This document outlines an incident management plan for BCM xeosolutions. It contains information on the organization, roles and responsibilities, stakeholders, resources, associated risks, and response plans for various incidents including earthquakes, power failures, server hacks, and web server crashes. The plan is intended to ensure business continuity and the timely recovery of critical systems in the event of a disruption.
2. Organization Info
Name BCM xeosolutions
Scope This document contains the Business Continuity plan for the resolutions. it's the document
containing the informationrequired to post-interruption decision-making and also the agency’s
response to any unquiet or extended interruption of the organization's traditional operations and
services.
This document represents the xeosolutions commitment to response, resumption, recovery, and
restoration coming up with. This plan should be kept current to make sure the accuracy of its
contents. Every individual answerable for data or materials within the document should make sure
that resources area unit committed to the maintenance of its contents.
The xeosolutions Business Continuity Plan is intended to provide a framework for constructing plans
to ensure the safety of employees, volunteers and consumers (clients) and the resumption of time-
sensitive operations and services in the event of an emergency (fire, power or communica-tions
blackout, tornado, hurricane, flood, earthquake, civil disturbance, etc,) disaster, or other business
interruption.
The general objectives of the Plan are to ensure that in the event of an incident or crisis situation:
• There will be a logical recovery of the business
• Impacts will be kept within acceptable levels as defined by the business department
representatives
• Business will continue as usual, as far as possible
The Plan will address the following planning priorities:
• Staff health & safety
• Safeguarding of assets
• Continuity of key business activities
• Protecting the Environment
• Fulfilling obligations
Policy It is the policy of xeosolutions to: -
• Maintain a strategy for reacting to, and recovering from, adverse situations which is in line
with senior management’s level of acceptable risk
• Maintain a programme of activity which ensures the company has the ability to react
appropriately to, and recover from, adverse situations in line with the business continuity
objective
• Maintain appropriate response plans underpinned by a clear escalation process
• Exercise response and recovery plans at least annually
• Maintain a level of resilience to operational failure in line with the risk faced, the level of
negative impact which could result from failure and senior management’s level of acceptable
risk
• Maintain employee awareness of the company’s expectations of them during an emergency
or business continuity threatening situation
• Take account of changing business needs and ensure that the response plans and business
continuity strategy are revised where necessary
• Remain aligned with best practice in business continuity management
Business Entity Info
Name xeosolutions
Description Xeo Solutions IT Leasding Company
Address House No.41 Bella Road G-10/1 Islamabad
Telephone +92 333 5364904
E-mail hashmisaf@outlook.com
Website www.xeosolutions.com
04/12/2016
1 / 12
Incident Management Plan
BCM xeosolutions
3. Regulatory Info xeosolutions. Is a ISO/IEC 27000 Series (Formerly BS 7799/ISO 17799 certified organization and
operated under the guidelines of BS 779. Further, xeosolutions operates under the laws set forth by
the Pakistani Government, including its consumer data protection act and Privacy Acts.
Said Orginization strictly follow these statndards,
• ISO/IEC 27000 Series (Formerly BS 7799/ISO 17799)
• COBIT 4.X
• ISO 9000
• NIST SP 800
Roles And
Responsibilities
For the business continuity of xeosolutions Co., the BCMT provides general support and is
concerned with resources and tasks integral to running the specific functional area.
CEO Manages and directs the recovery effort.
Customer Service Manager. Provides support of critical business functions affected by the disaster.
Information Technology Manager. Coordinates all data processing and telecommunications systems
recovery, including operational restoration of Building O&S and operations at the designated hot
site.
Vice President for Marketing Provides for support of critical business functions affected by the
disaster.
Lead Programmer Provides support of critical business functions affected by the disaster.
1. Managment
(1) Manges and directs the recovery direction.
(2) Provide training for work force
(3) Receives and processes complaints
(4) Processes individual rights requests
2. Employee responsibilities
(1) Understand and comply with organization’s policies regarding BCP/
04/12/2016
2 / 12
Incident Management Plan
BCM xeosolutions
4. Stakeholders
Stakeholder Normal Expectations Expectations During Disruption Ranking
Muhmmad Bilal Ms. Bilal is responsible for the marketing
and public relations department at
xeosolutions
Communicate all the task and ativies of
recovery process to thepersonal aspects of
the situations includeing (Top
Managment,) initiate emergency alerts .
None
Muhammad Haris Mr. Haris is lead programmer and project
manager at xeosolutions
He is responsible to make sure all the
backup must be available . and Perform
the recover operation along with hist team.
None
Safwan Hashmi Mr. Safwan Hashmi serves as the CEO
of xeosolutions . He is responsible for the
entire operations of the organization.
As Business Continuity Management
Team Co-facilitator, gives contact between
the operational and administration groups.
Additionally in charge of progressing
support, preparing and testing of the
Business Continuity Plan. Facilitates the
Institute Support Teams under the
sponsorship of the Business Continuity
Management Team.
