Skip to main content

Business Continuity Policy

Purpose

The purpose of this Business Continuity Policy is to ensure an efficient, effective and adaptable response in the event of an incident so that Convivio can:

  • Respond quickly and effectively to a disruptive incident (incident management)
  • Continue to deliver business critical activities during the time of the incident (business continuity)
  • Return to a state of business as usual as soon as possible (resume and recover)

Planned Remit

The following functions are covered within this plan:

  • Project management and delivery
  • Service management to provide support for live projects

Plan Owner

Ownership and responsibility for the plan is assigned to the following individuals:

Steve Parks - CEO

These individuals are responsible for the continued maintenance and implementation of the plan.

Communication and Availability of the Plan

This plan is available online in our Convivio cookbook. Keeping it here means it can be accessed from any device. In the event of an emergency it's readily available.

Reviewing the Plan

We review the plan at least once per year, around June.

Testing the Plan

It's important to continually test the plan to make sure it remains relevant and effective. We test the plan each June as a minumum.

Activating the Plan

Circumstances

In the event of an incident the plan will be activated. Considerable disruption to our business operations or a project will warrant one or more of the processes being triggered. Specific incidents include:

  • The loss of critical systems or access to them
  • Sudden loss of key staff or key skills
  • Loss or theft of equipment
  • Loss, or suspected loss, of data

Responsibility for Activation

It's the responsibility of all staff and contractors to report an incident, or suspected incident. If we need to respond then any member of our Business Continuity Team (BCT) will take responsibility:

  • Steve Parks
  • Joe Baker

Process for Activation

Incident Management

The purpose of the Incident Management Phase is to:

  • Protect our team
  • Protect vital assets e.g. equipment, data, reputation, client work
  • Ensure necessary communication takes place
  • Support the Business Continuity phase
  • Support the Recovery and Resumption phase
  • Actions to Protect Vital Assets

The following actions will be taken to protect our assets:

  • Whoever identifies the incident should record and report details of the incident
  • Inform members of the Business Continuity Team (see above)
  • The BCT assess the impact of the incident to agree response and next steps
  • The BCT team communicates the incident to other members of staff and customers as agreed in their next steps

Communication Actions

In the event of an incident and this plan being initiated, the BCM team should be contacted. Other people within the team or within the client base may also be contacted depending on the details of the incident.

Incident Actions

Following are a list of possible actions to consider as part of incident management:

  • The member of staff reports details of the loss or theft to the management team
  • The incident is reported to the UK support team
  • Details are recorded in the Incident Management Report
  • GitHub account is suspended
  • Google account is suspended
  • Xero account is suspended
  • Slack account is suspended
  • VPN account is suspended
  • A location trace is attempted using Apple’s Find My Phone
  • Details are reported to the Police