BCP Template 2012

Peoples Steel Mills Ltd.
IT Data Backup & Recovery Plan
As Part of
PSM’s BCP
Version 1.0
August 29, 2019

CONFIDENTIAL Document for Internal Use by (Organization) Personnel Only
Version Number: 1.00 Last Updated: Month Day, Year Printed: Month, Year
Page 2 of 55
Table of Contents
DOCUMENT CHANGE CONTROL................................................................................. 6
SECTION I: INTRODUCTION ......................................................................................... 7
A. How to Use This Plan .............................................................................................. 7
B. Objectives ................................................................................................................ 7
C. Scope ....................................................................................................................... 8
D. Assumptions ........................................................................................................... 8
E. Changes to the Plan/Maintenance Responsibilities.............................................. 9
F. Plan Testing Procedures and Responsibilities ..................................................... 9
G. Plan Training Procedures and Responsibilities .................................................... 9
H. Plan Distribution List ............................................................................................ 10
SECTION II: BUSINESS CONTINUITY STRATEGY .................................................... 11
A. Introduction ........................................................................................................... 11
B. Business Function Recovery Priorities ............................................................... 11
C. Relocation Strategy and Alternate Business Site ............................................... 11
D. Recovery Plan Phases .......................................................................................... 12

1. Disaster Occurrence ..................................................................................................... 12
2. Plan Activation .............................................................................................................. 12
3. Alternate Site Operations .............................................................................................. 12
4. Transition to Primary Site.............................................................................................. 12
E. Vital Records Backup ........................................................................................... 12
F. Restoration of Hardcopy Files, Forms, and Supplies ......................................... 13
G. On-line Access to <ORGANIZATION NAME> Computer Systems ..................... 13
H. Mail and Report Distribution................................................................................. 14
SECTION III: RECOVERY TEAMS ............................................................................... 15
A. Purpose and Objective.......................................................................................... 15

Page 3 of 55
B. Recovery Team Descriptions ............................................................................... 15
C. Recovery Team Assignments............................................................................... 15
D. Personnel Notification .......................................................................................... 16
E. Team Contacts ...................................................................................................... 16
F. Team Responsibilities........................................................................................... 16
Business Continuity Coordinator – <Insert Name> ................................................................. 18
EOC Communications Team – ................................................................................................ 18
EOC Human Resources Team – ............................................................................................. 19
EOC Administration Team – .................................................................................................... 19
Emergency Response Team – ................................................................................................ 20
Information Technology Recovery Team (See also Disaster Recovery Plan) – ..................... 20
SECTION IV: RECOVERY PROCEDURES .................................................................. 22
A. Purpose and Objective.......................................................................................... 22
B. Recovery Activities and Tasks ............................................................................. 23

PHASE I: Disaster Occurrence ............................................................................................... 23
PHASE II: Plan Activation ........................................................................................................ 27
PHASE III: Alternate Site Operations ...................................................................................... 32
PHASE IV: Transition to Primary Operations .......................................................................... 34
SECTION V: APPENDICES .......................................................................................... 37
Appendix A - Employee Telephone Lists .................................................................. 38
Appendix B - Recovery Priorities for Critical Business Functions.......................... 39
Appendix C - Alternate Site Recovery Resource Requirements .............................. 40
Appendix D - Emergency Operations Center (EOC) Locations ............................... 42
Appendix E - Vital Records ........................................................................................ 43
Appendix F - Forms and Supplies ............................................................................. 44
Appendix G - Vendor Lists ......................................................................................... 45
Appendix H - Desktop Computer Configurations ..................................................... 46
Appendix I - Computer System Reports .................................................................... 47
Appendix J - Critical Software Resources................................................................. 48
Appendix K - Alternate Site Transportation Information .......................................... 49
Appendix L - Alternate Site Accommodations Information...................................... 50

Page 4 of 55
Appendix M - Severity Impact Assessments............................................................. 51
Appendix N - <ORGANIZATION NAME> Business Impact Assessment ................. 52
Appendix O - Recovery Tasks List ............................................................................ 53
Appendix P - Recommended <ORGANIZATION NAME> Office Recovery .............. 54

Page 5 of 55
Peoples Steel Mills Ltd Information Technology Section
Business Continuity Plan
Introduction
DOCUMENT CHANGE CONTROL

Date Version Requester Tech. Writer Change/Review
Modified by: ________________________________________________ ________/____/_____
Reviewed by: ________________________________________________ ________/____/_____
Approved by: ________________________________________________ ________/____/_____

Section I: Introduction
A. How to Use This Plan

In the event of a disaster which interferes with PSM’s ability to conduct business from
one of its offices, this plan is to be used by the responsible individuals to coordinate the
business recovery of their respective areas and/or departments. The plan is designed to
contain, or provide reference to, all of the information that might be needed at the time of
a business recovery.
This plan is not intended to cover the operations of PSM’s separately structured
Emergency Response Team.
Index of Acronyms: (EOC) Emergency Operations Center – (EMT) Emergency
Management Team – (ERT) Emergency Response Team – (BCP) Business Continuity
Plan – (IT) Information Technology
Section I, Introduction, contains general statements about the organization of the plan.
It also establishes responsibilities for the testing (exercising), training, and maintenance
activities that are necessary to guarantee the ongoing viability of the plan.
Section II, Business Continuity Strategy, describes the strategy that the <Department
Name> Department will control/implement to maintain business continuity in the event of
a facility disruption. These decisions determine the content of the action plans, and if
they change at any time, the plans should be changed accordingly.
Section III, Recovery Teams, lists the Recovery Team functions, those individuals who
are assigned specific responsibilities, and procedures on how each of the team
members is to be notified.
Section IV, Team Procedures, determines what activities and tasks are to be taken, in
what order, and by whom in order to affect the recovery.
Section V, Appendices, contains all of the other information needed to carry out the
plan. Other sections refer the reader to one or more Appendices to locate the
information needed to carry out the Team Procedures steps.
B. Objectives
The objective of the Business Continuity Plan is to coordinate recovery of critical
business functions in managing and supporting the business recovery in the event of a
facilities (office building) disruption or disaster. This can include short or long-term
disasters or other disruptions, such as fires, floods, earthquakes, explosions, terrorism,
tornadoes, extended power interruptions, hazardous chemical spills, and other natural or
man-made disasters.
A disaster is defined as any event that renders a business facility inoperable or
unusable so that it interferes with the organization’s ability to deliver essential
business services.
The priorities in a disaster situation are to:

1. Ensure the safety of employees and visitors in the office buildings.
(Responsibility of the ERT)
2. Mitigate threats or limit the damage that threats can cause. (Responsibility of the
ERT)
3. Have advanced preparations to ensure that critical business functions can
continue.
4. Have documented plans and procedures to ensure the quick, effective execution
of recovery strategies for critical business functions.
The <Department Name> Business Continuity Plan includes procedures for all phases of
recovery as defined in the Business Continuity Strategy section of this document.
C. Scope
The Business Continuity Plan is limited in scope to recovery and business continuance
from a serious disruption in activities due to non-availability of <ORGANIZATION
NAME>’s facilities. The Business Continuity Plan includes procedures for all phases of
recovery as defined in the Business Continuity Strategy of this document. This plan is
separate from <ORGANIZATION NAME>’s Disaster Recovery Plan, which focuses on
the recovery of technology facilities and platforms, such as critical applications,
databases, servers or other required technology infrastructure (see Assumption #1
below). Unless otherwise modified, this plan does not address temporary interruptions
of duration less than the time frames determined to be critical to business operations.
The scope of this plan is focused on localized disasters such as fires, floods, and other
localized natural or man-made disasters. This plan is not intended to cover major
regional or national disasters such as regional earthquakes, war, or nuclear holocaust.
However, it can provide some guidance in the event of such a large scale disaster.
D. Assumptions
The viability of this Business Continuity Plan is based on the following assumptions:
1. That a viable and tested IT Disaster Recovery Plan exists and will be put into
operation to restore data center service at a backup site within five to seven
days.
2. That the Organization’s facilities management department has identified
available space for relocation of departments which can be occupied and used
normally within two to five days of a facilities emergency.
3. That this plan has been properly maintained and updated as required.
4. That each department has their own Business Continuity Plan.
5. The functions and roles referenced in this plan do not have to previously exist
within an organization; they can be assigned to one or more individuals as new
responsibilities, or delegated to an external third party if funding for such services
can be arranged and allocated.
E. Changes to the Plan/Maintenance Responsibilities
Maintenance of the <Department Name> Business Continuity Plan is the joint
responsibility of the <Department Name> management, the Facilities Management
Department, and the Business Continuity Coordinator.
<Department Name> management is responsible for:

1. Periodically reviewing the adequacy and appropriateness of its Business
Continuity strategy.
2. Assessing the impact on the <Department Name> Business Continuity Plan of
additions or changes to existing business functions, <Department Name>
procedures, equipment, and facilities requirements.
3. Keeping recovery team personnel assignments current, taking into account
promotions, transfers, and terminations.
4. Communicating all plan changes to the Business Continuity Coordinator so that
the organization’s IT master Disaster Recovery Plan can be updated.
Facilities Management Department management is responsible for:
1. Maintaining and/or monitoring offsite office space sufficient for critical
<Department Name> functions and to meet the <Department Name> facility
recovery time frames.
2. Communicating changes in the “Organization IT Disaster Recovery Plan” plan
that would affect groups/departments to those groups/departments in a timely
manner so they can make any necessary changes in their plan.
3. Communicating all plan changes to the Business Continuity Coordinator so that
the master plan can be updated.
The Business Continuity Coordinator is responsible for:
1. Keeping the organization’s IT Recovery Plan updated with changes made to
<Department Name> facilities plans.
2. Coordinating changes among plans and communicating to <Department Name>
management when other changes require them to update their plans.
F. Plan Testing Procedures and Responsibilities

<Department Name> management is responsible for ensuring the workability of their
Business Continuity Plan. This should be periodically verified by active or passive
testing.
G. Plan Training Procedures and Responsibilities

<Department Name> management is responsible for ensuring that the personnel who
would carry out the Business Continuity Plan are sufficiently aware of the plan’s details.
This may be accomplished in a number of ways including; practice exercises,
participation in tests, and awareness programs conducted by the Business Continuity
Coordinator.
H. Plan Distribution List
The <Department Name> Business Continuity Plan will be distributed to the following
departments and/or individuals, and will be numbered in the following manner:
Plan ID No Location Person Responsible

<Department Name> Department
< ORGANIZATION NAME> Business Continuity Plan
Business Continuity Strategy
Section II: Business Continuity Strategy
A. Introduction
This section of the <Department Name> Business Continuity Plan describes the strategy
devised to maintain business continuity in the event of a facilities disruption. This
strategy would be invoked should the <ORGANIZATION NAME> <Department
Name> primary facility somehow be damaged or inaccessible.
It is assumed that each critical business function at your location also has their own
group/department Business Continuity Plan, which is similar to this plan except the
recovery procedures and appendices have been customized for each respective
group/department based on size, and complexity.
B. Business Function Recovery Priorities

The strategy is to recover critical <Department Name> business functions at the
alternate site location. This can be possible if an offsite strategy has been put into effect
by Office Services and Disaster Recovery/IT Teams to provide the recovery service.
Information Systems will recover IT functions based on the critical departmental
business functions and defined strategies.
Business Functions by Location are listed in Appendix B (Recovery Priorities for
Critical Business Functions). “Time Critical Business Functions,” i.e., those of which
are of the most critical for immediate recovery at the secondary location are:
Reference: Appendix B – Recovery Priorities for Critical Business Functions
C. Relocation Strategy and Alternate Business Site

In the event of a disaster or disruption to the office facilities, the strategy is to recover
operations by relocating to an alternate business site. The short-term strategies (for
disruptions lasting two weeks or less), which have been selected, include:
Primary Location Alternate Business Site
<Office Address> TBD
For all locations, if a long-term disruption occurs (i.e. major building destruction, etc.);
the above strategies will be used in the short-term (less than two weeks). The long-term
strategies will be to acquire/lease and equip new office space in another building in the
same metropolitan area.
D. Recovery Plan Phases

