37 Church Hill Rd East Barnet, EN4 8SY, UK
Prepared for the Unexpected
All Services 4U is committed to maintaining the continuity of our services to clients and residents, even in the face of disruption. We recognise that our clients depend on us for essential property maintenance and compliance services, and that interruption to these services could have serious consequences for resident safety and regulatory compliance. This Business Continuity Policy sets out our approach to preparing for, responding to, and recovering from disruptive events.
This policy applies to all employees, directors, officers, contractors, and anyone involved in the delivery of our services.
Our Commitment
We are committed to:
- Resilience — Building the capability to withstand and adapt to disruption
- Preparedness — Planning for potential disruptions before they occur
- Response — Responding quickly and effectively when incidents happen
- Recovery — Restoring normal operations as rapidly as possible
- Communication — Keeping stakeholders informed throughout any disruption
- Continuous Improvement — Learning from incidents and testing to improve our capabilities
Scope
This policy covers:
- All business operations and locations
- All services we deliver to clients
- All employees, contractors, and subcontractors
- Critical suppliers and third parties
- IT systems and infrastructure
- Premises and facilities
- Communication systems
Business Continuity Objectives
Our business continuity objectives are:
| Objective | Target |
| Protect life and safety | Priority in all situations |
| Maintain critical services | Resume within defined recovery times |
| Protect company reputation | Transparent and professional response |
| Meet contractual obligations | Minimise client impact |
| Protect information and assets | Prevent loss and damage |
| Comply with regulations | Maintain regulatory compliance |
| Support employees | Ensure welfare and communication |
| Recover fully | Return to normal operations |
Business Continuity Framework
Our business continuity framework is based on ISO 22301 principles.
Framework Components
| Component | Description |
| Policy | This document — sets out our approach and commitment |
| Business Impact Analysis | Identifies critical activities and recovery priorities |
| Risk Assessment | Identifies threats and vulnerabilities |
| Business Continuity Plans | Documented response and recovery procedures |
| Incident Management | Processes for managing disruptive incidents |
| Testing and Exercising | Regular testing of plans and capabilities |
| Training and Awareness | Ensuring people know their roles |
| Review and Improvement | Continuous improvement cycle |
Critical Business Activities
We have identified our critical business activities and their recovery requirements.
Critical Activities
| Activity | Description | Recovery Priority |
| Emergency repairs | 24/7 emergency response for gas leaks, floods, security | Critical — immediate |
| Gas safety services | CP12 certification, gas repairs, CO response | Critical — within 24 hours |
| Fire safety services | Fire alarm response, emergency lighting, fire door repairs | Critical — within 24 hours |
| Electrical safety | Electrical faults, safety hazards | Critical — within 24 hours |
| Water hygiene | Legionella response, water system failures | High — within 48 hours |
| Planned maintenance | Scheduled PPM services | Medium — within 1 week |
| Compliance management | Certificate tracking, documentation | Medium — within 1 week |
| Finance and payroll | Payments to staff and suppliers | High — within 48 hours |
| Client communication | Updates, enquiries, reporting | High — within 48 hours |
Recovery Time Objectives (RTO)
| Priority | Recovery Time Objective |
| Critical | Within 4 hours |
| High | Within 24-48 hours |
| Medium | Within 1 week |
| Low | Within 2 weeks |
Recovery Point Objectives (RPO)
| Data Type | Recovery Point Objective |
| Financial data | Maximum 24 hours data loss |
| Compliance certificates | Maximum 24 hours data loss |
| Job management system | Maximum 4 hours data loss |
| Email and communications | Maximum 24 hours data loss |
Risk Assessment
We assess risks that could disrupt our operations.
