FCA and PRA licenses (authorisations) and ongoing compliance support, training, recruitment. Contact us 7 days a week, 8am-11pm. Free consultations. Phone / Whatsapp: +4478 3368 4449  Email: hirett.co.uk@gmail.com

INTRODUCTION

Hirett (hereinafter referred to as the “Company”) business continuity plan will be distributed to the relevant staff members of the business continuity and management teams / nominated representative.

A master copy of this BCP document will always be maintained by the directors and shall be located in a secure place off-site.

For further risk mitigation, an electronic copy of this plan will be stored on a secure USB flash drive for printing on demand.

 WHY THIS POLICY EXISTS

Disaster Recovery (or Business Continuity Planning), is the processes, controls, measures, policies and procedures that together, enable a company to recovery and/or continue to trade following a natural or human-induced disaster or situation. All businesses should have some form of recovery program, however those in consumer credit and financial services industries are expected to have fully documented, robust and tested plans to protect consumer interests and safeguard assets.

Vital technology infrastructure and systems are susceptible to disruptions when dealing with potential threats and disaster recovery plans form an extensive program from documenting systems, assets and information flows, through to stress-testing, back-ups and continuity plans. Any event that compromises or negatively impacts standard operations within the business are documented, with mitigating actions or alternative solutions included in the plan should a threat occur.

A plan will usually include a range of threats, risks and disasters that could happen; internal and external; natural or human-based, enabling Directors and Senior Management to assess each scenario and implement measures and controls before the issue arises. It is essential in any Disaster Recovery Plan, to include all possible threats and risks and not just focus on the obvious ones such as fire, electricity outage or network virus. For example, if an illness or virus affected 80% of a business’s workforce, to would be difficult to continue operating as normal or if the office location became uninhabitable, plans for back-up sites should be included.

PURPOSE

The purpose of this policy is to provide a flexible and documented response so that the Company can respond to a disruptive incident, maintain delivery of critical activities and services during any such incidents and resume ‘Business as usual’ in the shortest time, with the least disruption.

This plan acts as a guidance and support document in the event of any threat scenario occurring and its development has included key stakeholder and prominent employees and suppliers.

 POLICY SCOPE

The policy relates to all the Company staff (meaning permanent, fixed term, and temporary staff, any third-party representatives or sub-contractors, agency workers, volunteers, interns and agents engaged with the Company in the UK or overseas) within the organisation and has been created to ensure that staff deal with the area that this policy relates to in accordance with legal, regulatory, contractual and business expectations and requirements.

 OBJECTIVES

The Company is dedicated to restoring standard operating procedures as soon as is possible after any threat has occurred, and this recovery plan documents each aspect of the processes, measures and requirements to do that. We have several objectives for our recovery plan: –

  • To develop, retain and maintain a detailed and up-to-date Disaster Recovery Plan (DRP)
  • Understand the critical functions and activities of the business
  • Identify, analyse, assess and document risks to the Company and continued operation
  • Identify the key roles, responsibilities and contacts to respond to an emergency
  • Maintain effective running of the business in the event of a crisis or emergency
  • To ensure that all staff are aware of the DRP/BCP and their role in complying with its processes
  • To minimise disruptions to the Company’s normal business operations
  • To limit the extent and impact of any such disruption and/or damage
  • To minimise the economic, client, customer and employee impact of any disruption
  • To ensure that an alternative, adequate and appropriate means of operating is in place
  • To ensure that employees and associated DRP/BCP suppliers are fully trained as to their part in any emergency procedure
  • To provide a safe, swift and effective restoration to normal service

 DISASTER RECOVERY PLAN

Distribution List

The below distribution list contains the names, contact details and DRP role of any employee, locums or 3rd party who has a copy of the DRP and who are fully aware of the procedures to be followed in the event of a crisis, threat or emergency.

This plan has been distributed to the relevant staff members of the business continuity and management teams and a master copy is maintained by the company Director and is in a secure place off-site. For further risk mitigation, an electronic copy of this plan is stored on a secure USB flash drive for printing on demand.

NAME POSITION CONTACT
[Name 1] DIRECTOR 00000000000
[Name 2] DIRECTOR 00000000000
     

BUSINESS IMPACT ANALYSIS        

The Company has completed a full Business Impact Analysis (BIA) and a risk assessment to enable us to understand our critical functions, risks to the continued operation of the business and plan for recovery.

There are several key functions (referred to in this document as Critical Functions) that are essential to the normal operation of the Company and as such, require immediate restoration after an emergency incident.

The BIA enables the Company to differentiate the critical (urgent) and non-critical (non-urgent) functions of the business, this providing us with a priority order in which to allocate resources and start restoration actions and measures. Critical functions are then given a priority describe in which order of priority the critical functions are to be completed.

When carrying out a business impact and risk assessment on each area, we aim to assign a Recovery Time Objective (RTO) to each function. This is the maximum length of time that the Company can manage a disruption to this critical function before it threatens the Company’s viability or ability to operate normally.

DISASTER CRITICAL RESOURCES IMPACTED MITIGATION TIME TO REINSTATE RISK
Power Loss Electricity, internet, telephones
  • Contact electricity company
  • If delay > 4 hours; use mobile internet
  • If delay >24 hours; arrange generator.
Depends on supplier (normally < few hours) MEDIUM
Internet fails Internet
  • Back up mobile broadband service maintained.  Can be switched to instantly through portable Wi-Fi hotspot-if required.
Depends on supplier used so typically < few hours MEDIUM
Telephone lines down Telephones, internet
  • Contact telecom co.

If delay >4 hours; redirect phone lines via VOIP supplier.

 Depends on supplier (normally <1 day) MEDIUM
Flooding Business premises
  • Relocate to a temporary office

Business insurance

24 hours  LOW
Server Failure Data Servers
  • Backed up offsite
  • Copy held onsite as well – can see up to previous day’s records

Two servers run in parallel – can revert to other in event of catastrophic hardware failure within 6 hours.  As such, all payment services (except same-day “express” orders) would be completed in the stated timescale.  Back office function is web-based and thus can operate from anywhere in the world once data servers running.

<6 hours normally. MEDIUM
Burglary PCs, telephones
  • Building is highly secured and there are CCTV’s everywhere.

Telephone loss can be followed as per contingency plan for phone lines going down.

6 hours LOW

EMERGENCY PACK      

As part of the Company’s recovery plan, we retain copies of back-up’s, key documents, spare keys, insurance documents, records and equipment in a secure, off-site in a readily available and up-to-date emergency pack. This pack is only accessible by the Director/IT Manager and can be retrieved in the event of an emergency to aid in the recovery process.

UPDATES & ANNUAL REVIEW          

The Company updates this plan whenever we have a material change to our operations, structure, business or location or to those of our clearing firm. In addition, we review and test this DRP annually, to modify any changes in our operations, structure, business or location or those of our clearing firm and to ensure that all steps, processes and functions are appropriate, functioning and effective.

 ACTIONS AND EXPENSES LOG              

This table is used to record decisions, actions and expenses incurred in the recovery process and is used to provide information for the post-recovery debriefing, and to help provide evidence of costs incurred for any claim under an insurance policy.

Date/Time Decision / action taken Responsible person Cost(s) incurred