Provider / Plan No. / Date of review:
1.0 Business Continuity Plan
Item / Criteria / Yes / No / Comments
1.1 / Contains a version history / date the plan was last updated (ideally updated every six months)
1.2 / Identifies a plan owner, with their contact details (ideally a senior manager)
1.3 / Is protectively marked and contains a data protection statement if it contains commercially sensitive and / or personal data (e.g. home contact details)
1.4 / Contains a clear index / list of contents
1.5 / Identifies the criteria / scenarios in which the plan will be activated
1.6 / Contains a clear activation procedure
1.7 / Identifies a business continuity or incident management team (ideally with deputies) who will implement the plan
1.8 / Includes step-by-step checklists for the actions to be taken
1.9 / Identifies how activities will be prioritised, including where the services provided to the council sit (or will sit) in terms of these priorities
1.10 / Identifies realistic recovery timescales
1.11 / Identifies specific IT recovery, telephony diversion and manual workaround arrangements
1.12 / Includes contact details for the business continuity / incident management team
Includes contact details for all members of staff who would be expected to respond in a BC incident
Includes contact details for key customers, including the council (if services are already being delivered)
Includes contact details for own key suppliers or other organisations they depend on
2.1 / The dates and frequency at which the plan is tested
2.2 / The type of testing carried out (for example: desktop “walkthrough” exercise, technical IT systems recovery test or full practical “live” exercise)
2.3 / The findings from tests and exercises, i.e. what learning points were captured and how these have been used to improve plan(s)
3.1 / Number, duration and type of outages / disruptions to business-as-usual experienced in the last five years, regardless of whether business continuity plans were invoked or services to customers were impacted (i.e. including near miss data)
3.2 / The findings from post-incident debrief(s), i.e. what learning points were captured after the incident and how these have been used to improve plan(s)
Recommendations / Feedback
Version 1 October 2013 Carol Winstanley