrange for Verizon to remove the diversions. |
|
Core business functions |
Characteristics of interruption |
Short Term (up to 1-day) |
Long Term (More than 1-day) |
|
Accounting |
No access to the building and Quickbooks is not working |
Technology Advisor to contact Network Administrator Network administrator to attempt remote repair of Quickbooks File. |
If File is unrepairable, Network Administrator to utilize Untirends backup to restore last back up. Repair of the file will have to wait until access to the building has been restored or Quickbooks will be implemented on a new server in the business recovery office. |
|
Access to the building, but Quickbooks not working |
Technology Advisor to contact Network Administrator Network administrator to attempt remote repair of Quickbooks File. |
If File is unrepairable, Network Administrator to utilize Untirends backup to restore last back up. |
|
Core business functions |
Characteristics of interruption |
Short Term (up to 1-day) |
Long Term (More than 1-day) |
|
Website |
Website not working |
Technology Advisor to contact website supplier Penteledata. Penteledata to attempt repair of website |
If website is unrepairable, work with current or new supplier to recreate website from backups or redevelop |
Delegations will be sought to ensure emergency expenditure can be approved by:
|
Position |
Level of Authority |
|
CEO |
$ |
|
Vice President / CFO |
$ |
|
General Manager |
$ |
The flow chart below describes who is responsible for calling who, in the event of an emergency and to keep in contact with staff.
The staff, supplier, client and stakeholder contact lists will be maintained by the Receptionist and Executive Manager
The contact lists are to be kept in a confidential file on salesforce.
The spreadsheet has four sheets
1. Staff
2. Suppliers
3. Clients
4. Stakeholders
Every two months, at the beginning of the month, the Receptionist will email the spreadsheet to all staff and Northeast Data, Inc. consultants to their Northeast Data, Inc. email addresses.
The four contact lists are published in this plan as the last page.