Business Continuity Plan

Introduction

Haystack is committed to maintaining operations under all circumstances, ensuring minimal disruption to services, and protecting our stakeholders' interests. This Business Continuity Plan (BCP) outlines the procedures and strategies to be implemented in the event of an emergency or disruption, ensuring swift recovery and continuity of operations.

This introduction sets the stage for understanding our commitment to resilience and preparedness. It highlights the importance of having a structured plan in place to address various potential disruptions, ensuring the ongoing functionality of our business and the safety of our employees.

Objectives

• Ensure the safety and well-being of all employees and stakeholders.
• Minimize operational downtime and financial loss.
• Maintain continuous communication with clients and stakeholders.
• Protect critical business functions and data.
• Comply with regulatory and legal obligations.

The objectives clearly define the goals of our Business Continuity Plan, providing a framework for all subsequent actions. They emphasize our priority on safety, operational continuity, and regulatory compliance, guiding our response and recovery efforts.

Scope

This plan applies to all Haystack locations, employees, and operations. It covers various potential disruptions, including natural disasters, cyber-attacks, power failures, and other emergencies.

By delineating the scope, we ensure that every aspect of our business is covered, from physical locations to digital operations. This comprehensive approach guarantees that no area is overlooked in our planning, making our business more resilient to diverse threats.

Business Impact Analysis

Critical Business Functions

1. Internal Communications Platform
   • Importance: Essential for real-time communication and coordination.
   • Recovery Time Objective (RTO): 1 hour.
2. Employee Directory
   • Importance: Vital for maintaining contact with all staff.
   • RTO: 2 hours.
3. Event Management System
   • Importance: Crucial for scheduling and managing company events.
   • RTO: 4 hours.
4. Knowledge Management System
   • Importance: Key for accessing company documentation and information.
   • RTO: 2 hours.

The Business Impact Analysis identifies and prioritizes our critical business functions, establishing clear recovery objectives. This prioritization ensures that essential services are restored promptly, minimizing disruption and maintaining operational integrity.

Risk Assessment

Potential Risks

• Natural Disasters: Earthquakes, floods, fires.
• Cybersecurity Threats: Hacking, data breaches, ransomware.
• Technical Failures: Power outages, system crashes.
• Human-Related Risks: Pandemics, terrorism, sabotage.

Risk assessment allows us to identify potential threats and their impact on our operations. By understanding these risks, we can develop targeted mitigation strategies and prepare effectively for various scenarios, enhancing our overall resilience.

Mitigation Strategies

• Natural Disasters: Ensure physical security measures, establish evacuation plans, and maintain off-site backups.
• Cybersecurity Threats: Implement robust cybersecurity protocols, regular audits, and employee training.
• Technical Failures: Maintain redundant systems and regular maintenance schedules.
• Human-Related Risks: Develop health and safety protocols, crisis communication plans, and remote working capabilities.

Mitigation strategies provide specific actions to reduce the impact of identified risks. These proactive measures are essential for preventing disruptions and ensuring a swift and effective response, safeguarding our business operations and assets.

Emergency Response

Immediate Actions

1. Activate the Emergency Response Team (ERT)
   • Composed of senior management and key personnel.
   • Responsible for initial assessment and response coordination.
2. Ensure Safety
   • Evacuate premises if necessary.
   • Account for all employees.
3. Communicate
   • Inform employees, clients, and stakeholders of the situation.
   • Provide regular updates.

The emergency response section outlines the initial actions to be taken in the event of a disruption. By having a clear and immediate response plan, we can ensure the safety of our employees and minimize the impact on our operations.

Communication Plan

Internal Communication

• Primary Method: Haystack's internal communications platform.
• Backup Method: Email, SMS, and phone calls.

External Communication

• Clients and Stakeholders: Regular updates via email and the company website.
• Media: Press releases and designated spokespersons.

Effective communication is crucial during a disruption. This plan ensures that all stakeholders are kept informed and reassured, maintaining trust and transparency while coordinating recovery efforts efficiently.

Recovery Plan

Short-Term Recovery

1. Assess Damage
   • Determine the extent of the impact on operations.
2. Restore Critical Functions
   • Prioritize recovery of the internal communications platform, employee directory, and knowledge management system.
3. Support Employees
   • Provide resources for remote work and mental health support.

Long-Term Recovery

1. Evaluate and Improve
   • Review the effectiveness of the BCP.
   • Update and improve the plan based on lessons learned.
2. Full Restoration
   • Return to normal operations.
   • Address any long-term impacts and recovery needs.

The recovery plan outlines both immediate and long-term steps to restore normal operations. By focusing on critical functions first and continuously improving our strategies, we ensure a resilient recovery and ongoing operational excellence.

Roles and Responsibilities

Emergency Response Team (ERT)

• Team Leader: CEO Cameron Lindsay
• Communication Officer: Head of Internal Communications
• IT Lead: Head of Information Technology
• HR Lead: Head of Human Resources
• Operations Lead: COO

Employee Responsibilities

• Familiarize with the BCP.
• Participate in regular training and drills.
• Follow instructions during an emergency.

Clearly defined roles and responsibilities ensure that everyone knows their tasks and duties during an emergency. This structure facilitates a coordinated and efficient response, reducing confusion and improving overall effectiveness.

Training and Testing

• Regular Training Sessions: Ensure all employees are aware of their roles and responsibilities.
• Annual Drills: Conduct simulations to test the effectiveness of the BCP.
• Continuous Improvement: Update the plan based on feedback and new risks.

Training and testing are vital to maintaining an effective BCP. Regular drills and continuous improvement ensure that our team is prepared and that our plan evolves to address new challenges and insights.

Plan Maintenance

• Review and Update: Annually or after a significant event.
• Documentation: Maintain detailed records of all changes and updates.

Plan maintenance ensures that our BCP remains current and effective. Regular reviews and updates keep the plan relevant, addressing new risks and incorporating feedback from previous incidents and drills.

Conclusion

Haystack's Business Continuity Plan is designed to ensure resilience and swift recovery from any disruption. By following this plan, we commit to protecting our employees, clients, and stakeholders while maintaining our service excellence.

The conclusion reinforces our commitment to business continuity and resilience. It summarizes the importance of the BCP and our dedication to maintaining high standards of service, regardless of the challenges we may face.