7

ADMINISTRATIVE PLAN

Orchestrating the Recovery

All things are difficult before they are easy.

—THOMAS FULLER

INTRODUCTION

Business continuity addresses continuing a company’s business (the flow of goods and services to the customer) after an adverse event. This event might be the breakdown of a critical machine or the loss of the data center.

Historically, disaster recovery was the term for rebuilding the data center at another site after it had been rendered unusable. This solved the problem of a total data center loss, but the real issue is business processes, of which the automated systems are just one part. Disaster recovery planning is still important for both the data center and the offices. It resides inside a business continuity plan, which deals with the overall issue of keeping the business running.

Most companies run their business continuity program as a series of projects. Each project has a defined start and stop resulting in a specific product, such as a plan test or the creation of a plan. Some of these activities require the same resources, such as a network technician to set up a test environment or to write a recovery plan. Running the program as a series of plans reduces the amount of resource conflict.

TYPES OF CONTINUITY PLANS

Business continuity plans come in many forms according to local requirements and the preferences of the person writing them. On the companion url, you will find sample plans (Administrative, Technical, Work Area Recovery, and Pandemic). Each plan is executed by a different team, based on the circumstances of the incident. Each sample plan must be modified to meet your company’s specific situation.

The administrative plan describes how the company’s business continuity program is conducted. It pulls together artifacts created during the initial program development, such as the Business Impact Analysis (BIA) and the risk assessment, into a single document for future reference. The administrative plan also contains the company’s long-term strategy for contingency planning. The initial phase is to write and test plans. Then, it moves into an ongoing maintenance phase to keep the plans current. The high-level details of these efforts are explained in the administrative plan. It also describes the expectations as to what each team member will be working on, such as the program sponsor and the Pandemic Plan Administrator.

Another valuable resource in the plan is a series of reference information common to all plans, such as vendor call lists and service contract information. In most companies, this information is held by the people who use it on a regular basis, which means it is scattered all around the department. During an emergency, it will be difficult to find the latest version of all of this material.

Many people think that once there is a binder on the shelf, all is done. This is not true. The administrative plan details how the plans will be periodically tested in ever-increasing depth. It explains how the plans will keep pace with significant process changes and how to maintain an ongoing employee awareness campaign.

The administrative plan repeats some of the same information found in the overall business continuity plan (BCP). This is because the overall business continuity plan is the working document for the Business Continuity Manager, while the administrative plan is a reference document used by the entire recovery team. Repeating things such as the program scope and assumptions here sets the context for the rest of the plans.

In the companion url included with this book is a Sample Administrative Plan (Form 7-1). This sample plan is only a starting point. Customize it to meet your own company requirements. For instance, there are example risk assessments and restoration priority charts that you must replace with those based on your own information developed in other chapters.

ASSEMBLING AN ADMINISTRATIVE PLAN

Much of what is in the administrative plan was developed elsewhere. However, in an emergency no one has time to search everywhere for it. Consider that the audience for this material may not be involved with it on a regular basis. This makes the administrative plan a good place to insert copies that guide the company’s business continuity program.

Over time, all programs tend to drift, as they are pulled this way and that by corporate forces. The BCP program materials in the administrative plan provide an anchor for the program’s goals and create the strategy to achieve them. If the goals change, let it be an intentional change rather than the result of the program drifting through the company. Such drifting is sure to lead to program cancellation. The administrative plan consists of several sections, which are described below.

Table of Contents

Few people will read this plan from cover to cover. It was never intended for that. Instead, they will want to quickly find whatever they need. A table of contents is a great tool for quickly finding the latest information. It is easily built using tools within the word processor. The table of contents in the example administrative plan is built and updated using Microsoft Word. An automated table of contents usually includes hyperlinks if viewing an electronic copy. This also speeds the location of information.

Demonstrated Executive Support

The BCP program charter is signed by the top company executives. Business continuity programs touch all parts of the company. Many departments will resent your intrusion into how they conduct business or initially refuse your requests for assistance. A signed statement of support will reduce this resistance. A good place for this document is at the beginning of the administrative plan.

Another item in the charter is if this program is intended to assist in achieving company compliance with legal requirements, such as the Sarbanes-Oxley Act, the Health Insurance Portability and Accountability Act (HIPAA), and other laws. If so, then the BCP program must list the legal requirements to ensure the appropriate steps are taken and documented. The program may also be justified as a Board of Directors mandate or in response to an audit finding.

