2 - Site Crisis Management Plan Template

Site Crisis Management Plan
(For Company XX)
Crisis Management Team Leader ( )
Business Continuity Coordinator ( )
In the event of a business disruption go to:

Site Crisis Management Plan Flow:
Management Response Phase
Sub-phase 1 – Initial Response & Notification (page YY)
Table of Contents
ABBREVIATIONS.......................................................................................................................................................4
DEFINITIONS..............................................................................................................................................................5
ABOUT THIS PLAN TEMPLATE.............................................................................................................................6
Business Continuity Plan Documents & Crisis Response Phase..........................................................................6
INTRODUCTION.........................................................................................................................................................8
CRISIS MANAGEMENT POLICY............................................................................................................................9
Purpose.................................................................................................................................................................9
Scope.....................................................................................................................................................................9
Executive Sponsor.................................................................................................................................................9
Document Manager...............................................................................................................................................9
Review and Compliance........................................................................................................................................9
Rules Regulations..................................................................................................................................................9
Staff Responsible...................................................................................................................................................9
Violations.............................................................................................................................................................10
SITE CRISIS MANAGEMENT PLAN ...................................................................................................................11
Purpose................................................................................................................................................................11
Objectives............................................................................................................................................................11
Assumptions.........................................................................................................................................................11
Scope...................................................................................................................................................................12
BUSINESS CONTINUITY PLAN DOCUMENTS & CRISIS RESPONSE PHASE..........................................13
Business Continuity Plan Documents.................................................................................................................14
BUSINESS CONTINUITY PLAN HIGH-LEVEL PROCESS FLOW.................................................................15
RECOVERY TIME REQUIREMENTS...................................................................................................................16
CRISIS MANAGEMENT TEAM STRUCTURE....................................................................................................17
CRISIS MANAGEMENT TEAM AND RESPONSIBILITIES..........................................................................................................17
IT AREA RECOVERY TEAMS AND RESPONSIBILITIES...........................................................................................................18
BUSINESS UNIT TEAMS AND RESPONSIBILITIES..................................................................................................................18
CRISIS MANAGEMENT TEAM CONTACT INFORMATION..........................................................................19
MANAGEMENT RESPONSE PHASE SUB-PHASES..........................................................................................21
SITE CRISIS MANAGEMENT PLAN FLOW.......................................................................................................23
MANAGEMENT RESPONSE PHASE
SUB-PHASE 1 – INITIAL RESPONSE & NOTIFICATION..........................................................................................................23
Sub-phase 1 - Business Continuity Coordinator Tasks.......................................................................................23
Sub-phase 1 - Crisis Management Team Leader Tasks.......................................................................................24
Sub-phase 1 - Crisis Management Team Member Tasks.....................................................................................24
Sub-phase 1 - CMT Assistant Tasks....................................................................................................................25
Sub-phase 1 - Damage Assessment Team (DAT) Tasks.......................................................................................25
SUB-PHASE 2 – PROBLEM ASSESSMENT & ESCALATION.....................................................................................................27
Sub-phase 2 - Business Continuity Coordinator Tasks
.............................................................................................................................................................................27
Sub-phase 2 – Crisis Management Team Leader Tasks
.............................................................................................................................................................................27
©Sentryx 2007 All rights reserved 2

Sub-phase 2 - Damage Assessment Team Leader (DAT) Tasks..........................................................................28
Sub-phase 2 - Human Resource Director Tasks..................................................................................................28
Sub-phase 2 - CMT Assistant Tasks....................................................................................................................29
SUB-PHASE 3 – DISASTER DECLARATION.........................................................................................................................30
Sub-phase 3 - Human Resource Director Tasks..................................................................................................30
SUB-PHASE 4 – BUSINESS AREA RESPONSE PHASE............................................................................................................32
Sub-phase 4 - Business Area Recovery Team Leader Tasks................................................................................32
Sub-phase 4 - Recovery Team Tasks....................................................................................................................32
APPENDICES.............................................................................................................................................................34
SCMP 1 – Damage Assessment Report Form.....................................................................................................34
SCMP 2 – [Company XX] Disaster Declaration Statement Example................................................................35
SCMP 3 – [Company XX] Disaster Severity and Recovery Levels....................................................................36
SCMP 4 – News Media Procedure......................................................................................................................38
SCMP 5 – Summary of Risk Assessment Information.........................................................................................39
SCMP 6 – Summary of Business Impact Analysis Information..........................................................................40
SCMP 7 – Summary of Business Continuity Strategy Information.....................................................................41

Abbreviations
BCP Business continuity plan
CMC Crisis management center
CMT Crisis management team
BCP Business continuity plan
ERP Emergency response plan
ERT Emergency response team
ERTL Emergency response team leader
ERTDM Emergency response team deputy manager
SCMP Site crisis management plan

Definitions
Executive Senior management member who approves and
Sponsor provides full support for the development and
implementation of the organization’s business
continuity program
Document Person who approves and authorizes the BCP

Manager document including document revisions.