The activities necessary to recover from a <ORGANIZATION NAME> facilities disaster
or disruption will be divided into four phases. These phases will follow each other
sequentially in time.
1. Disaster Occurrence
This phase begins with the occurrence of the disaster event and continues until a
decision is made to activate the recovery plans. The major activities that take
place in this phase includes: emergency response measures, notification of
management, damage assessment activities, and declaration of the
disaster.
2. Plan Activation
In this phase, the Business Continuity Plans are put into effect. This phase
continues until the alternate facility is occupied, critical business functions
reestablished, and computer system service restored to <ORGANIZATION
NAME>’s Departments. The major activities in this phase include: notification
and assembly of the recovery teams, implementation of interim
procedures, and relocation to the secondary facility/backup site, and re-
establishment of data communications.
3. Alternate Site Operations

This phase begins after secondary facility operations are established and
continues until the primary facility is restored. The primary recovery activities
during this phase are backlog reduction and alternate facility processing
procedures.
4. Transition to Primary Site

This phase consists of any and all activities necessary to make the transition
back to a primary facility location.
E. Vital Records Backup

All vital records for <Department Name> that would be affected by a facilities disruption
are maintained and controlled by either <Department Name> or Disaster Recovery/IT.
Some of these files are periodically backed up and stored at an offsite location as part of
normal <Department Name> operations.
When <Department Name> requires on-site file rooms, scanning, and organization
offsite storage locations, best practices advise using one near-by Records Warehouse
and another secure site for vital records and data back-up. All vital documents are
typically located in files within the office complex and the most current back-up copies
are in a secure off-site storage facility.
F. Restoration of Hardcopy Files, Forms, and Supplies

In the event of a facilities disruption, critical records located in the <Department Name>
Department may be destroyed or inaccessible. In this case, the last backup of critical
records in the secure warehouse would be transported to the secondary facility. The
amount of critical records, which would have to be reconstructed, will depend on when
the last shipment of critical records to the offsite storage location occurred.
<Department Name> management will arrange the frequency of rotation of critical
records to the offsite storage site.
The following categories of information can be exposed to loss:
1. Any files stored on-site in file cabinets and control file rooms.
2. Information stored on local PC hard drives.
3. Any work in progress.
4. Received and un-opened mail.
5. Documents in offices, work cubes and files.
6. Off-site records stored in the Records Warehouse (if this is not a secure,
hardened facility).
G. On-line Access to <ORGANIZATION NAME> Computer Systems

In the event of a facilities disruption, the IT Disaster Recovery Plan strategy should be to
assist in re-establishing connectivity to the <ORGANIZATION NAME> departments and
to establish remote communications to any alternate business site location. If the data
center is affected by a disaster or disruption, the IT Disaster Recovery Plan should
include recovering processing at a pre-determined alternate site. Services covered
would include; phones, cellular phones, pagers, communications, and all other services
required for restoring limited emergency service to the organization.
In this case, data communications will be rerouted from the data processing hot or cold
site to the respective alternate business site locations.
**BCP Representatives - It will be necessary to contact your respective Information
Technology department in order to complete this section. You should understand, and
enter here, what the recovery timeframe is for systems recovery (i.e. will have critical
systems restored within hours or days) and what the strategy is for acquisition,
installation, and connection of PC’s/terminals. Acquisition and recovery of critical
standalone personal computer capabilities should also be considered here. You should
also understand the Information Technology strategy for recovery of applications, either
AS/400 based and/or those on desktop systems, which <Department Name> relies on.**
H. Mail and Report Distribution

During the time that <ORGANIZATION NAME> department operations are run from the
secondary facilities, output reports and forms will have to be delivered to that location.
The data center may or may not have the same print capability if the disruption affected
the data center as well, so it may be necessary to prioritize printing of output.
The EOC Administration Team in conjunction with designated delivery/courier services

will distribute mail to all <ORGANIZATION NAME> alternate business sites. Due to the
possibility of multiple alternate business sites and the additional travel time required for
mail service activities, the number of mail pickups and deliveries could possibly be
decreased from the normal daily routine to once daily. Mail pickup and delivery
schedules, including overnight mail, will be established and communicated to each
alternate business site. Overnight mail/package delivery carriers should be contacted
directly by a business function for items requiring pickup after the last scheduled pickup
by the EOC Administration Team. All overnight mail service vendors will be notified by
the EOC Administration Team of appropriate alternate office addresses to redirect
deliverables to <ORGANIZATION NAME> personnel or provide for pick up at the post
office by a Team member.
Recovery Teams
Section III: Recovery Teams
A. Purpose and Objective

This section of the plan identifies who will participate in the recovery process for the
<Department Name> Business Continuity Plan. The participants are organized into one
or more teams. Each team has a designated team leader and an alternate for that
person. Other team members are assigned either to specific responsibilities or as team
members to carry out tasks as needed.
The information in this section is organized into several subsections.
B. Recovery Team Descriptions

This section lists the team definitions for the <Department Name> Team and gives a
short explanation of the function of each team or function.
<Department Name> Recovery Team:
Responsible for oversight of the <Department Name> recovery functions.
C. Recovery Team Assignments

This section identifies the team roles and the specific responsibilities that have been
assigned to the team.
Team leader - Overall coordination of <Department Name> Recovery Team
Backup Team Leader - Duties to be assigned based on Recovery Team areas

of responsibility.
Team Member - Duties to be assigned based on Recovery Team areas of

responsibility
Recovery Teams
D. Personnel Notification
This section specifies how the team members are to be notified if the plan is to be put
into effect by identifying who calls whom, and in what order. Notification can also be
made by using tools such reverse 911 or other notification systems.
References: Appendix A - Employee Telephone Lists
E. Team Contacts
This section identifies other people or organizations outside of the <Department Name>
Team who might need to be contacted during the recovery process. Their names and
telephone numbers are provided.
Reference: Appendix A – Employee Telephone Lists
F. Team Responsibilities
<Insert Name>
Incident Commander
<Insert Name> <Insert Name> <Insert Name> <Insert Name>
HR/Public Information Information Finance/Admin Legal/Contracts

Officer Technology
<Insert Name(s)>
Business Function Leader(s)

(Include as needed)
Recovery Teams
Departmental Recovery Teams
Name Department/Position Floor Comments