Business Continuity Planning Charter

The goals of the business continuity planning process are often found in the program definition of the charter. The charter specifies the scope, responsibilities, and delegated authority to create and maintain the program. Some companies specify narrow authorities to the Business Continuity Manager while others leave the question of specific authority wide open. This charter should have been provided to the Business Continuity Manager at the beginning of the project. However, if it was not, then as early in the program as possible, work with the business continuity program’s executive sponsor to create one. This is your official company “marching orders” authorizing you to expend company resources and compel assistance from others.

Plan Scope

The program scope sets the boundaries for the administrative plan. The long-term goal may be a contingency plan for every company process and every site—but that can wait. The most important action is to cover all vital business functions and their supporting IT systems. After that is completed and tested, then the plan can expand to secondary sites and other processes.

Most companies have standard ways of describing the scope of an effort. You can also use the scope description of the program plan. Example scope dimensions might include:

Geography. This might be for operations in certain cities, states, and countries.

Company Business Units. Perhaps only domestic sales and services is within the scope, with international sales and services left for another time.

Specific Sites. Perhaps only the company headquarters in Ohio is included and the warehouses in Arizona are not.

Business Processes. The program is bounded by the business processes identified in the BIA and all others are excluded.

Out of scope are aspects of the company that are specifically to be excluded. It is easy to say that everything not in scope is “out of scope.” However, by listing specific locations, business units, and sites, the program demonstrates that they were considered (and not forgotten), but were intentionally deferred to a later time. For the out-of-scope list, use the same dimensions that were used to describe what was in scope.

Plan Assumptions

Writing a plan that encompasses every possible incident to every company location would be impossible. Such a document would be so huge that it would be useless in a real disaster. To fill in gaps and to contain the planning effort to just the most critical company business processes, state a set of assumptions.

Use assumptions to define the program scope:

This plan assumes that only one company site will be impacted by a disaster at a time. (No doomsday plans with many buildings inoperable, across the country.)

This plan only addresses the vital business functions identified by the BIA.

Use assumptions to define the recovery plan scope:

The recovery site is intact.

Nothing (equipment, materials, etc.) from the original business process will be available to help with the recovery process.

Key contract support firms (suppliers and vendors) have a knowledge of this plan and can follow instructions to recover critical applications.

Staff members away from the office can be reached by telephone.

Cross-functional teams have been developed and trained.

Internal and external communication procedures have been defined and are in place, which will provide quick access by the IT Disaster Recovery Team to other managers, employees, authorities, suppliers, distributors, and customers.

Nothing in the data center can be used in the immediate recovery effort.

Use assumptions about plan execution to define the recovery plan scope:

Skilled people will be available to perform recovery work detailed in this plan.

Each technical plan can be successfully executed by someone with expertise in that technology, but not necessarily familiar with that system.

Program Organization

People have an important part to play in your program. They may be experts at their day-to-day job, but lack a technical understanding of business continuity principles and techniques. Create a list of responsibilities to explain what is expected of each project role.

Thinking through the responsibilities of each position helps to share the workload and to identify additional expertise needed for the program. For example, the Business Continuity Manager might be tasked to conduct classes to train the various stakeholders. This might imply a role for the corporate trainers to assist or even take on this role.

Business continuity plans must be written by the people most familiar with a process. Processes cross departmental boundaries, and the responsibility for writing plans may be at odds with work team priorities. The Business Continuity Manager is provided direct access to the CEO to break down internal barriers that hinder plan development and testing. Subordinate managers may lead specific parts of the plan (Pandemic, Work Area Recovery, IT Systems).

Every company staffs their business continuity program based on its importance to the organization or the perceived level of risk. In most companies, the Business Continuity Manager works full-time on planning, training, and testing business continuity. For everyone else in other roles, their assistance to the program is part-time.

BUSINESS CONTINUITY PROGRAM SPONSOR

To oversee this important program, an executive sponsor is assigned. The project sponsor audits plans and test results to ensure that the business continuity program fulfills regulatory requirements. The sponsor’s involvement keeps the program synchronized with ever-changing company directions. The sponsor represents the program during business meetings so that status reports and support requests are not sidetracked or filtered by intervening management layers.

