AWS Business Continuity Plan (Template Included)

AWS Business Continuity Plan

AllCode has written more than a few AWS Business Continuity Plans. If you need a Microsoft Word Business Continuity Plan Template that leverages AWS, please click here. An HTML version of the template is below.

What is an AWS Business Continuity Plan?

A business continuity plan (BCP) is a structured and detailed arrangement of guidelines designed to recover system and networks in the event that they’ve failed or have been attacked. These plans are geared toward getting your organization operational as quickly as possible.

An on-premises recovery plan is generally expensive to implement and maintenance, which is why companies often leverage the solutions that their cloud vendor has provided for them. AWS users have an advantage, as Amazon partners with various which ensure the simplicity of this process.

AWS Business Continuity Plan (HTML Version)

Company Name

1390 Market Street, Suite 200

San Francisco, CA, 94102

https://www.allcode.com

Version 1.0.X

09/10/2020

Version History

Version History Approved By Revision Date Description of Change Author
Prepared By (PB) PB Title PB Date Approved By (AB) AB Title AB Date
Jane Doe
V. 1.0.X
9/10/20
Jane Doe
V. 1.0.X
9/10/20

Table of Contents

1. Introduction

In the event of a disaster which interferes with CompanyName’s ability to conduct business from their headquarters, this plan is to be used by the responsible individuals to coordinate the business recovery of their respective areas and/or departments.  The plan is designed to contain, or provide reference to, all of the information that might be needed at the time of a business recovery.

The objective of this Business Continuity Plan is to coordinate recovery of critical business functions in managing and supporting the business recovery in the event of a facilities (office building) disruption or disaster.  This can include short or long-term disasters or other disruptions, such as fires, floods, earthquakes, explosions, terrorism, tornadoes, extended power interruptions, hazardous chemical spills, and other natural or man-made disasters.

A disaster is defined as any event that renders a business facility inoperable or unusable so that it interferes with the organization’s ability to deliver essential business services.

The priorities in a disaster situation are to:

  • Ensure the safety of employees and visitors in the office buildings.
  • Mitigate threats or limit the damage that threats can cause.
  • Have advanced preparations to ensure that critical business functions can continue.
  • Have documented plans and procedures to ensure the quick, effective execution of recovery strategies for critical business functions.

Maintenance, planning, and testing of the Company Name’s Business Continuity Plan is the joint responsibility of the Company Name’s leadership team.

2. Business Function Recovery Priorities

Company Name’s main critical IT infrastructure resides in the cloud. In the event of a significant disruption, Company Name will not have to restore IT functions. Instead Company Name will need to work with our cloud vendors to ensure that their services continue to operate. These services include:

  • LDAP, email, teleconference solutions, and file shares.
  • Project management and bugs cloud solutions.
  • Chat communication cloud solutions
  • Invoicing and accounting cloud solutions
  • CRM cloud solutions
  • Application hosting for clients.

In the event that Company Name’s cloud vendors do not continue to operate. Company Name will periodically export the contents of these cloud solutions to our AWS S3 to enable us to continue to operate in the event of a disruption.

3. Relocation Strategy

Company Name is headquartered at:

1390 Market Street

Suite 200

San Francisco, California

94102

In the event of a significant disruption in San Francisco. Company Name would relocate to its alternate business site.

4. Alternate Business Site

For short term and long-term disruptions, Company Name would move our headquarters to our alternative business address.

The Company Name alternative business site address is:

xxx

yyy

zzz

In the event of a significant business disruption, Company Name will transition back to San Francisco once this is feasible.

5. Recovery Plan

In the event of a disaster in San Francisco, CA, Company Name senior leadership will declare a disaster. Next, Company Name senior leadership will make the decision to activate the recovery phases.

6. Recovery Phases

The recovery phases shall target those activities that are most needed for Company Name to continue to operate. The recovery phases are:

A. Recovery Phases

Company Name declares a disaster. Company Name makes the decision to activate the rest of the recovery plan.

B. Plan Activation

Company Name puts the business continuity plan into effect. This phase continues until Company Name resumes operations in Alternate Site Location.

C. Alternate Site Operation

Alternate site operation continues until we can restore the primary facility.

D. Transition To Primary Site

This phase continues until the company can appropriately move business operations back to the original business site.

7. Records Backup

Company Name has a backup and recovery strategy in place for mission critical data. In Amazon Web Services (AWS), Company Name currently maintains S3 buckets in North Virginia and Oregon for these mission critical backups. These backup are performed monthly.

8. Restoration Plan

Company Name maintains, controls, and periodically checks on all of the records that are vital to the continuation of our business operations, which would be affected by facility disruptions or disasters. Company Name  periodically backs up and stores the most critical files on AWS.

9. Recovery Teams

Company Name has established a recovery team. We’ve  divided the participants into appropriate groups based on job role and title. Company Name has designated a leader for each portion of the business. Each leader has a specific duty with regards to recovering the operations of their unit.

A. Team Roles

Company Name has identified the following roles: Team Leader and Backup Team Leader

B. Team Contacts

Please see the Contact List in the Appendix.

