This document outlines Sammie's Services business continuity plan which details procedures to follow in the event of various emergencies and disasters to allow for continued operations. Key steps include notifying employees via phone tree, backing up data to off-site servers, evacuating buildings if needed, and restoring systems from backups once disasters have passed. The plan covers natural disasters, fires, floods, cyberattacks and more. Regular testing and updates are part of maintaining an effective continuity plan.

1. Melvin Samuel Gillaspie, Jr. CEO/Chief IT Manager
11/20/2015
SAMMIE’S SERVICES
BUSINESS CONTINUITY
PLAN
What to do in case of emergency
This a plan that covers how to recover our services, via roles of key
employees, in the event of natural or man-made disasters.

2. 11/20/2015
1
INTRODUCTION:
What to do in case of emergency
We are a full-service IT Contract service provider which means we offer services including:
Network setup, troubleshooting, and support
End-device setup, troubleshooting/repair, and upgrading
Software setup, troubleshooting, and updating
Custom order PC’s and Servers to meet the needs of our clients
Contracts of varying cost for “tech support”
Due to the nature of our business and services offered we need to be able to keep providing
services to our clients no matter the nature of events from one day to the next.
We will have a “phone tree” in place for all the top tier managers to call their subordinates or
their designated personnel to assist in notifying about actions that need to be taken. If the
ability to get online exist then we shall update and post an “ACTION RESPONSE PLAN” to
our company’s webpage at www.SammiesServices.com . If the events happen during normal
business hours then we shall implement emergency protocols and either evacuate the
building or report to the designated “safe room” on each floor. Emergency services should be
contacted, such as:
Fire
Police
FEMA
St Stephen’s Hospital (unless noted by employee)
Contact Names & Numbers:
CEO / Chief IT Manager – Melvin Gillaspie, Jr. Hm# 336-277-9874 Cell# 336-922-5544
VP IT Manager – Terry Bradshaw Hm# 336-665-1028 Cell# 336-757-6479
VP Sales Manager – Newt Jennings Hm# 336-822-6767 Cell# 336-655-8228
Sr Office Manager – Crystal Crider Hm# 336-277-9874 Cell# 336-775-6769
Sr Network Engineer – Dan Thompkins Hm# 332-722-6716 Cell# 336-404-1325
Local Emergency Services Contact Numbers:
Medical: 9-1-1 Fire: 9-1-1 Police: 9-1-1
Natural Disasters: Call FEMA @ 1-800-DIASTER

3. 11/20/2015
2
Assumptions:
 Top tier managers will be available following a disaster
 Nuclear disasters are beyond the scope of this plan.
 This plan and ALL other business documents, client list, and any other vital
information shall be stored on multiple off-site servers to allow for instant to
quick recovery of data following a disaster. (The locations will be designated
by the CEO or designee).
 Each support organization will be supplied with a copy of this plan and any
other documents that would assist them in supporting us in recovery.
Team Member Responsibilities:
 Each top tier manager will designate an alternate employee to fulfill their
responsibilities in case they are unable (this can be followed via the
“phone tree”).
 ALL employees on the “phone tree” should keep up-to-date contact
information. Contact information will be updated on a monthly basis.
 ALL employees on the “phone tree” should be familiar with this plan. This
plan should be under review every six months or following a disaster to
evaluate its effectiveness. Each employee should keep a copy of this plan
in their company provided safe.
Data backup policy:
Full and partial backups will be processed at different times. Partial backups will
be processed every four hours, while full backups will be processed at midnight and
noon of each day. Each backup location should be off site and in a secure location
isolated from environmental hazards. This facility should meet standards of the
following:
 Withstand 200mph wind
 Have multiple power sources (solar, wind, generators, etc.)
 Water-tight structure that withstand a tsunami event
 Multiple layers of security via gatehouse, intrusion prevention barriers,
keycards, biometrics, and keypads. New security measures should be
approved before implementation. In the event of emergency the facility shall
notify management as soon as the emergency is cleared.

