Business
Continuity
Management
Toolkit
How prepared
are you?
Next
Version 1
ContentsPrevious Next
22
Contents
What Is Business Continuity Management (BCM)? 3
About the Toolkit 4
1. BCM programme management 5
2. Understanding the organisation 6
3. Determining BCM strategy 11
4. Developing and implementing BCM response 12
5. Exercising, maintaining and reviewing BCM arrangements 14
6. Embedding BCM in the organisations’ culture 16
Annex A – Glossary of terms 17
Annex B – Emergency pack 18
Annex C – Acknowledgements and your feedback 19
Click on content to navigate
ContentsPreviousPrevious view Next
3
Business Continuity Management (BCM) is about identifying those
parts of your organisation that you cant afford to lose – such as
information, stock, premises, staff – and planning how to maintain
these, if an incident occurs. Any incident, large or small, whether it is
natural, accidental or deliberate, can cause major disruption to your
organisation. But if you plan now, rather than waiting for it to happen,
you will be able to get back to business in the quickest possible time.
Delays could mean you lose valuable business to your competitors, or
that your customers lose confidence in you.
BCM is simpler than you might think. To implement BCM you will need
to consider the following questions:
What are your organisations key products and services?
What are the critical activities and resources required to
deliver these?
What are the risks to these critical activities?
How will you maintain these critical activities in the event of an
incident (loss of access to premises, loss of utilities etc)?
BCM is an established part of the UK’s preparations for managing
risks faced by organisations, whether from internal system failures or
external emergencies such as extreme weather, flooding, terrorism,
or infectious diseases. The Civil Contingencies Act 2004 recognised
its importance by requiring frontline responders to maintain
internal BCM arrangements and local authorities to promote BCM
to commercial and voluntary organisations.
What is Business Continuity Management?
ContentsPreviousPrevious view Next
4
The toolkit aims to help you put the theory into practice
by guiding you through the steps you will need to take to
implement BCM in your organisation. It is a step-by-step
guide taking you through the six elements that make up
the BCM lifecycle as set out in the Business Continuity
Management Standard (BS25999) and depicted in the
diagram opposite.
Although the toolkit is applicable to all sizes of organisation
across all sectors, it has been developed specifically for small
and medium organisations in the commercial and voluntary
sector that are relatively new to BCM.
The toolkit has been specifically designed to be used as an
e-tool but can be printed if preferred.
About the Toolkit
E
m
b
e
d
d
i
n
g
B
C
M
i
n
t
h
e
o
r
g
a
n
i
s
a
t
i
o
n
s
c
u
l
t
u
r
e
BCM
Programme
Management
Understanding
the organisation
Determining
BCM
strategy
Exercising,
maintaining
and reviewing
Developing and
implementing
BCM response
Reference: BS25999-1, 2006
ContentsPreviousPrevious view Next
5
Effective programme management will ensure that BCM capability is
established and maintained within your organisation. There are three
steps in the process:
assigning responsibilities;
establishing and implementing BCM in the organisation; and
ongoing management.
Assigning responsibilities
It is essential that BCM has the full support of senior management
and this should be obtained from the outset. Without this support,
it will be virtually impossible to instil a sense of value and ownership
among the rest of the workforce. It is also important that an individual
or team within your organisation is responsible for managing and
co-ordinating the BCM capability. For these reasons, it is
recommended that senior management:
appoint or nominate an individual at management board level to be
accountable for BCM; and
appoint one or more individuals with responsibility for taking the
programme forward.
Establishing and implementing BCM in the
organisation
One of the early tasks should be to agree the BCM policy for
the organisation. This would normally be the responsibility of
the management board representative, working with others as
appropriate, and should set out:
scope, aims and objectives of BCM in the organisation; and
the activities or “programme” that will be required to deliver these.
1. BCM programme management
The policy should be owned by the management board and regularly
reviewed.