Threat Categories
| Category | Examples |
| Natural events | Severe weather, flooding, pandemic |
| Technological | IT failure, cyber attack, power outage, telecoms failure |
| Human | Staff illness, key person unavailability, industrial action |
| Physical | Fire, building damage, denial of access |
| Supply chain | Supplier failure, material shortages |
| External | Civil unrest, terrorism, regulatory change |
Risk Assessment Process
For each threat, we assess:
- Likelihood of occurrence
- Potential impact on operations
- Existing controls and mitigations
- Residual risk level
- Additional actions required
Key Risks and Mitigations
| Risk | Likelihood | Impact | Key Mitigations |
| IT system failure | Medium | High | Cloud systems, backups, disaster recovery |
| Cyber attack | Medium | High | Security controls, backups, incident response |
| Loss of premises | Low | High | Remote working, alternative locations |
| Key staff unavailability | Medium | Medium | Cross-training, succession planning |
| Pandemic/widespread illness | Medium | High | Remote working, hygiene measures, PPE |
| Severe weather | Medium | Medium | Flexible scheduling, route planning |
| Supplier failure | Low | Medium | Multiple suppliers, stock holding |
| Vehicle fleet loss | Low | Medium | Insurance, hire arrangements |
| Power/telecoms failure | Low | Medium | Mobile devices, alternative connectivity |
Business Continuity Plans
We maintain documented plans for responding to disruptions.
Plan Structure
| Plan | Scope |
| Incident Management Plan | Overall coordination and escalation |
| IT Disaster Recovery Plan | IT systems and data recovery |
| Premises Continuity Plan | Loss of or denial of access to premises |
| Pandemic Response Plan | Widespread illness affecting workforce |
| Severe Weather Plan | Disruption from weather events |
| Supply Chain Continuity Plan | Supplier or material failures |
| Communication Plan | Stakeholder communication during incidents |
Plan Contents
Each plan includes:
- Activation criteria and triggers
- Roles and responsibilities
- Escalation procedures
- Response actions and checklists
- Resource requirements
- Communication templates
- Recovery procedures
- Return to normal operations
Plan Ownership
| Plan | Owner | Deputy |
| Overall business continuity | Managing Director | Operations Director |
| IT Disaster Recovery | IT Manager | [Deputy] |
| Premises Continuity | Facilities Manager | [Deputy] |
| Operations Continuity | Operations Director | [Deputy] |
Incident Management
We have clear procedures for managing disruptive incidents.
Incident Classification
| Level | Description | Examples |
| Level 1 — Critical | Major impact, business-wide disruption | Total IT failure, premises destroyed, major cyber attack |
| Level 2 — Significant | Significant impact, multiple functions affected | Partial IT failure, key system unavailable, significant staff absence |
| Level 3 — Minor | Limited impact, single function or location | Single system failure, localised issue, minor supplier problem |
Incident Management Team
For significant incidents, we activate an Incident Management Team (IMT):
| Role | Responsibilities |
| Incident Manager | Overall coordination, decision-making |
| Operations Lead | Service delivery continuity |
| IT Lead | Technology response and recovery |
| Communications Lead | Stakeholder communication |
| HR Lead | Staff welfare and resources |
| Finance Lead | Financial decisions and payments |
Incident Response Process
Phase 1: Alert and Activation
- Incident reported and logged
- Initial assessment of severity
- Incident Manager notified
- Decision to activate business continuity plans
- Incident Management Team convened if required
Phase 2: Response
- Immediate actions to protect life and safety
- Containment actions to limit damage
- Assessment of impact and recovery needs
- Activation of relevant continuity plans
- Resource mobilisation
- Stakeholder communication initiated
Phase 3: Recovery
- Recovery actions implemented
- Workarounds and interim solutions
- Progressive restoration of services
- Ongoing communication with stakeholders
- Monitoring of recovery progress
Phase 4: Return to Normal
- Full restoration of services
- Stand-down of incident management
- Post-incident review
- Lessons learned documented
- Plans updated based on learning
IT Disaster Recovery
Our IT systems are critical to service delivery.