C. Team Responsibilities

Company Name has designated the following responsibilities:

Tasks Team Leader Backup Team Leader

Business Continuity Coordinator Incident Commander

EOC HR/PR Officer
Information Technology Recovery Team
Client Relationships
Sales and Marketing
Legal/Contacts

10. Recovery Procedures

Company Name specific activities needed to recover normal and critical business operations are:

  • Disaster Occurrence

This phase begins with the occurrence of the disaster event and continues until a decision is made to activate the recovery plans.  The major activities that take place in this phase includes: emergency response measures, notification of management, damage assessment activities, and declaration of the disaster.

  • Notification of Management

Team leader informs the members of  the senior management team if they have not been informed. Personnel are notified of the disaster. Depending upon the time of the disaster, personnel are instructed on what to do (i.e. stay at home and wait to be notified again, etc.)

  • Preliminary Damage Assessment

After a disaster occurs, quickly assess the situation to determine whether to immediately evacuate the building or not, depending upon the nature of the disaster, the extent of damage, and the potential for additional danger.

Note: If the main office is total loss, not accessible or suitable for occupancy, the remaining activities can be performed from the Emergency Operations Center (EOC), after ensuring that all remaining tasks in each activity have been addressed.  This applies to all activities where the Main Office is the location impacted by the disaster.  The location(s) of the EOC are designated in Appendix D – Emergency Operations Center (EOC) Locations.  The EOC may be temporarily setup at any one of several optional locations, depending on the situation and accessibility of each one.  Once the Alternate site is ready for occupancy the EOC can be moved to that location.

  • Declaration of Disaster

Actual declaration of a disaster is to be made after consulting with senior management.  All teams should wait for notification from the senior management team that a disaster has been declared and that groups/departments are to start executing their Business Continuity Plans and relocate to their Alternate Business Site Location.

  • Plan Activation

In this phase, the Business Continuity Plans are put into effect. This phase continues until the alternate facility is occupied, critical business functions reestablished, and computer system service restored to Company Name’s Departments. The major activities in this phase include: notification and assembly of the recovery teams, implementation of interim procedures, and relocation to the secondary facility/backup site, and re-establishment of data communications.

  • Relocation to Alternate Site

This phase begins after secondary facility operations are established and continues until the primary facility is restored.  The primary recovery activities during this phase are backlog reduction and alternate facility processing procedures.

  • Implementation of Temporary Procedure

Gather vital records and other materials that were retrieved from the backup locations and determine appropriate storage locations, keeping in mind effectiveness of workgroups. Determine which vital records, forms, and supplies are missing.  Obtain from AWS S3 those files that are missing. Develop prioritized work activities, especially if all staff members are not available.

  • Establishment of Communication

Determine what activities that vendors are taking place to reroute telephone communications to the alternate site. This should be automatically done through Google Voice.

  • Restoration of Data Process and Communication with Backup Location

Determine when the data center is to be recovered, if affected by the disaster.  Also, discuss when data communications will be established between the primary or secondary backup data center and your alternate site.

  • Commencement of Alternate Site Operations

Communicate with customers regarding the disaster and re-solicit phone contacts.

  • Management of Work

Determine priorities for work backlogs to ensure the most important backlogged tasks are resolved first. Set an overtime schedule, if required, based on staff and system availability. Set backlog priorities, establish backlog status reports if necessary, and communicate this to the Client Relationships supervisor. Report the backlog status to management on a regular basis. If backlogs appear to be very large or will take a significant time to recover, determine if temporaries could be used for certain tasks to help eliminate the backlogs.  If justified, arrange for temporaries to come in.

  • Transition Back to Primary Operations

This phase consists of any and all activities necessary to make the transition back to a primary facility location.

  • Cessation of Alternate Site Procedures

Determine which alternate site operating procedures will be suspended or discontinued and when. Communicate the changes in procedures to all affected staff.

  • Relocation of Resources Back to Primary Site

Determine when will be scheduled for relocating back to the primary site. Communicate this schedule to all personnel and clients.

11. Appendices

A. Management Contact List

Name Title Phone Email Location

B. Recovery Priorities

Priority Component Vendor
1
LDAP
2
Email
3
Team Drive
4
Project Management
5
Bug Tracker
7
Chat Communication
8
Hosted Applications for
9
CRM

C. Alternate Site Resources

Alternative Site Location:

Xxx

Yyy

zzz

D. Emergency Operations Center (EOC) Locations

EOC Location

Xxx

Yyy

zzz

E. Vital Records

All vital records for Company Name that would be affected by a facilities disruption are maintained and controlled by IT. These files are periodically backed up and stored on our AWS S3 in North Virginia and Oregon as part of normal operations.

F. Vendor Lists

• Arcserve
• Axcient
• Continuity Logic

DISCLAIMER

Any articles, templates, or information provided by AllCode on the website are for reference only. While we strive to keep the information up to date and correct, we make no representations or warranties of any kind, express or implied, about the completeness, accuracy, reliability, suitability, or availability with respect to the website or the information, articles, templates, or related graphics contained on the website. Any reliance you place on such information is therefore strictly at your own risk.

 

You may also be interested in reading

what is big data services on aws

Big Data on AWS

Cost savings on AWS bill AWS Trusted advisor consolidated billing instance scheduler s3

Cost Savings on AWS