Once the policy has been developed and agreed, it will be the task of
the individual or team with responsibility for BCM to ensure the policy
is implemented. This will involve:
communicating the programme to internal stakeholders;
arranging appropriate training for staff;
ensuring activities are completed; and
initial exercising of the organisations BCM arrangements.
Ongoing management
There are a number of activities that should be undertaken on an
ongoing basis to ensure that BCM continues to be embedded in the
organisation and remains current. Responsibility for ensuring this
happens should rest with the individual or team given responsibility
for BCM. It will involve:
making sure that the organisations business continuity plans, and
related documents, are regularly reviewed and updated;
continuing to promote business continuity across the organisation;
administering the exercise programme; and
keeping the BCM programme updated through lessons learned and
good practice.
The following pages will look at these activities in more detail.
ContentsPreviousPrevious view Next
6
This is a key element of BCM and the foundation work from which
the whole process is built. Undertaking a Business Impact Analysis
and Risk Assessment will enable you to better understand your
organisation and build your BCM capability.
Business Impact Analysis (BIA)
A BIA identifies and documents your key products and services; the
critical activities required to deliver these; the impact that a disruption
of these activities would have on your organisation; and the resources
required to resume the activities.
To undertake a BIA you should follow the steps set out below:
Step 1 – List the key products and services your organisation
provides which if disrupted for any reason will have the greatest
impact. For each product or service identified, you should consider
what the impact of a disruption would be both in terms of your
organisations ability to meet its aims and objectives, and the impact
on its stakeholders.
You should then document what the impact would be for:
First 24 hours
24 – 48 hours
Up to one week
Up to two weeks
2. Understanding the organisation
Step 2You should now be able to identify the maximum length of
time that you can manage a disruption to each of your key products
and services without it threatening your organisations viability, either
financially or through a loss of reputation (this is often referred to as
the Maximum Tolerable Period of Disruption or MTPD).
Step 3You should now set the point in time at which each of your
key products and services would need to be resumed in the event of
a disruption (this is often referred to as the Recovery Time Objective
or RTO).
In determining the RTO, you should:
take into account the confidence you have in the MTPD and
whether on reflection it was too optimistic; and
ensure that you have built in a margin for unforeseen difficulties
with recovery;
Step 4You should now document the critical activities that are
required to deliver your key products and services.
ContentsPreviousPrevious view Next
7
Step 5You should now quantify the resources
required over time to maintain the critical
activities at an acceptable level and to meet the
RTO identified in Step 3 above and document
these. These may include:
people;
premises;
technology;
information; and
supplies and partners
The table opposite sets out some of the questions
that you may want to consider when quantifying
the resources you will require to maintain your
critical activities but should not be seen as an
exhaustive list.
PEOPLE
What is the optimum number of staff •
you require to carry out your critical
activities?
What is the minimum staffing level with •
which you could provide some sort of
service?
What skills/level of expertise is required •
to undertake these activities?
PREMISES
What locations do your organisations •
critical activities operate from?
What alternative premises do you have?•
What plant, machinery and other •
facilities are essential to carry out your
critical activities?
TECHNOLOGY
What IT is essential to carry out your •
critical activities?
What systems and means of voice and •
data communication are required to
carry out your critical activities?
INFORMATION
What information is essential to carry •
out your critical activities?
How is this information stored?•
SUPPLIERS AND PARTNERS
Who are your priority suppliers/partners •
whom you depend on to undertake your
critical activities?
Do you tender key services out to •
another organisation, to whom and for
what?
Do you have any recipricol •
arrangements with other organisations?
ContentsPreviousPrevious view Next
8
It should be noted that the resources required to resume an activity
after an incident will not necessarily be the same as during normal
operations as you may need additional resources to clear backlogs.
The approach you adopt in undertaking a BIA will be dependant on the
size and type of organisation. For example, in some organisations the
individual or team appointed to manage and co-ordinate BCM may
very well have a sufficient overview of end-to-end delivery of your key
products and services to undertake this exercise. Whereas, in a larger
organisation it will be necessary to involve a range of individuals with
a detailed knowledge of the specific activities of the organisation.