IT Recovery Strategy
| Component | Strategy |
| Cloud systems | Hosted in resilient data centres with redundancy |
| Data backup | Daily backups with offsite/cloud storage |
| Cloud-hosted (Microsoft 365) with built-in resilience | |
| Job management | Cloud-hosted with regular backups |
| Telephony | Cloud-based phone system with mobile failover |
| Devices | Laptops and mobile devices for flexible working |
Backup Strategy
| Data | Frequency | Retention | Location |
| Critical business data | Daily | 30 days | Cloud + offsite |
| Databases | Daily | 30 days | Cloud + offsite |
| System configurations | Weekly | 90 days | Cloud |
| Continuous | 1 year | Cloud |
IT Recovery Procedures
| System | RTO | RPO | Recovery Method |
| 4 hours | 0 (continuous) | Cloud resilience | |
| Job management | 4 hours | 4 hours | Cloud restore |
| Finance system | 24 hours | 24 hours | Cloud restore |
| File storage | 24 hours | 24 hours | Cloud restore |
| Telephony | 4 hours | N/A | Cloud + mobile failover |
Cyber Incident Response
In the event of a cyber attack:
- Isolate affected systems
- Notify IT and Incident Manager
- Assess scope and impact
- Activate IT Disaster Recovery Plan
- Notify relevant authorities (ICO if data breach)
- Communicate with stakeholders
- Recover from clean backups
- Investigate root cause
- Implement additional controls
Premises Continuity
We plan for loss of or denial of access to our premises.
Premises Recovery Strategy
| Scenario | Response |
| Temporary denial of access | Remote working, use of alternative locations |
| Partial damage | Isolate affected areas, continue in unaffected areas |
| Total loss | Remote working, temporary premises |
Alternative Working Arrangements
| Function | Alternative Arrangement |
| Office staff | Work from home (laptops, cloud systems, VPN) |
| Call handling | Mobile phones, cloud telephony, outsourced overflow |
| Engineers | Continue from home/vehicles, direct to sites |
| Management | Work from home, alternative meeting locations |
| Stores/materials | Alternative suppliers, direct delivery to sites |
Alternative Premises
| Type | Arrangement |
| Emergency office space | Serviced office provider on standby |
| Meeting facilities | Hotels, serviced offices, client premises |
| Storage | Alternative depot, supplier storage |
Remote Working Capability
All office staff are equipped to work remotely:
- Laptops with VPN access
- Cloud-based applications
- Mobile phones
- Video conferencing
- Access to job management and email
- Secure remote access
Workforce Continuity
We plan for significant staff unavailability.
Workforce Risks
| Risk | Mitigation |
| Key person unavailability | Cross-training, documented procedures, succession planning |
| Widespread illness | Remote working, staggered shifts, hygiene measures |
| Industrial action | Staff engagement, contingency resources |
| Skills shortage | Agency arrangements, subcontractor relationships |
Key Roles and Deputies
| Key Role | Deputy |
| Managing Director | Operations Director |
| Operations Director | Senior Operations Manager |
| Finance Director | Finance Manager |
| IT Manager | External IT support provider |
| Compliance Manager | Senior Administrator |
Cross-Training
- Critical functions have multiple trained staff
- Documented procedures for key activities
- Regular knowledge sharing
- Succession planning for key roles
External Resources
| Resource | Purpose |
| Agency engineers | Supplement workforce if needed |
| Subcontractors | Additional capacity for specific trades |
| Temporary staff | Office and administrative support |
| External IT support | Technical support and recovery |
Supply Chain Continuity
We manage supply chain risks.
Critical Suppliers
We have identified suppliers critical to our operations:
| Category | Examples | Criticality |
| Materials | Plumbing, electrical, building materials | High |
| Vehicle fleet | Lease company, fuel | High |
| IT services | Hosting, software, support | High |
| Subcontractors | Specialist trades | Medium |
| Utilities | Electricity, gas, water, telecoms | Medium |
| Professional services | Accountants, legal | Low |
Supply Chain Mitigations
| Risk | Mitigation |
| Single supplier dependency | Multiple approved suppliers for critical items |
| Supplier failure | Financial checks, alternative suppliers identified |
| Material shortages | Stock holding of critical items, early warning monitoring |
| Price volatility | Framework agreements, price monitoring |
| Delivery delays | Safety stock, alternative suppliers, direct delivery |
Supplier Relationships
- Key supplier relationships documented
- Emergency contact details maintained
- Regular supplier reviews
- Supplier business continuity assessed
- Contractual provisions for continuity
Communication
Effective communication is essential during disruptions.
