BCP - 1 in Banking

GUIDE
BUSINESS CONTINUITY PLAN FOR

BANKING INDUSTRY
A STEP-BY-STEP APPROACH
TO RESPONSE AND RECOVERY

Business Recovery Planning
Reference Material
Table of Contents
I. Overview: Business Recovery Planning

a. Disaster Preparedness
b. Emergency Response
c. Business Continuation
d. Business Restoration
II. Disaster Preparedness Planning

A. Hazard Assessment
B. Checklists
1. Natural Hazards
2. Special Hazards
III. Emergency Response Planning

A. Planning Process
B. Checklists
IV. Business Continuation Planning

a. Planning & Preparation
b. Definition and Scope of Business ContinuationPlanning
c. Risk Assessment and Mitigation
d. Plan Development
e. Implementation
f. Forms and Checklists
V. Business Restoration Planning

a. Restoration Checklist
b. Business Resumption Timetable Forms
c. Tips for Resuming Business in the Wake of a Disaster
VI. Disclaimer
Appendix:
Department of Treasury Bomb Threat Checklist
FEMA Tips for Business & Industry
I. OVERVIEW: Business Recovery Planning
This reference material is designed to give an overview of business recovery planning. This material is
not intended as a substitute for consultation with emergency and business recovery professionals. Written
materials provide the references you’ll need as you develop and maintain your company’s business
recovery plans. You may know these plans as disaster recovery plans or hear the acronym DRP. Because
the business recovery planning process can be overwhelming and complex, this reference material
highlights the importance of considering a variety of pathways for resuming business operations and for
segmenting the process into logical steps. It helps you to consider investments and resources needed to
address business recovery planning in your company.
As you begin the planning process, be sure to devote resources (financial and time) to it. Most planning
efforts pay for themselves because the activities lead to operational efficiencies in your business. This
occurs when actions are taken to mitigate the effects of a disaster. During this process, you’ll likely benefit
from opportunities to introduce or improve existing operations.
Most of us recognize that there are many details to consider for day-to-day business to resume. In the
wake of a disaster, the speed of resuming business hinges upon timely, effective planning and training prior
to the event. A return to normalcy requires collaboration amongst employees, suppliers, vendors,
customers, insurance companies, insurance agents and brokers, government agencies and financial
institutions, to name a few.
In the following pages, you will find forms, checklists and suggestions to use at your company. Once an
event occurs, there are multiple simultaneous events to help a company resume operations. Depending
upon the severity of the situation, various levels of response are appropriate as well. Most of us recognize
that there are many details to consider for business to resume operations. This reference material
intentionally segments business processes, encourages thinking about what can happen and plans for
“what ifs” along the way.
Terms such as “disaster recovery,” “business resumption,” “emergency response” and “preparedness
planning” can sometimes be used interchangeably. Depending on the resources that you use, you will find
the phrases in fact have very different meanings. So, that’s why the first step in developing your business
recovery plan is to establish common definitions for the various components of your plan. To get started
and to reduce confusion, let’s start by defining a business recovery plan.
A comprehensive business recovery plan contains the following major components:

- Disaster Preparedness Plan
- Emergency Response Plan
- Business Continuity Plan
- Business Restoration Plan
Each of these components addresses a specific issue posed by a disaster. Together, the components
become the business recovery plan for an organization. The business recovery planning process reviews
activities likely to occur during and after a disaster, and it’s an ideal time to record and store your records
and plans in secure places that will be accessible in the event of a disaster. Be sure to have both
electronic and paper copies of information to reduce the time it takes to resume normal business
operations.
II. Disaster Preparedness Planning

Disaster preparedness planning can be an onerous project. Indeed, the difficulty that most companies face
in developing a plan is simply getting started. In addition, the definition of a disaster preparedness plan
tends to vary, which can further complicate the initiative.
A. Hazard Assessment
Every business recovery plan should begin with a hazard assessment. This focuses your resources in
areas identified as critical to business operations and continuity. This is where you and designated
employees will be developing and implementing a strategy to eliminate exposures or improve controls at
your company. This phase incorporates conducting regular inspections, training, drills and exercises,
equipment inventories, protection of records, and community awareness. In this planning, you need to
identify exposures, probability and impact of the event, make recommendations and be sure all parties are
aware of the exposures/hazards, etc. Hazard assessment is a sound loss prevention approach to help
reduce the probability of loss. The results of investing in this activity include some short-term risk
improvement actions along with the identification of some processes that are critical to the business.
B. Disaster Preparedness Planning

Disaster preparedness planning should be an integral part of every corporation’s strategic planning
process. The plan is comprised of activities that will reduce the likelihood or probability of a disaster striking
your business. For example:
-- Constructing facilities in areas less prone to floods or earthquakes would reduce the probability
of a disaster striking your business.
-- Companies can reduce the impact of a disaster by designing facilities to exceed the minimum
construction standards
III. Emergency Response Planning

The emergency response plan outlines the actions that should be taken when a disaster occurs. This
phase of planning is dedicated to the protection of personnel safety and equipment including buildings.
Evacuation and emergency plant shutdown procedures are generally components of this plan.
IV. Business Continuation Planning

The business continuation plan details actions to take to ensure a company stays in business after a
disaster. The longer it takes a company to recover, the greater the likelihood it may fail. Preparation of a
complete business recovery plan may be costly in dollars, but the greatest expense is the time spent by
your key people. This cannot be avoided. While you may receive vital assistance from professional
contingency planners, your insurance company and insurance agent or broker understand that they only
counsel. It’s your business; you know the market in which you operate, and, in the final analysis, the
business recovery plan developed is your plan.
V. Business Restoration Planning

Business restoration activities usually take place concurrently with the business continuation plan.
Sometimes considered interchangeable, there are some key business restoration activities outside the day-
to-day operations that are critical to resuming operations. The need for these tasks occurs only when there
is a disaster. An example might be activating the pre-arranged data “hot site” using the duplicate records
storage information. The goal is to resume normal pre-disaster business operations as soon as possible.
VI. Conclusion
Remember, a good business recovery plan should:
• Shorten response time from event to resumption of business
• Minimize lost customers and revenues
• Increase competitive advantage
• Control recovery costs
• Increase productivity during recovery period
• Minimize regulatory impacts
This planning process is sometimes described as the cycle of contingency planning.

Disaster Preparedness Planning
Hazard Assessment
Hazard assessment is a risk management exercise that can be used to assess your company’s
vulnerabilities to potential disasters. This high-level review and discussion may identify concerns that
require immediate attention or additional research, and it may uncover exposures that can be quickly
corrected to reduce the impact of disaster. Hazard assessment should be an integral part of a company’s
strategic planning process.
For example, many companies realize that they would suffer severe financial consequences if their facilities
were not available for an extended period due to a disaster. Here are just a few examples of how
companies can mitigate the negative impact of such a disaster:
• If companies are located in earthquake- or windstorm-prone areas, check building design, construction
and building materials to make sure that minimum construction standards for earthquake and
windstorm have been met.
• When building materials and existing construction are found to be substandard, retrofit the facilities to
meet or exceed the design standards.
• If fire is a company’s major loss exposure, fire protection systems such as sprinkler systems should be
installed.
• If power outages are a major loss exposure, emergency generators or dual power supplies should be
installed.
A Risk Assessment Matrix will help you identify your critical business operations. We’ve included a matrix
in this reference material to help you as well as several sample forms and checklists that will be used again
during the emergency response and business continuity planning activities. The forms and checklists also
help identify and quantify risk to a company, but remember the level of detail required is different for each
activity. Using the matrix produces a general overview of issues in the company. As you proceed further in
your business recovery planning, the level of detail will be more precise, the amount of research greater
and the mitigation actions more complicated.
Be sure to take every advantage of electronic resources to record your plans and activities. Be sure to print
your plans and activities so that if or when an emergency occurs you’ll have access to your information.
The ability to record information and keep it up to date electronically is critical. If the information is
available, resuming operations can be your sole focus!
Once you have completed the risk assessment matrix and capitalized on what you learned from the
process, you will want to address specific threats. We provide you with information on some common
possibilities such as natural hazards or other events that could jeopardize the success of your operations.

Hazard Assessment
Page 1 of 1
One of the first steps in the overall planning process is disaster preparedness. Whether it is through
natural disasters such as hurricanes, or man-made disasters such as bombings, each year disasters take
their toll on businesses in lives and in dollars. Disaster preparedness involves developing and
implementing a strategy to eliminate or mitigate exposures and improve controls. This includes
conducting regular inspections, training, drills and exercises, equipment inventories, protection of records,
and community awareness.
The following section on preparedness planning attempts to provide proactive measures that businesses
can take to prepare themselves for such disasters so that the loss of life and loss of capital can be
minimized.
If a client does not have an emergency response plan or business continuation plan in place, the
preparedness questionnaire should be used to identify which steps the client can take to mitigate the
relevant exposures for their business immediately. Preparedness planning is not a substitute for formal
emergency response and business continuity planning. Instead, disaster preparedness considers items
such as natural events (floods, earthquakes, fires, and windstorms); occurrences such as power outages,
terrorism or other disruption to business activities.

Page 1 of 1
Earthquake
Earthquakes occur most frequently west of the Rocky Mountains, although historically the most violent
earthquakes have occurred in the central United States. Worldwide, earthquakes may occur anywhere.
Regions that are particularly prone to experiencing earthquakes include western South America, most of Central
America, western North America, Japan, Indonesia, the Philippines, southern Europe and central and southern
Asia.
Earthquakes cause extensive structural damage. Buildings constructed of brick masonry and non-reinforced
concrete are the most susceptible. Transportation routes such as highways, bridges, overpasses, rail lines and
airport runways are commonly damaged. Damage to buried utilities and communication systems including
water, sewage and gas pipelines; telephones lines; and above ground radio and television towers can interrupt
the operations within buildings that survived the earthquake. In addition to the structures already mentioned,
dams, storage tanks, stacks and chimneys are also susceptible to damage from earthquake.
Earthquakes occur suddenly and without warning. They can trigger landslides, avalanches, flash floods, fires, or
huge ocean waves called tsunamis. Aftershocks can occur for weeks following an earthquake. Even if there is
no structural building damage, an earthquake can cause damage to machinery, computer equipment and
inventory. After an earthquake, there are often fires resulting from damaged utilities that can destroy machinery
and building contents.
There is often water damage resulting from broken water lines or sprinkler systems and machinery. And even if
the structure is intact, the loss of power and loss of HVAC may prevent your business from continuing
operations. In many buildings, the greatest danger to people in an earthquake is when equipment and non-
structural elements such as ceilings, partitions, windows and lighting systems shake loose.
Planning Considerations
Consider the following when for preparing for an earthquake:
• Assess your facility’s vulnerability to earthquakes. Ask local government agencies for seismic information
for your area.
• Have your facility inspected by a structural engineer. Develop and prioritize strengthening measures.
These may include:
- Adding steel bracing to frames
- Adding sheer walls to frames
- Strengthening columns and building foundations
- Replacing unreinforced brick filler walls
• Follow safety codes when constructing a facility or making renovations.
• Inspect non-structural systems such as air conditioning, communications and pollution control systems.
Assess the potential for damage. Prioritize measures to prevent damages.
• Inspect facility for any item that could fall, spill, break or move during an earthquake. Take steps to reduce
these hazards:
- Move large and heavy objects to lower shelves or the floor. Hang heavy items away from where people
work.
- Secure shelves, filing cabinets, tall furniture, desktop equipment, computers, printers, copiers, and light
fixtures.
- Secure fixed equipment and heavy machinery to the floor. Larger equipment can be placed on casters
and attached to tethers, which attach to the wall.
- Add bracing to suspended ceilings, if necessary.
- Install safety glass where appropriate.
- Secure large utility and process piping.
• Keep copies of design drawings of the facility to be used in assessing the facility’s safety after an
earthquake.
• Review processes for handling and storing hazardous materials. Have incompatible chemicals stored
separately.
• Ask your insurance carrier about earthquake insurance.
• Establish procedures to determine whether an evacuation is necessary after an earthquake.
• Designate areas in the facility away from exterior walls and windows where occupants should gather after
an earthquake if an evacuation is not necessary.
• Conduct earthquake drills. Provide personnel with the following information:
- In an earthquake, if indoor, stay there. Take cover under a sturdy piece of furniture or counter, or brace
yourself against an inside wall. Protect your head and neck.
- If outdoors, move into the open, away from buildings, streetlights and utility wires.
- After an earthquake, stay away from windows, skylights and items that could fall. Do not use the
elevators.
- Use stairways to leave the building if it is determined that a building evacuation is necessary.

Page 1 of 2
Earthquake Checklist
Date: S = Satisfactory
U = Unsatisfactory
Completed by: N/A = Not Applicable
S U N/A
Develop and practice an earthquake emergency response plan. Include provisions

for response to medical emergencies, loss of power, fire, water, sprinkler system
leakage, natural gas leakage and chemical spills.
Design new buildings and modify existing buildings to conform to local, state and
federal building codes.
Regularly inspect buildings for structural deterioration. Promptly repair all structural
problems (i.e., cracked beams, broken masonry and mortar, dry rot, etc.).
Situate newly constructed buildings on firm foundation materials, bedrock, cohesive

soil, etc.
Anchor all structures, tanks and machinery to foundations.
Anchor or brace top-heavy building contents, industrial racks, bookshelves, etc.
Equip all incoming natural gas and fuel lines with automatic shut-off valves.
Equip building with backup power supply, diesel generator or long-term battery
backup system.
Maintain a minimum 72-hour backup water supply, nonperishable foods and

sanitation materials.
Maintain a first aid kit along with search and rescue equipment.
Provide diking for all large liquid containers.
Identify corrective action for all Unsatisfactory responses.

ACTION NEEDED COMPLETED DATE

Page 2 of 2
Fire
Fire is the most common of all the hazards. Every year, fires cause thousands of deaths and injuries and
billions of dollars in property damage.
Consider the following when planning for a fire:
• Meet with the fire department to talk about the community’s fire response capabilities. Talk about your
operations. Identify processes and materials that could cause or fuel a fire or contaminate the environment
in a fire.
• Have your facility inspected for fire hazards. Ask about fire codes and regulations.
• Ask your insurance carrier to recommend fire prevention and protection measures. Your carrier may also
offer training.
• Distribute fire safety information to employees: how to prevent fires in the workplace, how to contain a fire,
how to evacuate the facility, where to report a fire.
• Instruct personnel to use the stairs, not the elevators, in a fire. Instruct them to crawl on their hands and
knees when escaping a hot or smoke-filled area.
• Conduct evacuation drills. Post maps of evacuation routes in prominent places. Keep evacuation routes
including stairways and doorways clear of debris.
• Assign fire wardens for each area to monitor shutdown and evacuation procedures.
• Establish procedures for the safe handling and storage of flammable liquids and gases. Establish
procedures to prevent the accumulation of combustible materials.
• Provide for the safe disposal of smoking materials.
• Establish a preventive maintenance schedule to keep equipment operating safely.
• Place fire extinguishers in appropriate locations. Train employees in use of fire extinguishers.
• Install smoke detectors. Check smoke detectors once a month, and change batteries at least once a year.
• Establish a system for warning personnel of a fire. Consider installing a fire alarm with automatic
notification to the fire department.
• Consider installing a sprinkler system, fire hoses and fire-resistant walls and doors.
• Ensure that key personnel are familiar with all fire safety systems.
• Identify and mark all utility shutoffs so that electrical power, gas or water can be shut off quickly by fire
wardens or responding personnel.
• Determine the level of response your facility will take if a fire occurs. Among the options are:
Option 1: Immediate evacuation of all personnel on alarm.
Option 2: All personnel are trained in fire extinguisher use. Personnel in the immediate area of a fire
attempt to control it. If they cannot, the fire alarm is sounded and all personnel evacuate.
Option 3: Only designated personnel are trained in fire extinguisher use.
Option 4: A fire team is trained to fight incipient-stage fires that can be controlled without protective
equipment or breathing apparatus. Beyond this level fire, the team evacuates.
Option 5: A fire team is trained and equipped to fight structural fires using protective equipment and
breathing apparatus.