An important role is to oversee the work of the Business Continuity Manager to ensure that person’s performance meets company expectations. (It is a bad thing during a disaster to find out the Business Continuity Manager talked a good story but did not deliver workable plans.)

The program sponsor is involved with the program from beginning to end. During plan development, the program sponsor addresses reluctant departments and individuals who are less than enthusiastic about cooperating. The sponsor occasionally attends plan training and testing to gauge the level of participation.

During plan testing, the sponsor observes the test to ensure it is reasonably realistic given limitations of funds and resources. The results of the test are reviewed with everyone involved with the testing, and the sponsor submits a report to executives on the results.

Over time, the program sponsor reviews existing plans to ensure that they remain current. As enhancements to new systems are proposed, the program sponsor helps to ensure that the expansion is reflected at the recovery site as well.

During an emergency, the BCP sponsor leads the Command Center. The sponsor focuses on the immediate damage containment and recovery within the recovery time objective. This frees the CEO to focus on long-term recovery and customer relations.

BUSINESS CONTINUITY MANAGER

The Business Continuity Manager leads the company’s planning and recovery efforts. This person’s duties encompass the entire program, from assisting in editing plans to providing strategic leadership and vision. The role of the Business Continuity Manager is to educate technical experts on the proper way to write a plan and to assist them in its creation. The Business Continuity Manager is typically a full-time position, with a part-time assistant.

Most employees focus on day-to-day issues and are not interested in writing plans for something that they think is unlikely to happen. Therefore, the Business Continuity Manager needs to drive the program forward. At every opportunity, this manager educates people, encourages them in their planning efforts, and assists with testing. Reluctant team members are persuaded, pushed, begged, and cajoled into completing their plans on time.

Once a year, the three-year program strategy is updated. The plan for the upcoming year is created. Once the sponsor approves the plan, then a budget is drafted to support the plan.

The Business Continuity Manager must be knowledgeable in company processes and work well with people. This person does not write the recovery plans. The department experts must do that. Instead, the Business Continuity Manager provides assistance and encouragement to ensure they are completed on schedule. This person also ensures that the plans are complete and of a consistently high quality. On the companion url, you will find Form 7-2, Business Continuity Manager Job Description.

IT BUSINESS CONTINUITY MANAGER

The IT Business Continuity Manager is an IT technical expert who provides overall control and coordination of the IT recovery effort, removing obstacles from the path of the recovery teams and providing information to other disaster teams. This person must understand the interdependencies of modern technologies to ensure they are included within the appropriate recovery plans.

The best people are always fully booked with work. Yet they may also be the most knowledgeable people about processes and the best candidates to write plans that are succinct and right the first time. The IT Business Continuity Manager ensures that the least qualified employees are not delegated to write the plans.

The IT Business Continuity Manager verifies that technical mitigation actions take place. Examples of this are to ensure that all vital data is backed up and that the backups are readable at the recovery site. It might also include verifying that the data center humidity, fire, and security alarms are regularly tested and that the Uninterruptible Power Supply batteries are regularly maintained.

TECHNICAL RECOVERY TEAM

Technical plans for vital business processes must be written in such a way that someone knowledgeable about that technology (but not necessarily that process or IT system) could successfully follow it. The people who provide day-to-day support for an IT system or a business process know how it works; they know its quirks and linkages that have caused problems in the past. If an emergency occurred during a normal workday, they would pitch in and fix it. These plans are written for use by someone else where the primary support is not available.

Obtaining a slice of this valuable worker’s time is the issue. This is where the authority provided by the CEO comes in handy. Keep in mind that you will be working with this person and their department for many years to come, so allow time for them to fit this requirement into their work schedule.

WORK AREA RECOVERY MANAGER

The Work Area Recovery Manager leads the recovery of critical office functions at the office recovery site. This person is familiar with steps for analyzing and building office processes.

A successful work area recovery requires an understanding of workflows and layouts. Some teams exchange documents frequently or need to consult each other regularly. These teams should be collocated. Some teams, such as human resources or the legal team, need privacy. To the extent possible, this must be accommodated.

The Work Area Recovery Manager must know enough about the organization to keep pace with reorganizations and shifts in business focus. This manager must ensure that the work area recovery plan remains current.