If it is necessary, to consult across the organisation, there are three
commonly recognised mechanisms for doing this, each having
particular strengths.
Workshops – these provide rapid results and an opportunity for hands-
on engagement
Questionnaires – these provide large amounts of data but information
quality can be very questionable if not completed with consistency
Interviews – these can provide very good information but can be time
consuming and output can vary in detail and format
Risk Assessment
In the context of BCM, a risk assessment looks at the likelihood and
impact of a variety of risks that could cause a business interruption.
By assessing these, you will be able to prioritise your risk reduction
activities.
You should focus your risk assessment on the critical activities and
supporting resources identified in the BIA stage. For this reason a risk
assessment can only take place once a BIA has been completed.
To undertake a risk assessment you should follow the steps set
out below:
Step 1 – Identify and document the risk to your organisation. These
could include:
Loss of staff
Loss of systems (IT and telecommunications)
Loss of utilities eg water, gas or electricity
Loss of, or access to, premises
Loss of key suppliers
Disruption to transport
Information about some of these generic challenges can be found
at http://www.preparingforemergencies.gov.uk/business/generic_
challenges/index.shtm
ContentsPreviousPrevious view Next
9
Step 2 – List the likelihood of the risk occurring.
Step 3 – List what arrangements you currently have in place to
prevent or reduce the likelihood of the risk occurring.
Step 4 – List what arrangements you could put in place to prevent or
reduce the risk on your organisation.
Step 5 – Using the information above, you now need to assign a
likelihood score to each risk.
Step 6 – Using the risk matrix in fig. 2 plot the likelihood identified in
step 5 against the impact as previously identified in the BIA.
Step 7You will now be able to rank the risks and make an
informed decision about what action to take. The options are:
Treat – use of BCM to reduce disruption by ensuring the activity
continues at, or is recovered to, an acceptable minimum level (RTO)
and timeframe stipulated in the BIA.
Tolerate – you may decide that you are willing to accept the risk
as the cost of implementing any risk reduction strategies outweigh
the benefits.
Transfer – for some risks the best response may be to transfer
them. This might be done by conventional insurance or contractual
arrangements, or it might be done by paying a third party to take the
risk in another way. This option is particularly good for mitigating
financial risks or risks to assets.
Terminate – in some circumstances it might be appropriate to
change, suspend or terminate the service, product, activity, function
or process. This option ought only to be considered where there is
no conflict with the organisations objectives, statutory compliance
and stakeholder expectation. This approach is most likely to be
considered where a service, product, activity, function or process
has a limited lifespan.
High Impact
Low Likelihood
B
High Impact
High Likelihood
A
Low Impact
Low Likelihood
Increasing Likelihood
Increasing Impact
D
Low Impact
High Likelihood
C
ContentsPreviousPrevious view Next
10
In many cases, a combination of BCM and insurance will give your
organisation the best chance of recovering quickly. This view is
supported by the British Insurance BrokersAssociation who state:
.....Insurers have recognised the benefit of
Risk Management and Business Continuity
Planning and will offer premiums that reflect
suitably protected businesses.
Outputs from “understanding the organisation
The following documents should be produced and signed off by
senior management in this process:
Business Impact Analysis detailing:
your organisations key products and services, critical activities •
and supporting resources;
the maximum length of time you can manage a disruption to •
each key product/service; and
the resources required to resume the key products and services.•
Risk Assessment detailing:
the risks that could occur to the critical activities and supporting •
resources which would impact on your organisations ability to
deliver its key products and services.
ContentsPreviousPrevious view Next
11
This stage of the BCM process is about identifying the action that you
can take to maintain the critical activities that underpin the delivery of
your organisations products and services.
