AWS Business Continuity Plan (Template Included)
AllCode has written more than a few AWS Business Continuity Plans (BCP). Establishing a proper plan should be at the forefront of your development process if your organization has plans of scaling.
Download BCP Template Here
Prepare your company for disaster. Thousands of businesses are affected every quarter – don’t let yours be!
What is an AWS Business Continuity Plan?
A business continuity plan (BCP) is a structured and detailed arrangement of guidelines designed to recover system and networks in the event that they’ve failed or have been attacked. These plans are geared toward getting your organization operational as quickly as possible.
An on-premises recovery plan is generally expensive to implement and maintenance, which is why companies often leverage the solutions that their cloud vendor has provided for them. AWS users have an advantage, as Amazon partners with various which ensure the simplicity of this process.
Why do I need an AWS Business Continuity Plan?
Establishing a business continuity plan is more critical now than ever, especially if you have plans to grow your business. Studies show that over 100,000 small businesses closed during the COVID-19 pandemic.
BCP’s are designed for catastrophes such as the Coronavirus that leave the economy in a drought and businesses struggling to stay afloat. A well-thought-out strategy will help prime you and your employees during economic distress so that you know what to do at the right time.
AWS Business Continuity Plan (HTML Version)
1390 Market Street, Suite 200
San Francisco, CA, 94102
Table of Contents
In the event of a disaster which interferes with Company Name’s ability to conduct business from their headquarters, this plan is to be used by the responsible individuals to coordinate the business recovery of their respective areas and/or departments. The plan is designed to contain, or provide reference to, all of the information that might be needed at the time of a business recovery.
The objective of this Business Continuity Plan is to coordinate recovery of critical business functions in managing and supporting the business recovery in the event of a facilities (office building) disruption or disaster. This can include short or long-term disasters or other disruptions, such as fires, floods, earthquakes, explosions, terrorism, tornadoes, extended power interruptions, hazardous chemical spills, and other natural or man-made disasters.
A disaster is defined as any event that renders a business facility inoperable or unusable so that it interferes with the organization’s ability to deliver essential business services.
The priorities in a disaster situation are to:
- Ensure the safety of employees and visitors in the office buildings.
- Mitigate threats or limit the damage that threats can cause.
- Have advanced preparations to ensure that critical business functions can continue.
- Have documented plans and procedures to ensure the quick, effective execution of recovery strategies for critical business functions.
Maintenance, planning, and testing of the Company Name‘s Business Continuity Plan is the joint responsibility of the Company Name‘s leadership team.
2. Business Function Recovery Priorities
Company Name’s main critical IT infrastructure resides in the cloud. In the event of a significant disruption, Company Name will not have to restore IT functions. Instead Company Name will need to work with our cloud vendors to ensure that their services continue to operate. These services include:
- LDAP, email, teleconference solutions, and file shares.
- Project management and bugs cloud solutions.
- Chat communication cloud solutions
- Invoicing and accounting cloud solutions
- CRM cloud solutions
- Application hosting for clients.
In the event that Company Name’s cloud vendors do not continue to operate. Company Name will periodically export the contents of these cloud solutions to our AWS S3 to enable us to continue to operate in the event of a disruption.
3. Relocation Strategy
Company Name is headquartered at:
1390 Market Street
San Francisco, California
In the event of a significant disruption in San Francisco. Company Name would relocate to its alternate business site.
4. Alternate Business Site
5. Recovery Plan
In the event of a disaster in San Francisco, CA, Company Name senior leadership will declare a disaster. Next, Company Name senior leadership will make the decision to activate the recovery phases.
6. Recovery Phases
A. Recovery Phases
B. Plan Activation
C. Alternate Site Operation
D. Transition To Primary Site
7. Records Backup
8. Restoration Plan
9. Recovery Teams
A. Team Roles
B. Team Contacts
C. Team Responsibilities
10. Recovery Procedures
Company Name specific activities needed to recover normal and critical business operations are:
- Disaster Occurrence
This phase begins with the occurrence of the disaster event and continues until a decision is made to activate the recovery plans. The major activities that take place in this phase includes: emergency response measures, notification of management, damage assessment activities, and declaration of the disaster.
- Notification of Management
Team leader informs the members of the senior management team if they have not been informed. Personnel are notified of the disaster. Depending upon the time of the disaster, personnel are instructed on what to do (i.e. stay at home and wait to be notified again, etc.)
- Preliminary Damage Assessment
After a disaster occurs, quickly assess the situation to determine whether to immediately evacuate the building or not, depending upon the nature of the disaster, the extent of damage, and the potential for additional danger.
Note: If the main office is total loss, not accessible or suitable for occupancy, the remaining activities can be performed from the Emergency Operations Center (EOC), after ensuring that all remaining tasks in each activity have been addressed. This applies to all activities where the Main Office is the location impacted by the disaster. The location(s) of the EOC are designated in Appendix D – Emergency Operations Center (EOC) Locations. The EOC may be temporarily setup at any one of several optional locations, depending on the situation and accessibility of each one. Once the Alternate site is ready for occupancy the EOC can be moved to that location.
- Declaration of Disaster
Actual declaration of a disaster is to be made after consulting with senior management. All teams should wait for notification from the senior management team that a disaster has been declared and that groups/departments are to start executing their Business Continuity Plans and relocate to their Alternate Business Site Location.
- Plan Activation
In this phase, the Business Continuity Plans are put into effect. This phase continues until the alternate facility is occupied, critical business functions reestablished, and computer system service restored to Company Name’s Departments. The major activities in this phase include: notification and assembly of the recovery teams, implementation of interim procedures, and relocation to the secondary facility/backup site, and re-establishment of data communications.
- Relocation to Alternate Site
This phase begins after secondary facility operations are established and continues until the primary facility is restored. The primary recovery activities during this phase are backlog reduction and alternate facility processing procedures.
- Implementation of Temporary Procedure
Gather vital records and other materials that were retrieved from the backup locations and determine appropriate storage locations, keeping in mind effectiveness of workgroups. Determine which vital records, forms, and supplies are missing. Obtain from AWS S3 those files that are missing. Develop prioritized work activities, especially if all staff members are not available.
- Establishment of Communication
Determine what activities that vendors are taking place to reroute telephone communications to the alternate site. This should be automatically done through Google Voice.
- Restoration of Data Process and Communication with Backup Location
Determine when the data center is to be recovered, if affected by the disaster. Also, discuss when data communications will be established between the primary or secondary backup data center and your alternate site.
- Commencement of Alternate Site Operations
Communicate with customers regarding the disaster and re-solicit phone contacts.
- Management of Work
Determine priorities for work backlogs to ensure the most important backlogged tasks are resolved first. Set an overtime schedule, if required, based on staff and system availability. Set backlog priorities, establish backlog status reports if necessary, and communicate this to the Client Relationships supervisor. Report the backlog status to management on a regular basis. If backlogs appear to be very large or will take a significant time to recover, determine if temporaries could be used for certain tasks to help eliminate the backlogs. If justified, arrange for temporaries to come in.
- Transition Back to Primary Operations
This phase consists of any and all activities necessary to make the transition back to a primary facility location.
- Cessation of Alternate Site Procedures
Determine which alternate site operating procedures will be suspended or discontinued and when. Communicate the changes in procedures to all affected staff.
- Relocation of Resources Back to Primary Site
Determine when will be scheduled for relocating back to the primary site. Communicate this schedule to all personnel and clients.
A. Management Contact List
B. Recovery Priorities
C. Alternate Site Resources
D. Emergency Operations Center (EOC) Locations
E. Vital Records
F. Vendor Lists
• Continuity Logic