Communication Principles
- Timely — communicate early and often
- Accurate — provide factual, verified information
- Consistent — single source of truth
- Appropriate — tailor messages to audience
- Two-way — listen and respond to concerns
Stakeholder Communication
| Stakeholder | Communication Method | Responsibility |
| Employees | Email, phone, text, team briefings | HR Lead |
| Clients | Phone, email, account managers | Operations Lead / Account Managers |
| Residents | Via clients, direct contact where appropriate | Operations Lead |
| Suppliers | Phone, email | Procurement / Operations |
| Regulators | Phone, email, formal notification | Compliance Manager |
| Media | Press statements (if required) | Managing Director |
| Insurers | Phone, written notification | Finance Lead |
Communication Templates
We maintain templates for:
- Staff notification messages
- Client notification letters
- Supplier notifications
- Holding statements
- Recovery updates
Contact Information
We maintain up-to-date contact lists:
- Employee emergency contacts
- Client contacts (multiple per client)
- Supplier emergency contacts
- Subcontractor contacts
- Regulatory body contacts
- Insurer contacts
- Emergency services
Out-of-Hours Communication
- On-call manager rota for 24/7 response
- Emergency contact number for critical issues
- Escalation procedures documented
- Mobile phones for key personnel
Pandemic Response
We have specific arrangements for pandemic situations.
Pandemic Response Measures
| Phase | Actions |
| Monitoring | Monitor public health guidance, assess risk |
| Preparation | PPE stock, remote working preparation, communication plans |
| Response | Implement controls, remote working where possible, prioritise critical services |
| Recovery | Phased return to normal, lessons learned |
Control Measures
| Measure | Implementation |
| Remote working | Office staff work from home |
| Social distancing | Reduced office capacity, spacing |
| Hygiene | Hand sanitiser, enhanced cleaning |
| PPE | Masks, gloves as required |
| Health monitoring | Self-assessment, isolation if symptomatic |
| Vaccination | Encourage and support vaccination |
| Testing | Access to testing where available |
Service Prioritisation
During severe workforce shortage:
- Priority 1: Emergency repairs, gas safety, fire safety
- Priority 2: Other safety-critical services
- Priority 3: Urgent repairs
- Priority 4: Planned maintenance
Severe Weather Response
We plan for disruption from severe weather.
Weather Risks
| Event | Impact | Response |
| Snow/ice | Travel disruption, site access | Rescheduling, remote working, gritting |
| Flooding | Site access, property damage | Alternative routes, emergency response |
| High winds | Dangerous working conditions | Postpone external work, safety first |
| Heatwave | Health risks, working conditions | Early starts, welfare measures |
| Cold snap | Frozen pipes, heating failures | Increased demand, prioritisation |
Weather Monitoring
- Daily weather forecast review
- Met Office warnings monitored
- Proactive rescheduling when warnings issued
- Communication with clients about potential delays
Winter Preparedness
- Gritting of depot and parking areas
- Winter equipment for vehicles
- Cold weather PPE for operatives
- Frozen pipe response procedures
- Increased parts stock for heating repairs
Testing and Exercising
We regularly test our business continuity arrangements.
Testing Programme
| Test Type | Frequency | Scope |
| Plan review | Annual | All plans reviewed and updated |
| Walkthrough | Annual | Talk through plans with key personnel |
| Tabletop exercise | Annual | Scenario-based discussion exercise |
| Functional test | Annual | Test specific capabilities (e.g., IT recovery) |
| Full exercise | Every 2 years | Simulated incident with plan activation |
Test Objectives
- Validate plans are current and effective
- Identify gaps and weaknesses
- Train staff in their roles
- Test communication and coordination
- Verify recovery capabilities
Test Records
- Test objectives and scope documented
- Outcomes and observations recorded
- Issues and improvement actions logged
- Follow-up actions tracked to completion
- Lessons incorporated into plans
Training and Awareness
We ensure people understand their business continuity roles.