Just as the IT Business Continuity Manager coordinates the IT system support team that is writing plans for the processes its members know so well, the Work Area Recovery Manager works with the various business departments to write their plans. This requires some understanding of the appropriate person to write the plan and who can be called on to support a business process on short notice.

The Work Area Recovery Manager is also responsible for the ongoing maintenance of the office recovery site, ensuring that the space is not used as a dumping ground for excess furniture or obsolete computer servers, or as a parking lot for Christmas decorations. The recovery site must be tested periodically to ensure that the network and telecom connections are functional and available when needed.

PANDEMIC EMERGENCY MANAGER

Pandemics are a different type of emergency. They tend to be long-lasting and cover a wide area. The Pandemic Emergency Manager must educate people on the potential for pandemic problems. They must also coordinate the authoring of plans that minimize contact between employees, vendors, and customers.

The Pandemic Emergency Manager applies medical expertise to guide the company through an extended medical emergency. Company policies must be adjusted and extensive sanitation measures applied across the enterprise.

Recovery Strategy

Insert the recovery strategy that was created based on Chapter 4. The recovery strategies are a high-level explanation of how the company will restore service within its recovery time objective. Different recovery strategies are required for IT systems, the work area, and the pandemic emergency.

IT RECOVERY STRATEGY

Recovery solutions such as hot sites (a prepared data center filled with servers and disks waiting for someone to turn them on) are expensive. A popular solution is to establish a second company data center about one hour’s drive from the main data center. This location should use a different power grid and telecommunications company link than the main facility. A one-hour drive allows workers to drive home at night. This is especially important for single parents.

To prepare the recovery site, move to the second data center all of the test servers for the critical IT systems. Also move servers for the noncritical systems. Include adequate disk and network support. To save time on recovery, mirror the critical data between the data center and the recovery site.

WORK AREA RECOVERY STRATEGY

Like IT, the work area recovery plan must execute in a prepared site. It does not take that long to run electrical connections down the middle of a conference center, run some network wiring, and erect tables and chairs. The longest delay is the time required to add adequate bandwidth to the outside world (which includes the data center recovery site). Without this external connection of adequate size, the recovery is hobbled or delayed. If the disaster covers a wide area, it may be weeks before the telecom wiring is ready.

PANDEMIC STRATEGY

The goal of the pandemic emergency plan is for the company to continue operations at a level that permits it to remain in business. This will require that the company take steps to prevent the spread of disease into and within the organization. Steps to minimize the spread of infection represent an additional cost for the company, and a cost that must be borne until the danger passes. Pandemic emergency steps require different strategies for major stakeholders:

Employees

• Those employees who can work from home should use a Virtual Private Network (VPN) connection to minimize the amount of time they spend in the office.

• The company sick day policy must be relaxed so that sick people are not forced to come into the workplace. Anyone who is sick should be encouraged to stay home. They should also stay home if they have a sick family member.

• Areas used by company workers must be cleaned thoroughly to address any infection brought in from the outside.

• Employees who travel into areas with a high rate of pandemic infection should work from home for the first week of their return.

Customers

• Areas where customers enter the facility must be cleaned thoroughly to address any infection brought in from the outside.

• Complimentary hand sanitation should be provided at all store entrances.

• It may be necessary to bring in individual sanitation supplies for an extended period of time.

• All returned products should be sanitized before examination.

Vendors

• Use videoconferencing and other electronic tools to meet with vendors.

• Carefully select meeting places with a low incidence of pandemic.

Risk Assessment

A risk assessment is an analysis of the threats facing the organization. Controllable risks are mitigated to reduce their likelihood and impact. They may also be mitigated to increase the amount of warning prior to the incident occurring. For your administrative plan, use the same type of risk assessment discussed in Chapter 3.

Writing Recovery Plans

When an incident occurs, there is a great need to take action. Recovery plans minimize the chaos by providing action guidelines and procedures to follow until adequate facts are available to select a course of action. For things to consider when writing your document, refer to the guidelines that you developed earlier, in Chapter 6.

It is impossible for the Business Continuity Manager to step into a department and write a viable business continuity plan. That person lacks the detailed knowledge of the process, including its variations and known quirks. Business continuity plans must be written by the people who work with a process on a regular basis. These plans are the responsibility of the department managers, not the Business Continuity Manager.