Page 1 of 2
Fire Checklist
U = Unsatisfactory
S U N/A
Develop and practice a fire emergency response plan. Include provisions for
building evacuation, equipment shutdown and protection, electrical systems
shutdown, protection of stored inventory, and response to medical emergencies.
Meet with fire department to talk about the community’s fire response capabilities.
Develop fire plan with local fire department.
Establish business contingencies with clients and suppliers.
Post emergency phone numbers to activate fire response plan.
Distribute fire safety information to employees: how to prevent fires in the

workplace, how to contain fire, how to evacuate the facility, where to report a fire.
Ensure key personnel are familiar with all fire safety systems.
Establish procedures for safe handling and storage of flammable liquids and gases.
Place fire extinguishers in appropriate locations. Train employees in use of fire

extinguishers.
Install automatic fire detection. Check alarms and detectors monthly.
Establish a preventive maintenance schedule to keep equipment operating safely.

Test fire protection equipment such as fire pumps on a regular basis.
Develop Hot Work Permit Program for welding operations.


Page 2 of 2
Flood
Floods are the most common and widespread of all natural disasters. Most communities in the United States
can experience some degree of flooding after spring rains, heavy thunderstorms or winter snow thaws.
Most floods develop slowly over a period of days. Flash floods, however, are like walls of water that develop in
a matter of minutes. Flash floods can be caused by intense storms or dam failure.
Consider the following when preparing for a flood:
• Ask your local emergency management office whether your facility is located in a flood plain. Learn the
history of flooding in your area. Learn the elevation of your facility in relation to streams, rivers and dams.
• Review the community’s emergency plan. Learn the community’s evacuation routes. Know where to find
higher ground in case of a flood.
• Establish warning and evacuation procedures for the facility. Make plans for assisting employees who may
need transportation.
• Inspect areas in your facility subject to flooding. Identify records and equipment that can be moved to a
higher location. Make plans to move records and equipment in case of a flood.
• Purchase a National Oceanic and Atmospheric Administration Weather Radio with a warning alarm tone
and battery backup. Listen for flood watches and warnings.
- Flood Watch: Flooding is possible. Stay tuned to NOAA radio. Be prepared to evacuate. Tune to
local radio and television stations for additional information.
- Flood Warning: Flooding is already occurring or will occur soon. Take precautions at once. Be
prepared to go to higher ground. If advised, evacuate immediately.
• Consider the need for backup systems:
- Portable pumps to remove flood water.
- Alternate power sources such as generators or gasoline-powered pumps.
- Battery-powered emergency lighting.
• Participate in community flood control projects.
Ask your insurance carrier for information about flood insurance. Typical property and casualty insurance does
not insure against flood loss. Consider the feasibility of mitigating loss from flood at your facility. Here are three
methods:
1) Permanent measures are taken before a flood occurs and require no human intervention when flood
waters rise. They include:
- Filling windows, doors or other openings with water-resistant materials such as concrete blocks or
bricks. This approach assumes the structure is strong enough to withstand floodwaters.
- Installing check valves to prevent water from coming in where utility and sewer lines enter the facility.
- Reinforcing walls to resist water pressure. Sealing walls to prevent or reduce seepage.
- Building watertight walls around equipment or work areas within the facility that are particularly
susceptible to flood damage.
- Constructing floodwalls or levees outside the facility to keep flood waters away.
- Elevating the facility on walls, columns or compacted fill. This approach is most applicable to new
construction, though many types of buildings can be elevated.
2) Contingent measures are taken before a flood but require some additional action when flooding occurs.
These measures include:
- Installing watertight barriers called flood shields to prevent the passage of water through doors,
windows, ventilation shafts or other openings.
- Installing permanent watertight doors.
- Constructing movable floodwalls.
- Installing permanent pumps to remove floodwaters.
3) Emergency measures are generally less expensive than those listed above, require substantial advance
warning and do not satisfy the minimum requirements for watertight flood proofing as set forth by the
National Flood Insurance Program. They include:
- Building walls with sandbags.
- Constructing a double row of walls with boards and posts to create a “crib” and then filling the crib with
soil.
- Constructing a single wall by stacking small beams or planks on top of each other.

Page 1 of 2
Flood Checklist
U = Unsatisfactory
S U N/A
Develop and practice a flood emergency response plan. Include provisions for
building evacuation, equipment shutdown and protection, electrical system
shutdown, protection of stored inventory and response to medical emergencies.
Regularly inspect buildings for structural deterioration, as well as for open entries
for water. Promptly repair all structural problems and cover open entries.
Construct permanent flood walls or dikes around buildings to prevent inundation.
Locate all-important machinery, equipment and business records above ground
level. If this is not possible, it is suggested that watertight walls or rooms be
constructed around these items.
Locate as many electrical system components as possible above ground level.
Equip basement and ground-level areas with water pumps.
backup system.
Equip plumbing system with back-flow valves.
Anchor all structures, tanks and machinery (including exterior items) to

foundations.
Cover and secure all liquid containers (i.e., tanks, vats, etc.), especially those
containing toxic chemicals.
Maintain a backup water supply.
Maintain a first aid kit.


Page 2 of 2
Hurricane
Hurricanes are severe tropical storms with sustained winds of 74 miles per hour or greater. Hurricane winds
can reach 160 miles per hour and extend inland for hundreds of miles.
Hurricanes bring torrential rains and a storm surge of ocean water that crashes into land as the storm
approaches. Hurricanes also spawn tornadoes.
The National Weather Service issues hurricane advisories as soon as a hurricane appears to be a threat. The
hurricane season lasts from June through November.
The following are considerations when preparing for a hurricane:
• Ask your local emergency management office about community evacuation plans.
• Establish facility shutdown procedures. Establish warning and evacuation procedures. Make plans for
assisting employees who may need transportation.
• Make plans for communicating with employees’ families before and after a hurricane.
• Take inventory and restock emergency items such as food, clothing/blankets, water, duct tape, flashlights
with working batteries, first aid supplies, etc.
• Purchase a NOAA (National Oceanic and Atmospheric Administration, which provides National Weather
Service Broadcasts) Weather Radio with a warning alarm tone and battery backup. Listen for hurricane
watches and warnings.
Hurricane Watch: A hurricane is possible within 24-36 hours. Stay tuned for additional advisories.
Tune to local radio and television stations for additional information. An evacuation may be necessary.
Hurricane Warning: A hurricane will hit land within 24 hours. Take precautions at once. If advised,
evacuate immediately.
• Survey your facility. Make plans to protect outside equipment and structures.
• Make plans to protect windows. Permanent storm shutters offer the best protection. Covering windows
with 5/8” marine plywood is a second option.
• Consider the need for backup systems:
- Portable pumps to remove floodwater.
- Alternate power sources such as generators or gasoline-powered pumps.
- Battery-powered emergency lighting.
• Prepare to move records, computers and other items within your facility to another location.
• Participate in community hurricane control projects.

Page 1 of 3
Hurricane Wind Velocity Categories
Wind Speed Storm

Category (MPH) Surge (Ft) Probable Property Damage
1 74 - 95 4-5 § Damage primarily to shrubbery, trees, foliage and un-
anchored mobile homes
§ Some damage to poorly constructed signs
§ Considerable damage to shrubbery, trees and foliage
2 96 - 110 6-8 § Some trees blown down
§ Major damage to mobile homes
§ Extensive damage to poorly constructed signs
§ Some damage to roofing materials of buildings
§ No major damage to buildings
§ Foliage torn from trees
3 111 - 130 9 - 12 § Large trees blown down
§ Poorly constructed signs down
§ Some damage to roofing materials of buildings
§ Some window and door damage
§ Some structural damage to small buildings
§ Shrubs and trees blown down
4 131 - 155 13 - 18 § All signs down
§ Considerable damage to roofing materials and buildings,
windows and doors
§ Complete destruction of roofs on many small residences
§ Complete destruction of mobile homes
§ Shrubs and trees blown down
5 > 155 > 18 § Extensive damage to roofs
§ Complete destruction of roofs on many residences and
industrial buildings
§ Severe and extensive damage to windows and doors
§ Extensive shattering of glass in windows and doors
§ Some complete building failures
§ Complete destruction of mobile homes

Page 2 of 3
Hurricane Checklist
U = Unsatisfactory
S U N/A
Activate emergency response plan.

Communicate proposed plan of action to employees.
Emergency communications plan established and tested.
Move vulnerable equipment, raw materials and finished product away from doors,
windows and cover equipment with a water-resistant tarp.
Fill vehicle fuel tanks.
Move equipment off the floor.
Secure valuable papers in watertight containers and store in a secure area of the
building.
Back up all computer files and store in a watertight container off premises in a bank
vault or similar type of secured storage facility.
Secure building envelope. If possible, place wood or metal covers over windows
and doors to prevent glass breakage.
Have extra supplies of plastic rolls, mops, buckets, water vacuums, lubricants (like
WD-40), portable generators, radio, batteries, bottled water and basic food supplies
on hand available for the disaster recovery team.
Keep a list of all vendors' and key customers' telephone numbers available and
secured. Notify them of any changes in the situation that may affect them.
Begin securing the building from the storm and from potential theft in the aftermath.
Protect and cover windows and doors.
Notify building management, security and local authorities of a pending closing and
identify personnel permitted on the premises after the storm.
Shut down the nonessential power supply to equipment in the building.
Secure all roof mounted HVAC, lights, signs and other equipment.
Equip all incoming gas and fuel lines with automatic shutoff valves.


Page 3 of 3
Tornado/Windstorm
Tornadoes are incredibly violent local storms that extend to the ground with whirling winds that can reach
300 mph. Spawned from powerful thunderstorms, tornadoes can uproot trees and buildings and turn
harmless objects into deadly missiles in a matter of seconds. Damage paths can be in excess of one
mile wide and 50 miles long.
Tornadoes can occur in any state but occur more frequently in the Midwest, Southeast, and Southwest.
They occur with little or no warning.
Consider the following when planning for a tornado:
• Ask the local emergency management office about the community’s tornado warning system.
• Purchase a National Oceanic and Atmospheric Administration Weather Radio with a warning alarm
tone and battery backup. Listen for tornado watches and warnings.
Tornado Watch: Tornadoes are likely. Be ready to take shelter. Stay turned to radio and
television stations for additional information.
Tornado Warning: A tornado has been sighted in the area or is indicated by radar. Take shelter
immediately.
• Establish procedures to inform personnel when tornado warnings are posted. Consider the need for
spotters to be responsible for looking out for approaching storms.
• Work with a structural engineer or architect to designate shelter areas in your facility. Ask your local
emergency management office or National Weather Service for guidance. Consider the amount of
space you will need. Adults require about six square feet of space.
• The best protection in a tornado is usually an underground area. If an underground area is not
available, consider:
- Small interior rooms on the lowest floor and without windows.
- Hallways on the lowest floor away from doors and windows.
- Rooms constructed within reinforced concrete, brick or block with no windows and a heavy
concrete floor or roof system overhead.
- Protected areas away from doors and windows.
Note: Auditoriums, cafeterias, and gymnasiums that are covered with a flat, wide-span roof are
not considered safe.
• Make plans for evacuating personnel away from lightweight modular offices or mobile home-size
buildings. These structures offer no protection from tornadoes.
• Conduct tornado drills.
• Once in the shelter, personnel should protect their heads with their arms and crouch down.

Page 1 of 2
Tornado/Windstorm Checklist
U = Unsatisfactory
S U N/A
Develop and practice a windstorm emergency response plan. Include provisions for
building evacuation, response to medical emergencies, loss of power, fire, water,
sprinkler system leakage, natural gas leakage, chemical spills, flooding and
exposed electrical wiring. Distribute procedures to all employees.
Emergency communications plan established and tested.
Regularly inspect buildings for structural deterioration, particularly at the roof level.
Promptly repair all structural problems (i.e., cracked beams, broken masonry and
mortar, damaged roof surfaces, etc.).
Design new buildings and modify existing buildings to conform to local, state and
federal building codes.
Anchor all structures, tanks and machinery to foundations.

Equip all incoming natural gas and fuel lines with automatic shutoff valves.
Secure roof-mounted HVAC and electrical equipment, lighting, signs, etc.

Have wood or metal covers available for windows and doors to prevent glass
breakage.
Locate towers, elevated tanks and signs and utility poles away from buildings.
backup system.
Maintain a windstorm emergency kit. Include flashlights, plastic sheeting, rope,

battery operated radio, blankets, first-aid equipment, hand tools, etc.
Maintain a backup water supply.


Page 2 of 2
Winter Storm/Cold Weather
Severe winter storms bring heavy snow, ice, strong winds, and freezing rain. Winter storms can prevent
employees and customers from reaching the facility, leading to a temporary shutdown until roads are
cleared. Heavy snow and ice can also cause structural damage and power outages.
Consider the following when preparing for a winter storm:
• Listen to National Oceanic and Atmospheric Administration Weather Radio (ex. National Weather
Service) and local radio and television stations for weather information:
Winter Storm Watch: Severe winter weather is possible.
Winter Storm Warning: Severe winter weather is expected.
Blizzard Warning: Severe winter weather with sustained winds of at least 35 mph is expected.
Traveler’s Advisory: Severe winter conditions may make driving difficult or dangerous.
• Establish procedures for facility shutdown and early release of employees.
• Store food, water, blankets, battery-powered radios with extra batteries and other emergency
supplies for employees who become stranded at the facility.
• Provide a backup power source for critical operations.
• Arrange for snow and ice removal from parking lots, walkways, loading docks, etc.
• Ensure that all dry pipe sprinkler systems have been drained completely and that all wet pipe
systems have been properly protected against freezing and cracking.
• Have roof structurally load tested against possible snow buildup and resulting snow collapse.
• Find out from the local Department of Transportation about plowing procedures and priorities.