Critical
Ziad Tufail Mr. Ziad is responsible for the overall
operations of the customer support
management department
Provides for managesupport team that
provide the clients during the disaster and
recovery operations with primary
responsibility for restoration.
None
Local Emergency
Response Team
Ensure the saftey and well being of the
community.
Provide disaster response and emergency
response services to people and assets in
danger durring a disruption.
Critical
Assurance
Insurance Agent
Provide insurance based support
throughout normal operations.
Provide insurance based support
throughout normal operations.
None
Associated Risk Treatment
Risk Treatment xeosolutions
04/12/2016
3 / 12
Incident Management Plan
BCM xeosolutions
5. Resource Description Division/Department
PHP Web Server PHP Web Server
These server contain , website and database of
cleint , which key business of orginization.
IT
Risk Ranking Areas Of Impact
Critical Hosting and Domain
Template Column Requirement Item Description
Computing Equipment C
Skills Skills Must have skill to restore all the web service from remote site.
Supporting Activities New Requirement Item
Maximum Disruption Period Recovery Time Minimum Service Level
5 Business Days 2 Business Days Ability to access programming data
remotely from an alternate
machine.
Impact Analysis
Requirement Items
Assessment Date Review Date Signed Off By
01/12/2016 04/01/2017 Safwan Hashmi
Resources
04/12/2016
4 / 12
Incident Management Plan
BCM xeosolutions
6. Resource Description Division/Department
Office Headquarters Building is an imporant resource where servers
are plasece and people can work on software
/Web Application.
Risk Ranking Areas Of Impact
High In the case of a discruption or disaster effecting the physical buildings of xeosolutions ., all
aspects of the business would fall under the areas of impact.
Template Column Requirement Item Description
Maximum Disruption Period Recovery Time Minimum Service Level
2 Days 1 The ability to remotely access all
vital information for business
processes from another site.
Impact Analysis
Requirement Items
Assessment Date Review Date Signed Off By
01/12/2016 01/12/2016 Safwan Hashmi
Resources
Resource Description Division/Department
Server - Customer Information Customer Information is always a very sensitiv
information to an orginization. Loss of these
server result in oraginization reputation loss
and alos have bear the plenties set by the
governing bodies.
Sales
Risk Ranking Areas Of Impact
None
Template Column Requirement Item Description
Maximum Disruption Period Recovery Time Minimum Service Level
Impact Analysis
Requirement Items
Assessment Date Review Date Signed Off By
07/12/2016 09/12/2016 Ziad Tufail
Resources
04/12/2016
5 / 12
Incident Management Plan
BCM xeosolutions
7. Resource Description Division/Department
Computer (desktop) - Programmer Progamers workstations are critical resource
for the development of new products, and
Manageing existing application.s
MIS
Risk Ranking Areas Of Impact
High Programming and Development Department.
Template Column Requirement Item Description
Maximum Disruption Period Recovery Time Minimum Service Level
5 2Business Days 2 Business Days Ability to access programming data
remotely from an alternate
machine.
Impact Analysis
Requirement Items
Assessment Date Review Date Signed Off By
01/12/2016 05/12/2016 Safwan Hashmi
Resources
04/12/2016
6 / 12
Incident Management Plan
BCM xeosolutions
8. Incident Response Description
xeosolutions Business Continuity Plan: General
Disruption Response
xeosolutions increasingly depends on computer-supported information
processing and telecommunications. This dependency will continue to
grow with the trend toward decentralizing information technology to
individual organizations within xeosolutions . administration.
The increasing dependency on computers and telecommunications for
operational support poses the risk that a lengthy loss of these
capabilities could seriously affect the overall performance of the
Company. A risk analysis which was conducted identified several
systems comprising those functions whose loss could cause a major
impact to the Conmpany. This risk assessment process will be repeated
on a regular basis to ensure that changes to our processing and
environment are reflected in recovery planning.
XEOSOLUTIONS administration recognizes the low probability of
severe damage to data processing telecommunications or support
services capabilities that support the Company. Nevertheless, because
of the potential impact to XEOSOLUTIONS., a plan for reducing the risk
of damage from a disaster however unlikely is vital. The Company‘s
Business Continuity Plan is designed to reduce the risk to an
acceptable level by ensuring the restoration of Critical processing.
The Plan identifies the critical functions of XEOSOLUTIONS. and the
resources required to support them. The Plan provides guidelines for
ensuring that needed personnel and resources are available for both
disaster preparation and response and that the proper steps will be
carried out to per Tech Co. the timely restoration of services.
Plans
Associated Threat Description
Natural Disaster - earthquake
Failure of backed up data
Malicious attack - manipulation of IT
equipment
Loss of availability to authorized
users
Malicious attack - manipulation of
data or software
Denial of service
Incident Response Recovery
04/12/2016
7 / 12
Incident Management Plan
BCM xeosolutions
9. Plan Purpose And Scope Plan Maintened By
Disruption/Disaste
r Response due
to earthquake
The object of this Plan is to restore critical systems within 5 hours, and
Essential (Category II) systems within 2 week(s) of a disaster that
disables any functional area and/or essential equipment supporting the
systems or functions in that area.