4. 11/20/2015
3
Procedures for natural disaster:
STEP ACTION
1 Begin notifying people on the “phone tree” to advise on which plan to follow
2 If impending natural disaster can be tracked, begin preparation of site within
72hours, or less, as follows:
 Check to make sure generators are in working order, with fuel, and the
redundancy batteries are charged
 Deploy support personnel to customer sites
 Initiate a system wide backup to the off-site locations
 Initiate lockdown procedures of the facility so that only minimal staff would
be in the building when the pending disaster was to arrive
 If internet connection if available, then updates should be posted to
www.SammiesServices.com
3 Once the disaster has been cleared, notify authorities and emergency agencies
depending on the damage to the facility and/or injuries to any staff members.
4 Check connections to the off-site servers and if the connection is “in-service” then
start a restore from the last backup, but if it’s NOT “in-service” notify the Sr.
Engineer Manager to facilitate fixing the issue. Once the system has been restored
then check connections to clients and send out necessary recovery data.

5. 11/20/2015
4
Procedures for fire and earthquake:
STEP ACTION
1 Dial 9-1-1 to contact emergency services
2 Initiate evacuation procedures:
 Initiate a system wide backup to the off-site locations
 Initiate lockdown procedures of the facility so that no staff would stay in the
building until the fire and emergency services personnel give the “all clear”
 If the disaster happens during “off-hours” then the top tier managers will
initiate the “phone-tree” to advise subordinates of the plan of action
 If internet connection if available, then updates should be posted to
www.SammiesServices.com
3 Once the disaster has been cleared, notify authorities and emergency agencies (if
they are not already on the scene) depending on the damage to the facility and/or
injuries to any staff members.
4 Check connections to the off-site servers and if the connection is “in-service” then
start a restore from the last backup, but if it’s NOT “in-service” notify the Sr.
Engineer Manager to facilitate fixing the issue. Once the system has been restored
then check connections to clients and send out necessary recovery data.

6. 11/20/2015
5
Procedures for flood or water damage:
STEP ACTION
1 Assess the situation and determine if outside assistance is needed, if so call 9-1-1
to contact emergency services
2 Initiate evacuation procedures:
 Initiate a system wide backup to the off-site locations
 Initiate lockdown procedures of the facility so that no staff would stay in
the building until the fire and emergency services personnel give the “all
clear”
 Volunteers will gather supplies to fill and stack sandbags around the
building foundation, highest at entrance and exit points
 If the disaster happens during “off-hours” then the top tier managers will
initiate the “phone-tree” to advise subordinates of the plan of action
 If internet connection if available, then updates should be posted to
www.SammiesServices.com
3 Once the disaster has been cleared, notify authorities and emergency agencies (if
they are not already on the scene) depending on the damage to the facility and/or
injuries to any staff members.
4 Check connections to the off-site servers and if the connection is “in-service” then
start a restore from the last backup, but if it’s NOT “in-service” notify the Sr.
Engineer Manager to facilitate fixing the issue. Once the system has been
restored then check connections to clients and send out necessary recovery data.

7. 11/20/2015
6
Procedures for Denial of Service Attack:
STEP ACTION
1 Alert the CEO/Chief IT Manager, and VP IT Manager to the problem.
Determine the cause of the outage and timeframe of recovery.
2 If the IP address can be known, then simply block that IP address. Our
company has a dynamic list of known IP addresses, and any unknown should be
researched. If it cannot be verified to be a new client then it should be added to
the list of blocked IP addresses.
If an attack begins to overload the servers then switch to an alternate site with
an alternate IP addresses and MAC addresses. If this occurs then the clients
should be alerted by their account managers to reboot their systems so they
could reestablish a connection to our servers.
3 Initiate restore from last known good configuration from an off-site location
4 Check connections to the off-site servers and if the connection is “in-service” then
start a restore from the last backup, but if it’s NOT “in-service” notify the Sr.
Engineer Manager to facilitate fixing the issue. Once the system has been
restored then check connections to clients and send out necessary recovery data.
All clients should be alerted when all systems have been completely restored.

8. 11/20/2015
7
Conclusion:
In the event of a natural disaster, flood/water damage, fire or earthquake, or Denial of
Service (DoS/.DDoS) cyberattack this plan should be used for keeping our client based
services working. In order to keep our company from having an excessive amount of
downtime hence possibly losing clients this plan should be strictly followed.
All employees involved in the creation of this plan are the top tier managers and should
create an environment of acceptance of this policy. It is the responsibility of management to
test each divisions’ readiness and compliance with this plan. Any division that does not meet
compliance will be required to go through a training program.

9. 11/20/2015
8
Work Cited
Kirvan, Paul. “Using a business continuity plan template: A free
business continuity template and guide”. 28 April 2009.
Web, 17 Nov 2015.