Page 1 of 2
Winter Storm/Cold Weather Checklist
U = Unsatisfactory
S U N/A
Develop and practice a winter storm emergency response plan. Include provisions
for building evacuation, response to medical emergencies, loss of power, fire,
water, sprinkler system leakage, natural gas leakage, building collapse, and
exposed electrical wiring. Distribute procedures to all employees.
Establish and test emergency communications plan.
Develop and implement a deep freeze plan focusing on all utilities, especially fuel,
gas, sprinkler and water lines. Install alarms where needed.
Regularly inspect buildings for structural deterioration, particularly at the roof level.
Promptly repair all structural problems (i.e., cracked beams, broken masonry and
mortar, damaged roof surfaces, etc.)
Design new buildings and modify existing buildings to conform to local, state
and federal building codes.
Check roof snow-bearing adequacy. Put an excessive snow removal plan in place.
Equip all incoming natural gas and fuel lines with automatic shutoff valves.
backup system. Maintain adequate fuel supply.
Check established public and private procedures for snow and ice removal.
Maintain a winter storm emergency kit. Include flashlights, battery operated radio,
blankets and warm clothing, first-aid equipment, shovels, food and water, etc.


Page 2 of 2
Bomb Threat
Consider the following before responding to bomb threats in your organization:
• Develop a company policy on how to handle bomb threats.
• Develop a media policy and designate a media spokesperson if a bomb threat occurs.
• Inform employees on company’s plan of action in the event of a bomb threat.
• Train employees on how to handle these threatening situations.
• Increase internal security measures and state of readiness.
• Have professionals (ex. sheriff’s department, local police department) give training seminars to
employees to improve their techniques in handling these problems. Be sure to consider all
employees who might be involved in such an event such as receptionist, facilities, human resources
and managers.
• Make sure copies of a report form are available at the receptionist and others’ desks. There are a
number of quality forms produced by government agencies such as the Treasury Department Bomb
Threat Checklist. Or, use the following to record information:
Incident Report
Company Name:
Your Name: Date:
Telephone #: Ext:
What time was call received?
Record caller’s statements:
DO NOT INTERRUPT THE CALLER. IF THE CALLER SEEMS AGREEABLE TO FURTHER
CONVERSATION, ASK THE FOLLOWING QUESTIONS:
Where is the bomb hidden?
What time will the bomb detonate?
Why did he or she plant the bomb?
What floor is the device on?
Is the caller familiar with your company?
What type of device is it?
Additional Information:
Male Female
YES NO YES NO
Does person appear angry? Background Noise?
Can you determine an accent? Does person appear
calm?
Is it foreign? If so, what dialect? Outside phone?
Other: Good connection?

Page 1 of 1
Civil Unrest
Incidents of civil unrest are increasing in frequency. One commonly reads of mob violence or workplace
violence in the newspaper. The following are precautions that can be taken to minimize damage resulting from
these events:
• Develop company policy and response plan.
• Train all employees on how to handle these threatening situations.
• Increase internal security measures and state of readiness.
• Have professionals (ex. sheriff’s department, local police department) give training seminars to pertinent
employees to improve their techniques in handling these problems.
Civil Unrest Checklist
U = Unsatisfactory
S U N/A
Develop company plan for civil unrest, including reporting and evacuation
procedures.
Develop internal emergency communications procedures.
Have formal building access procedures in place.
Increase internal security measures and state of readiness.
Develop procedures and plans with local police and fire departments.
Put media communications plan in place. Instruct employees not to comment to

the press.
Have professionals give training seminars to pertinent employees to learn

techniques for handling these problems.


Page 1 of 1
Boiler Failure
Today, boilers are an ever-present element of everyday life. They are used for electrical generation, steam and
hot water heating, sterilization, cooking, and much more. A boiler essentially is a container in which water is
heated, steam is generated, steam is superheated, or any combination thereof, by the application of heat from
combustible fuels, electricity, or solar energy. Boilers are found in residential, industrial and commercial settings
worldwide.
Boiler failures may occur suddenly and without warning or may proliferate over a long period of time. Failures
can result from numerous circumstances and conditions such as improper operation and installation, operating
error, inadequate maintenance, natural catastrophes, etc. Additionally, boiler failures may act as a catalyst for
the failure of additional ancillary equipment located in the plant (such as air compressors, electrical
transformers, etc.).
Review the following guidelines to anticipate boiler failures:
Establish and document Standard Operating Procedures (SOP) for all of the boiler and ancillary equipment
maintenance (predictive and preventative) as well as operating procedures such as boiler start-up, boiler
shutdown, welding, boiler blowdowns, fuel switchover, etc.
Be aware of fire extinguishers, fire alarms and fire hose locations. Check routinely to make sure they are
working properly. Follow good housekeeping practices around the boiler and boiler room area, reducing the risk
of fires, slipping and falling.
Ensure that all of the boiler operating and maintenance staff are adequately and properly trained in the
operation, maintenance and safety of boilers and boiler room equipment. Review and document the boiler
operating certification, mandated by local regulatory codes.
Perform regular inspections on the steam, water, fuel and combustion systems of the boiler. Ensure proper
functionality of all operating and safety appliances/controls. Take steps to reduce hazards:
− Correct fuel leaks immediately, securing boilers or other heat sources as appropriate.
− Be aware of wet stains on insulation, piping and associated joints that may indicate a small leak that
could result in a major steam/water leak or failure.
− Ensure that all boiler ancillary equipment (such as boiler feed pumps, water softeners, etc.) is operating
correctly, safely and within design specifications.
− Check and verify proper operation of boiler operating controls and safety equipment.
− Perform approved and documented water analysis on boiler feedwater, boiler water and condensate as
outlined by the boiler OEM (Original Equipment Manufacturer) and/or water treatment consultant.
− Reduce excess debris and storage located within the boiler room, which may not only result in fires and
slip and falls but may also impede boiler room evacuation.
− Install emergency stop for remote shutdown of boiler and boiler room equipment
Ask your insurance carrier about recommended operating, maintenance and safety procedures. Have your
boiler inspected and maintained pursuant to the local regulatory codes. Perform internal and external
inspections as outlined by the boiler OEM (Original Equipment Manufacturer) and local boiler codes. Contact
your Boiler & Machinery insurance carrier for assistance in the completion of jurisdictional boiler inspections.
Review boiler and boiler room locations, identifying operations and production areas that may be damaged in
the event of a boiler failure or combustion explosion. Also, identify any hazardous materials that may be
disturbed in the event of a failure (i.e.: asbestos insulation, PCB transformers, etc.).
Evaluate all boiler production loads and demand, identifying critical loads and process needs that will need to be
addressed in the case of a boiler failure/outage.
Develop a plan for supplying the entire boiler critical load and process needs required for essential business
operations. This plan should include procedures such as:
− Boiler load shedding
− Rerouting of boiler process steam/hot water to critical operations
− Identifying boiler repair firms and equipment suppliers
− Identifying vendors and suppliers of rental boilers and boiler room equipment
− Identifying temporary hook-up locations and equipment for rental boilers and boiler room equipment
(examples are water, condensate, fuel, steam/water piping, etc.)
Identify all local regulatory codes that will need to be addressed with the installation of not only new boilers and
boiler room equipment but also rental boilers and backup boiler room equipment.
Establish procedures to determine whether an evacuation is necessary after a boiler failure. Designate areas
outside the facility, away from exterior walls and windows, where occupants should gather after a boiler failure if
an evacuation is necessary.
Keep copies of design drawings of the facility, boiler and ancillary equipment to be used in assessing the
facility’s safety after a boiler failure.

Page 1 of 2
Boiler Failure Checklist
U = Unsatisfactory
S U N/A
Develop and practice a boiler failure emergency response plan. Include provisions
for response to medical emergencies, loss of power, fire, water, sprinkler system
leakage, natural gas leakage and chemical spills.
Develop a boiler failure/outage response plan that identifies vendors and suppliers
of rental boilers and boiler room equipment, boiler repair firms, welding firms,
contacts for local municipalities (water/gas/electricity), water treatment consultants,
local regulatory codes, etc.
Follow all local regulatory codes when installing, retrofitting, welding and
performing all maintenance on new and rental boilers and boiler plant equipment.
Review Standard Operating Procedures (SOPs) for boilers and boiler room
equipment, performing approved pre-operating and operating checks regularly.
Perform internal and external inspections as outlined by the boiler OEM (Original
Equipment Manufacturer) and local regulatory codes.
Review boiler and boiler room locations, identifying operations and production
areas that may be damaged by a boiler failure or combustion explosion.
Identify all hazardous materials that may be damaged or disturbed in the event of a
failure (ex. Asbestos, PCBs, etc.).
Perform an evaluation on all boiler production loads and demands, identifying
critical loads and process needs that should be addressed in the case of a
failure/outage.
Furnish all incoming natural gas, fuel oil, LPG and fuel sources with isolation and
automatic shutoff valves.
Furnish all water, steam and condensate systems with isolation and automatic shut
off valves.
Regularly inspect the boiler and boiler room, performing safety and operating
inspections on the steam, water, fuel and combustion systems.
Maintain fire extinguishers, fire alarms, fire hoses, and first-aid kits in the boiler
room areas.


Page 2 of 2
Hazardous Materials
Hazardous materials are substances that are either flammable, combustible, explosive, toxic, noxious,
corrosive, oxidizable, irritating, or radioactive. A hazardous material spill or release can pose a risk to life,
health, or property. An incident can result in the evacuation of a few people, a section of a facility or an entire
neighborhood.
There are a number of Federal laws that regulate hazardous materials, including: the Superfund Amendments
and Reauthorization Act of 1986 (SARA), the Resource Conservation and Recovery Act of 1976 (RCRA), the
Hazardous Materials Transportation Act (HMTA), the Occupational Safety and Health Act (OSHA), the Toxic
Substances Control Act (TSCA) and the Clean Air Act.
Title III of SARA regulates the packaging, labeling, handling, storage and transportation of hazardous materials.
The law requires facilities to furnish information about the quantities and health effects of materials used at the
facility and to promptly notify local and State officials whenever a significant release of hazardous materials
occurs.
Consider the following when developing your incident plan:
• Identify and label all hazardous materials stored, handled, produced and disposed of by your facility.
Follow government regulations that apply to your facility. Obtain material safety data sheets (MSDS) for all
hazardous materials at your location.
• Ask the local fire department for assistance in developing appropriate response procedures.
• Train employees to recognize and report hazardous material spills and releases. Train employees in
proper handling and storage.
• Establish a hazardous material response plan:
- Establish procedures to notify management and emergency response organizations of an incident.
- Establish evacuation procedures.
- Depending on your operations, organize and train an emergency response team to confine and control
hazardous material spills in accordance with applicable regulations.
- Identify other facilities in your area that use hazardous materials. Determine whether an incident could
affect your facility.
- Identify highways, railroads and waterways near your facility used for the transportation of hazardous
materials. Determine how a transportation accident near your facility could affect your operations.

Page 1 of 2
Hazardous Materials Checklist
U = Unsatisfactory
S U N/A
Develop and practice a hazardous incident emergency response plan. Include

provisions for containment, building evacuation and response to medical
emergencies. Distribute procedures to all employees.
Keep containment supplies and proper containment equipment on hand such as

absorbent materials, tarps and off-the-shelf containment equipment.
Have a proper hazard communication program including complete Material Safety

Data Sheets on hazardous substances used.
Familiarize fire department with hazardous chemicals in plant. Send them copies
of MSDSs if they keep such records.
Survey transportation routes (roads, highways, railroads and waterways) for

possible hazardous materials incidents.
Survey neighborhood and other facilities for possible hazardous materials

incidents.
Maintain a hazardous incident emergency kit. Include containment materials

(gloves, face shields, respirators, drums, etc.).


Page 2 of 2
Power Outages
Power outages or technological emergencies resulting from power outages include any interruption or loss of a
utility service, power source, life support system, information system or equipment needed to keep the business
in operation.
Consider the following suggestions when planning for technological emergencies:
• Identify all critical operations, including:
- Utilities including electric, power, gas, water, hydraulics, compressed air, municipal and internal sewer
systems, and wastewater treatment services.
- Security and alarm systems, elevators, lighting, life support systems, heating, ventilation and air
conditioning systems and electrical distribution system.
- Manufacturing equipment and pollution control equipment.
- Communication systems, both data and voice computer networks.
- Transportation systems including air, highway, railroad and waterway.
• Determine the impact of service disruption.
• Ensure that key safety and maintenance personnel are familiar with all building systems.
• Establish procedures for restoring systems. Determine need for backup systems.
• Establish preventive maintenance schedules for all systems and equipment.
Power Outage Checklist
U = Unsatisfactory
S U N/A
Develop formal company response plan for technological emergencies such as

power outages.
Formally review all departments’ equipment and operations to determine which

equipment and applications are critical.
Ensure that all critical equipment have backup power and/or UPS systems.
Ensure that all software applications and data have backups.
Ensure backup computer and telecommunications equipment is available if

necessary.
Develop security policy/program for both in-house and network computer

operations.
Establish preventative maintenance schedules for all equipment.


Page 1 of 1
Vital Records Storage
Both vital records programs and corporate business continuation plans deal with the protection of information. They
are integral components of any comprehensive corporate asset preservation program.
The loss of information contained on vital records can affect business continuity, stockholder equity, legal or
regulatory compliance and financial stability. The loss of such can result in business failures.
The purpose of a vital records program is to identify and classify vital records and valuable papers and determine
the amount of protection necessary against hazards such as: fire, smoke, water, building collapse, chemical
reaction, contamination, etc. In business continuation planning, the protection and availability of vital records is
important to the survival of the business during the emergency response, recovery and restoration phases.
Vital records can be derived from many sources, take on many forms and be kept on various media. Operational or
functional sources of vital records include: finance, production, sales, human resources, administrative, customers
and vendors, legal, maintenance, R&D, etc. Vital records can be: correspondence, contracts, memos, books,
notebooks, laptops, databases, etc. The media on which they are recorded can be: paper, microfilm, microfiche,
CDs, tapes, optical discs, etc.
Vital records are those documents that are irreplaceable or that contain information for which the temporary
unavailability could constitute a serious legal or business impairment. Typically, these types of documents would be
considered vital:
1. Records that must be original and for which a reproduction cannot be substituted;
2. Records needed promptly to sustain the business or recover monies with which to replace buildings,
equipment, raw materials, finished goods and work in process;
3. Records needed to avoid a delay in restoration of production, sales and service;
4. Records of high intrinsic value; and,
5. Records essential to the reconstruction of other records.
It’s hard to quantify the amount of information that is considered “vital’ to a firm. While the costs involved in
developing, implementing and maintaining a vital records management program can be substantial, they can be
offset by the financial benefits of increased efficiency, effective space management and a reduction in directors and
officers liability.
Vital Records Storage Checklist
Date:
S = Satisfactory
U = Unsatisfactory
S U N/A
Develop a formal comprehensive Vital Records plan. Vital Records are identified,
categorized and labeled with handling procedures established, locations
documented, access during an emergency defined and backups made as an
operating procedure.
Comprehensive filing system has been established to organize and locate vital
records quickly.
All vital records have been copied or backed up and stored offsite.
Equipment necessary for running backup media has been identified and is in
place.
A record retention vendor has been selected. Its facility has been surveyed for
ambient storage conditions, storage practices, fire protection and security.
Procedures for vital record transportation are in place and practiced.
Employee access to critical documents is limited, and an authorization procedure
is in place.
Employees have been trained on proper vital records handling, storage and
backup procedures.
List of records restoration vendors has been developed for emergencies.

