Gimme Sugar Limited
Business Continuity Policy
Version: 1.0
Date of Issue: 1.1.25
Reviewed By: Ben Jones, Founder and Executive Producer
Next Review Date: 31.1.25
1. Purpose
The purpose of this Business Continuity Policy is to establish and maintain a comprehensive framework for the continuity of critical business operations during and after a disruptive event. This policy ensures that Gimme Sugar can recover quickly and continue to deliver essential production services to its customers, employees, and stakeholders.
2. Scope
This policy applies to all employees, departments, systems, processes, and facilities of Gimme Sugar that are essential for the continued operation of the business. The policy includes procedures for handling a variety of disruptions, including natural disasters, technological failures, and human-related events.
3. Objectives
The key objectives of this policy are to:
Ensure the safety and well-being of employees and stakeholders.
Minimise the impact of disruptions on critical business functions.
Ensure that essential services are maintained during disruptions.
Facilitate the rapid recovery of business operations after a disruption.
Protect the company's reputation, financial stability, and customer relationships.
4. Roles and Responsibilities
Founder and Executive Producer: Responsible for overseeing the implementation and maintenance of the business continuity program. Coordinates the execution of the plan during an event.
Executive Producer: Ensure that all departmental critical functions are identified and plan for their recovery. They are responsible for implementing continuity strategies within their respective departments.
Employees: All, if any employees are responsible for being familiar with the business continuity plan and their role in case of a disruption.
5. Risk Assessment
A comprehensive risk assessment will be conducted annually to identify potential threats to the business, assess their likelihood, and evaluate their potential impact on operations. The findings will be used to prioritize continuity planning and mitigation strategies.
6. Business Impact Analysis (BIA)
A Business Impact Analysis (BIA) will be conducted periodically to identify critical business functions and resources, including personnel, technology, facilities, and data. The BIA will help determine the maximum allowable downtime for each critical function and the resources required to maintain or restore them.
7. Business Continuity Strategies
The following strategies have been developed to ensure the continued operation of Gimme Sugar during a disruption:
Alternative Work Locations: In the event that the primary business location becomes unavailable, alternative work locations will be identified and equipped to support critical operations. This includes our office in Bournemouth.
Remote Work: Employees will be enabled to work remotely if necessary, with secure access to essential systems and tools.
Backup Systems and Data Recovery: Key data and systems will be backed up regularly, with off-site storage or cloud-based solutions in place to enable recovery.
Supplier and Vendor Continuity: Relationships with critical suppliers and vendors will be reviewed to ensure they have their own business continuity plans in place.
Communication Plans: Clear communication channels will be established to keep employees, customers, and other stakeholders informed during a disruption.
8. Training and Awareness
All employees (if any) will undergo annual business continuity training to understand their roles during a disruption. Additionally, tabletop exercises and simulations will be conducted to test the effectiveness of the continuity plan and ensure that employees are prepared.
9. Testing and Maintenance
The Business Continuity Plan will be tested at least once a year through drills or simulations. Feedback from these exercises will be used to update and improve the plan. Any changes to the business environment, technology, or operations that may impact the continuity plan will be reviewed, and the plan will be adjusted accordingly.
10. Recovery Time Objectives (RTO) and Recovery Point Objectives (RPO)
RTO (Recovery Time Objective): The maximum acceptable amount of time that a critical business function can be disrupted before it must be restored.
RPO (Recovery Point Objective): The maximum acceptable amount of data loss measured in time. This defines how often data backups should occur.
11. Incident Response and Activation
In the event of a disruption, the Business Continuity Plan will be activated according to the following process:
Initial Assessment: The Executive Producer will assess the nature and scope of the disruption.
Activation: If the disruption is significant, the Business Continuity Plan will be activated, and relevant teams will begin executing the plan.
Response and Recovery: Teams will implement response strategies to minimize impact and begin recovery operations.
Communication: Regular updates will be provided to employees, customers, and stakeholders regarding the status of the disruption and recovery efforts.
12. Communication Protocol
Effective communication is critical during a disruption. The following communication protocols will be followed:
Internal Communication: An emergency communication system will be used to inform employees about the disruption and provide instructions.
External Communication: Customers, suppliers, and other external stakeholders will be informed of the disruption and the steps being taken to resolve it.
13. Compliance and Legal Requirements
This policy complies with relevant laws, regulations, and industry standards related to business continuity, including GDPR. The company will also ensure that recovery strategies meet legal and contractual obligations.
14. Policy Review and Updates
This Business Continuity Policy will be reviewed annually and updated as necessary to reflect changes in business operations, risk environment, or industry best practices. All updates to the policy will be communicated to employees and relevant stakeholders.