About This Plan Template
This site crisis management plan (SCMP) template is one template in a series of templates
designed to provide comprehensive, practical, and structured guidance to those responsible for
developing a crisis management plan and other related business continuity plan documents. This
template contains a recommended structure, outline, and contents for a typical crisis management
plan document. Where possible, instructions for completing specific sections provided and
sample text is given as a suggestion of the type of information required. The template contents
may be customized and tailored to suite your organization’s specific BCP requirements.
It is recommended that a Document Manager be assigned the responsibility of overseeing

updates and revisions to this document. Please refer to the section “Version Change Control” for
more information on how to manage and distribute changes to this document.
Business Continuity Plan Documents & Crisis Response Phase
For the purpose of this template, the crisis response phase has been defined as the overall phase
during which a crisis situation or disaster occurs. During the crisis response phase, several sub-
phases occur, namely, an emergency response phase, management response phase, and a business
area response phase.
During each phase one of several business continuity plan documents are utilized. The diagram
below depicts the crisis response sub-phases and plan documents associated with each sub-phase:

This business continuity plan template follows a phased approach as a response to a disaster or
disruptive event. The [Company XX] business continuity plan consists of several plan
documents as follows:
1. Business continuity plan (referenced)
2. Emergency response plan (referenced)
3. Site crisis management plan (this plan)
4. Business area recovery plan(s) (referenced)

Introduction
This Site Crisis Management Plan (SCMP) is intended to be used by the Crisis Management
Team (CMT) to oversee and direct recovery operations for [Company XX] in the event of an
emergency or disaster situation. This document is one of several documents that serve as a
repository for information, activities, and tasks necessary for a timely and effective response.
All SCMP’s are not alike. The following sections describe the structure and contents of a typical
SCMP that may be customized to suite your own organization’s requirements.

Crisis Management Policy
Purpose
[Company XX] is committed to safeguarding the interests of shareholders, clients, customers,
and vendors in the event of an emergency or business disruption. [Company XX] has therefore
established a comprehensive organization-wide business continuity program to protect staff,
safeguard corporate assets and environment, and to ensure continuous availability of its products
and services. To support the business continuity program, [Company XX] recognizes the need
for an effective business continuity capability and provides this corporate crisis management
policy as part of the overall organization business continuity program policy.
Scope
This crisis management policy applies to all members of [Company XX] crisis management
team. [Company XX] crisis management team shall define, approve, and implement a crisis
management plan which includes essential activities, procedures, and tasks necessary to ensure
critical operations and services are resumed after a business disruption.
Executive Sponsor
[Company XX] assigns a senior management member to be the “Executive Sponsor” who
approves, sponsors, and provides full support the development and implementation of the
organization-wide business continuity program and its constituent parts including this policy,
crisis management plan, and other associated business continuity plan documents. The executive
sponsor approves the budget and resources required, and delegates authority to the crisis
management team and team leader to manage, coordinate, and oversee the crisis management
plan design, development, implementation, maintenance, and assessment.
Document Manager
[Company XX] shall appoint a Document Manager to approve and authorize the BCP document
and changes including document revisions.
Review and Compliance

The corporate business continuity program policy has established an annual review and
assessment for this policy and for the business continuity plan.
Rules Regulations
[Company XX – enter rules and regulations that are specific to you organization here]
Staff Responsible
[Company XX] business continuity and recovery teams have the responsibility to know this
policy and understand and adhere to the standards and procedures established in this policy.

It is the responsibility of all staff to be aware of their departments and/or business unit’s business
continuity plan and its associated documents.
Violations
Any employee and/or contractor or service provider found to have violated this policy may be
subject to legal actions such as termination.