Having previously determined the RTO for each critical activity,
you now need to develop a strategy for meeting it. This involves
PEOPLE
Inventory of staff skills not •
utilised within their existing
roles - to enable redeployment
Process mapping and •
documentation - to allow staff
to undertake roles with which
they are unfamiliar
Multi-skill training of each •
individual
Cross-training of skills across a •
number of individuals
Succession planning•
Use of third party support, •
backed by contractual
agreements
Geographical separation of •
individuals or groups with core
skills can reduce the likelihood
of losing all those capable of
undertaking a specific role
PREMISES
Relocation of staff to other •
accommodation owned by your
organisation such as training
facilities
Displacement of staff •
performing less urgent business
processes with staff performing
a higher priority activity. Care
must be taken when using this
option that backlogs of the less
urgent work do not become
unmanageable.
Remote working – this can be •
working from home or working
from other locations
Use premises provided by •
other organisations, including
those provided by third-party
specialists
Alternative sources of plant, •
machinery and other equipment
3. Determining BCM strategy
taking appropriate action to mitigate the loss of the resources that you
identified in Step 5 of the “understanding the organisation” stage.
The table below provides some of the tactics that you could adopt to
protect your resources but should not be seen as an exhaustive list.
TECHNOLOGY
Maintaining the same •
technology at different
locations that will not be
affected by the same business
disruption
Holding older equipment as •
emergency replacement or
spares
INFORMATION
Ensure data is backed-up and it •
is kept off site
Essential documentation is •
stored securely (e.g. fire proof
safe)
Copies of essential •
documentation are kept
elsewhere
SUPPLIERS AND PARTNERS
Storage of additional supplies •
at another location
Dual or multi-sourcing of •
materials
Identification of alternative •
suppliers
Encouraging or requiring •
suppliers/partners to have a
validated business continuity
capability
Significant penalty clauses on •
supply contracts
STAKEHOLDERS
Mechanisms in place to •
provide information to
stakeholders
Arrangement to ensure •
vulnerable groups are
accommodated
ContentsPreviousPrevious view Next
12
This stage of the BCM process is concerned with the development
and implementation of appropriate plans and arrangements to
ensure the management of an incident and continuity and recovery
of critical activities that support key products and services.
The number of plans and the content of these will vary from
organisation to organisation and should reflect the structure and
culture of the organisation and the complexity of its critical activities.
Based on these factors, you may choose to have separate incident
management, business continuity and business recovery plans;
or separate plans covering a particular part of your organisation,
premises or scenario. For a very small organisation a single plan
which incorporates all the above elements may be sufficient.
The key point to remember is that in totality the plans and
supplementing material should provide all the information the
organisation needs to ensure that it can manage the immediate
incident and continue and recover the critical activities identified
in understanding the organisation. It is also important to ensure
that your plans are easily accessible and copies should be kept on
and off site.
Given that there is no one plan that would be appropriate to all
organisations, we have not included a plan template in the toolkit.
However, the advice set out below should provide a useful reference
point to get you started.
4. Developing and implementing
BCM response
Plan content
Purpose and scope
Whatever type of plan you are writing, it is important to clearly state
its purpose and scope. Any relationship to other relevant plans or
documents within the organisation should be clearly referenced and
the method of obtaining and accessing these described.
Document owner and maintainer
You should document who owns the plan and who is responsible for
reviewing, amending and updating it at regular intervals.
A system of version control should also be adopted.
Roles and responsibilities
The plan should list all individuals with a role in its implementation
and explain what that role is.
Plan invocation
The method by which the plan is invoked should be clearly
documented, setting out the individuals who have the authority
to invoke the plan and under what circumstances. The plan should
also set out the process for mobilising and standing down the
relevant teams. In doing this, you should consider putting in place
arrangements so that the relevant teams are mobilised as early
as possible when an incident occurs. Delay in mobilising these
teams could have a major impact on the effectiveness of your
BCM arrangements.
ContentsPreviousPrevious view Next
13
Contact details
All plans should contain or provide a reference to the essential contact
details for all key stakeholders, including all those staff involved in the
implementation of the plan.