Recovery Teams
Business Continuity Coordinator – <Insert Name>

In the event of a disaster, the Business Continuity Coordinator is responsible for
ensuring that the following activities are successfully completed:
 Works with the <ORGANIZATION NAME> Emergency Management Team to
officially declare a disaster, and start the Disaster Recovery/Business
Continuation process to recover <ORGANIZATION NAME>’s business functions
at an alternate site.
 Alert <ORGANIZATION NAME>’s Senior Management that a disaster has been
declared.
 Assist in the development of an official public statement concerning the disaster.
The <ORGANIZATION NAME>’s EOC Communications Team Leader is the only
individual authorized to make public statements about organization affairs.
 Monitor the progress of all Business Continuity and Disaster Recovery teams
daily.
 Present Business Continuity Plan recovery status reports to Senior Management
on a daily basis.
 Interface with appropriate work management personnel throughout the recovery
process.
 Communicate directions received from <ORGANIZATION NAME>’s Senior
Management to the EOC and Departmental Business Continuity Team Leaders.
 Provide on-going support and guidance to the Business Continuity teams and
personnel.
 Review staff availability and recommend alternate assignments, if necessary.
 Work with <ORGANIZATION NAME>’s Senior Management to authorize the use
of the alternate recovery site selected for re-deploying critical <ORGANIZATION
NAME> resources.
 Review and report critical processing schedules and backlog work progress,
daily.
 Ensure that a record of all Business Continuity and Disaster Recovery activity
and expenses incurred by <ORGANIZATION NAME> is being maintained.
EOC Communications Team –

This team is responsible for providing information regarding the disaster and recovery
efforts to:
 <ORGANIZATION NAME> and organization offices Senior Management
 Customers
Recovery Teams
 Vendors/Contracts
 Media
 Regulatory Agencies
 Other Stakeholders
 Coordinating, submitting, and tracking any and all claims for insurance.
EOC Human Resources Team –
This team is responsible for:
 Providing information regarding the disaster and recovery efforts to employees
and families.
 Assisting in arranging cash advances if out of area travel is required.
 Notifying employee’s emergency contact of employee injury or fatality.
 Ensuring the processing of all life, health, and accident insurance claims as
required.
 Coordinates temporary organization employee requests.
EOC Administration Team –

 Ensuring the recovery/restoration personnel has assistance with clerical tasks,
errands, and other administrative activities.
 Arranging for the availability of necessary office support services and equipment.
 Providing a channel for authorization of expenditures for all recovery personnel.
 Arranging travel for employees.
 Tracking all costs related to the recovery and restoration effort.
 Identifying and documenting when repairs can begin and obtaining cost
estimates.
 Determining where forms and supplies should be delivered, based on damage to
the normal storage areas for the materials.
 Contacting vendors to schedule specific start dates for the repairs.
 Taking appropriate actions to safeguard equipment from further damage or
deterioration.
 Coordinating the removal, shipment, and safe storage of all furniture,
documentation, supplies, and other materials as necessary.
 Supervise all salvage and cleanup activities.
 Coordinating required departmental relocations to the recovery sites.
Recovery Teams
 Coordinating relocation to the permanent site after repairs are made

 Assuring that arrangements are made for meals and temporary housing facilities,
when required, for all recovery personnel.
 Assuring order placement for consumable materials (forms, supplies, etc.) for
processing based upon input from the other teams.
 Notifying the United States Postal Service of delivery disruption.
 Establishing internal mail delivery procedures and process.
 Assuring that mail, and reports are redirected to the proper location as required.
Emergency Response Team –
 The safety of all employees.
 Inspecting the physical structure and identifying areas that may have sustained
damage.
 Expanding on and/or revising the findings of the Preliminary Damage
Assessment.
 Providing management with damage assessment reports and recommendations.
Information Technology Recovery Team (See also Disaster Recovery Plan)

–
 Activating the IT Technology Recovery Plan (See also Disaster Recovery Plan).
 Managing the IT disaster response and recovery procedures.
 Mobilizing and managing IT resources.
 Coordinating all communications related activities, as required, with telephone &
data communications, PC, LAN support personnel, and other IT related vendors.
 Assisting, as required, in the acquisition and installation of equipment at the
recovery site.
 Ensuring that cellular telephones, and other special order equipment and
supplies are delivered to teams as requested.
 Participating in testing equipment and facilities.
 Participating in the transfer of operations from the alternate site as required.
 Coordinating telephone setup at the EOC and recovery site.
 Coordinating and performing restoration or replacement of all desktop PCs,
LANs, telephones, and telecommunications access at the damaged site.
Recovery Teams
 Coordinating Disaster Recovery/IT efforts between different departments in the

same or remote locations.
 Training Disaster Recovery/IT Team Members.
 Keeping Senior Management and the EOC Business Continuity Coordinator
appraised of recovery status.
< ORGANIZATION NAME > Business Continuity Plan
Recovery Procedures
Section IV: Recovery Procedures
A. Purpose and Objective

This section of the plan describes the specific activities and tasks that are to be carried
out in the recovery process for <Department Name>. Given the Business Continuity
Strategy outlined in Section II, this section transforms those strategies into a very
specific set of action activities and tasks according to recovery phase.
The Recovery Procedures are organized in the following order: recovery phase, activity
within the phase, and task within the activity.
The recovery phases are described in Section II.D of the Plan. In the Recovery
Procedures document, the phases are listed in the order in which they will occur. The
description for each recovery phase begins on a new page.
Each activity is assigned to one of the recovery teams. Each activity has a designated
team member who has the primary assignment to complete the activity. Most activities
also have an alternate team member assigned. The activities will only generally be
performed in this sequence.
The finest level of detail in the Recovery Procedures is the task. All plan activities are
completed by performing one or more tasks. The tasks are numbered sequentially within
each activity, and this is generally the order in which they would be performed.
Recovery Procedures
B. Recovery Activities and Tasks
PHASE I: Disaster Occurrence
ACTIVITY: Emergency Response and Emergency Operations Center Designation