Three-Year Program Strategy

The three-year strategy explains how the BCP program will achieve its goals. It details how the program begins small in the first year and culminates in a full test by the third year. Many things must occur along the way and, once a plan is written, it becomes a maintenance burden on the team. As time goes on, there are more and more plans to maintain while others are still being written.

IT systems are a collection of interlocking technologies. They must individually be recovered and tested. Then, they need to be tested together with some of the interrelated systems. This type of test often reveals missed links and must be repeated. The end is when all of the critical systems are tested together—a very expensive exercise. Without this progression of testing, it is unlikely a big test will ever be completed.

All IT systems begin and end with people. Business processes must likewise be tested. However, these plans are often tested informally due to day-to-day activity where one aspect or another fails.

“CRAWL”—the First Year This is the initial phase during which the foundation for the program is created. The company is examined using the Business Impact Analysis and risk assessment to determine its recovery strategy. While the recovery site is selected and prepared, individual plans for business process recovery and IT system recovery can be written and individually tested.

During the first year, time must be set aside to train the various stakeholder groups so that the entire company is following the same plan for business continuity recovery. If possible, begin on the work area recovery and pandemic emergency plans at the same time.

“WALK”—the Second Year During the second year, continue writing the plan and raise testing to the next level. The recovery of entire IT systems (applications, databases, and network and operating support) are conducted. Business process plans are tested, and a work area recovery test is conducted for a limited number of people. A pandemic exercise can be tied to recent health threats or a particular virulent flu strain. The point is to not focus exclusively on the IT recovery plans but to spread the exercises around to the work area recovery and pandemic emergency teams.

At this point, the program is matured enough that an outside organization can be hired to evaluate it and the testing procedures. This will inject some fresh ideas into the program and provide more assurance to the company executives that the plan is on the right track.

“RUN”—the Third Year By now the plan should be ready for a full system test. Shut down the office and IT systems and run the company from the recovery sites! (Such tests are rare.)

However, it may be possible to conduct a multisystem exercise that is coordinated with a test of a significant portion of the work area recovery plan. This should be timed to occur during the slow part of your business cycle. This also validates that the recovered offices can effectively communicate with the recovered data center. Some companies invite local news reporters to see the test to promote their public image.

Prepare a Document Repository

A business continuity program generates a lot of documents. Recovery plans, Business Impact Analyses, risk assessments, and results of testing are examples of the many things that must be kept handy. Furthermore, many people contribute and maintain these documents. A central place is necessary to store everything so that it can be found when needed. There are several popular options:

Establish a file share with subdirectories to separate the technical plans from the public areas. This is inexpensive and access permissions are controlled by the Business Continuity Manager.

Use a document management product, such as Microsoft’s SharePoint, which also tracks who has which document checked out for updates.

Create a secure cloud-based storage folder to hold all documents. This makes the information readily available through a wide range of devices.

The challenge is to control access to plans so that the Business Continuity Manager ensures the quality and accuracy of anything accepted for storage. Some people will write little and call it enough. They will want to store it and declare the job complete. Other well-meaning people may want to use their unique recovery plan format, which will also cause confusion. Whatever tool you use, set aside a submissions area to receive proposed plans for review.

To be useful in a crisis, the repository must be available at the recovery site. This may mean that it runs on a server at a third-party site or at the recovery site. This introduces other issues, such as ensuring the network connection to the server is secured.

Training for a Consistent Product

Never assume that someone understands the basics of the business continuity program, what they should do, or how they should do it. Different people have different ideas about it based on their professional background and individual experience. Their intentions are good and their efforts sincere, but may be out of sync with the program.

Business continuity training provides many benefits, including:

A consistent understanding of the essential business continuity issues

A common terminology for all team members

A framework so that plans follow a relatively consistent format

Training is a never-ending challenge. It is a program’s number-one defense against poor quality. As soon as everyone has been trained on how to develop and maintain their business continuity plans, it is time to plan an annual refresher course. All training is based on:

What must be learned and the best way to present it

How to prepare for it

How to present it

Handouts and visual aids

Practicing the presentation

Well-prepared training focuses on its intended audience. It answers the basic questions of who must do what, when, and how. All of this is presented after explaining to the audience why the training is important and relevant to them. The instructor must answer the audience’s question, “What’s in it for me?”