Page 1 of 1
Emergency Response Plan
Emergency response planning (ERP) is the process of developing procedures--in advance--that enable
an organization to respond to a disaster. This process would include actions such as warnings, command
and control, shutdown and evacuation.
The ERP is activated when an unexpected disaster event such as a fire or earthquake occurs or if a
forecasted event such as a hurricane is imminent. The plan responds to the disaster event from the
moment that it occurs until people are safe and no further property damage is incurred.
This flowchart outlines the steps taken during emergency notification and identifies who is responsible for
those actions. Remember: not all events are emergencies, and not all emergencies become disasters. A
hasty decision to declare a disaster can be more
Event Notify Primary
disruptive than the event itself. A timely and
Occurs Contacts appropriate response, however, is necessary to protect
employees and property. The ERP notification
procedures are also used to activate the business
Immediate Yes
Notify continuity plan once damage assessments occur. In
Emergency
Threat
Services this example, the emergency management team is
responsible for declaring a “company disaster.”
No
Emergency response plans are components of an
ConductInitial No Evacuation overall business recovery plan and are often a good
Evaluation Necessary
short-term starting point for action.
Yes
Use the ERP checklist to review an existing plan or to
Notify
Initiate
create a new one. The checklist can be used to assess
Emergency
Team Evacuation your firm’s emergency response capabilities. Use the
Procedures
resulting information as a guide for developing your
company’s ERP. This approach will help facilitate the
management, development and completion of your
Conduct Detailed Use Emergency company’s emergency response plan.
Damage Assessment Evaluation Worksheet
There are an overwhelming number of issues to

consider as a company begins the ERP process. We
Make Declare
have categorized the various issues into functions often
No Use Disaster
Repairs Disaster
Declaration Process Chart included in an ERP and provide checklists in each of
the areas. The number of checklists used and the
Yes extent to which the action items are completed will vary
with each firm depending on the complexity of its
Activate business and operation. At a minimum, every ERP
Business Recovery Plan
should include these functions: Direction and Control,
Emergency Notification, Notification Systems, Facility
Shutdown and Evacuation. These functions are the
core of the ERP. They outline the need for defined policies, procedures, responsibilities and tasks.
Consider obtaining the Federal Emergency Management Agency publication FEMA 141 Emergency
Management Guide for Business & Industry to assist with developing an ERP.
ERP Fundamental Forms Additional Forms
- Direction and Control - Administration and Logistics - Security
- Emergency Notification, - Emergency Services - Fire and Rescue
Notification Systems
- Facility Shutdown - Communications - Health/Medical
- Evacuation - Shelter - Engineering
- Supporting Materials - Relocation

Page 1 of 3
The Emergency Response Planning Process
Establish Planning Team
There must be an individual or group in charge of developing the emergency response plan (ERP). The
following is a guide to establishing a planning team.
Form the planning team: The team should represent a cross section of employees from management to
line staff. Important functional areas that should be represented would include: upper management,
facilities, human resources, IT, safety and health, operations, business units, etc.
Establish authority: Upper management must show commitment to the planning process by “authorizing”
the team to take the steps necessary to complete the plan. The planning team will get better cooperation
from other workers when management supports them. The team should report to upper management or
be led by someone at that level.
Issue a mission statement: Upper management should issue a mission statement that demonstrates the
company’s concern for worker welfare. The statement will define the purpose of the plan and authorize
the team to complete the ERP. This mission statement should be included in the introduction of the
finished ERP.
Establish a schedule and budget: The team should develop a project schedule with deadlines and
milestones. Upper management should allocate funds to support the ERP project. Some project
expenses may include training, use of outside consultants, ERP software, etc.
Analyze Exposures and Capabilities
Gather information about vulnerabilities and current exposures at your company and define the
capabilities to eliminate or mitigate them. The Risk Assessment Matrix can be used to identify and
quantify the risks and threats posed to your company. This form has a completed sample matrix as well.
You may already have your company’s risk assessment matrix because it is one of the initial steps for
developing an overall business recovery plan. However, this may be a good opportunity to review and
update the matrix. Comparing the results of the ERP checklist with the risk assessment matrix can help
to review your company’s current emergency response capabilities.
Develop Plan
Plan Components
Once the risk analysis and the capability assessment are completed, it is time to document the
emergency response plan. The following basic components should be in each plan:
Executive Summary informs company personnel about the purpose of the plan, the company’s ERP
policy, authorized ERP personnel and upper management commitment to business recovery
planning.
Emergency Management Elements describe the company’s approach to some core ERP components
such as property protection. They also highlight the communications and community outreach
activities and outline the administrative and logistical requirements for the process. At its core, the
plan requires details for life safety precautions, necessary restoration and recovery tasks and details
of who will be directing and controlling business resumption activities. These elements are the
foundation of the ERP and must be detailed in the plan.
Emergency Response Procedures detail how a company will respond to emergencies. They
instruct employees on what action to take to mitigate casualties and property loss during an
emergency.
Support Document outlines critical documents needed during an emergency. These may include
the plan itself, phone lists, site plans, checks, resource lists, etc.

Page 2 of 3
Consider these activities when developing your plan:
Identify Challenges and Prioritize Activities to determine specific goals and milestones. Make a list
of tasks to be performed, by whom and when. Determine how problem areas and resource
shortfalls will be addressed.
Write the Plan and assign each member of the team a section to write. Establish an aggressive
timeline and schedule with specific goals.
Establish a Training Schedule and assign responsibilities to develop training resources and
schedules.
Coordinate With Outside Organizations and meet periodically with local government agencies and
community organizations and inform them about your company’s ERP. Determine local and State
emergency reporting procedures and integrate them into the ERP procedures.
Maintain Contact With Other Corporate Offices if your firm has many locations and divisions and
each maintains its own ERP; integrate all the plans into one master plan.
Review, Conduct Training and Revise plan by conducting tabletop exercises to determine
feasibility of the plan. Revise ERP from data gathered during the exercises.
Seek Final Approval in writing. Approval from upper management that the plans will be supported
both financially and with the necessary human resources is important.
Distribute the Plan, while not always considered part of development, it will be important to bring
things to conclusion and distribute your information. Make sure employees have the plan,
particularly key personnel with ERP responsibilities.
Implement the Plan
Implementing a company ERP means more than simply exercising the plan during an emergency. It
means acting on recommendations made during the risk assessment analysis; integrating the plan into
company operations; training employees; and continuously evaluating and updating the plan.

Page 3 of 3
Emergency Response Plan (ERP) Checklist
Date:
Completed By:
Company:
Address:
Phone Number:
Emergency Response Plan for:
Does your plan have provisions for: YES NO N/A
Who will be in charge in the event of a disaster?

Lines of succession to ensure continuous leadership, authority and responsibility for key
positions?
Establishing specifics for setting up an Emergency Operations Center (EOC) and identifying
personnel assigned to the EOC during an emergency?
Identifying an alternate EOC location in case the primary location is unable to function?
Description of methods of communication between the EOC and response teams, as well as
with other company locations, adjacent businesses, and local government emergency
services (police, fire, medical, etc.)?
Placement of recall communications for contacting response teams, including current
notification lists?
Procedures for updating the notification lists, with copies to key employees?
Determining the criteria for ordering an evacuation, who will announce it and how it will be
communicated?
Placement of evacuation routes on maps? Do they indicate routes so that each employee
has two escape options?
Building and site plans including utility shutoffs, fire hydrants and fire extinguishers?
Drills to train all personnel to safely evacuate and then follow check-in procedures? Are
plans in place for assisting persons with disabilities and non-English-speaking personnel
during evacuations?
Stating the individual employee’s role in the event of a disaster?
An updated supplier and customer list to communicate to them the status of operations
following a crisis? Is a backup copy of it located offsite?
Appointing and training a media spokesperson to communicate a single overriding message
that will portray the organization positively during a crisis?
Response plans, with training and exercises completed, to help mitigate injury and damage
from the potential disasters on the next page?

Emergency Response Plan Checklist
Page 1 of 2
RISK OR HAZARD YES NO N/A RISK OR HAZARD YES NO N/A
Flood Earthquake
Winter Storms/Cold Weather Bomb Threat
Water Leaks/Surface
Fire
Water
Power Outages Programming Errors
Internet/Computer Related
Tornado/Windstorm
Disruptions
Gas Leaks Vandalism
Hazardous Materials Denial of Access
Communication Failure Sabotage
Contamination Embezzlement
Civil Unrest Theft
Fraud Terrorism
Beginning with the fundamental components of an Emergency Response plan, we have provided some
checklists to encourage dialogue and planning. The first four checklists are recommended as
fundamental planning tools. Use others as needed in your operations. Select from the following:
Detailed Checklists
ERP Fundamental Forms Additional Forms

- Direction and Control - Administration and Logistics - Security
- Emergency Notification, - Emergency Services - Fire and Rescue
Notification Systems
- Facility Shutdown - Communications - Health/Medical
- Evacuation - Shelter - Engineering
- Supporting Materials - Relocation

Emergency Response Plan Checklist
Page 2 of 2
Direction and Control Checklist
This function includes the use of a centralized management center for emergency operations. Known as the
emergency operating center, or EOC, this center is used to facilitate policymaking, coordination and control of
operating forces in a large-scale emergency situation. It must cover the process of obtaining and analyzing
emergency management information to provide a basis for decision-making. It should describe the use of
alternate EOCs and disaster site command posts, as appropriate.
Date: Yes = Complete

No = Requires Action
Indicating who is in charge for each emergency or disaster situation and citing the
location of the EOC or on-the-scene command post from which direction and control
will emanate?
Determining the need to evacuate the facility or site and when to issue evacuation
orders?
Identifying the individual responsible for issuing evacuation orders and how those
orders will be announced?
An alternate EOC site to serve as a backup if the primary EOC is not able to
function?
Identifying the personnel assigned to the EOC for emergency operations?
Logistical support for food, water, lighting, fuel, etc., for the emergency response
force?
Timely activation and staffing of emergency response teams and/or personnel?
Assigning operational and administrative support for emergency response
activities?
A clear and concise summary of emergency functions, direction, control
relationships and a support communications system?
Ensuring that EOC staff members can be recalled on notice?
Describing EOC functions, layout, concept of operations, duties of staff, use of
displays and the process used to bring the EOC to full readiness on a 24-hour
basis?
Protecting resources (essential personnel and equipment) during disaster
situations?
Implementing resource controls?
Safeguarding essential and vital records?
Monitoring and reporting disaster effects capability?
Central coordination point(s) for receiving, analyzing, reporting and retaining (events
log) disaster-related information (property damage, fire status) for EOC staff and/or
response teams?
The EOC staff to acknowledge/authenticate reports?
Identify corrective action for all NO responses.


Direction and Control Checklist
Page 1 of 1
Emergency Notification Checklist
This functional activity should increase employee awareness of hazards and provide active channels for
informing and advising them about appropriate actions before, during and after emergencies. Effective
collection and dissemination of information will help to control rumors and minimize dysfunctional responses.
Plans for developing and disseminating information material on preparedness, safety measures, evacuation
procedures, etc. should be covered. Consideration should be given to establishing procedures for dealing with
the media during an emergency in case the company’s facility is affected by a disastrous situation.

Assigning responsibility to assure that all employees understand the warning

signals, receive general instructions on what to do in an emergency, and know
where to go and how to get to their shelter areas and/or disaster stations?
The preparation of emergency employee guidance material based on all hazards

affecting the company?
Distributing emergency information materials to employees—using all sources
available such as printing them in the company newsletter or magazine, making
safety tip announcements over the public address system, showing disaster films by
FEMA and others, handing out pamphlets with paychecks or in the company
cafeteria and posting instructions on bulletin boards?
The dissemination of emergency information and instruction material for any visually
impaired and non-English-speaking workers?
Posting safety tips, locations of fire exits, evacuation routes, etc. on bulletin boards
and in other prominent areas of the building?
Providing special instructions to any key workers expected to continue operations
as to what their roles will be, including information about provisions made for their
safety and that of their families?
Including emergency response activities on the agenda of regularly scheduled
meetings for supervisory staffs?
Supervisors and foremen to meet regularly with their staffs to discuss the provisions
in the Emergency Plans?
Routine briefings for all employees when they first join the company to acquaint
then with the emergency plan and the response roles they will be expected to
assume?
Scheduling general safety training measures for all employees and specific
response action training for all response team members on a regular basis?
Designating an information office to act as the official point of contact during an

emergency?
Assigning a spokesperson to handle all contact with the news media?
Authenticating all sources of information received and then verifying them for
accuracy?
Rumor control?


Emergency Notification Checklist
Page 1 of 1
Notifications Systems Checklist
Management must receive timely information on impending threats to the facility and be able to transmit
information rapidly to key staff and all employees. Systems must be in place to disseminate information to key
emergency response staff and all other employees. Timely forecasts of all hazards require emergency
preparedness of response actions. All aspects of existing warning systems must be identified, and provisions
must be made to implement them as needed.

Receiving warnings from the weather service or local government when hazardous
situations threaten the facility?
Warning employees in the event of disaster?
Describing the warning system (ex. alarms, paging systems, detectors, word-of-
mouth) used to alert the workers of danger?
An alternate means of warning to back up the primary notification system?
Defining the responsibilities of departments or personnel and describing activation

procedures?
Warning local government and nearby establishments of onsite disasters that might
spread to areas outside the facility?
Requesting emergency assistance from local agencies (fire, police, medical, etc.)?
Differentiating warning signals that identify specific threats or require specific

response actions?
Warning any hearing-impaired and non-English-speaking workers?
A 24-hour warning point to alert key officials and to simultaneously activate all
warning devices?
Notifying key officials and/or request offsite assistance in the event of an

emergency?
Routine checks of the warning system to assure it is functioning properly?


Emergency Notification Systems Checklist
Page 1 of 1
Evacuation Checklist
The goal of this function is to evacuate people and move resources (equipment, supplies and inventory) out of
threatened areas. Evacuation is an expedient option that depends on sufficient warning time to get away from
an impending disaster. As assortment of evacuation options should be available to the decision-maker that are
tailored to the different types of hazards, both natural and man-made. The plan should establish clear and
detailed procedures for carrying out complete or partial evacuations from buildings, the facility site or an entire
area in an organized manner. While the functional procedures for an area evacuation include ingredients of a
major plan, they are an integral part of the company’s overall emergency operations plan. Therefore, it is very
important that evacuation planning be coordinated with all other elements of the company emergency
operations plan as well as with the government authorities in the respective communities involved.
Depending on the emergency circumstances, evacuation of a building, site or area will require provision for
completing a number of concurrent and sequential actions, all of which should be addressed via written
procedures. Procedures with more than one required action (a process shutdown, for example) should have
individual checklists established so that important response sequences will not be overlooked. Further, all the
interactions and dependencies among these responses need to be identified and thought out in a systematic
fashion, so a proper sequence can be established. This helps to ensure that operations flow smoothly.

Describing the conditions under which evacuation would be ordered?