ACTIVITY IS PERFORMED AT LOCATION: Main Office or Emergency Operations Center
ACTIVITY IS THE RESPONSIBILITY OF THIS TEAM: All Employees
TASKS:
1. After a disaster occurs, quickly assess the situation to determine whether to immediately
evacuate the building or not, depending upon the nature of the disaster, the extent of
damage, and the potential for additional danger.
Note: If the main office is total loss, not accessible or suitable for occupancy, the
remaining activities can be performed from the Emergency Operations Center (EOC),
after ensuring that all remaining tasks in each activity have been addressed. This
applies to all activities where the Main Office is the location impacted by the disaster.
The location(s) of the EOC are designated in Appendix D - Emergency Operations
Center (EOC) Locations. The EOC may be temporarily setup at any one of several
optional locations, depending on the situation and accessibility of each one. Once the
Alternate site is ready for occupancy the EOC can be moved to that location.
2. Quickly assess whether any personnel in your surrounding area are injured and need
medical attention. If you are able to assist them without causing further injury to them or
without putting yourself in further danger, then provide what assistance you can and also
call for help. If further danger is imminent, then immediately evacuate the building.
3. If appropriate, evacuate the building in accordance with your building’s emergency
evacuation procedures. Use the nearest stairwells. Do not use elevators.
4. Outside of the building meet at (XXXXXXXX XXXXXXXXXX). Do not wander
around or leave the area until instructed to do so.
5. Check in with your department manager for roll call. This is important to ensure that all
employees are accounted for.
Recovery Procedures
ACTIVITY: Notification of Management

ACTIVITY IS PERFORMED AT LOCATION: At Any Available Phone
ACTIVITY IS THE RESPONSIBILITY OF: <Department Name> Management Team
PRIMARY: <INSERT NAME>
ALTERNATE: <INSERT NAME>
TASKS:
1. Team leader informs the members of the <Department Name> management team and
notifies the <Department Name> senior management if they have not been informed.
2. <Department Name> personnel are notified of the disaster by following procedures as
included in Section III. D. - Recovery Personnel Notification.
3. Depending upon the time of the disaster, personnel are instructed what to do (i.e. stay at
home and wait to be notified again, etc.)
Recovery Procedures
ACTIVITY: Preliminary Damage Assessment

ACTIVITY IS PERFORMED AT LOCATION: Main Office Location
TASKS:
1. Contact the Organization Emergency Response Team Leader to determine
responsibilities and tasks to be performed by the <Department Name> Management
Team or employees.
2. If the Organization Emergency Response Team requests assistance in performing the
Preliminary Damage Assessment, caution all personnel to avoid safety risks as follows:
 Enter only those areas the authorities give permission to enter.
 Ensure that all electrical power supplies are cut to any area or equipment that could
posses a threat to personal safety.
 Ensure that under no circumstances is power to be restored to computer equipment
until the comprehensive damage assessment has been conducted, reviewed, and
authority to restore power has been expressly given by the Emergency Management
Team.
3. Inform all team members that no alteration of facilities or equipment can take place until
the Risk Management representatives (this is a function provided through the
Department of Central Services as a statewide service) have made a thorough
assessment of the damage and given their written agreement that repairs may begin.
4. Instruct the Organization Emergency Response Team Leader to deliver the preliminary
damage assessment status report immediately upon completion.
5. Facilitate retrieval of items (contents of file cabinets -- petty cash box, security codes,
network backup tapes, control books, etc.) needed to conduct the preliminary damage
assessment.
6. Ensure that administrative support is available, as required.
7. Arrange a meeting with the Emergency Management Team and Management Teams
from other GROUPS/DEPARTMENTS in your facility (location) to review the disaster
declaration recommendation that results from the preliminary damage assessment and
to determine the course of action to be taken. With this group, determine the strategy to
recommend to Senior Management (the Emergency Management Team Leader will be
responsible for communicating this to Senior Management).
Recovery Procedures
ACTIVITY: Declaration of a Disaster

ACTIVITY IS PERFORMED AT LOCATION: Main Office Location or Alternate
Site/Emergency Operations Center
TASKS:
1. Actual declaration of a disaster is to be made by the Emergency Management Team,
after consulting with senior management. The <Department Name> Management Team
should wait for notification from the Emergency Management Team that a disaster has
been declared and that groups/departments are to start executing their Business
Continuity Plans and relocate to their Alternate Business Site Location.
2. The person contacted verifies that the caller is someone who is authorized to do the
notification.
3. The person contacted notifies the <Department Name> Senior Management, if they
have not yet been contacted.
4. In the event the Emergency Management Team cannot be assembled or reached, the
Team Leaders from each <Department Name> Management Team at the location
should assemble, gather appropriate information, consult with senior management, and
make the decision whether to declare the disaster.
5. Because of the significance, disruption, and cost of declaring a disaster, appropriate
facts should be gathered and considered before making the decision to declare a
disaster. Individual groups/department personnel or the respective <Department Name>
Management Teams should not unilaterally make a decision to declare a disaster. This
is responsibility of the Emergency Management Team.
Recovery Procedures
PHASE II: Plan Activation
ACTIVITY: Notification and Assembly of Recovery Teams and Employees

ACTIVITY IS PERFORMED AT LOCATION: Alternate Site/Emergency Operations Center
TASKS:
1. The team leader calls each member of the management team, instructs them of what
time frame to assemble at the <Department Name> Emergency Operations Center (to
be decided at the time), and to bring their copies of the Plan. The location(s) of the EOC
are designated in Appendix D - Emergency Operations Center (EOC) Locations.
The EOC may be temporarily setup at any one of several optional locations, depending
on the situation and accessibility of each one. Once the Alternate site is ready for
occupancy the EOC can move to that location, if preferred.
2. Review the recovery strategy and action plan with the assembled team.
3. If necessary, adjust the management team assignments based on which members are
available.
4. The Management Team contacts critical employees and tells them to assemble at the
alternate site. If the alternate site is a long distance from the primary site (i.e. out-of-
state), then individuals should make their own travel arrangements to the alternate site.
Non-critical employees should be instructed to stay at home, doing what work is possible
from home, until notified otherwise.
5. In the event of a disaster that affects telecommunications service regionally, the
Management Team should instruct critical employees to proceed to the alternate site
even if they have not been contacted directly. Delays in waiting for direct
communications can have a negative impact on <ORGANIZATION NAME>’s ability to
recover vital services.
Recovery Procedures
ACTIVITY: Relocation to Alternate Site