Most BCP team members will perform to standard if they understand what the standard is and why it is important. Time spent training is time invested in an easier-to-manage program. It builds enthusiasm in the students, provides a sense of purpose in the team members, and ensures a consistent product.

Different groups of stakeholders need different types of training:

Company Executives. Require an understanding of what a business continuity program requires.

Business Continuity Program Sponsor.

Business Process Owners.

IT Technical Recovery Team.

Executive Staff.

Program Awareness

A successful business continuity program awareness effort can result in greater company-wide support for your program. It also reduces the reluctance of people to participate.

An awareness program is an ongoing process. It is best conducted a bit here and a bit there. Sometimes the message goes out one way and then another. Keeping the message fresh and relevant helps to maintain everyone’s interest. The thing to avoid is an information void. People will fill an absence of information with their own fears. This will result in concern about the program rather than support for it. Ways to build awareness include:

Success stories in company newsletters

Success videos on company TVs

Posters reminding key points

Discussions with departments

Dedicated quarterly newsletter with FAQs or Q&As

Company wiki or online forum

Business continuity and disaster planning can generate a lot of employee interest. Harnessing this for the benefit of the program can provide some valuable support when fighting for priority support. The easiest way to encourage this positive energy is through a steady flow of program information.

BCP awareness can partner with other company functions to maintain a steady stream of information. A primary one is the information security team. Its members have the same challenge, which is to educate employees and demonstrate ongoing value to the company. A serious security breach disrupts company operations just like any other business disruption. Articles and presentations may be alternated or made at the same time.

The BCP awareness program is usually a never-ending series of small encounters rather than a single grand session. The Business Continuity Manager must be the program’s “evangelist,” spreading the good word of the value and company benefits of the program to every employee encountered. This can be accomplished through a variety of channels.

COMPANY NEWSLETTERS

Company newsletters work well because they have the potential to touch everyone at the same time with the same message. Most newsletters are starving for well-written stories relevant to the company’s successes. (This is not a place for editorializing or negative comments.) Newsletter stories can come from many sources:

Profile a team member—everybody has some interesting facets.

Talk about a specific aspect of the plan, such as the process of writing a recovery plan.

Review the results of the latest plan test.

Offer reminders on information security topics such as social engineering and physical security.

Provide a year-end recap of program accomplishments.

After a major incident (such as a power outage, fire, or other incident), describe how the event unfolded and its results. This is a great story to tell.

Remind everyone of their personal safety actions during an earthquake, fire, or other disaster.

Educate by detailing one subtopic in the recovery plan.

Newsletters have limited space. Keep the articles informative, upbeat, and tightly focused. This will keep readers looking forward to the next issue. Newsletters always present current events first and then fill the remaining space with information that is not time-sensitive.

Make up a stack of articles in advance. During a slow period, write up a half dozen or more and keep them in a folder. When time is tight, you can maintain a stream of copy to the newsletter staff.

PERSONALLY DELIVER THE MESSAGE

There is no substitute for a face-to-face meeting. People are more convinced by a personal encounter, and it is an excellent way to obtain feedback on how the program is progressing.

Visit the various departments in the company and ask to speak at either the supervisor’s staff meeting or an all-hands department meeting. A five- to ten-minute recap of the program will be appreciated. This helps keep people focused on the program. Always leave time to answer questions. Feedback from the audience is valuable for gauging the clarity and usefulness of the message.

WHAT TO SAY

Keep each article, poster, or presentation focused on a single issue. A single-page article is plenty. A five-minute presentation will be enough, particularly if the audience is not interested. Open an interested audience to questions after the brief presentation. The more that the message is tuned to the audience, the closer audience members will pay attention. Topics that involve their personal safety are of interest, as are topics dealing with the long-term health of the company.

Tie your BCP topics to current events. This could be a natural disaster of a type that could occur in your area, a major fire at another company with a recognizable name, or even an upcoming weather prediction. Each example makes the situation “more real” to your coworkers. The goal is not to scare anyone; it is just to gain a bit of their attention. In general, keep the message (or at least the closing lines) upbeat. Verify all of your facts to carefully protect your credibility.

Identify Critical IT Systems

In this section, insert your restoration priorities, based on the Business Impact Analysis. Priorities are grouped into two lists. The first list is the business processes and their impact if unusable. The second list is the IT restoration priority list. This list begins with the infrastructure systems to be recovered and then progresses to the restoration sequence of the remaining vital IT systems. For example, a Windows active directory server must be restored before application software.

