Business Continuity Strategy
This document provides the strategy of the approach taken by Ultima Business Solutions Limited (‘Ultima’), to the development and implementation of an appropriate business continuity framework, to ensure the company’s continuing ability to deliver services to its customers.
Business continuity management has two fundamental aims:
Building resilience to disruption.
Developing the capability for an effective response that safeguards the interests of its interested parties, reputation, brand and value-creating activities.
In designing this strategy, Ultima has made the assumptions that:
By adopting a cloud strategy with trusted vendors, with a robust history of up-time, the risk of Ultima’s key systems being unavailable for more than a 12-hour period will be minimal.
No disruptive situation will simultaneously disable the cloud-based systems, the Ultima computer systems based at Gainsborough House, Manor Park, Reading, RG2 0NA and the nominated alternative datacentre to be used by network operations.
Sufficient staffing levels are available to be able to fulfil the needs of providing a basic level of functionality.
The following principles support the delivery of the objective and strategic aims of business continuity management for Ultima operations:
A Policy has been developed which shall be maintained to provide management direction and support business continuity, in accordance with business requirements and relevant laws and regulations;
The business continuity response shall be focused on the identified business requirements for the recovery of prioritised activities;
Strategic responses shall be designed to deal with identified disruptive situations
Identified risks shall be assessed and either accepted or action taken to reduce or remove the risk. These shall be managed within the Risk Register; Plans shall be developed and maintained for:
The management of the response to disruption;
Each of the prioritised business activities deemed critical.
All Ultima staff able to work remotely (due to the nature of their work) already have laptop computers and can maintain an acceptable and uninterrupted level of service without corporate office facilities.
Ultima’s CRM and Finance systems are cloud based, with a very minimal level of HR and warehousing information retained on an on-premise platform, deployed on high availability infrastructure. Key business and customer data shall be stored in an appropriate CRM and or ITSM solution which shall be cloud based.
All third parties providing systems or services that support the identified critical activities shall have service level agreements and adequate business continuity arrangements in place, to ensure continuity of operation.
Ultima has defined a Business Continuity Strategy and Business Continuity Plan relevant to the business in general and to support service delivery to Ultima’s Managed Service customers. The Ultima strategy and plan may not meet the recovery time objectives or recovery point objectives of a specific customer system.
Where identified by the customer, Ultima will work with customers to architect redundancy in their systems to meet their RTO/RPO specifications.
The scope of this Business Continuity Strategy shall extend to all employees and teams, unless the employee works permanently at a customer site, and they agree that their business continuity arrangements shall take precedence.
This Business Continuity Strategy shall work in conjunction with Ultima’s Business Continuity plan.
The Chief Executive Officer has overall responsibility for ensuring that all parts of the company have appropriate business continuity arrangements in place and for approving this strategy.
The Board is responsible for this document and shall provide staff with appropriate education and training thereon.
The Board is responsible for ensuring that appropriate service level agreements, resilience, recovery and response mechanisms are in place in respect of the third-party services.
Departmental managers, in conjunction with the Board, shall be responsible for implementing and communicating this document and the associated processes.
Are responsible for maintaining awareness of this document and the associated processes.