Developing evacuation procedures, with appropriate options for the various hazards
to prevent that avoid potential secondary hazards (i.e., live high-voltage wires that
could fall, fuel lines that could be ruptured by earthquake explosion or fire damage,
etc.)?
Coordinating site and area evacuation procedures with local officials?
Identifying the individual responsible for ordering an evacuation and establishing
lines of succession for carrying out evacuation functions?
Defining the conditions under which it would be safe to complete facility shutdown
before ordering general evacuation?
Describing the alerting and communication systems for signaling impending or
immediate evacuation for each type of evacuation your facility requires?
Procedures for search and rescue teams to follow if evacuation alarms are
inoperative?
Maps indicating evacuation routes from buildings and the facility site?
Clearly marked evacuation routes throughout company facilities with two exit
options (and fire escapes where needed) for every employee?
Safety lighting (to ensure adequate light for evacuation during a power outage) in
stairwells or corridors?
Assuring that all personnel know the evacuation routes, routines and check-in
procedures for both area and site evacuations?

Page 1 of 2
Evacuation Checklist (continued)
Assisting any handicapped employees to evacuate?
Special attention to ensure that any non-English-speaking employees understand

warning signals and know where and how to evacuate the workplace?
Identifying public/company-provided safe reassembly areas that will not leave

evacuees exposed to adverse weather conditions—below freezing temperatures,
driving rains, etc.
Assigning responsibility in an evacuation to specific floor or area captains to ensure

all personnel get clear?
An organized head count to ensure that all facility occupants have exited?
A system to identify missing persons?
Ensuring that vital records are evacuated or can be replaced?
Identifying critical equipment to be evacuated and explaining how and by whom it

will be moved?
A facility status report to specified company and civil authorities from the
responsible onsite person following a site evacuation?
Periodic evacuation drills at all facilities?
Designating responsible staff members (by name and title) to maintain and update
the evacuation plan on a standby basis?


Page 2 of 2
Facility Shutdown Checklist
This function requires well-established procedures to shut down equipment and utilities during an emergency or
the entire facility when evacuation is necessary. It provides for the protection of company facilities, equipment
and supplies that will be essential to rapid restoration of operations after the disaster. It covers damage
assessment and control and emergency protection measures. It defines and assigns the responsibilities for the
protection of company property and classified materials before employees leave workstations. Each of the
provisions listed below may play a critical role in preserving life and/or preventing property damage. To be
properly prepared for any hazard that could threaten the facility, the shutdown procedures developed need to be
based on thoughtful consideration of what additional events might occur in conjunction with each threat and
each required action involving emergency response.

Indicating under what conditions shutdown must occur to be considered?
Identifying who will make the decision to shut down equipment, utilities or the
facility?
Specifying who is responsible for carrying out shutdown? Assigning specific roles
for equipment and utility (gas, electric and water) shutoffs as well as for checking
automatic shutoffs (and for doing it manually if the automatic system fails)?
Identifying who will be equipment shutoff backup? Requiring report of shutdown
completion to EOC?
Establishing a prearranged order or signal to initiate shutdown procedures

appropriate for the impending hazard?
Providing a list of equipment and instructions on how to complete an emergency

shutdown?
Facility layout diagrams to show where to turn utilities and equipment off?
Posting shutdown instructions on or near control panels, valves, switches and

operating mechanisms of each piece of major equipment?
Instructing and training personnel to implement the emergency shutdown

procedures?
Designating personnel to close doors and windows, tie down loose equipment,
move equipment and supplies to shelter areas and barricade windows and doors?
Identifying and protecting valuable and sensitive tools, instruments, machinery and
materials? Precious metals, original drawings and blueprints, and vital records
should be placed in locked storage or moved to safer locations if time permits.
Large machinery can be hardened in place by sandbagging or by using dirt piled on
equipment first covered with plastic or tarpaulin.
Protecting equipment and material stored outside by banding, tiedown, moving

critical or valuable items to inside storage, or moving mobile equipment to high
ground or to protected sides of the buildings, as circumstance requires and time
allows?
Establishing damage assessment and control techniques to minimize property loss

during a disaster?
Having a department manager test shutdown procedures for utility services and
equipment?


Facility Shutdown Checklist
Page 1 of 1
Administration and Logistics Checklist

Review and written concurrence from all company departments assigned

emergency responsibilities?
Approval and promulgation by the chief executive of the company?
A specific date by which management will approve the planning activities?
Identifying the office or individual (by job title) that is responsible for the
maintenance (review/update) of the plan and for ensuring that necessary changes
and revisions to the plan are prepared, coordinated, published and distributed?
Updating, as necessary, based on deficiencies identified through drills and

exercises, changes in organizational structure, technological changes, etc.?
A resource inventory listing that includes source and quantity? (This listing should
include lighting, first aid, medical, firefighting and other basic emergency response
support equipment.)
Statements that identify additional emergency resource requirements for personnel,

equipment and supplies?
Easily locating specific topics of the plan such as through a table of contents or
using an index in the completed document?
Training response staff and specialized teams to carry out emergency functions?
Reviewing those portions of the plan actually implemented in an emergency event

or in an exercise to determine if revisions can be made to improve disaster
response and recovery operations?


Administrative Checklist
Page 1 of 1
Emergency Services Checklist
Emergency services for security, firefighting and rescue, medical, and engineering should be geared to the size
and complexity of the facility involved and to the problems likely to arise. In many businesses, emergency
duties can be assigned to teams from the existing employee population. We identify individuals who perform
emergency services as emergency response team (ERT) members. They form the nucleus of the operating
forces and will be called upon to accomplish vital jobs during an emergency. ERT duties may require one or two
individuals at a small facility or involve several dozen people in a large organization. (It is always safer to have
teams of two or more.) To be effective, preparations for the functional response are necessary. Two major
benefits derived from an ERT are a faster response time and a greater technical knowledge of the company’s
facilities, processes and materials. Knowledge enables the ERT to deal with emergency tasks with optimum
effectiveness. ERT members should develop quick reaction checklists for their specific tasks in the event of an
emergency. The ERTs collectively perform the services that allow the company to react to and recover from
disaster events. The teams also are involved in implementing evacuation operations.

YES NO N/A
Does your plan have provisions for:
Maintaining current notification/recall rosters for each ERT?
Advising personnel of specific risks associated with handling hazardous materials

and of the best means to protect themselves?
Obtaining appropriate equipment, instruments and protective clothing (as

necessary) for ERT members to perform emergency tasks?
Assuring that ERT members understand how and when to use response equipment,
instruments and protective clothing?
Standard operating procedures for each response team describing how the team
will accomplish its assigned tasks and how it will deal with the various hazards?
Entering into mutual aid agreements with other private sector companies, state and
local government service agencies, and volunteer agencies?
A plot plan (site plan, map of buildings and grounds) including utility shutoff
locations; water hydrants and mains; storm drains and sewer lines; fences and
gates; natural gas or chemical pipelines; name of each building; and street names
and street number directions?

Page 1 of 2
Emergency Services Checklist (continued)
YES NO N/A
A building plan (floor plan for each building) including: room layout indicating the
materials to be typically found in each room or area, with notes on quantities and
storage container; alarm (and detector) locations—with file on equipment
specifications and maintenance; fire extinguisher locations; exits, stairs, elevators,
escape routes; sprinkler layout and control point; HVAC system control point
(mechanical room, boiler room) and notes on control for smoke ventilation and air
distribution system; and notes on type of construction of walls, floors, and roof?
Supplying copies of the organization’s plot and building plans to local fire and police
departments?
Handling inquiries and informing families on the status of employees separated from
them, especially if injured or missing, due to a disaster event?
Logistical support during emergency operations?
Reporting the appropriate information (casualties, damage assessment, evacuation

status, etc.) to the EOC during emergency operations?
Direction and control of ERT personnel during emergency operations?
Designating a representative for each ERT to report to the EOC to advise decision-
makers, to coordinate with other operating forces, and to direct and control the team
response?
Recovery operations during disaster events?


Page 2 of 2
Communications Checklist
This function deals with establishing, using, maintaining, augmenting and providing backup for all channels of
communication needed for emergency response and recovery. Effective communications are dependent on
planning and establishing coordinated response and communication procedures that everyone understands.
Further, experience has shown that communications options will be more likely to work in an emergency if they
are part of the day-to-day operating system. Systems that are critical to everyday operations are immediately
repaired when failures are encountered, and maintenance staff will be well acquainted with the systems.

Primary and backup communication systems with generators or extra batteries

(fixed and mobile available)?
Describing the methods of communications between the EOC and response teams,
alternate company operating locations, adjacent firms and local government
emergency services (fire, police, etc.)?
Detailing the communication requirements for emergency response organizations

and warning systems?
Two-way cellular or radio communications between the EOC and emergency

response forces if available?
Assuring the response team members (and their backups) assigned to

communications talks know where to obtain communications equipment and how to
operate it effectively and understand communications terminology?
Recalling communications staff or team members on short notice?
Obtaining additional telephone services during emergencies?
Listing key telephone numbers for industry emergency assistance organizations?


Communications Checklist
Page 1 of 1
Shelter Checklist
Appropriate shelter should be provided when needed to protect employees from the effects of any disaster. Use
of shelter within the workplace or in a nearby public building may be the most effective way to protect people
when evacuation from the risk site is not feasible. This function addresses the conditions under which people
should be placed in protective shelters and how the decision to do so would be implemented. The plan should
describe any onsite shelter capacity. The federal government conducts a continuing nationwide survey of public
and private structures to identify shelter space that can be used to protect the public from natural hazards.
Those companies that have not been surveyed under this program may request assistance from state and local
emergency management agencies to assure that their proposed shelter areas provide adequate protection for
their employees. Responsibility for shelter maintenance and management should be established for onsite
shelters. If there are no adequate shelter spaces in company buildings, the plan or checklist should identify
those public shelter facilities that local emergency management officials have allocated for the company
employees.

Identifying existing shelter space in company facilities? Include capacity for

disasters such as tornadoes and hurricanes.
Orderly movement to onsite shelter with a general traffic pattern and ready-made
directional signs?
Assigning corridor, floor and building wardens to assist employee movement?
Crisis stocking of food, water, medical supplies and other necessities for shelter
stay? (For onsite company shelters only.)
Designating shelter managers and support staff?

Coordinating with local authorities to identify shelter locations assigned to company
employees outside the facility in accordance with the community’s in-place shelter
allocation?
Printed instructions advising employees of shelter locations and routes to get there
either within the facility or nearby?
Coordinating all key worker shelter needs with the local government?
Determining when occupants can be released from shelter?

Shelter Checklist
Page 1 of 1
Supporting Materials Checklist
Once you and your team have created an ERP, you will want to review it. Does your plan include
provisions for supporting materials such as maps, organizational items, contact lists and identification of
local resources and signed agreements?

Maps Building floor plans, plot plan (site plan, building, grounds, utilities, fire
protection systems, emergency shutoffs), street maps and other appropriate maps.
Procedure Charts Simple organizational charts with the name, titles, addresses
and telephone numbers of key emergency personnel. These charts will be useful
before and during emergency operations. Use the charts to illustrate who is
responsible for key activities such as dealing with local government, other industries
and those who have emergency equipment or supplies.
Contact Lists Contact lists provide telephone or pager numbers of key personnel.
These lists should include names, addresses, telephone numbers and
organizational responsibilities for emergency operations. Alternates should be listed
in case primary personnel are not available. Company officials should carry pocket
cards containing the names, telephone numbers and locations of local government
and company emergency services staff and facilities.
Listing of Local Resources A resource listing of major sources of additional

workforce, equipment and supplies. The document identifies resources by
company, location, type and number of skilled workers, equipment and supplies
available in the community. The resource listing is updated annually.
Mutual Aid Agreements Agreements among companies and government

agencies to assist one another within defined limits, during major emergencies. The
direction and control and emergency service staffs should be aware of the
provisions of these agreements.
Glossary of Terms To be effective, the plan should use terms that mean the same
thing to everyone concerned. To accomplish this, include a glossary of terms as a
separate appendix.


Maps and Supporting Materials Checklist
Page 1 of 1
Security Checklist

Traffic control during an emergency?
Assisting movement to a shelter or to evacuate the facility?
Security for critical resources?
Keeping order in emergency shelters?
Protecting company property in damaged areas?
Evacuating disaster areas during emergency operations?
Training in sabotage prevention for security force?


Security Checklist
Page 1 of 1
Fire and Rescue Checklist

YES NO N/A
Deploying fire/rescue teams and equipment in the event of an emergency?
Storing fire control equipment where it will be accessible despite direct hazard
effects (earthquake, fires, etc.)?
Assuring that team members know how to operate rescue equipment?
Fire protection in emergency shelters?
Advising decision-makers about the risks associated with hazardous materials?
Rescuing injured people during emergency operations?
Alerting all emergency services to the dangers associated with the technological
hazards and fire during emergency operations?


Fire and Rescue Checklist
Page 1 of 1
Health/Medical Checklist

Selecting and setting up emergency casualty stations for screening casualties,

administering first aid, initiating identification and casualty records, and arranging
transportation to medical facilities if necessary?
Obtaining emergency medical support during an emergency?
Maintaining an adequate inventory of medical supplies for emergency use?
Emergency procedures for exposure to onsite chemicals and for dealing with the
injured who may also be contaminated?
First aid training for personnel assigned to supplement medical staff?
Health/medical care at any facility shelter?
Information programs to ensure good health under shelter conditions?


Health/Medical Checklist
Page 1 of 1
Engineering Checklist

Establishing and testing shutdown procedures?
Precautions, as necessary, to protect equipment during shutdowns and to preserve

it over extended periods of nonuse?
Maintaining drawings showing locations of utility key valves, switches, feedlines and
hazardous areas?
Backup electrical power to the EOC and essential production lines?
Preparing and maintaining a resource list that identifies source, location and
availability of equipment, (dump trucks, fuel, etc.) to support disaster response
recovery operations?
Damage assessment reports?
Restoring utilities to critical and essential facilities?
Postdisaster repairs and restoration of facility and services?
Sanitation services for emergency facilities?
Maintaining adequate water supply after shutdown for drinking, firefighting,

decontamination and sanitation?
Identify corrective action for all NO responses


Engineering Checklist
Page 1 of 1
Relocation Checklist
Your company may elect to evacuate threatened areas as organizational units and, if feasible, continue
operations in a limited capacity at an alternate location. Movement of employees and their families to
prearranged locations requires extensive planning and coordination. Be sure to consider both your
company’s emergency organization and governments’ emergency management officials at the various
locations.

Coordinating evacuation activities (traffic control, route designations, staging areas,

etc.) with the local governments of the jurisdictions through which the employee
convoy will travel?
Designating primary and secondary evacuation routes: including detailed maps of
the routes with staging areas, rest stops, and destination points clearly marked?
Arranging transportation for vital records, supplies and equipment and for
employees without private vehicles?
Assigning staging areas from which the convoy of evacuating employees will
originate? When the homes of the employees are widely dispersed, designation of
two or three staging areas as originating points may be more practical than leaving
from a central location in a large convoy.
Identifying and establishing liaison with reception area authorities?
Establishing location for relocation headquarters and operations?
Making staff assignments at the relocated workplace (including line of succession to
take responsibility for providing personnel requirements)?
Consigning resources—necessary skilled workforce, equipment and material—to

support reception area logistic operations?
Identifying any shortfall in logistic support from plan commitments and reporting this
to any reception area authorities from the public sector who are involved?
Coordinating lodging and shelter assignments for employees and dependents with
reception area authorities?
Assisting civil authorities in preparation of the relocation site to meet shelter and
other survival needs of employees and families?
Informing employees of organizational relocation plans, the roles expected of them,
the provisions being made for them and their families; providing them with
instructions on what to take, where to meet and how to get there; and supplying
maps of the evacuation routes and lodging sites? Give special attention informing
any non-English-speaking employees to assure they understand these instructions.
Also, handicapped employees may need additional assistance to relocate.