ACTIVITY IS PERFORMED AT LOCATION: Alternate Site
ACTIVITY IS THE RESPONSIBILITY OF: All Critical Personnel
TASKS:
1. When instructed by the <Department Name> Management Team, make arrangements
to commute or travel to the alternate site. Reference item #5 under Notification and
Assembly Procedures for exception to this step.
2. The <Department Name> Management Team needs to consult with the Emergency
Management Team and the Organization Emergency Response Team to determine if
access can be gained to the primary (damaged) site to retrieve vital records and other
materials. The Organization Emergency Response Team will only allow access to the
primary site if the authorities grant access. This will be dependent upon the nature of
the disaster and the extent of damage.
3. If allowed access to the primary site to retrieve vital records and other materials,
perform some pre-planning to determine what is most important to retrieve. This
may be necessary since the time you may be allowed access to the primary site may be
minimal.
4. Depending on the amount of vital records and other materials you are able to retrieve
from the primary site, make arrangements to transport this material to the alternate site.
If the material is not too great, this could be accomplished by giving to employees to
carry along with them. If the material is a large amount, then make arrangements for
transport services and/or overnight courier services.
5. Management and critical employees travel to alternate site.
Recovery Procedures
ACTIVITY: Implementation of Interim Procedures

TASKS:
1. After arrival at the alternate site, map out locations that can be used for workspace. This
should include unused offices and cubicles, conference rooms, training rooms,
lunch/break areas, and open space in hallways or in other areas.
2. Obtain additional tables and chairs, either from the office or from outside rental agencies
to provide additional workspace. Place in any available open areas, but be cautious of
not blocking exits for fire evacuation purposes.
3. Determine flexible working schedules for staff to ensure that client and business
needs are met, but also to enable effective use of space. This may require that some
employee’s work staggered shifts or may need to work evening or nightshifts.
4. Gather vital records and other materials that were retrieved from the primary site and
determine appropriate storage locations, keeping in mind effectiveness of workgroups.
5. Determine which vital records, forms, and supplies are missing. Obtain from off-site
storage location or from other sources, as needed, per Appendices E & F.
6. Developed prioritized work activities, especially if all staff members are not available.
Recovery Procedures
ACTIVITY: Establishment of Telephone Communications

ACTIVITY IS THE RESPONSIBILITY OF: IT Liaison
TASKS:
1. Contact the Organization Disaster Recovery/IT Team to determine what activities they
are taking to reroute telephone communications to the alternate site. Do not directly
contact the telephone company - this will be handled by the Organization Disaster
Recovery/IT Team.
2. If your alternate site is at another <ORGANIZATION NAME> office, prepare a list of
phone extensions which your staff will be temporarily using and provide this list to the
alternate site switchboard attendant.
3. If your primary office phones will not be switched to the alternate site, let the
Organization Disaster Recovery/IT Team know that the phones need to be transferred to
the phone numbers you will be using at the alternate site.
4. Coordinate with the Organization Communications Team regarding contacting
customers to notify them of the disaster situation, how <ORGANIZATION NAME> is
responding, and how you can be reached. Do not contact customers until the
Organization Communications Team has given you directions.
Organization Communications will provide you with scripts and guidance on how
to discuss the disaster with customers to provide assurance that their confidence
in <ORGANIZATION NAME> will be maintained.
Recovery Procedures
ACTIVITY: Restoring Data Processing and Data Communications with Primary or

Secondary Backup Data Center
ACTIVITY IS THE RESPONSIBILITY OF THIS TEAM: IT Liaison
TASKS:
1. Contact the Organization Disaster Recovery/IT Team to determine when the data center
is to be recovered, if affected by the disaster. Also, discuss when data communications
will be established between the primary or secondary backup data center and your
alternate site.
2. If your alternate site is another <ORGANIZATION NAME> office, determine if that site
has access to the computer systems that <Department Name> uses. If so, work with
local office management to determine how workstations can be shared between
personnel from their groups/departments and <Department Name>. This may involve
using flexible hours or multiple shifts for your personnel.
3. Discuss with the Organization Disaster Recovery/IT Team when and how replacement
PC’s and/or terminals will be provided to you at the alternate site and when they will be
connected.
4. Discuss with the Organization Disaster Recovery/IT Team when the files from your
normal PC/LAN servers and applications will be restored and how you can access those
files. Also, work with other <ORGANIZATION NAME> management at your alternate
site to discuss using their LAN servers.
5. Discuss with the Organization Disaster Recovery/IT Team your normal application report
distributions, such as when you can expect to receive standard computer reports and
how they will be distributed to your alternate site.
6. Communicate the IT recovery status to all <Department Name> personnel who regularly
use the systems.
Recovery Procedures
PHASE III: Alternate Site Operations
ACTIVITY: Alternate Site Processing Procedures

ACTIVITY IS THE RESPONSIBILITY OF: Alternate Site Operations Team
TASKS:
1. Communicate with customers regarding the disaster and re-solicit phone contacts (in
conjunction with the Organization Communications Team)
2. Acquire needed vital documents
3. Access missing documents and files and reconstruct, if necessary
4. Set up operation
Recovery Procedures
ACTIVITY: Manage work backlog reduction.

ACTIVITY IS THE RESPONSIBILITY OF: Alternate Site Operations Team
TASKS:
1. Determine priorities for work backlogs to ensure the most important backlogged tasks
are resolved first.
2. Set an overtime schedule, if required, based on staff and system availability.
3. Set backlog priorities, establish a backlog status reports if necessary, and communicate
this to the <Department Name> supervisor.
4. Report the backlog status to <Department Name> management on a regular basis.
5. If backlogs appear to be very large or will take a significant time to recover, determine if
temporaries could be used for certain tasks to help eliminate the backlogs. If justified,
arrange for temporaries to come in.
Recovery Procedures
PHASE IV: Transition to Primary Operations
ACTIVITY: Changing Telephone and Data Communications Back to Primary Site

ACTIVITY IS THE RESPONSIBILITY OF: IT Liaison
TASKS:
1. Coordinate with the Organization Disaster Recovery/IT Team to determine when
<Department Name> will be relocating back to the primary site. Verify that they have a
schedule to ensure that telephone and data communications are rerouted accordingly.
2. Discuss when and how PC’s, terminals, and printers, if brought into the alternate site,
will be de-installed, moved back to the primary site and re-installed.
Recovery Procedures
ACTIVITY: Terminating Alternate Site Procedures