Incident management
You should document the tasks that will be required to manage the
initial phase of the incident and the individual responsible for each
task. This is likely to include:
site evacuation;
mobilisation of safety, first-aid or evacuation-assistance teams;
locating and accounting for those who were on site or in the
immediate vicinity; and
ongoing employee/customer communications and safety briefings
The plan should set out the arrangements for communicating with
staff, wider stakeholders and, if necessary, the media. There should be
an up to date contact list and the location and method of obtaining it
described in the plan.
In developing your communiucations strategy, you will need to
give particular consideration to any people with disabilities or other
specific needs.
The organisation should identify a robust location, room or space
from which an incident will be managed. Once established, this
location should be the focal point for the organisations response.
An alternative meeting point at a different location should also be
nominated in case access to the primary location is denied. Each
location should have access to appropriate resources, such as
telecommunications, by which the incident team may initiate effective
incident management activities without delay. You should also have
your emergency pack” on site.
Business continuity and recovery
In terms of business continuity and recovery, your plan should:
set out the critical activities to be recovered, the timescales in which
they are to be recovered and the recovery levels needed;
the resources available at different points in time to deliver your
critical activities;
the process for mobilising these resources; and
detail actions and tasks needed to ensure the continuity and
recovery of your critical activities.
ContentsPreviousPrevious view Next
14
This element of the BCM lifecycle ensures
that an organisations BCM arrangements are
validated by exercise and review and that they
are kept up to date.
Exercising
Your BCM arrangements cannot be considered
reliable until they are exercised and have
proved to be workable. Exercising should
involve: validating plans; rehearsing key staff;
and testing systems which are relied upon to
deliver resilience. The frequency of exercises
will depend on your organisation, but should
take into account the rate of change (to the
organisation or risk profile), and outcomes of
previous exercises (if particular weaknesses
have been identified and changes made).
As a minimum we would suggest plans are
exercised annually.
The four main types are testing, discussion,
table-top and live exercises.
Testing – Not all aspects of your plan can be
tested, but some crucial elements can, such as
the contact list and the activation process. You
can also use this type of exercise to test your
back-up power, communications equipment
and information management arrangements.
A discussion based exercise is the
cheapest to run and easiest to prepare. This
type of exercise will bring staff together to
inform them of the plan and their individual
responsibilities. It will also involve a
discussion of the plan to identify problems and
solutions. This type of exercise is particular
useful for training purposes and provides an
important tool for embedding BCM in your
organisations culture. It is also effective as an
initial validation of a new plan.
A table-top exercise is scenario based and
for small to medium sized organisations is
likely to offer the most efficient method of
validating plans and rehearsing key staff. It
brings staff together to take decisions as a
scenario unfolds in very much the same way
they would in the event of a real incident.
Ordinarily it will be held in a round table
format and last between 2 hours and half a
day. The advantage of this type of exercise
is that it engages players imaginatively,
generates high levels of realism and provides
participants with an opportunity to get to know
the people with whom they would work in the
event of a real incident.
As a point of reference to help you develop
your own scenario, an example of a bad
weather scenario has been developed. This
can be viewed on-line, or can be saved to your
PC (to save open link and select “File” and
then “Save As” from your browser toolbar).
The main challenge in designing this type
of exercise is in developing the scenario
and setting questions for the participants to
consider. In some cases your LRF http://www.
preparingforemergencies.gov.uk/government/
lrfs.shtm will be able to help but it also
possible to do this yourself. In developing a
scenario you should:
Keep it simple
Ensure the scenario is relevant and
realistic – the best way to do this is to refer
back to the understanding your business
element of the BCM process and think
about the scenarios that you considered
when thinking about the risks your
organisation face
5. Exercising, maintaining and reviewing
BCM arrangements
ContentsPreviousPrevious view Next
15
A live exercise ranges from a small scale test of one component, such
as evacuation, through to a full scale test of all components of the plan.