ITEM ACTION NEEDED COMPLETED DATE

Relocation Checklist
Page 1 of 1
Business Continuation Planning
Consider this scenario: Your facility has been hit with an event that disrupts your operation. You activate
the emergency response plan, and it works. The disruptive event is under control, and your staff is
evacuated safely.
But that's not the end of it. The damage assessment team determines it will take more than 30 days to
recover the facility. Therefore, the company formally declares the situation a disaster. How does the
company resume critical business functions and operations? How are employees going to respond to
client needs? In short, what does the company need to do so that business activities continue during the
recovery process?
Business Continuity Planning (BCP) is the process of defining arrangements and procedures that enable
an organization to continue as a viable entity. If its business operations are disrupted for an unacceptable
period of time, then the business may fail. This plan addresses the recovery of a company’s critical
business functions after an interruption. This process may also be referred to as the disaster recovery
business resumption or business continuation plan. The business continuation plan keeps the business
operational during adverse conditions from the time the event is under control to the time the business is
restored and fully operational.
We’ve gathered checklists, outlines and recommendations for companies without plans to develop a
comprehensive site-specific BCP. Our fundamental resources include business impact
questionnaire and restoration checklist, as well as many additional forms from a variety of sources to
facilitate the planning process.
The Business Continuation Planning Risk Management Reviewis designed to evaluate a

company’s overall susceptibility to business income losses and to improve recovery mechanisms should
a loss occur. Companies with an existing plan should use this tool to identify areas of their plan that need
improvement.
Business continuation planning can be segmented into the following areas: planning and preparation;
definition and scope; data collection; risk assessment and mitigation; business impact analysis; plan
development; implementation; testing and monitoring; and maintenance.
Business Continuation Planning Process

Planning and Preparation
The management group should have the full support of senior management for the BCP initiative. The
project will require a significant investment in time, resources and money. There are some critical initial
tasks to complete prior to the first BCP Planning Committee meeting. The following activities and
resources will help create an effective BCP:
1. Appoint a business continuation planning coordinator (see suggested Duties of a Planning
Coordinator document).
2. Select a business continuation planning committee. Members should include senior managers from
all business units or departments.
3. Select Planning Committee meeting dates for the next 12 months.
4. Develop project assignments for the Planning Committee members. See suggested assignments
and a progress report form to record activities.
5. Develop initial BCP project schedule.

Page 1 of 4
Definition and Scope of BCP
The management group should define the BCP and its scope; this in turn will allow for identification of
priorities. Moreover, the group should take appropriate steps to reveal preliminary operational
vulnerabilities and mitigating strategies that can be studies in depth during the Business Impact Analysis
(BIA) and strategic planning (SP) segments of this project. Many of the findings and recommendations
developed during this phase can be implemented immediately. The group can start by taking the
following actions:
1. Determine the objectives of the business continuation plan. Answer questions such as:
- What is the goal and focus of the plan?
- What is the scope of the plan? Does it cover the entire enterprise or just one location?
2. Develop an initial set of assumptions by responding to the following:
- What major disruptive events will the plan address?
- Can a single disruptive event, such as an earthquake or flood, impact more than one
company facility?
- Define terms that may need clarification, such as disaster and significant disruptive event.
3. Decide on the types of disruptive events to consider. List foreseeable disruptive events that can
impact normal business operations. This information will be reviewed in depth later during risk
assessment.
4. Select a likely disaster scenario rather than a specific event to develop your BCP. For example, most
companies will select a disaster scenario similar to this: The main facility is inaccessible and
inoperable for 30 days. By selecting a scenario rather than a specific event, a company will address
80% of the likely events that may occur. The resulting BCP will be able to respond effectively to
disasters that are less severe as well.
5. Consider alternative business continuation strategies and implement minimal cost recommendations.
This information will be reviewed in depth, later during the risk mitigation phase.
6. Refine and update initial project work schedule.
7. Submit a progress report to top management.
Not all events are Data Collection

emergencies, and not all 1. Verify that the organization has a formal emergency response plan in
emergencies become place. The plan should address the organization's response to all
situations that can affect health and safety. Decide whether the ERP
disasters. A hasty decision will be a separate document or be incorporated into the Business
to declare a disaster can be Continuation Plan. At a minimum, the emergency response procedure
more disruptive than the should dovetail the business continuity plan Disaster Declaration
event itself. A timely and decision-making process.
appropriate response, 2. Verify that asset documentation is current and that this documentation
will be available for the “selected” disaster scenario.
however, is necessary to 3. Verify that critical documents and vital records are properly protected
protect the safety of and/or duplicated and that the documents and records will be available
employees and reduce the for the “selected” disaster scenario. Consider using the Vital Records
risk to property (see and Critical Documents form.
Emergency Notification and 4. If recovery strategies involve relocation to another site, then have each
department complete a list of minimum personnel, materials,
Mobilization flowchart). equipment and space requirements needed to conduct critical
business functions at an alternate site. A spreadsheet summary of
these requirements should be made for the BCP. This step will help in
the development of the return time objective (RTO) table during the
BIA phase of the project.

Page 2 of 4
Risk Assessment and Mitigation
Perform a comprehensive risk assessment using the tools provided. Identify all reasonable risks that can
disrupt business operations. Be sure to consider the following:
Natural threats - windstorms, floods, earthquakes;
Technological threats - power failure, loss of phone switch; and
Human threats - riots, strikes, sabotage, loss of critical raw material.
Develop a Risk Assessment Matrix that prioritizes threats and the probability of occurrence. Conduct a
risk mitigation evaluation addressing the findings from the risk assessment matrix. List practical risk
mitigation actions to reduce the impact of identified threats to the organization. This is a good time to
submit a progress report and budget to senior management outlining low cost mitigation or continuity
strategies. Prepare a Risk Mitigation Action Plan highlighting activities that can be achieved immediately
to mitigate potential disaster events that would not require senior management approval. These actions
are generally easy to implement with minimal cost.
Business Impact Analysis
The Business Impact Analysis involves surveying all business units to determine the financial and other
impacts of identified threats. It provides a basis for determining business continuation strategies. A
properly completed Business Impact Analysis will accomplish a list of priorities for resumption of business
functions (each function should be classified as Critical, Essential or Important).
The BIA determines the financial impact of each impaired critical function and identifies resources needed
to support the resumption of critical business functions. After completing the BIA, it is possible to
determine the Return Time Objectives (RTOs) for each business unit. Submit the BIA report to senior
management for approval before initiating the Strategic Plan phase.
Plan Development
Once the BIA and RTO are completed, it is possible to develop strategies or solutions to recover and
continue critical business functions. Use financial impact data from the BIA to evaluate the cost/benefit of
each potential business continuation strategy. Select one or more specific strategies to resume critical or
possibly essential business functions. As the plan is developed, you will refine, test and adjust solutions
to meet the business needs. When ready, submit the strategic plan and budget to senior management
for approval.
Establish the organizational flow of the BCP and chart it. This will be the company’s management
infrastructure after a disaster is declared. The personnel assigned to the BCP teams will have full
decision- making authority as approved by top management and detailed in the BCP.
Sample BCP flow chart attached.
Establish a link between the emergency notification procedures in the emergency response plan and the
disaster declaration procedures of the BCP. But remember: Not all events are emergencies, and not all
emergencies become disasters. A hasty decision to declare a disaster can be more disruptive than the
event itself. A timely and appropriate response, however, is necessary to protect the safety of employees
and reduce the risk to property.
Develop a disaster declaration procedure. Select and appoint members for each response team needed
to support continuation strategies. Each team should have a leader, an alternate leader and a minimum
of three other members. Assign the development of each specific continuation strategy to the appropriate
response team. Each response team should return written resumption procedures to the planning
coordinator within 30 days. See a sample Response Team Action Plan. Prepare a Business
Continuation Plan Outline. This outline can serve as the table of contents for the continuation plan.
Prepare a rough draft of the continuation plan. Submit the completed rough draft to top management for
review and approval.

Page 3 of 4
Implementation
Budget for and/or acquire all items needed to support the business continuation plan.
Examples: Emergency supplies, communication equipment, vendor agreements, power
generators, etc.
Adjust your written business continuation plan to reflect organizational issues. Distribute multiple copies
of the final draft to each member of the management group and to each response team leader.
Remember that the plan can be in any format as long as all support personnel are able to access the plan
at any time, both from home and from any business location in the world.
Once the management group and response team approves the documents, release the final copy of the
action plans to all response team members. Establish procedures for testing and maintaining the
business continuation plan. Continue to submit progress reports to senior management.
Structured Walk-Through Test
During business continuity plan testing, the response team members should meet to verbally walk
through each step of their resumption procedures. The team should evaluate the effectiveness of
each continuation activity.
Checklist Test
Each response team should meet to review its response procedures to ensure that all information
is current. Each response team leader should also verify that all team members are aware of
their duties and that each team member has multiple copies of the team action plan.
Tabletop Exercise
This exercise involves all members of the management team and all response team leaders
when they meet to discuss responses to various disruptive events.
Simulation Test
A disruptive event is simulated without impacting normal operations. A simulation test validates
the following:
- Notification Procedures
- Backup Power Systems
- Hardware Backup Systems
- Transportation Arrangements
- Alternate Communication Systems
Full Interruption Test
This test involves activating the complete business continuation plan. It includes the mobilization of
personnel and resources to an alternate site. The test is recommended for all business operations with
critical voice and data processing functions.
Testing and Monitoring
Conduct realistic tests of the BCP at scheduled intervals. The management group and all response plan
team members should participate in test exercises. Testing intervals should never be less than once a
year. Make arrangements to run all backup systems where appropriate. Review and evaluate the results
of all tests. Make appropriate changes to the BCP based on lessons learned during test exercises.
Maintenance
Develop a system to update names, responsibilities and contact information contained in the BCP.
Establish procedures for the Management group to review and revise the resumption strategies
frequently. Schedule review and update meetings on a quarterly or semi-annual basis. Annual reviews
may be adequate for less dynamic business organizations.

Page 4 of 4
Business Continuation Planning Coordinator Duties
1. Schedule and chair all Planning Committee meetings.
2. Schedule and chair all Management group meetings.
3. Serve as a liaison between the Management group and all planning and support groups.
4. Coordinate the assembly of essential support information, such as:
- Vendor resources
- Business unit material needs at an alternate site
- Phone trees
5. Arrange all word processing functions needed to get the Business Continuation Plan written.
6. Maintain and update the master copy of the Business Continuation Plan.
7. Ensure that all members of the Management group and all Team Leaders have access to current
copies of the Business Continuation Plan.
8. Arrange for appropriate training sessions required by Response Team members.
9. Monitor the status of all budgeted items needed to mitigate threats and/or to support resumption
strategies.
10. Develop testing procedures for all components of the Business Continuation Plan.
11. Review the results of all Business Continuation Plan tests and report them to the management group.
12. Schedule and conduct periodic meetings for the management group and Response Team Leaders to
review and update resumption strategies.
Planning Committee Suggested Assignments
1. Conduct a review of the Emergency Response Plan. Ensure the following are included in the plan:
-Procedures for reporting emergencies.
-Emergency escape procedures and routes.
-Procedures for employees who perform or shut down critical operations before evacuation.
-A procedure to account for all employees, visitors and contractors after an evacuation is
completed.
- Rescue and medical duties for assigned employees.
2. Conduct an audit of the following systems to insure they are adequate and properly maintained:
- Fire protection and fire detection systems.
- Security systems.
- Backup power systems.
3. Verify that asset documentation is current and the information is duplicated with off-site backup.
4. Develop a list of essential forms needed to support operations at an alternate site.
5. Develop a list of vital company records and documents. Ensure all documents are properly stored
and/or duplicated and would be available following a worst-case disaster scenario.
6. Complete a list of material and space needs for each department to continue critical functions at an
alternate site.
Business Continuation Resource Planning

Suggested Components
Page 1 of 2
Suggested Components - Business Continuation Plan
Administration Information
- Business Continuity Plan Objective
- Definitions
- Assumptions
- BCP Activation Procedures
- Continuation Priorities
- Duties of Plan Coordinator
Response Team Information
- Response Teams and Team Members
- Types of Teams – Management, Damage Assessment, Relocation,
Information Services, Logistics, Customer Relations, Telecommunications,
Transportation
- Response Team Duties and Responsibilities
Business Continuation Strategies
- Site Restoration Procedures
- Data Recovery Procedures
- Command Center Procedures
- Plan Activation Procedures
- Relocation Procedures
- Critical Function Continuation Procedures
- Voice and Data Processing Continuation Procedures
- Support Services Continuation Procedures
Plan Testing and Maintenance
- Testing Responsibilities
- Training Procedures
- Testing Checklists and Logs
Appendix - Items listed here should be obtained from within your organization.
- Plan Distribution List
- Corporate Phone Directory
- Customer List
- Supplier List
- Vital Record List
- Phone Tree
- Supply and Equipment List for Alternate Site
- Media Contact List
- Resumption Planning Vendor Contracts
- Mail/Package Delivery Service List
- Command Center/Emergency Operations Center Supplies
Business Continuation Resource Planning

Suggested Components
Page 2 of 2
Project Progress Report Form
Project Assigned Completion Comments

to Date

Project Program Report Form
Page 1 of 1
Business Impact Analysis Questionnaire
Department Name:
Person Interviewed:
1. Provide a brief description of the department’s purpose and objectives:
2. Provide a brief description of the department’s internal and external customers:
3. List the total revenue generated by this department: N/A

$
Provide information about the consequences of a total loss of department functions for the following
scenarios:
Financial Impact (Lost Revenue):

Day 1: Week 3:
Day 3: Week 4:
Week 1: Month 1:
Week 2: Month 2:
Comments:
Contract Penalties: N/A
Legal Regulatory Impacts: N/A
Loss of Market Share: N/A
Customer Service (External Customers): N/A

Page 1 of 3
Customer Service (Internal Customers): N/A
Other: N/A
5. Does this department depend on materials/supplies from another

Yes No
company department?
If Yes, explain:
6. Does this department depend on materials/supplies from an outside

Yes No
source?
If Yes, explain:
Are these materials/supplies readily available from another source? Yes No
If Yes, explain: If No, indicate how long it would take to find another source and describe
the impact on department operations:
7. Does the department have any existing recovery procedures in place to

Yes No
resume essential business functions?
If Yes, explain:
8. Has the department ever experienced a significant disruption of

Yes No
operations?
If Yes, provide details about actions taken and results:
9. Is the department dependent on data processing systems or equipment to

Yes No
perform essential functions?
If Yes, complete the attached Application Impact Analysis for each critical data processing
application. (Note: A critical application is one that is essential for the performance of department
functions.)