ACTIVITY IS PERFORMED AT LOCATION: Alternate Site and Primary Site
ACTIVITY IS THE RESPONSIBILITY OF: <Department Name> Team
TASKS:
1. Determine which alternate site operating procedures will be suspended or discontinued
and when.
2. Communicate the changes in procedures to all affected staff.
3. Determine if additional procedures are needed upon return to the primary site, such as
to continue resolving work backlogs.
Recovery Procedures
ACTIVITY: Relocating Personnel, Records, and Equipment Back to Primary (Original) Site
ACTIVITY IS PERFORMED AT LOCATION: Alternate Site and Primary Site
TASKS:
1. In conjunctions with the Emergency Management Team and the Organization
Emergency Response Team, determine when <Department Name> will be scheduled
for relocating back to the primary site.
2. Communicate this schedule to all <Department Name> personnel.
3. Inventory vital records, equipment, supplies, and other materials, which need to be
transported from the alternate site to the primary site.
4. Pack, box, and identify all materials to be transported back to the primary site.
5. In conjunction with the Organization Administration Team, make arrangement for a
moving company or courier service to transport the boxes back to the primary site.
Appendices
Section V: Appendices
Appendix A - Employee Telephone Lists

Appendix B - Recovery Priorities for Critical Business Functions
Appendix C - Alternate Site Recovery Resource Requirements
Appendix D - Emergency Operations Center (EOC) Locations
Appendix E - Vital Records
Appendix F - Forms and Supplies
Appendix G - Vendor Lists
Appendix H - Desktop Computer Configurations
Appendix I - Computer System Reports
Appendix J - Critical Software Resources
Appendix K - Alternate Site Transportation Information
Appendix L - Alternate Site Accommodations Information
Appendix M - Severity Impact Assessments
Appendix N - <ORGANIZATION NAME> Business Impact Assessment
Appendix O - Recovery Tasks List
Appendix P - Recommended <ORGANIZATION NAME> Office Recovery
Appendix Q - Guides to EMS
<ORGANIZATION> Business Continuity Plan
Appendices
Appendix A - Employee Telephone Lists
Office Phone Home Phone Cellular/ Time Arrival

Employee Title/Function EMAIL Comment
# # Pager # Called Time
*
**
**
Fire, Police, Emergency 911
* Indicates Team Leader

** Indicates Alternate Team Leader
Appendices
Appendix B - Recovery Priorities for Critical Business Functions
Department Priorities Maximum Allowable Downtime
<Department Name> 1-2 Days 3-5 days 1-2 weeks > 2 weeks
Contracts Critical X
Appendices
Appendix C - Alternate Site Recovery Resource Requirements

General Requirements
Current BCP
# Description Comments
Number Number
1. Number of people
2. Square footage needed
3. Power Outlets 110V Can use power strips
4. Power Outlets 220V
5. Telephones
6. Telephone lines
7. Desks
8. Chairs
9. Tables
10. Typewriters
11. Photocopiers
12. Calculators
13. Microfiche Viewers
14. File Cabinets (specify type) 4 drawer lateral file cabinets
15. Other - Please attach list

Appendices
Technical Requirements
Current BCP
# Description Comments
Number Number
1. Telephone Lines (regular)
2. Telephone Lines (800 or special)
3. Single Line Telephone Sets
4. Other Type Telephone Sets

TWO LINE
5. Stand-alone FAX Machines
6. PC’s
7. LAN/WAN Connections
8. Printers - LAN
9. Printers - Direct attach to PC
10. PC Connectivity outside

<ORGANIZATION NAME>* (Internet)
11 Other Computers
12. Fax – Stand alone
13. Other - Please attach list

Appendices
Appendix D - Emergency Operations Center (EOC) Locations
Disaster Affecting Which Area/Building EOC Location
<ORGANIZATION NAME> Home Community City
Recovery Locations and Travel Directions
Alternate Sites
Critical Function Alternate Site
Desktop and Personnel
EOC Emergency Management Team
NOTE - Provide directions to all alternate sites. Include address and phone number of site. Include Maps
and Floor Plans.
Appendices
Appendix E - Vital Records
Primary Location of Alternate (Backup) Other Sources to

Description
Records Location of Records Obtain Records
Department File Scanned images on

Settlement Agreements
Cabinets Vault Network drive/Other
Parties
Scanned Images of
Department File Outside
Litigation Files pleadings on Network
Room Counsel/Courts
drive
Appendices
Appendix F - Forms and Supplies
Alternate Sources
Form/Supply Primary Locations Vendor’s
to Obtain
Name/Description Where Stored Name/Phone
Form/Supply
No special form or supplies
other than standard office
supplies.
Appendices
Appendix G - Vendor Lists
Goods/Service Contact
Vendor Name Address Phone #
Provided Name
Master Service Agreements and

other contractors – lists available on
network Master Service Agreement
and Insurance databases
Appendices
Appendix H - Desktop Computer Configurations
Description of Desktop: Dell, etc
Used By: All <Department Name> Employees
Business Activity Supported:
Connected to Which LAN’s:
Used for Host Access (Which Applications): network printing
Special Features, Boards, Memory Size, Etc.: over 20 Gigs HD, over 128MB Memory _____
Over 850 MHz Processor(s)
Ethernet Net Cards, Fax/Modems
Proprietary Software required (indicate release number, version and/or level, as applicable:
The IT Department maintains records on all desktop systems.