Live exercises are a neccessity for components such as evacuation that
cannot be tested effectively in any other way. While single component
tests are relatively easy to set up, full tests are much more complex
and can be costly. Before embarking on a live exercise it is important to
consider whether your organisation has the neccesary capacity to run the
exercise without it causing a disruption to your ability to deliver your key
products and services.
Whatever type of exercise you opt for, it is worth considering inviting
other stakeholders, and in particular, those that you rely on to deliver
your key products and services.
It is also important to record and evaluate the event, through a debriefing
immediately after the exercise and then written up in a lessons learned
report with actions if required.
Maintaining BCM arrangements
Your organisations should not only put BCM arrangements in place,
but should ensure they are kept up to date. A maintenance programme
should be put in place that ensures that your plans are updated:
if there are any changes to your organisation, including restructurings,
changed methods of the delivery of your critical activites;
if there is a change to the external environment in which the
organisation operates;
following lessons learned from an incident or exercise; and
changes to staff
When updating plan(s) an effective system of version control should
be adopted.
Reviewing BCM arrangements
It is highly recommended that your organisations BCM arrangements
are reviewed either through formal audit or self assessment at regular
intervals as deemed appropriate. This review should be documented and
should verify that:
all key products and services and their critical activites and supporting
resources have been identified;
arrangements accurately reflect your organisations objectives;
arrangements are fit for purpose, and appropriate to the level of risk
your organisation faces;
BCM maintenance and exercising programmes have been effectively
implemented;
BCM arrangements incorporate improvements identified during
incidents and exercises and in the maintenance programme;
an effective programme for training and awareness raising is in place;
and
change control procedures are in place and working effectively
One mechanism for reviewing your own and your key suppliers’ BCM
arrangements is to assess these against the British Standard on Business
Continuity Management (BSI 25999)
Outputs from exercising, maintaining and
reviewing BCM arrangements”
An exercise programme, including the aims and objectives •
Lessons learned report from each exercise or real incident•
Updated business continuity plan•
BCM review report•
ContentsPreviousPrevious view Next
16
To be successful BCM has to become part of the culture of your
organisation. This can be achieved through a combination of awareness
raising and training.
Awareness
Raising and maintaining awareness of BCM with all your staff to ensure
that they are aware of why BCM is important to the organisation.
Mechanisms for raising awareness include:
involving staff in the development of the organisation’s strategy;
written and oral briefings;
learning from internal and external incidents; and
discussion based exercises
All new staff should be made aware of the organisation’s BCM
arrangements on joining and this should form an integral part of the
induction process.
Training
It is good practice to ensure that all staff in your organisation who
have business continuity responsibilities receive training on BCM. As a
minimum it is recommended that these staff work through this toolkit.
6. Embedding BCM in the
organisations Culture
ContentsPreviousPrevious view Next
17
Business Continuity Management (BCM)
A management process that helps manage the
risks to the smooth running of an organisation or
delivery of a service, ensuring that it can operate to
the extent required in the event of a disruption.
Business Continuity Management Lifecycle
A series of business continuity activities which
collectively cover all aspects and phases of the
business continuity management programme.
Business Continuity Plan (BCP)
A documented set of procedures and information
intended to deliver continuity of critical activities in
the event of a disruption.
Business Continuity Management Standard
(BS25999)
A code of practice that establishes the process,
principles and terminology of BCM.
Civil Contingencies Act 2004
The Civil Contingencies Act 2004 establishes
a single framework for civil protection at the
local level, establishing a clear set of roles and
responsibilities for local responders.
Critical Activity
An activity the continuity of which an organisation
needs to ensure, in order to meet its business
objectives.
Cross Training
Teaching an employee who was hired to perform
one job function the skills required to perform
other job functions.
Exercise
A simulation to validate a plan, rehearse key staff
or test systems and procedures.
Exercise Programme
Planned series of exercises to validate plans and to
train and develop staff competencies.
Incident
An event that causes disruption to your
organisation.