Plan Distribution and Updating

Recovery plans have a balancing problem. On the one hand, they contain a significant amount of confidential information that can be used to harm the company. They must be kept locked tightly away. On the other hand, the plans must be readily accessible when needed or they are worthless. To address this, plans are broken into sections and distributed according to who will update or execute them. The primary sections are:

Administrative Plan. Available to everyone, it describes the BCP program and contains many reference documents, such as contact information for service agreements.

Company Leadership Plan. Describes the first few hours of the emergency.

Technical Recovery Plans. Step-by-step instructions for recovering a business process or IT system.

Work Area Recovery Plans. Recovering office worker spaces.

Pandemic Emergency Plan. Actions during an extended health emergency.

It hurts the feelings of company executives to be denied access to something as important as a complete set of plans, but since it is doubtful that the CEO could personally understand or execute one of the technical recovery plans, possessing them provides little value.

Each company should determine the best mix of plan distribution. In general, those who execute a plan should have a copy at work and at home. Company executives should possess a copy of the company leadership plan, but not the technical plans. Keep one complete set at the recovery site in a locked cabinet. The IT Director, Business Continuity Manager, and the Business Continuity Manager’s backup should each have a copy at work and at home.

A primary challenge with plan distribution is how to update the document. Updating binders can be troublesome. Often people will forget to insert the changes and remove the old pages. This results in inconsistent plans.

One solution is to always replace entire plan binders with updates. This is more expensive but ensures that plans are updated since the old binder must be submitted to receive the new one. Some companies provide the plans on memory sticks that the team members wear as necklaces or are attached to their car keys. The document on the memory stick must be encrypted.

Common mediums to use for distributing the plan:

Cloud Storage. Keep plans in a secure cloud storage space that can be accessed as needed.

Binders. Easy to make up; physically available in a crisis. To update, you must collect the binders; don’t tell anyone to insert pages because it won’t happen. Best practice is to collect and exchange.

Memory Sticks. Same or lower-cost option than binders, but require a PC to read. Memory sticks must be encrypted. They can attach to key chains.

Notebook PCs. You have to hope employees take them home. They may be lost in an evacuation.

Assemble a Reference Section

The reference section of the plan contains information useful to managers in a disaster, as well as in day-to-day management. These documents speed problem resolution.

Out-of-date information provides a false sense of security. Be sure to update information quarterly. When the annual renewal comes around for a service contract, you can reflect on how often late-night support was required so that hours for agreements can be lengthened or reduced. Typically a support contract for 24 hours, 7 days per week coverage costs twice as much as an 8:00 AM to 5:00 PM agreement.

Examples of items to include:

Vendor Contact List. A listing of the vendors used by the company, including what they provide and how to contact them.

Service Agreement List. A listing of all service contracts that support the company, along with the procedure for contacting someone about it. Be sure to include a 24-hour contact number even if support covers fewer hours.

Employee Skills Matrix. This provides insight into who can be called on to help with a specific problem. This information is essential when the regular support people are not available.

Organization Chart from the Top of the Company Down Three Levels. This tool indicates who has what job assignment in each department. For example, if there is a problem with the system that receives incoming shipments of materials into the warehouse, the chart can provide names with telephone numbers and email addresses.

Program Timelines.

Conclusion

The administrative plan is the foundation for the business continuity program. It describes the framework for the overall program. It identifies tasks for the Business Continuity Manager to achieve, as well as describes ongoing program activities.

This document identifies the scope of the program. Knowing the limits of the plan helps to determine what areas are to be covered. The plan’s scope is provided by the executive sponsor. This ensures the program covers all of the desired areas (lines of business, company sites, etc.). It also ensures that the program does not “wander off” into areas the company does not view as a priority.

Probably the best description of the administrative plan is that it holds material that is common to all programs. Its description of the program’s fundamentals apply to each plan. The administrative plan provides reference materials required by all of the other recovery plans, such as employee recall telephone numbers, vendor contact lists, and service contracts.

Keeping everything in one place makes it easy for everyone to find. Since the plan does not include confidential information (like you will find in the IT recovery plan), it can be distributed to all team members.