Page 2 of 3
Identification of Strategic Business Operations
Department Name:
Completed By:
Business Operation:
Organizational Impact: The loss of this application would have the following effect on the organization:
Moderate Minor
Catastrophic
Comments:
How long can your department continue to perform all of its functions without the usual data
processing support? (Assume that the loss of data processing support occurred during your busiest or peak
period.) Check only one.
Up to 3 days Up to 1 week Up to 1 month Other:
Comments:
Identify peak periods for this business unit: Yes No

Day:
Week:
Month(s):
Have you developed/established backup procedures (manual or otherwise) to

Yes No
continue operations in the event the business unit is unavailable?
If Yes, please indicate when the procedures have been tested:
Use the following codes for the next four questions:
A. Up to $10,000
B. $10,000 - $100,000
C. $100,000 - $1,000,000
D. $1,000,000 - $10,000,000
E. Over $10,000,000
Day 1 Day 3 Week 1 Week 2 Week 3

1. Losing this unit will result in lost revenue from
fees, collections, interest penalties, etc.
2. Losing this unit will erode our customer base.
The cost to the organization from lost business is
estimated at:
3. Losing this unit will result in the following fines
and penalties due to regulatory requirements
(federal, state, local):
4. The loss of this business unit has legal ramifications due to regulatory statutes, contractual
agreements, etc. Specify potential areas of exposure:

Page 3 of 3
Business Continuation Planning Project Schedule
Activity Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec
PREPARATION PHASE
Obtain Top Management
Approval
Appoint BCP
Coordinator
Select BCP Planning
Committee
Select Committee
Meeting Dates
Assign Project Tasks
Develop BCP
Project Schedule
DEFINITION PHASE
Determine BCP
Objectives
Develop Assumptions
and Definitions
List Disruptive Events
Addressed by Plan
Select a Disaster Scenario
for BCP
Consider Alternative
Continuation Strategies
Update Initial Project
Schedule and Assignments
Submit Progress Report to
Management

Page 1 of 4
DATA C OLLECTION P HASE
Review Emergency
Response Plan
Verify Asset
Documentation
Verify Vital
Record Availability
Develop Business Unit
Material Needs List
RISK ASSESSMENT AND

MITIGATION P HASE
Perform a Thorough
Risk Assessment
Develop a Risk
Assessment Matrix
Perform a Risk
Mitigation Evaluation
Submit a Progress Report
and Risk Mitigation Budget to
Top Management
Develop a Risk Mitigation
Action Plan
BUSINESS IMPACT ANALYSIS
PHASE
Identify Critical Business
Functions
Prioritize Critical
Business Functions
Develop Return Time
Objective (RTO) Table
Complete a Business
Impact Analysis
Submit BIA Report
to Top Management

Page 2 of 4
STRATEGIC PLAN P HASE
Identify and Evaluate
Conduct Cost/Benefit
Analysis of Strategies
Select Specific
Submit SP to Senior
Management for Approval
and Budget
BCP PLAN D EVELOPMENT

PHASE
Establish a BCP
Organizational Chart
Establish a Link Between
ERP and BCP
Develop Disaster Declaration
Procedures
Select Response
Team Members
Assign Strategy
Development to Teams
Develop a BCP
Outline
Prepare Rough Draft of
BCP
Submit BCP Draft to Top
Management for Approval

Page 3 of 4
IMPLEMENTATION PHASE
Submit Budget for BCP
Support Items
Prepare Final Draft of
BCP
Distribute BCP Copies to
Team Leaders and
Management Group
Distribute Action Plans
to Team Members
Establish Plan Test
Procedures
Establish Testing
Intervals
TESTING AND MONITORING
PHASE
Conduct BCP Test
Make arrangements to Run

Backup Systems
Review and Evaluate
Test Results
Make Appropriate Changes to
BCP
MAINTENANCE P HASE
Develop BCP Update
Procedures
Schedule Management Group
Review Meetings

Page 4 of 4
Business Resumption Timetable
Critical Business Functions (CBF) and Return Time Objectives (RTO)
Time Period (< 24 hours) Time Period (2-4 Days) Time Period (1 Week)
• • •
• • •
• • •
• • •
Critical Business Function (CBF) Staff Requirements and Locations

Recovery Team Alternate Site Command Employee Other Site
or CBF Center Homes
Immediate Short Term
RTO RTO
CBF/Team 1
Department
Department
CBF/Team 2
Department
Department
CBF/Team 3
Department
Department
CBF/Team 4
Department
Department
Department
Totals 0 0 0 0 0

Business Resumption
Page 1 of 2
Sample Return Time Objective Table
Critical Business Functions (CBF) and RTOs

• CBF - Call Center • CBF - Accounting • CBF - Marketing

• CBF - IS • CBF - HR • CBF - Training
• • CBF - Production •
• • •

Recovery Team Alternate Site Command Employee Other Site
or CBF Center Homes
RTO RTO
CBF/Team 1
Call Center 5 12 1
Department
CBF/Team 2
IS 10 10 1
Department
CBF/Team 3
Production 15 2 10 14
Department
CBF/Team 4
Department
Department
Department
Totals 15 37 4 10 14

Business Resumption
Page 2 of 2
Critical Documents and Vital Records
Records and documents that are irreplaceable or that contain information for which temporary
unavailability could constitute a serious legal or business impairment. Examples include:
Critical Documents and Vital Records Restoration Plan?

Yes No
Engineering Plans and Drawings
♦ Building and Facilities
♦ Products
♦ Custom-made Equipment, Molds and Dies
Accounting Records
Insurance Policies
Formulas and Trade Secrets
Product Lists and Specifications
Employee, Customer and Supplier Databases
Data Processing Information

♦ Data Files
♦ Document Software
♦ Application Software
♦ System Software
Contracts
Personnel Files
List additional documents here:

Critical Documents
Page 1of 1
Risk Assessment Matrix
Risk Probability Impact Controls Total Mitigation Actions
0
0
0
0
0
1–2–3–4–5 1–2–3–4–5 1–2–3–4–5

Low. . . . . . . . . . . . . .High No Impact . . . . . . …... . . .Significant Impact Good. . . . . . . . . . . . . . . . . . Poor
Initiate mitigation actions when rating is 8 or higher
Comments:

Page 1 of 2
Sample Risk Assessment Matrix
Risk Probability Impact Controls Total Mitigation Actions
Fire 1 5 2 8 Get bid for automatic fire
alarm system
Power Failure 2 5 5 12 Recommend installation of
emergency power generator
Windstorm 2 4 2 8 Conduct semiannual roof

inspections
Earthquake 1 5 3 9 Have engineering analysis
done on building
Loss of Computer Systems 2 5 4 11 Secure a contract for a hot
site
Loss of Main Phone Switch 2 5 3 10 Arrange for call forwarding;

Install direct service lines
Flood 1 4 2 7 Develop flood response plan
Loss of Essential Raw 2 4 4 10 Find second source for

Material essential raw materials
Loss of Essential 2 4 4 10 Find an alternate

Subcontractor subcontractor
Probability Scale Business Impact Scale Control Scale

1–2–3–4–5 1–2–3–4–5 1–2–3–4–5
Low. . . . . . . . . . . . . . . . .High No Impact . . . ……... . . . . .Significant Impact Good. . .. . . . . . . . . . . . Poor
Mitigation actions for items with a rating of 8 or higher
Sample Mitigation Actions

• Install an automatic fire alarm system to provide early warning of a fire condition.
• Install water detection systems in all electronic equipment rooms.
• Install a clean agent automatic fire suppression system in computer room.
• Connect all computer and communication equipment to an uninterruptible power supply.
• Install an emergency power generator. Revise EDP tape backup procedures and storage practices to
ensure availability during a disaster.
• Install locks on all computer and communication equipment rooms.
• Secure light fixtures and other overhead equipment that could fall or shake loose during an
earthquake. Move heavy and breakable objects to low shelves. Secure cabinets and bookcases to
walls to prevent them from falling during an earthquake. Place earthquake fasteners on all high value
office equipment.
• Move workstations away from large windows. Install curtains or blinds that can be drawn over
windows to prevent glass from shattering onto employees.
• Duplicate and/or separate critical processing functions.
• Find alternate sources for essential raw materials and product components.

Page 2 of 2
Evaluating Business Operations
Department Name:
Completed By:
Application Name:
1. Organizational Impact: The loss of this application would have the following effect on the organization:
Moderate Minor
Catastrophic
Comments:
2. How long can your department continue to perform all of its functions without the usual data
processing support? (Assume that the loss of data processing support occurred during your busiest or
peak period.) Check only one.
Up to 3 days Up to 1 week Up to 1 month Other:
Comments:
3. Are there any peak periods for this application? Yes No

If Yes, please indicate:
Day:
Week:
Month(s):
4. Have you developed/established any backup procedures (manual or Yes No

otherwise) that can be used to continue operations in the event the
application is unavailable?
If Yes, please indicate when the procedures have been tested:

Sample Response Team Action Plan - Telecommunications
Page 1 of 2
Use the following codes for the next four questions:
A. Up to $10,000
B. $10,001 - $100,000
C. $100,001 - $1,000,000
D. $1,000,001 - $10,000,000
E. Over $10,000,000
Day 1 Day 3 Week 1 Week 2 Week 3

1. The loss of this application would result in
lost revenue from fees, collections,
interest penalties, etc.
2. The loss of this application would erode
our customer base over a period of time.
The cost to the organization from lost
business is estimated at:
3. The loss of this application would result in
the following fines and penalties due to
regulatory requirements (federal, state,
local):
4. The loss of this application would have legal ramifications due to regulatory statutes,
contractual agreements, etc. Specify potential areas of exposure:

Page 2 of 2
Business Continuation Response Teams
Management Team Plant/Office Relocation Team Transportation Team
Information Technology Team Plant/Office Equipment and Supplies Customer Relations Team
Team
Telecommunication Team Site Restoration Team Media Relations Team
Damage Assessment Team Security Team Human Resources Team
Response Team Action Plan

Response Team: Circle one of the above or insert your team name here
Team Members
Name Work Phone Home Phone Pager Cell Phone
Responsibilities:
•
•
•
Tasks: (Primary Facility)

•
•
•
Tasks: (Alternate Site)

•
•
•
Contact Information

Page 1 of 2
Sample Response Team Action Plan
Telecommunications
Team Members
Name Work Phone Home Phone Pager Cell Phone
Responsibilities:
• Restoration of telecommunication service at primary facility.
• Initiate telecommunication service at alternate site.
Tasks: (Primary Facility)

• Respond to all telecommunication system outages.
• Identify all systems or equipment that need to be repaired or replaced.
• Make a status report to the appropriate management groups and department heads.
• Arrange to have replacement equipment or components installed on a priority basis. (See Contact
Information below).
• Initiate the following backup communication procedures until all primary systems are back in
service:
• Initiate preplanned call forwarding procedures.
• Install analog phone sets at all FAX machine line connections.
• Designate all nonswitch circuits for critical/essential usage.
• Activate/designate all available cell phones for critical/essential usage.
Tasks: (Alternate Site)
• Notify lead to initiate prearranged installation and activation procedures.
• Report status of branch telecommunication to managemnet in Home Office.
• Notify management in Home Office to determine if shipment of wireless communication equipment
is required.
• Upon activation of communication system, call U.S. West to re-route incoming calls to alternate
site.
Contact Information

Page 2 of 2
Sample Business Continuation Planning Flow Chart
Business operations are subject to changing conditions every day. Read on to learn when to consider
business continuity activities:
Business Continuation Plan

Event Occurs
Organizational Structure
Emergency Response Teams

Primary Facility
Notification Procedures Recovery

Facility IS HR Parts
Management
Team Team Team Team
Team
Coordinate Info to
No Management Team
Make
Repairs
Disaster Notification & Yes Severe Moderate Make

Declaration Damage
Declaration Procedures Repairs
Decision Assessment
Recovery Teams
Activate
Local Recovery Location
Teams
Sales Service Parts Rental
HR Team
Team Team Team Team
Finance Facility
Recovery Team Team
Management Team
Other ABC Facility?

Hotsite?
IS Service Parts Rental

Team Team Team Team
Restoration Teams Primary Facility
Facility IS Parts Finance

Team Team Team Team

Business Continuity
Page 1 of 4
Business Continuity
Each company uses its own decision-making process to determine how to respond when there is an
event. The following describes the process of determining and declaring a disaster or event:
Notification
Any employee may become aware of a condition or event that has the potential to become an emergency
or a disaster. When an employee becomes aware of such a condition or event, contact a supervisor or
manager and describe it. The supervisor/manager will use his or her judgment and request appropriate
maintenance or repairs or contact a nearby manager as the first step in initiating these Notification
Procedures. In the following two instances only, employees may take immediate action in advance of
notifying their supervisor or manager:
• Certain medical emergencies may require the employees to instead immediately call 911 in cases
of severe emergency, after which the employees will then contact a manager.
• Certain chemical or gas leaks or other requirements for immediate personnel evacuation (with
notification of their supervisor or manager on their way out) might also cause the employees to
take action prior to notification of superiors.
Notify Primary Contacts and Advise Them of the Situation

The primary contacts listed below may be notified during a potential emergency.
Name Office Phone Home Phone
Notify Emergency Services

If the situation requires immediate response from emergency services (police, fire department, etc.) either
the primary contacts or personnel at the scene directed by them will contact the necessary agencies.
Contacts Phone
Fire 911 - or -
Police 911 - or -
Ambulance 911 - or -
Hospital
Poison Control Center
Chemical Release
FBI Bomb Squad

Business Continuity
Page 2 of 4
Conduct Initial Evaluation
The primary contacts conduct an initial evaluation using information provided by personnel on the scene,
emergency services or an on-site inspection. If the event does not significantly impact normal business
operations, the primary contacts will arrange for necessary repairs and mitigate the emergency.
Notify Recovery Management Team For Mobilization
If the emergency threatens any of a company’s critical business functions or requires additional
evaluation, the primary contacts will notify the recovery management team (RMT) leader (or alternate)
and provide a brief recap of the situation. The RMT leader contacts team members, mobilizing them to
convene at the Command Center to review the situation. It is the team leader’s responsibility to contact
and mobilize the team.
Recovery Management Team Members
Name Office Phone Home Phone
(Leader)
(Alternate)
Disaster Declaration
The principle criterion for deciding to declare the emergency a disaster will be that the events impact on a
company’s critical business functions. Review some common critical business functions:
• Information Systems
• Parts
• Human Resources
• Facilities
• Finance
• Rental
• Sales
Consider which additional functions will be necessary to stay in business.
In addition, the following special criteria have been established to assist in the decision:
• Ability to supply products to customers.
• Ability to repair equipment.
• Ability to determine inventory and pending work orders.
In the event that a disaster declaration is unwarranted, the recovery management team will outline
recommended action plans and resume operations as well as arrange for any necessary repairs.