Site Crisis Management Plan
Purpose
The purpose of the business continuity plan is to:
1. Recover essential or critical business operations in a fast and efficient manner
2. Provide a mechanism for management to direct recovery efforts
Objectives
The primary objective of the site crisis management plan is to recover critical elements of
[Company XX] operations such as:
1. work area/office services;

2. information technology services; and
3. manufacturing and production services.
Additional objectives are to:
1. ensure that staff are aware of alternate arrangements

2. ensure that recovery teams have sufficient resources
Assumptions
This plan has been developed with the following assumptions:
• [Company XX] has conducted a business impact analysis to determine the exposure and
impact that may result due to a disruptive event.
• A summary of the critical functions and processes, maximum tolerable downtimes,

recovery time and point objectives, workaround procedures, and critical IT systems,
resources, and services have been determined and are listed in this plan.
• [Company XX] has conducted a risk assessment and has implemented risk controls to
reduce or eliminate potential risks to its operations.
• [Company XX] has selected and implemented suitable recovery options in the event that
a disaster occurs.
• The business continuity plan has been tested and approved.
• The recovery teams will be comprised of sufficient number of staff to ensure a

satisfactory turnout in the event of a business disruption.

Scope
The scope of this SCMP is the [Company XX] facility/site located at [Company XX facility].

Business Continuity Plan Documents & Crisis
Response Phase
For the purpose of this template, the crisis response phase has been defined as the overall phase
during which a crisis situation or disaster occurs. During the crisis response phase, several sub-
phases occur, namely, a disaster response phase, management response phase, and a business
area response phase.
During each phase one of several business continuity plan documents are utilized. The diagram
below depicts the crisis response sub-phases and plan documents associated with each sub-phase:
Each crisis response sub-phase is described below:
1. Emergency Response Phase

This phase is the first phase in managing a crisis. It comprises of the initial few hours
after an actual disaster, or after the threat of a disaster is first identified. The business
continuity plan is the primary document used during this phase.
In this phase, business continuity plan procedures, tasks, and forms are used; the business
continuity coordinator and other members of the crisis management team are alerted; and
evacuation occurs and/or the disruption is contained.

2. Management Response Phase
In this phase, the crisis management team manages and coordinates all site recovery
activities. This phase begins after the initial response is received by the crisis
management team. The crisis management plan is the main document used during this
phase.
3. Business Area Response Phase

In this phase, business area teams recover and resume business operations. Depending on
how large you organization is, you may opt to develop Business area recovery plans and
business unit recovery plans or just business unit recovery plans. Business area recovery
plans may be used to invoke business unit plans. Note that this breakdown allows for a
more modular structure of activities and is especially useful if your organization is large
has many business department and units.
Business Continuity Plan Documents

Below is a list of plan documents and an explanation of each:
• Site Emergency Response Plan (ERP)

o The ERP is used to respond to a disaster or disruption. The primary plan
objectives are to:
 Protect life
 Provide shelter
 Evacuate premises
 Mitigate threat and control extent of damage
• Site Crisis Management Plan

o This plan. The SCMP is used to manage and coordinate all site recovery activities
including activities such as:
 Supervising recovery effort
 Declaring a disaster
 Invoking other plans
 Monitoring recovery, resumption, and normalization activities
• Business Area/Department/Unit Recovery Plan

o Plan used to manage and recover business operations within each business
area/department/unit.

Business Continuity Plan High-level Process Flow
During BCP execution, the Crisis Management Center will be opened and CMT team members
will gather to review the damage assessment report, and to determine if a disaster is to be
declared. The following diagram illustrates the relationship between the various plan documents:
The business continuity plan follows a sequence of activities specified in the following
documents:
1. Emergency Response Plan
Refer to [Company XX] Emergency Response Plan
2. Site Crisis Management Plan
This plan.
3. Business Area Recovery Plan(s)
Refer to [Company XX] Business Area Recovery Plan(s).

Recovery Time Requirements
[Company XX] business unit/department, business functions, and maximum tolerable
downtimes.
Business Unit/Department:
Maximum Tolerable
Business Function
Downtime
See Appendices for additional Business Impact Analysis information.