Invocation
Act of declaring that an organisations business
continuity plan needs to be put into effect in order
to continue delivery of key products or services.
Local Resilience Forum (LRF)
A process for bringing together all the Category 1
and 2 responders within a local police area for the
purpose of facilitating co-operation in fulfilment of
their duties under the Civil Contingencies Act.
Maximum Tolerable Period of Disruption (MTPD)
Duration after which an organisations viability will
be irrevocably threatened if product and service
delivery cannot be resumed.
Process Mapping
A graphic representation showing all the steps,
actions, and decision points of a process.
Recovery Time Objective (RTO)
Identifies the time by which critical activities and/or
their dependencies must be recovered.
Risk
Risk measures the significance of a potential event
in terms of likelihood and impact.
Risk Assessment
A structured and auditable process of identifying
significant events, assessing their likelihood and
impacts, and then combining these to provide an
overall assessment of risk, as a basis for further
decisions and action.
Succession Planning
A process designed to ensure the continued
effective performance of an organisation by making
provision for the development and replacement of
key people over time.
Stakeholders
Those with a vested interest in an organisations
achievements.
Version Control
Technique to control access to and modification
of documents and to track versions of a document
when it is revised.
Annex A – Glossary of terms
ContentsPreviousPrevious view Next
18
One of the most useful actions that you
can take to cope with an incident is to have
prepared an “Emergency Pack” in advance.
This is a pack of items that will help you
implement your plans.
Items that you may wish to include are:
Documents:
Business Continuity Plan – your plan to •
recover your business or organisation.
List of employees with contact details – •
include home and mobile numbers, and
even e-mail addresses. You may also wish
to include next-of-kin contact details.
Lists of customer and supplier details. •
Contact details for emergency glaziers, •
salvage organisations and building
contractors.
Contact details for utility companies. •
Building site plan (this could help in a •
salvage effort), including location of gas,
electricity and water shut off points.
Latest stock and equipment inventory. •
Insurance company details. •
Financial and banking information. •
Engineering plans and drawings. •
Product lists and specifications. •
Formulas and trade secrets. •
Local authority contact details. •
Headed stationery and company seals and •
documents.
Equipment:
Computer back up tapes / disks / USB •
memory sticks or flash drives.
Spare keys / security codes. •
Torch and spare batteries. •
Hazard and cordon tape. •
Message pads and flip chart. •
Marker pens (for temporary signs). •
General stationery (pens, paper, etc). •
Mobile telephone with credit available, plus •
charger.
Dust and toxic fume masks. •
Disposable camera (useful for recording •
evidence in an insurance claim).
Ensure you are able to repair or replace any
equipment vital to your business at short
notice. If you are able to, consider storing
spare parts off-site.
Notes:
Make sure this pack is stored safely and •
securely off-site (in another location).
Ensure items in the pack are checked •
regularly, are kept up to date, and are
working.
Remember that cash / credit cards may be •
needed for emergency expenditure.
This list is not exhaustive, and there may be •
other documents or equipment that should
be included for your organisation.
Annex B – emergency pack
ContentsPreviousPrevious view
19
The Cabinet Office would like to thank the
organisations who took the time and effort
to contribute to the research and publication
of this toolkit. In particular, we would like to
thank the organisations listed below who are
members of a “Practitioner Working Group”
who helped direct the work.
Practitioner Working Group
Business Continuity Institute
Continuity Forum
Federation of Small Businesses
Local Government Association
London Borough of Hillingdon
London First
National Council for Voluntary Organisations
The Norfolk Major Incident Team (NORMIT)
Reading Borough Council
Small Business Service
Your Feedback
We would welcome your feedback on the
toolkit. In particular we would like your
comments on how useful you found the toolkit
and any ideas you have for enhancing it.
Please send your feedback to
ccact@cabinet-office.x.gsi.gov.uk
Annex C – Acknowledgements
Chrome Web Store
It looks like you haven't installed the Fill Chrome Extension Add to Chrome