Business Continuity
Page 3 of 4
Mobilize Business Recovery Teams
Based on the nature of the disaster, the recovery management team will decide which teams need to be
activated. Once this is done, the recovery management team will contact the leaders of these teams and
apprise them of the situation. In the event a team leader is not readily available, the alternate will be
contacted and will be given responsibility for the mobilization of the remainder of the team including the
team leader.
Team Name Work Phone Home Phone
Notify Employees
If appropriate, all employees and staff not previously notified will be contacted by either Human
Resources or the Crisis Communications Team and provided with any pertinent information on the
situation or instructions to follow.
Notify Key Contacts
In addition to Company employees, the following key contacts and vendors should be apprised of the
situation as follows:
Key Contact Phone Caller Remarks
After Declaration
Once a disaster has been declared, the Human Resources Team has the responsibility of notifying all
employees not involved in the recovery effort. The RMT will be responsible for ongoing communications
with other parties. These include customers, vendors, public agencies and other staff.
In the event that an individual team member cannot be reached, an alternate will be contacted and further
efforts to contact that individual will be handed off to the HRT.
Declaration Cancellation
After the RMT reviews a more detailed damage assessment and receives input from outside authorities,
they may choose to cancel the declaration. Once that decision is made, the RMT will begin to notify
appropriate personnel.
Not all events are emergencies, and not all emergencies become disasters. A hasty decision to declare a
disaster can be more disruptive than the event itself. A timely and appropriate response, however, is
necessary to protect the safety of employees and reduce the risk to property.

Business Continuity
Page 4 of 4
Business Restoration
The Restoration Plan (RP) is designed to bring the business back to the same level as it was before the
disaster. It can be initiated concurrently with the Business Continuation Plan. The BCP provides a good
starting point for restoration planning for the following reasons:
• The critical business processes are identified and ranked.
• The resources needed for an alternate site recovery have been listed and quantified.
• Customer, vendor and employee phone lists have been prepared.
• The decision making process to initiate the restoration plan has been authorized.
• Restoration teams have been established and responsibilities assigned.
The purpose of the BCP is to stabilize a company’s critical functions immediately after a disaster. The
BCP goals are to maintain both revenue streams and customer and vendor contact and to keep the
company functional until it is restored to normal operating conditions. The purpose of the Restoration Plan
is to return the company to normal operations, as if the disaster never occurred. The goal is to return
sales, production and operations to pre-disaster levels.
Restoration Planning requires a myriad of considerations. Many considerations can be implemented prior
to a disaster. The actual activities and extent of restoration requirements are dependent upon the extent
of damages. It won’t always be necessary to build a new facility after a disaster, but it becomes important
to plan for this event. Planning for the remote possibility enables your company to be fully prepared for all
of the intricacies involved in restoring business operations. A good plan will significantly reduce the time
it takes to rebuild the business.
Proactive Restoration Actions
• Establish a management team with authority and financial responsibility to decide whether the
company will restore, rebuild or relocate the business operations after a disaster. This is the first
major decision after the business continuity recovery plan has been implemented. The Emergency
Management Team (EMT) that has been identified in the BCP is generally assigned the
responsibility for making the restoration decisions. They will gather information from the Salvage,
Facilities, IT, Finance and other BCP teams to facilitate the decision making and the formulation of
the action plans.
• Ensure that adequate funding is available for restoration activities.
- Adequate property insurance – appraisal, equipment and inventory valuations
- Adequate business income and extra expense insurance
- Secured credit line
- Funds allocated for emergencies

Page 1 of 2
Document procedures for securing building permits or certifying facilities (such as COs, EPA and FDA
requirements). Get permits and zoning changes ahead of time.
• Identify any current building code requirements for new construction. Complete any requirements
that can be done before the need to build or rebuild arises. The following are examples that may
increase the cost of construction:
- Demolition ordinances such as additional regulations and procedures to protect the public
- Clean up ordinances for debris like asbestos,
- Fire protection such as the retrofitting of sprinkler systems
- American with Disabilities Act (ADA) such as installing elevators,
- Construction to exceed minimum standards for earthquake, windstorm, flood, etc.
• Identify critical machinery, software, materials and vendors. Develop and document procedures for
quick procurement after a disaster.
• Identify specialized production facilities (clean rooms, biohazard labs, etc.). Store updated design,
blueprints and architectural drawings offsite.
• Consider any obstacles (such as the availability of building materials) that may increase construction
time.
• Develop and document plans to minimize time to reach operational capacity.
• Develop and document business to regain sales and restore revenues to pre-disaster levels.

Page 2 of 2
Restoration Checklist

An Emergency Response Plan (ERP) that has been completed and tested?
Completing a Business Continuation Plan (BCP) including testing?
Establishing a Restoration Management Team that is authorized to make
decisions?
A decision-making process for implementing the Restoration Plan?
Funding restoration activities and formalizing a review of the plan to assure that
adequate monies have been allocated to sustaining operations?
Documenting building permit and facility certification procedures.
Obtaining building permits or zoning changes before restoration is needed?
Identifying and documenting new building codes that may increase the cost of
reconstruction.
A listing identifying critical machinery, software, materials and vendors?
Developing and documenting a list of procedures for quick procurement of
machinery, equipment, software, etc.?
Documenting specialized production facilities and reconstruction plans?
Reviewing considerations that may increase construction time?
Considering options that would minimize the time needed to reach pre-disaster
operational capacity?
Outlining plans to return to pre-disaster sales and revenues?
Checking to verify those facility and equipment designs, drawings and blueprints are
part of the Vital Records program and duplicated offsite?
Identifying and preparing potential relocation sites?
Implementing established recovery team responsibilities and priorities?
Assessing facility hazards to ensure safety of all personnel?
Establishing security at the damaged facility.
Securing the site: protecting undamaged property, controlling facility access,
reactivating facility protection systems, etc.?
Notifying all employees, vendors, customers and governmental agencies regarding
the restoration plans?
Conducting employee briefings?
Documenting the decisions made, the damage costs, and the repairs?
Conducting and documenting salvage operations?
Taking inventory of all damages?
Implementing a procedure for restoring equipment and processes?


Page 1 of 1
Business Resumption Timetables
Critical Business Functions (CBF) and Return Time Objectives (RTO)

• • •
• • •
• • •
• • •

Recovery Team or Alternate Site Command Employee Other Site
CBF Center Homes
RTO RTO
CBF/Team 1
Department
Department
CBF/Team 2
Department
Department
CBF/Team 3
Department
Department
CBF/Team 4
Department
Department
Department
Totals 0 0 0 0 0

Page 1 of 1
“Sample” Return Time Objective Tables
Critical Business Functions (CBF) and RTOs

• CBF - Call Center • CBF - Accounting • CBF - Marketing

• CBF - IS • CBF - HR • CBF - Training
• • CBF - Production •
• • •

Recovery Team or Alternate Site Command Employee Other Site
CBF Center Homes
RTO RTO
CBF/Team 1
Call Center 5 12 1
Department
CBF/Team 2
IS 10 10 1
Department
CBF/Team 3
Production 15 2 10 14
Department
CBF/Team 4
Department
Department
Department
Totals 15 37 4 10 14

Page 2 of 2
TIPS FOR RESUMING BUSINESS IN THE WAKE OF A DISASTER
Planning makes the difference

If disaster were to strike, do you wonder how long it would take for your business to return to normal?
In the wake of a disaster, resuming business quickly hinges on effective planning and training before the event.
A return to normalcy requires collaboration among employees, suppliers, vendors, customers, insurance
companies, insurance agents and brokers, government agencies and financial institutions, to name a few.
- Setting priorities for critical business functions is one of the first steps in a disaster recovery planning
process. Make sure you haven’t overlooked any of the key processes, even such everyday activities as
redirecting mail and telephone calls.
- Company records and computer information are critical to your company’s ongoing operations. Be
disciplined in the regular duplication, back-up and offsite storage of company data. In the event of a
disaster, access to these records is of vital importance.
- Establish a disaster recovery team responsible for implementation of your plan.
- In planning, consider the company’s immediate needs. How will you handle accounts payable/receivable,
vendors, suppliers, customers and employees?
- Contact real estate brokers to identify potential temporary or permanent alternative space that meets
process and utility requirements.
- Establish a secured line of credit and other sources of funding for emergency expenses.
- You might want to negotiate reciprocal agreements with competitors, vendors or suppliers for mutual
assistance in the event of disaster.
- Work with your insurance agent and carriers to ensure you have adequate coverage for your building and
operations. In addition, they may be able to help you develop your disaster recovery plan.
- Test your plan to make sure you have thought of every contingency.
Communication
In our world of 24-hour news, it becomes increasingly important to plan internal and external communications
procedures in the event of a disaster.
- Employees and customers. Early messages should come from top management to provide reassurance
and share restoration plans. It may be necessary to resume some operations at off-peak business hours or
relocate to ensure full access to systems, telephones and other office equipment. Communication vehicles
could include 1-800 numbers, your Internet home page and newspaper advertisements.
- Suppliers and vendors. Ask for their flexibility and understanding after a disaster occurs. They may be able
to provide the company with critical machinery or software, or be willing to establish alternative billing or
delivery options until the business is back on its feet. If required, activate any reciprocal agreements
negotiated before the event.
- Government agencies and regulatory authorities. Establish regular communication to obtain approvals for
resuming occupancy of the building or to reconstruct the facility. It may be outside the company’s control
when and if employees are allowed to reenter the premises. If necessary, adjust plans until the proper
clearances are in place.
- Sources of funding. As soon as possible, contact your company’s sources of funding for restoration
activities, beginning with your insurance advisor or insurance carriers for property, business income/extra
expense and workers compensation information. Also call your financial institutions to activate your pre-
arranged secured line of credit and access any funds set aside for emergencies.
Returning to the site and Restoration

Your first priority is protecting your employees. Once the area is stable, secure the building to limit future loss
and inspect it thoroughly before anyone reenters.
- Validate the structural integrity of the building or facility by qualified professionals before employees return to
the facility.
- Employees should have access only to those areas that are well-illuminated and free of debris, water, dust
or liquid spills.
- Check to make sure the electrical systems, computers and computer cables and telecommunications
equipment do not expose anyone to the dangers of electricity. Complete wiring inspections to ensure that all
wiring and connections are not in danger due to water damage from rain or fire-fighting efforts.
- Assess water supplies for contamination. Consider that even the slightest contact with contaminated water
can lead to illness.
- If there has been water leakage such as flooding, seepage or leaking pipes, take precautions with clean-up
and replacement of building materials and equipment. You may want to subcontract operations that your
employees are not equipped to perform. Cookware and kitchen utensils that have come into contact with
floodwater will require special treatment.
- Check to ensure the atmosphere in the workplace has been tested for asbestos or other chemical/toxic
agents.
- Make sure all hazardous materials are safely contained. Using an existing inventory list will enable you to
quickly account for all possible materials. Leakage of hazardous materials requires specialized clean-up and
disposal, so be sure to address any situations with the proper precautions.
- If there was a power outage during the disaster, investigate the heating, ventilation and air conditioning
systems before energizing and pressurizing them. Clean, examine and test safety devices and controls on
all equipment.
- Identify current building code requirements including demolition and clean-up ordinances, fire protection and
Americans with Disabilities Act requirements. Determine construction minimum standards for such things as
earthquake, windstorm or flood protection and obtain necessary permits.
Establish priorities at the designated restoration site by identifying critical business applications and processes
needed to stay in business. You cannot resume business without this step. Document all damage including
estimates or prices for repair/replacement and outline what is needed to resume operations.
- Implement security procedures at the damaged facility to protect undamaged property. Ensure that access
to the facility is controlled and protection systems have been reactivated.
Department of the Treasury
Slurred Whispered
Bureau of Alcohol, Tobacco & Firearms
BOMB THREAT CHECKLIST
Ragged Clearing Throat
1. When is the bomb going to explode?
Deep Breathing Cracking Voice
2. Where is the bomb right now?
Disguised Accent
3. What does the bomb look like? Familiar (If voice is familiar, who did it sound
like?)
4. What kind of bomb is it?
5. What will cause the bomb to explode?

BACKGROUND SOUNDS:
6. Did you place the bomb? Street noises Factory machinery
7. Why? Voices Crockery
8. What is address? Animal noises Clear
9. What is your name? PA System Static
EXACT WORDING OF BOMB THREAT: Music House noises
Long distance Local
Motor Office machinery
Booth Other (Please specify)
BOMB THREAT LANGUAGE:
Well spoken (education) Incoherent

Sex of caller: Race:
Foul Message read by
Age: Length of call: threat maker
Telephone number at which call is received: Taped Irrational
Time call received: REMARKS:
Date call received:
CALLER’S VOICE Your name:
Calm Nasal
Your position:
Soft Angry
Stutter Loud Your telephone number:
Excited Lisp
Date checklist completed:
Laughter Slow
Rasp Crying
Rapid Deep
Normal Distinct
ATF F 1613.1 (Formerly ATF F 1730.1, which still may be used) (6-97) ATF F 1613.1 (Formerly ATF F 1730.1) (6-97)

BCP - 1 in Banking

Uploaded by

Copyright:

Available Formats

BCP - 1 in Banking

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

BCP - 1 in Banking

Uploaded by

Copyright:

Available Formats

GUIDE

BUSINESS CONTINUITY PLAN FOR

TO RESPONSE AND RECOVERY

I. Overview: Business Recovery Planning

II. Disaster Preparedness Planning

III. Emergency Response Planning

IV. Business Continuation Planning

V. Business Restoration Planning

A comprehensive business recovery plan contains the following major components:

II. Disaster Preparedness Planning

B. Disaster Preparedness Planning

III. Emergency Response Planning

IV. Business Continuation Planning

V. Business Restoration Planning

This planning process is sometimes described as the cycle of contingency planning.

Business Recovery Planning

Business Recovery Planning

Business Recovery Planning

Develop and practice an earthquake emergency response plan. Include provisions

Situate newly constructed buildings on firm foundation materials, bedrock, cohesive

Anchor all structures, tanks and machinery to foundations.

Anchor or brace top-heavy building contents, industrial racks, bookshelves, etc.

Maintain a minimum 72-hour backup water supply, nonperishable foods and

Provide diking for all large liquid containers.

Identify corrective action for all Unsatisfactory responses.

Business Recovery Planning

Business Recovery Planning

Establish business contingencies with clients and suppliers.

Post emergency phone numbers to activate fire response plan.

Distribute fire safety information to employees: how to prevent fires in the

Place fire extinguishers in appropriate locations. Train employees in use of fire

Install automatic fire detection. Check alarms and detectors monthly.

Establish a preventive maintenance schedule to keep equipment operating safely.

Develop Hot Work Permit Program for welding operations.

Identify corrective action for all Unsatisfactory responses.

Business Recovery Planning

Business Recovery Planning

Anchor all structures, tanks and machinery (including exterior items) to

Identify corrective action for all Unsatisfactory responses.

Business Recovery Planning

Business Recovery Planning

Wind Speed Storm

Business Recovery Planning

Activate emergency response plan.

Identify corrective action for all Unsatisfactory responses.

Business Recovery Planning

Business Recovery Planning

Establish business contingencies with clients and suppliers.

Anchor all structures, tanks and machinery to foundations.

Secure roof-mounted HVAC and electrical equipment, lighting, signs, etc.

Maintain a windstorm emergency kit. Include flashlights, plastic sheeting, rope,

Identify corrective action for all Unsatisfactory responses.

Business Recovery Planning

Business Recovery Planning

Identify corrective action for all Unsatisfactory responses.

Business Recovery Planning

Business Recovery Planning

Develop internal emergency communications procedures.

Have formal building access procedures in place.