Crisis Management Team Structure
A sample CMT structure is provided below. This diagram also shows the IT Area Recovery
Teams, Business Unit Teams, and Implementation & Logistics Team.
Crisis Management Team and Responsibilities

The crisis management team (CMT) consists of a number of [Company XX] executives and team
leaders that manage the overall recovery process. The members of the CMT must be able to act
quickly during a crisis situation. If a disaster occurs, the CMT will likely be called out at an
early stage to manage the recovery process.
Examples of CMT responsibilities include:
• Manage and control the execution of the emergency response plan, site crisis
management plan, business area recovery plans, and business unit plans.
• Approve the activation of the site crisis management plan and business area recovery
plan
• Declare a disaster based on the findings of the damage assessment report
• Provide updates on all company issues to external public and media
• Provide updates and review progress with Board of Directors
• Call insurance providers and key suppliers/vendors
• Contact families

• Monitoring disaster. For example to:
• Ensure evacuation has occurred,
• If there is potential for injury, put emergency response team on standby
• Assess effect of damage on working conditions
IT Area Recovery Teams and Responsibilities

The IT Area Recovery Teams consist of a number of different teams, each focused on the
recovery of a specific technical area. Example of these teams include
• Operating Systems Platform Team,

• Networking and Telecommunications Team,
• Database Systems Team,
• Applications Team,
• Systems Backup Team,
• Security Control Team, and
• Integration and Testing Team
Examples of IT Area Recovery Teams responsibilities include:

• Recover, restore, and test systems and operating systems on workstations and servers
• Recover and restore LAN and WAN
• Restore from backup tapes
• Install critical applications and data
• Test restored systems, network connectivity, and integrity of data.
Business Unit Teams and Responsibilities

A business unit team represents a single business unit or operation for [Company XX]. Its
membership consists of key users of critical systems and resources. The role of these teams is to
assess the current needs of the unit, and assist the IT Area Recovery Teams to recover lost data
and resources, re-enter manually recorded data, and to validate successful recovery.

Crisis Management Team Contact Information
Crisis Management Team
Company Function/Role/
Work # Home # Cell # Email
Executive Alternates
Executive CMT Assistant 1

Administrative
Assistant
CFO CMT Assistant 2

Administrative
Assistant
CIO Crisis
Management
Team Leader
(CMTL)
Finance Crisis
Director Management
Team Leader –
Alternate
(CMTL)
Risk CMT Member

Assessment
Manager
Business Business
Continuity Continuity
Coordinator Coordinator
CFO Business
Continuity
Coordinator –
Alternate
Facility CMT Member

Security
Manager
IT Director CMT Member

(Head of IT Area

Teams)
Human CMT Member

Resource
Director
Company CMT Member

Health and (ERP Team
Safety Leader)
Coordinator
IT Manager CMT Member

(Damage
Assessment Team
Leader)
Facility CMT Member

Security (Notification
Manager Team Leader)
Secretary

Management Response Phase Sub-phases
During a disaster situation, [Company XX]’s top priority is the health and safety of its employees
and staff. Therefore, the emergency response plan was executed in the Emergency Response
Phase, the first phase of a crisis. This plan, the site crisis management plan (SCMP), is executed
in the second phase, Management Response Phase. Note that this plan may be executed in
parallel to the Emergency Response Plan. Tasks for Sub-phase 4 are also outlined in the SCMP.
The Management Response Phase follows several sub-phases:
• Management Response Sub-phase 1 – Initial Response & Notification
In this sub-phase:
o The BCC is alerted
o The CMT Leader is alerted
o The damage assessment team is mobilized
o A damage assessment report is prepared
o The CMT proceeds to CMC
• Management Response Sub-phase 2 – Problem Assessment & Escalation
In this sub-phase:
o The CMT reviews the damage assessment report
o The CMT meets with DAT and physical security manager
o CMT monitors the disaster situation or
o CMT escalates and proceeds to the next phase to declare a disaster
• Management Response Sub-phase 3 – Disaster Declaration Phase
In this sub-phase:
o CMT prepares the disaster declaration statement
o CMT Leaders assume other tasks such as advising news and media
o Recovery team leaders are notified
o Business area/unit recovery plans are activated
• Management Response Sub-phase 4 – Business Area Response Phase
CMT oversees recovery efforts, performs recording functions, and provide assistance
where necessary.
In this sub-phase (Plan Implementation & Logistics activities):

o Recovery team leaders mobilize respective teams
o Equipment is ordered

o Recovery teams travel to recovery site
o Recovery teams prepare for recovery and resume critical services
In this sub-phase (Business Area Plan and Business Unit Plan execution activities):
o Execute Business Area Plan/Business Unit Plans such as the IT Area Recovery
Plan, Manufacturing Area Recovery Plan, etc.