Appendices
Appendix I - Computer System Reports
System Alternate
Produced Sources of
Report Name Report Description
From Report or
Information
No special computer reports
required.
Appendices
Appendix J - Critical Software Resources
Recovery
Software Application Publisher or Vendor Platform
Criticality
Appendices
Appendix K - Alternate Site Transportation Information
Employees will be notified (by team members), if a disaster is declared, as to the location and when to
report. Since recovery site is local, transportation to the work location is up to the employee unless
directed otherwise. Directions will be supplied at the time of notification, if necessary.
Appendices
Appendix L - Alternate Site Accommodations Information
Should alternate site accommodations be required team members will be notified. Employees will be
contacted (by team members), if a disaster is declared, as to the location and where to go. Since
accommodations are local, transportation to the work location is up to the employee unless directed
otherwise. Directions will be supplied at the time of notification, if necessary.
<ORGANIZATION NAME> Business Continuity Plan
Appendices
Appendix M - Severity Impact Assessments

<Department Name>
Severity of Impact
Least ------> to ------> Greatest Comments
Impact Area 1 2 3 4 5
1 Cash Flow Interruption
2 Inoperative Billing Systems
3 Inoperative Financial Controls
4 Loss of Customers
5 Financial Reporting (Banks, IRS, etc.)
6 Increases in Liability
7 Loss of Public Image
8 <Department Name> and Regulatory Violations
9 Contractual Violations
10 Vendor Liabilities & Relations
11 Customer Liability & Relations
12 Effect on Employee Morale
13 Staff Resignations
<ORGANIZATION NAME> Business Continuity Plan
Appendices
Appendix N - <ORGANIZATION NAME> Business Impact Assessment
Department or Function: <ORGANIZATION NAME> Executive:

Number of Employees in HOME COMMUNITY :
Primary Business Function: BCP Representative:
What's at Stake: $ Millions Plus
STRENGTHS WEAKNESSES Loss Impact
Example Example Example
Able to work from home if access to e-mail Unable to work remotely if access to records Our department would not be able to perform
and system is available through dial-up and files is restricted. >95% of its work without access to our
access. Will need records and files as well. computers or work areas. It would take time
and effort to recreate the contracts and other
information (to the extent they can be
recreated) before we could work on them.
Maximum Allowable Downtime:> 24 – 48 Hours

Page 52 of 55
<ORGANIZATION Business Continuity Plan
NAME>
Appendices
Appendix O - Recovery Tasks List

Recovery Activation Date: ________
Task Estimated Actual Assigned Completed
Task Description Assigned To Comments
No. Time Time Time Time
10 Receive Communication on emergency
Situation
20 Identify recovery site
30 Retrieve Business Continuity Plans
40 Notify department members identified in
Appendix A
50 Retrieval of department Vital Records
60 Oversee delivery and placement of
office equipment.
70 Oversee delivery and placement of
office supplies.
80
NAME>
Appendices
Appendix P - Recommended <ORGANIZATION NAME> Organization Office Recovery
Required If Outage
Functions to be
Recovery Recovered Duration is
Timeframe > 2 weeks
Hot or Cold Site Acquire New
Recovery Location Office Space
<Department name>
<ORGANIZATION NAME>
Towers
3-7 days
Other <ORGANIZATION NAME>
Offices
1-2 weeks
> 2 weeks
<ORGANIZATION NAME>
Employees’ Homes
Unable to work from

home
See Appendix B for Details

NAME>
Appendices

Page 55 of 55

BCP Template 2012

Uploaded by

Copyright:

Available Formats

BCP Template 2012

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

BCP Template 2012

Uploaded by

Copyright:

Available Formats

Peoples Steel Mills Ltd.

IT Data Backup & Recovery Plan

August 29, 2019

DOCUMENT CHANGE CONTROL................................................................................. 6

SECTION I: INTRODUCTION ......................................................................................... 7

A. How to Use This Plan .............................................................................................. 7

E. Changes to the Plan/Maintenance Responsibilities.............................................. 9

F. Plan Testing Procedures and Responsibilities ..................................................... 9

G. Plan Training Procedures and Responsibilities .................................................... 9

H. Plan Distribution List ............................................................................................ 10

SECTION II: BUSINESS CONTINUITY STRATEGY .................................................... 11

B. Business Function Recovery Priorities ............................................................... 11

C. Relocation Strategy and Alternate Business Site ............................................... 11

D. Recovery Plan Phases .......................................................................................... 12

E. Vital Records Backup ........................................................................................... 12

F. Restoration of Hardcopy Files, Forms, and Supplies ......................................... 13

G. On-line Access to <ORGANIZATION NAME> Computer Systems ..................... 13

H. Mail and Report Distribution................................................................................. 14

SECTION III: RECOVERY TEAMS ............................................................................... 15

A. Purpose and Objective.......................................................................................... 15

CONFIDENTIAL Document for Internal Use by (Organization) Personnel Only

C. Recovery Team Assignments............................................................................... 15

D. Personnel Notification .......................................................................................... 16

E. Team Contacts ...................................................................................................... 16

SECTION IV: RECOVERY PROCEDURES .................................................................. 22

A. Purpose and Objective.......................................................................................... 22

B. Recovery Activities and Tasks ............................................................................. 23

SECTION V: APPENDICES .......................................................................................... 37

Appendix A - Employee Telephone Lists .................................................................. 38

Appendix B - Recovery Priorities for Critical Business Functions.......................... 39

Appendix C - Alternate Site Recovery Resource Requirements .............................. 40

Appendix D - Emergency Operations Center (EOC) Locations ............................... 42

Appendix E - Vital Records ........................................................................................ 43

Appendix F - Forms and Supplies ............................................................................. 44

Appendix G - Vendor Lists ......................................................................................... 45

Appendix H - Desktop Computer Configurations ..................................................... 46

Appendix I - Computer System Reports .................................................................... 47

Appendix J - Critical Software Resources................................................................. 48

Appendix K - Alternate Site Transportation Information .......................................... 49

Appendix L - Alternate Site Accommodations Information...................................... 50

CONFIDENTIAL Document for Internal Use by (Organization) Personnel Only

Appendix N - <ORGANIZATION NAME> Business Impact Assessment ................. 52

Appendix O - Recovery Tasks List ............................................................................ 53

Appendix P - Recommended <ORGANIZATION NAME> Office Recovery .............. 54

CONFIDENTIAL Document for Internal Use by (Organization) Personnel Only

DOCUMENT CHANGE CONTROL

Modified by: ________________________________________________ ________/____/_____

Reviewed by: ________________________________________________ ________/____/_____

Approved by: ________________________________________________ ________/____/_____

A. How to Use This Plan

The priorities in a disaster situation are to:

<Department Name> management is responsible for:

F. Plan Testing Procedures and Responsibilities

G. Plan Training Procedures and Responsibilities

Plan ID No Location Person Responsible

Section II: Business Continuity Strategy

B. Business Function Recovery Priorities

C. Relocation Strategy and Alternate Business Site

Modified by: ____________________________________________ //_

Reviewed by: ____________________________________________ //_

Approved by: ____________________________________________ //_