Training Programme
| Training | Audience | Frequency |
| Business continuity awareness | All employees | Induction + annual |
| Incident management | Incident Management Team | Annual |
| Plan-specific training | Plan owners and deputies | Annual |
| Crisis communication | Communications team | Annual |
| IT disaster recovery | IT team | Annual |
Awareness Activities
- Policy communication to all staff
- Regular reminders and updates
- Lessons learned from incidents shared
- Participation in exercises
Roles and Responsibilities
Managing Director
- Overall accountability for business continuity
- Final decision-making during major incidents
- Resource allocation for continuity capabilities
- Annual review and approval of policy
Operations Director
- Day-to-day responsibility for business continuity
- Chair of Incident Management Team
- Ensuring plans are in place and tested
- Reporting on continuity performance
Plan Owners
- Maintaining and updating assigned plans
- Ensuring team awareness and training
- Participating in tests and exercises
- Implementing improvements
All Managers
- Understanding business continuity plans
- Ensuring team awareness
- Participating in exercises
- Reporting incidents and concerns
All Employees
- Understanding their role during disruptions
- Following instructions during incidents
- Reporting potential issues
- Participating in training and exercises
Insurance
We maintain insurance to support recovery.
Insurance Coverage
| Insurance | Purpose |
| Business interruption | Loss of income during disruption |
| Property | Building and contents damage |
| Computer/cyber | IT losses, cyber incident costs |
| Employers’ liability | Employee injury claims |
| Public liability | Third-party claims |
| Professional indemnity | Professional negligence claims |
| Motor fleet | Vehicle damage and replacement |
Insurance Claims
- Report potential claims to Finance Lead immediately
- Document losses and damage
- Preserve evidence where possible
- Cooperate with insurers
- Maintain records of additional costs
Continuous Improvement
We continuously improve our business continuity capabilities.
Improvement Sources
- Post-incident reviews
- Exercise findings
- Audit and assessment results
- Near-miss analysis
- Industry best practice
- Regulatory changes
- Client feedback
Post-Incident Review
After any significant incident:
- Review meeting held within 2 weeks
- What happened and timeline
- What went well
- What could be improved
- Root cause analysis
- Actions assigned and tracked
- Plans updated based on lessons
Performance Indicators
| Indicator | Target |
| Business continuity plan coverage | 100% of critical activities |
| Plan review completion | Annual, 100% compliance |
| Test/exercise completion | As per schedule |
| Training completion | 100% of relevant staff |
| Incident response time | Within defined escalation times |
| Recovery within RTO | 100% of incidents |
Compliance and Audit
Regulatory Requirements
We meet business continuity requirements in:
- Client contracts (SLA commitments)
- ISO 9001 (quality management)
- ISO 27001 principles (information security)
- Data protection (availability of personal data)
- Industry regulations
Audit
| Audit | Frequency |
| Internal business continuity review | Annual |
| Client audits (as required) | Per contract |
| External assessment | Every 2-3 years |
Policy Review
This policy is reviewed annually and updated to reflect:
- Changes in business operations
- Lessons learned from incidents and exercises
- Changes in risks and threats
- Audit findings
- Regulatory and client requirements
- Best practice developments
Related Documents
This policy should be read in conjunction with:
- IT Disaster Recovery Plan
- Incident Management Plan
- Pandemic Response Plan
- Severe Weather Plan
- Premises Continuity Plan
- Communication Plan
- Health and Safety Policy
- Cyber Security Policy
- Data Protection Policy
Approval
This Business Continuity Policy has been approved by the Managing Director.
Signed:
[Name] Managing Director All Services 4U
Date: [Date]
Review Date: [Date + 1 year]
Contact
Business Continuity Lead Email: continuity@allservices4u.co.uk Phone: [Phone number]
Incident Reporting (24-hour) Phone: [Emergency number]
Quick Reference
Incident Reporting
Report any disruption or potential disruption immediately:
Phone: [Emergency number] Email: incidents@allservices4u.co.uk
Critical Services
| Service | Recovery Target |
| Emergency repairs | Immediate |
| Gas safety | Within 24 hours |
| Fire safety | Within 24 hours |
| Electrical safety | Within 24 hours |
Key Contacts
| Role | Name | Phone |
| Incident Manager | [Name] | [Number] |
| Operations Lead | [Name] | [Number] |
| IT Lead | [Name] | [Number] |
Your Role
✓ Know your responsibilities during disruptions
✓ Report incidents and potential issues immediately
✓ Follow instructions from the Incident Management Team
✓ Keep your contact details up to date
✓ Participate in training and exercises
✓ Be flexible and adaptable
All Services 4U is committed to maintaining services to our clients even in challenging circumstances. Our business continuity arrangements ensure we are prepared, can respond effectively, and recover quickly from disruptions.