Site Crisis Management Plan Flow
The following sections provide example tasks for the Management Response Phase and Business
Area Recovery Phase. Additional tasks may be added as required.

Sub-phase 1 – Initial Response & Notification
This is the first sub-phase of the Management Response Phase. In this phase the business
continuity coordinator and the crisis management team leader are alerted, crisis management
team and damage assessment team are notified. The CMT proceeds to the CMC and assumes
their assigned tasks.
Note, at the start of this phase, one or more of the following may have occurred:
• An emergency incident or disaster has occurred OR there is a threat of disaster
• The Emergency Response Team (ERT) has escalated the incident to CMT/BC
Coordinator. The Incident Assessment Report (generated during the Incident
Assessment and Escalation Phase of the Emergency Response Phase) has been provided.
• The Damage Assessment Team has been mobilized as is preparing a damage assessment
report
• The Crisis Management Center may or may not be opened.

• Receive a call from Emergency Response Team regarding [Company XX] disaster
situation
Note the following:

o Name, Phone Number
o Obtain brief description of problem
o Has Public Authorities been contacted?
o Receive Incident Assessment Report (Emergency Response Plan execution)
• Alert DAT Leader and ensure the DAT is mobilized (if not already mobilized) and that
they are aware of the situation.
• Alert CMT Leader and assess situation, at a high-level.
• Proceed to the CMC.

• Resume activities in sub-phase 2 “Problem Assessment & Escalation”
Sub-phase 1 - Crisis Management Team Leader Tasks
• Receive a call from Business Continuity Coordinator OR Emergency Response Team

regarding [Company XX] disaster situation
Note the following:

o Name, Phone Number
o Has Public Authorities been contacted?
o Receive Incident Assessment Report (Emergency Response Plan execution)
• Meet with BC Coordinator to assess situation, at a high-level.
• Call CMT Assistant to begin notification procedures (if not available, contact the backup
CMT Assistant)
o Provide brief description of situation
o Inform CMT Assistant to activate CMT call tree
o Inform CMT Assistant of location of Crisis Management Center where all CMT
members should meet
• Advise corporate board and shareholders of event
• Proceed to the CMC.
Sub-phase 1 - Crisis Management Team Member Tasks
• Receive a call from CMT Assistant regarding [Company XX] disaster situation
Note the following:

o Address of where to meet the rest of the CMT

• Proceed to the CMT
Sub-phase 1 - CMT Assistant Tasks
• Activate CMT contact list (call tree)

• Advise CMT member of situation status
• Advise CMT member of location and time to meet at CMC
• Begin log of events. Record the following:
o Problems encountered
o Expenses
o Additional events/incidents
Sub-phase 1 - Damage Assessment Team (DAT) Tasks
• Prepare damage assessment report (use Damage Assessment Report Form):
Note this activity may have already commenced.
If the event is one of the following conditions, the damage assessment team may opt to
report this immediately. In this case immediately proceed to the next sub-phase –
disaster declaration and declare a disaster:
o If the disaster impact is expected to last longer than [number of hours] (as pre-
determined by Company XX Executive]
o If there is loss of power and heating or loss of computing services.
o If there is severe damage to the company facilities such as structural damage, or

collapsed roof, making it inaccessible.
o If there is external activity which prevents access to the facility, such as criminal
activity involving police, or if there is an extended evacuation of building caused
by gas leak.
Consider the following when preparing the damage assessment report:
o Determine disaster level

o Estimate financial loss

o Determine source of damage such as fire, flood, earthquake
o Determine extent and magnitude of damage such as
 Building structures
 Business units
 Types and number of IT systems, infrastructure, etc
 Number of critical processes disrupted
o Assess physical condition of the original site
o Establish safety status of the original facility
o Determine presence of hazardous contaminants
o Assess risk of further damage
o Estimate length of recovery