Safwan Hashmi
Plan Steps Description Time Frame Team Responsible
Detect and
determine a
disaster condition
The detection of an event which could result in a
disaster affecting information processing systems
at XEOSOLUTION. is the responsibility of Physical
Plant Operations (PPO), Police, Information
Systems, or whoever first discovers or receives
information about an emergency situation
developing in one of the functional areas
30 Minutes xeosolutions BCM Team
Initiate the
Organization's
Business
Continuity Plan
Initiate the Organization's Business Continuity Plan
.
30 Minutes xeosolutions BCM Team
Activate the
designated hot
site
Make hotsite operational . 1 Hours xeosolutions BCM Team
Dissemination of
Public
Information
The Director of the Costumer Relations is
responsible for directing all meetings and
discussions with the news media and the public,
and in conjunction with the Personnel Department,
with Tech Co. personnel not actively participating in
the recovery operation.
1 Hours xeosolutions BCM Team
Notify Person to
Recover
When a situation occurs that could result
interruption of processing of major information
processing systems of networks, the following
people must be notified:
·Physical Plant Operations and /or the Police
receive the initial notice through their alarm
monitoring capabilities. If the problem does not
activate a normal alarm system, immediately notify
these two areas.
· BCM Team Leader
1 Hours xeosolutions BCM Team
Provide Support
to Recovers
3 Hours xeosolutions BCM Team
04/12/2016
8 / 12
Incident Management Plan
BCM xeosolutions
10. Plan Purpose And Scope Plan Maintened By
Power Failure This Purpose of this plan is to make sure that if the power falure is
occurected , company must have the generatore and UPS in order to
avoid distruptions
Safwan Hashmi
Plan Steps Description Time Frame Team Responsible
Report the Power
Failure
Report the Power Failure 2 Minutes xeosolutions BCM Team
Active the UPS Activate the Backup UPS/Genrator as soon as
possible.
5 Minutes xeosolutions BCM Team
Restore the
power
Restore the Power Failure take the counter
meansure to avoid the distruption of Failue next
time
1 Hours xeosolutions BCM Team
04/12/2016
9 / 12
Incident Management Plan
BCM xeosolutions
11. Plan Purpose And Scope Plan Maintened By
Server Hacked Objective this plan is to restore Server operations to normal when it
compromise by hackeer.
Safwan Hashmi
Plan Steps Description Time Frame Team Responsible
Detect and
Identify the
Server is
Hacked.
Detect and Identify server is compromise of
hackers.
30 Minutes xeosolutions BCM Team
Report to
Managment
Report to Managment and tell them about cyber
attack that out servers has been compromised .
1 Hours xeosolutions BCM Team
Operate the
Backup in safe
mode.
Make the backup server operational . 2 Hours xeosolutions BCM Team
Recover the
compromised
Server
Recover /Restore the compromised server as soon
as possible and take security measures to prevent
the cyber to happed again
1 Days xeosolutions BCM Team
Identify the
loophole and
Valunribilities
Identify the valunribilities and take counter
measures and Test the server .
1 Days xeosolutions BCM Team
Restore the
sever to
operational state
1 Days Business Continuity
Management Team
04/12/2016
10 / 12
Incident Management Plan
BCM xeosolutions
12. Plan Purpose And Scope Plan Maintened By
Web Server
Crash
The purpose of this plan is recover the web server and make it
operation as soon as possible.
Safwan Hashmi
Plan Steps Description Time Frame Team Responsible
Notify all the
Client with Email
for the
maintinance of
Server
Notify all the Client with Email for the maintinance
of Server for Next 1 hours.
5 Minutes xeosolutions BCM Team
Detect the Issue. Dectect issue as soon as occured. 5 Minutes xeosolutions BCM Team
Make backupn
server
opertational
Make backup server operation with in 1 Hours. 1 Hours xeosolutions BCM Team
Recover you the
servers and
Make it online .
Recover you the servers and Make it online . 1 Days xeosolutions BCM Team
04/12/2016
11 / 12
Incident Management Plan
BCM xeosolutions
13. Name Description Testing Coordinator
Testing of BCM Testing BCM Plan Safwan Hashmi
Incident Plan Scenario Test Date Frequency
Disruption/Disaster
Response due to
earthquake
Disruption/Disaster Response 14/12/2016 0
Responsible Description
Safwan Hashmi xeosolutions can be disaster due to earthquake , its business can effect. The purpose this
plan to run business during the disaster.
Goals Preparations Participants
The purpose this plan to
test that business can
survive during the
disaster.
BCM Team will create an enviroment of disaster . All the steps will
be carried to out during this even as we defind plan.
Top Managment
Programmers/Lead and
Manager
BCM Team
Markiting Team
Expected Date Actual Date Results Needs Review
Test Results
Test Plans
Maintenance
04/12/2016
12 / 12
Incident Management Plan
BCM xeosolutions