Sub-phase 2 – Problem Assessment & Escalation
This is the second sub-phase of the Management Response Phase. In this phase the damage
assessment report is reviewed to determine the extent of the problem, and a decision is made to
either declare a disaster and escalate to the next sub-phase or to continue to monitor the situation
using tasks in the emergency response plan. Activities in this phase are typically conducted at
the CMC.
• Ensure that the CMC is accessible
• Meet with CMT members
• Follow CMT Member tasks
• Resume activities in sub-phase 3 “Disaster Declaration”
Sub-phase 2 – Crisis Management Team Leader Tasks
• Meet with corporate board and shareholders, if required
• Follow CMT Member tasks
• Receive the damage assessment report for the extent and impact of the damage
• Review disaster severity levels and disaster recovery levels
• Review conditions that warrant declaration:
Example: if the event is one of the following conditions, the CMT may declare a disaster

immediately:
o If the disaster impact is expected to last longer than [number of hours] (as pre-
determined by Company XX Executive]
o If there is loss of power and heating services or loss of computing services.
o If there is severe damage to the company facilities such as structural damage, or

collapsed roof, making it inaccessible.
o If there is external activity which prevents access to the facility, such as criminal
activity involving police, or if there is an extended evacuation of building caused
by gas leak.
• Meet with Facility Security Manager and DAT Leader to discuss alternatives
• Determine if there is impact to critical processes

o If yes, proceed to the next sub-phase (Sub-phase 3 - DISASTER
DECLARATION).
o If no, continue to monitor situation and use (EMERGENCY RESPONSE

PLAN).
Sub-phase 2 - Damage Assessment Team Leader (DAT) Tasks
• Meet with CMT to discuss damage assessment report and alternatives.
Sub-phase 2 - Human Resource Director Tasks
• Prepare statement for the news and media, if required

o Refer to the News Media Procedure
• Recommend and approve staff related concerns and issues
• Procure any replacement staff, if required
• Ensure headcount procedures have been conducted

Sub-phase 2 - CMT Assistant Tasks
• Ensure all CMT members have business continuity plan documents
• Ask CMT Leader for any assistance
• Continue event logging.

Sub-phase 3 – Disaster Declaration
This is the third sub-phase of the Management Response Phase. In this phase, a decision to
declare a disaster is made based on the review of the damage assessment report. A suitable
recovery strategy is selected, a disaster declaration statement is prepared, and appropriate teams
are notified.

Review the disaster severity and disaster recovery levels in Appendix SCMP 3 – Disaster
Severity and Recovery Levels.
• Prepare DISASTER DECLARATION STATEMENT by:

o Reviewing extent of damage to premises
o Reviewing effect of damage on staff working conditions
o Reviewing impact to critical processes
o Reviewing estimated time to repair
o Select a Disaster Severity Level (see Appendix “SCMP 3 – Disaster Severity and
Recovery Levels”)
o Select a Disaster Recovery Level (see Appendix “SCMP 3 – Disaster Severity
and Recovery Levels”)
o Selecting appropriate recovery strategy
• Initiate recovery process by notifying recovery teams via Business Continuity

Coordinator
• Resume activities in sub-phase 4 “Business Area Response Phase”
• Notify recovery team leaders, such as the IT Recovery Area Team Leader, Call Center
Recovery Area Team Leader, Manufacturing Area Recovery Team Leader, etc.
• Notify off-site storage facility
• Notify alternate recovery site to prepare for the arrival of recovery teams
Sub-phase 3 - Human Resource Director Tasks

• Notify remaining staff of current status

Sub-phase 4 – Business Area Response Phase
This is the fourth sub-phase of the Management Response Phase. In this phase, the recovery
environment is prepared and appropriate resources are mobilized; and business area/units are
recovered and resumed.
• Receive recovery status information from recovery team leaders
• Monitor recovery progress and provide updates to CMT
• Receive recovery status information
• Monitor recovery progress and provide updates to CMT
• Assist with recovery efforts where possible.
Sub-phase 4 - Business Area Recovery Team Leader Tasks
• Activate their area of plan
• Order and ship supplies
• Supervise recovery of business departments
• Verify successful recovery
Sub-phase 4 - Recovery Team Tasks
• Recover and resume operations as per procedures and tasks in business area/unit plans.
o Commence IT Area Recovery Plan (IT Disaster Recovery Plan)
o Commence Business Area Recovery Plans

Appendices
SCMP 1 – Damage Assessment Report Form
Damage Assessment Report

Assessment conducted by (name, phone number):
Name and Location of damaged facility/room/area:
Name of Business Unit/Department using damaged area:
Source of damage (fire, flood, earthquake):
Detailed type and extent of damage (building structures, business units, types and number
of IT systems, infrastructure, etc):
Physical condition of building (safety status):
Presence of hazardous contaminants:
Risk of further damage:
Estimate of loss:
Impact to critical business processes:
Estimate of time to repair (e.g. hours, days, weeks):
Recommendations/notes:

SCMP 2 – [Company XX] Disaster Declaration Statement Example
[Current time and date]
Commencing on [current time and date], [Company XX] sustained severe losses to its facilities
located at [Company XX location] due to [Description of Disaster].
The following conditions exist due to this disaster situation:
[Disaster Recovery Level: Level 1 Recovery at Primary Site _____ ; OR Level 2 Recovery at
Alternate Site _____ ] (refer to SCMP 3 – Disaster Severity and Recovery Levels)
[Severity Level of Disaster (minor, intermediate, or major): ________________]

(refer to SCMP 3 – Disaster Severity and Recovery Levels)
[Description of Disaster Severity and Recovery Levels, if required.]
[Company XX] has switched to its recovery organization and is currently is the process of
recovering essential business operations.
[What plans are currently active?]
[Company XX] [Crisis Management Team Leader] has the authority to issue this disaster
declaration statement.
Signed this _________ of ______________ 20______
____________________________________

SCMP 3 – [Company XX] Disaster Severity and Recovery Levels
There are 3 disaster severity levels: minor, intermediate, and major (described below). These
levels provide an indication of the extent of impact to critical business processes.
In addition, there are 2 disaster recovery levels: Code YELLOW: disaster recovery level 1 –
recovery at primary site, and Code RED: disaster recovery level 2 – recovery at alternate site
(described below). These levels provide an indication as to the location of recovery efforts,
either at the primary site or alternate site, respectively. For the alternate site, this may be an
alternate work area, alternate IT recovery area, or an alternate manufacturing and production
area.
A minor level disaster is typically recovered at the primary site using minimal recovery staff. An
intermediate level disaster may or may not be recovered at the primary site and may require
some recovery teams and/or alternate site recovery support staff. A major level disaster is
recovered at the alternate site and requires all CMT, recovery teams, and alternate site support
staff.
Since recovery at an alternate recovery site can be costly, the CMT must determine whether to
involve alternate recovery facilities and support staff. The decision to recover at the primary or
alternate site depends on the following:
• Whether the disruption is expected to last more than a pre-determined length of time (e.g
12 hours)
• Whether the disruption impact is minor, intermediate, or major disaster severity level
Disaster Recovery Levels
Code YELLOW: Disaster Recovery Level 1 – Recovery at Primary Site
This level may be declared if the disaster severity level is determined to be minor or intermediate
and the disruption is estimated to be less than [pre-determined number of hours e.g. 12- 24]
hours. The recovery of business processes, IT systems and applications may take place at the
primary site. The recovery team, alternate site facility and personnel, and off-site vendor should
be placed on alert for a possible escalation to level 2.
Code RED: Disaster Declaration Level 2 – Recovery at Alternate Site
This level may be declared if the disaster severity level is determined to be intermediate or major
and the disruption is estimated to be greater than [pre-determined number of hours e.g. 24]
hours. The recovery of business processes, IT systems and applications are to take place at the
alternate site(s). The recovery team, alternate site facility and personnel, and off-site vendor are
to begin recovery procedures.

Disaster Severity Levels
Minor Disaster Severity
A disaster of this severity level occurs more frequently in normal day-to-day operations,
compared to the intermediate or major disaster. The severity level is considered minor because
the effects are often isolated to a small subset of critical business processes.
The cause of the disruption is often the failure of a single component, system, or service.
Example causes are failure of manufacturing equipment parts, system disks, and voice and
network hardware.
Intermediate Disaster Severity Level
An intermediate level disaster occurs less frequently but with greater impact compared to minor
level disaster. This kind of event disrupts normal operations of some but not all critical business
units. The operational disruptions result from major failures of multiple systems and equipment.
Example causes are water leakage into computer room, structural damage, etc.
Major Disaster Severity Level
The possibility of this type of disaster occurring is small, but the extent of the impact is
significant compared to the minor or intermediate level disasters. The event disrupts operations
of most or all of the critical business processes. The operational disruptions are the result of
inaccessibility or failure of most or all of the systems and equipment.
Example causes are destruction of or inability to access company facilities due to fires,
earthquakes, storms, or sabotage.

SCMP 4 – News Media Procedure
The [Company XX - Human Resource Director] is responsible for communicating all press
reports.
During an incident, staff shall:

• Direct all press to the Human Resource Director
• Not make any statements the press without approval
• Not give out confidential information such as name of casualty victims
• Not speculate on the status of the incident
Steps to remember about news media:

• Provide a discrete statement of current situation
• Provide time and date of next announcement

SCMP 5 – Summary of Risk Assessment Information
Include summary information from the organization risk assessment in this section. For
example, include:
• A list of threats and risks

• A list of critical assets exposed to the threats
• A list of implemented risk controls and residual risks

SCMP 6 – Summary of Business Impact Analysis Information
Include summary information such as critical processes, recovery time objectives, recovery point
objectives, recovery resources, etc. from your organization’s business impact analysis. For
example, include:
• Maximum Tolerable Downtime (MTD)

• Critical IT systems and applications
• Critical non-IT resources
• Recovery Time Objectives (RTOs), Recovery Point Objectives (RPOs), Work Recovery
Times (WRTs) of critical applications and resources

SCMP 7 – Summary of Business Continuity Strategy Information
Include options for recovering disrupted data, records, applications, systems, equipment, and
facilities.

SCMP 8 – Version Change Control
Version control is required in order to maintain integrity and cohesion of this document. The
Document Manager should be the only person to approve and authorize changes and distribute
revised versions.
To reduce the risk that an old version is used, the Document Manager should collect all copies of
old versions before distributing new ones. This document shall not be photocopied. Additional
copies should be obtained from the Document Manager.
Version Issue Date Reason for Change Authorized by

Number

2 - Site Crisis Management Plan Template

Uploaded by

Document Information

Original Description:

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

2 - Site Crisis Management Plan Template

Uploaded by

Copyright:

Available Formats

Site Crisis Management Plan

(For Company XX)

Crisis Management Team Leader ( )

Business Continuity Coordinator ( )

In the event of a business disruption go to:

©Sentryx 2007 All rights reserved 2

©Sentryx 2007 All rights reserved 3

CMC Crisis management center

CMT Crisis management team

BCP Business continuity plan

ERP Emergency response plan

ERT Emergency response team

ERTL Emergency response team leader

ERTDM Emergency response team deputy manager

SCMP Site crisis management plan

©Sentryx 2007 All rights reserved 4

Document Person who approves and authorizes the BCP

©Sentryx 2007 All rights reserved 5

It is recommended that a Document Manager be assigned the responsibility of overseeing

Business Continuity Plan Documents & Crisis Response Phase

©Sentryx 2007 All rights reserved 6

1. Business continuity plan (referenced)

2. Emergency response plan (referenced)

3. Site crisis management plan (this plan)

4. Business area recovery plan(s) (referenced)

©Sentryx 2007 All rights reserved 7

©Sentryx 2007 All rights reserved 8

Review and Compliance

©Sentryx 2007 All rights reserved 9

©Sentryx 2007 All rights reserved 10

1. Recover essential or critical business operations in a fast and efficient manner

2. Provide a mechanism for management to direct recovery efforts

1. work area/office services;

Additional objectives are to:

1. ensure that staff are aware of alternate arrangements

• A summary of the critical functions and processes, maximum tolerable downtimes,

• The business continuity plan has been tested and approved.

• The recovery teams will be comprised of sufficient number of staff to ensure a

©Sentryx 2007 All rights reserved 11

©Sentryx 2007 All rights reserved 12

Each crisis response sub-phase is described below:

1. Emergency Response Phase

©Sentryx 2007 All rights reserved 13

3. Business Area Response Phase

Business Continuity Plan Documents

• Site Emergency Response Plan (ERP)

• Site Crisis Management Plan

• Business Area/Department/Unit Recovery Plan

©Sentryx 2007 All rights reserved 14

1. Emergency Response Plan

Refer to [Company XX] Emergency Response Plan

2. Site Crisis Management Plan

3. Business Area Recovery Plan(s)

Refer to [Company XX] Business Area Recovery Plan(s).

©Sentryx 2007 All rights reserved 15

See Appendices for additional Business Impact Analysis information.

©Sentryx 2007 All rights reserved 16

Crisis Management Team and Responsibilities

Examples of CMT responsibilities include:

©Sentryx 2007 All rights reserved 17

IT Area Recovery Teams and Responsibilities

• Operating Systems Platform Team,

Examples of IT Area Recovery Teams responsibilities include: