Crisis & Risk Management PlanOverview

Michael Steedman 27/10/2017

This document contains information of what to do in a crisis affecting the company and to minimise the impact on its customers. Copies of this document are controlled.

Test Valley Limited

Date of Issue: 4th February 2015 (Revised 27/10/2017)

Issue Number: TVP/0004

Author: Michael Steedman

Telephone: 01722 414 800

Email: michael@testvalleypkg.co.uk

Fire Evacuation Plan: \\SBS\public\RLB ADMIN\Health & Safety\fire.

Health & Safety Policy: www.testvalleypkg.co.uk/userfiles/downloads/10/

This crisis management plan has been approved by:

Jerry Steedman (Managing Director)

Rob Barry (Facilities Manager)

Test Valley Limited

Copy Number: Name: Department:

TVP/004.01 Rob Barry Admin

TVP/004.02 Jerry Steedman Purchasing

TVP/004.03 Dave Murray Warehouse Unit 1.

Crisis & Risk Management PlanTest Valley Packaging

Distribution Record

References and Related Documents

Media

1. 0.

2. 0.

3. 0.

NOTE TO ALL STAFF: In the event of a crisis, unless you have been authorised DO NOT speak to the Media. Please refer all Media enquiries to the Managing Director or the person appointed by the Managing Director. It is important that the Media are kept updated with accurate information. There should only be one spokesman for the company.

Page 1

A crisis is a LOW PROBABILITY, HIGH IMPACT event and can cause a lot of damage to a company. The management team has carried out procedures across the company for identifying threats to assets and functions and has analyzed our exposure to risk. Disruptions come in all shapes and sizes and no organization is immune. Examples of causes of disruption that could affect our business are fires, floods technology failure, supplier failure and business crime. On a wider scale, as we often see in the press, events such as terrorism, pandemics and fuel protests do occur.

Business Continuity Management does look to minimise the risks these incidents occurring though Risk Assessment; however if they do occur then the consequences could affect:

The above assets are valuable to a business, and if one or more of these assets is affected then the smooth running of our business could be at risk.

This plan will provide Test Valley Limited with guidelines to minimise the effects of unexpected disruption or emergencies, and ultimately maintain continuity of supply to key customers.

This plan will be reviewed regularly to ensure all critical aspects of the company’s work andactivities are recoverable or transferable within 24 hours.

In the event of any procedures being amended, it is the responsibility of each manager to inform the plan author of the necessary amendments to the plan, which will then be incorporated and distributed to all plan holders.

Introduction & Overview4. 0.

Aim5. 0.

6. 0. Objective

7. 0. Management Statement

• Buildings and facilities• Staff• Technology and communications• Data• Supply Chain• Equipment

• To define and prioritise the critical functions of the business• To analyze the risks of partial or total failure• To detail the agreed response to an emergency• To identify key contacts during an emergency

Page 2

7. 0. Executive Summary

Test Valley Limited is in a strong position to cope with crisis. Operating out of three separate buildings (two on the same site) with spare office space in unit 2, (which has all servicesconnected including separate broadband and telephone lines) gives many advantages.

It is company policy to store key products across at least two buildings to ensure continued supply to our customers.

Fire & Flood

Due to the nature of the product we sell there is a medium fire risk and a fire incident has a very high probability of being totally devastating in terms of damage. However, because Test Valley Limited have multiple warehouse and office facilities with I.T. Back up, the potential impact of disruption to business operations from fire is significantly reduced. All fire regulations including fire fighting equipment, evacuation plans etc. are complied with and with Health & Safety procedures are audited every 6 months by Eliss Whittham to ensure compliance. A monitored fire alarm is operational at all times. All buildings are outside the flood plain areas.

Security

All three buildings have intruder alarms, including a perimeter alarm and motion detectors in the offices. Intruder alarms are monitored by an outside security company. All external doors are steel security doors with high security locks. Unit 1 (offices) has security shutters/grills on all ground floor windows. The yard area where vehicles are parked overnight is flood lit and has 2.4 meter security fence all round.

Fraud & Default

Risk of fraud has been identified when customers pay by card over the phone. There are strict procedures that should be followed when processing card payments. Following these processes will eliminate this risk. Every customer who is given a credit account has to pass various tests as dictated by our credit insurer. Processes are in place to ensure credit insurance claims are made within the required time frames.

I.T. and Broadband

Broadband is supplied under contract by Aspire Technology Solutions who are contracted to give immediate remote back up, Aspire Technology Solutions also give Test Valley Limited redundant capability with an ADSL line to back-up. This provides a bandwidth of 20Mb scalable up to 100Mb if needed.

All data has an hourly off-site back-up, plus a daily off-site back-up. An on-site hard-drivemaintains a copy of the server settings to allow rapid configuration of a new server if needed.No specialist stationery is needed for printing off picking/delivery notes.

Page 3

Logistics

In case of road fuel shortage Test Valley Limited has a bunded fuel tank in a secure building for use by the delivery vehicles. This always has a minimum of 1000 liters of road fuel available on standby.

All delivery vehicles are on a maintenance schedule with Adams Morey to ensure legal compliance and to carry out preventative maintenance. Adams Morey provides a very good vehicle breakdown support service. Test Valley Limited has a policy of regularly replacing older vehicles in order to maintain a modern delivery fleet. All delivery vehicles have tracking devices fitted.

Seasonal and exceptional demand

Test Valley Limited apportions equal weight to the potential disruption caused to customers as a result of stock outs as any other disruption or failure, and plan accordingly. As part of risk management planning Test Valley Limited have a policy of setting minimum stock levels to match peak customer demands at all times throughout the year. Careful liaison is undertaken with customers in the event of the supply of any new line or lines being contracted to Test Valley Limited.

Seasonal and exceptional demand forecasts are communicated to all relevant departments to ensure these departments are sufficiently resourced. Changes to usage patterns are automatically tracked and stock levels revised as necessary.

As a matter of policy Test Valley Limited guides customers towards the use of standard size stock products (for which Test Valley Packaging has more than one supplier) to minimise risk and disruption in the event of a product shortage or manufacturer failure.

Supply Chain

For key products it is company policy to have at least two suppliers. Regular credit checks are carried out on key suppliers. Under our ISO9001:2000 quality system, non conformances are recorded against suppliers who will be removed from the Test Valley Limited Approved Supplier List (ASL) if adequate corrective action is not taken by them.

Test Valley Packaging has a policy of only buying from suppliers on their ASL with whom we have a good relationship, and who have supplied consistent quality products for long period of time. Bytaking this approach TVP are able to focus their quality control on new suppliers who are in the process of qualifying for inclusion on the ASL. Any quality issues are taken seriously and dealt with promptly. The results of investigations are reported back to the customer if appropriate.

This Business Continuity Plan is ‘work-in-progress’ and is regularly reviewed and updated. It is the aim of the management team to manage risk in all functions of the business and to carry out staff training, to ensure that any potential crisis are prevented or the impact of a crisis incident are minimised.

Please Note:Important Information in this plan:Contact Numbers – Page 5Notification tree – Page 10Emergency checklist – Page 11

Page 4

Key Contacts

Management Team

External IT Support

HR & Finance

External Logistics Support

Jerry SteedmanManaging Director

Road FuelCertas Energy

Employment LawEllis Whittam Ltd

VISMAMatt Benfield

Ian SteedmanFinance Director

Alarm System - FireDorset Fire protection

BroadbandAspire Techology Solutions

Robert BarryFacilities Manager

Alarm system (Watt road)Wessex Fire & Security

General I.T.Jim Aitkin

Greg BallOperations Manager

Security MonitoringVenture Security

Michael SteedmanMarketing Director

ForkliftsAndover Fork Truck Services

SolicitorsRichard Griffiths

Balanced Solutions (Server)Roger Twine

Richard SteedmanSales Director

Vehicle SupportAdams Morey

AccountantsMoore Stephens

Page 5

10. 0.Define and prioritise the critical functions of the business.

Vulnerability Analysis Chart

Type of Emergency Probability

Business Impact

Risk Score

MitigationRequired

Fire Low High Medium Monitored fire alarm. 3 separate warehouses with a policy of stocking key product across 2 sites. High security. Maintenance of statutory fire fighting equipment and training. Unit 2 has spare office space sufficient to accommodate office staff. This has broadband and an analogue line to divert phone calls to.

Flooding Low Medium Low Main threat is from burst pipes. Heating is left on when building is empty in cold weather. All buildings outside flood plain areas.

CrimeActivity

Medium Low Low Unit 1 (ADMIN) has security shutters and all units have steel security doors. Perimeter and motion alarm in all buildings monitored by a security company. Bunded fuel tank is inside a secure building. Yard area where vehicles are parked has an 8 feet high security fence with flood lighting with motion sensor alarms and monitored CCTV.

Loss ofKey Staff

Medium Low Low Cross training is carried out to ensure key tasks can be carried out without key staff.

TelephoneFailure

Low Medium Medium Divert to mobile phones. Analogue line available for short term diversion.

Loss ofElectricity

Low High Medium Battery back-up of minimum 15 minutes allowing a controlled shut down.

I.T. Failure(Virus)

Low High Medium Firewalls are in place, on the server, and on individual PC’s to prevent virus attack.

I.T. FailureVISMA(ERP)

Low High Medium VISDATA provides remote support to address most problems. On-site support is available within hours if needed.

I.T. FailureSuper Office

(CRM)

Low High Medium SUPEROFFICE provides support.

I.T. FailureServer(Virus)

Low Medium Low A new server can be acquired within 6 hours and thehourly back-up has a copy of the configuration allowing rapid set-up of a new server.

Loss ofData

Medium Medium Medium Two separate back-ups are carried out, one is hourlyand one is daily.

BroadbandFailure

Low Medium Low Broadband is supplied via a leased line which has a

redundant capability. Aspire Technology Solutions are

contracted to give immediate remote back up.

RoadAccessBlocked

Low Medium Low There are a number of routes to TVP so this scenario is unlikely and would be short-lived due to the public importance of the access.

High Medium High HighMedium Low Medium High

Low Low Low MediumLow Medium High

Impa

ct

ProbabilityPage 6

Business Asset Tolerance Levels

Tolerance Level Definition Asset or Function

Critical Requires redundant capabilities to operate. Tolerance is very low. Cost of interruption is very high.

Server Broadband

Vital Function can be performed manually for only a very brief period of time.Higher tolerance to interruption.Lower costs.Significant catching up would be required.

VISMA ERP systemTelephone system

Sensitive Function can be performed manually for only a brief period of time.High tolerance to interruption.Low costs.Considerable catching up would be required.

PrinterComputer (PC)Super office CRM systemDelivery vehicles x 7Fax machineForklifts x 3

Non-critical Function may be interrupted for an extended period of time.Little or no cost.Little or no catching up would be required.

PhotocopierElectronic Scoreboard

Page 7

The following business impact analysis is an assessment of the impacts upon the organisation in the event of losing individual critical components/work areas. An impact analysis form has been completed below as an example. Blank copies are available from the Admin Director.

Function: Accounts Department

Location / Address Watt Road, Churchfields Industrial Estate, Salisbury. SP2 7UDNumber of Staff 3

Duration If this function failed, what would the impact be within each timescale?

24 Hours As far as orders being fulfilled it would be minimal as personnel in the Operations Dept. can release accounts on stop and sufficient information is made generally available to facilitate a decision whether to hold an order by any member of the management team.

3 Days Ditto

1 Week There will be problems with account payments not being processed and noted on the ledger. Customers may be held on stop even though they have made a payment.

4 Weeks Cash-flow will be impacted. Suppliers haven’t received payment so Purchasing cannot replenish stocks. Accounts statements to customers will not be sent out. Overdue accounts are not chased for payment. Credit notes and account queries will not be processed. There will be acute customer dissatisfaction and frustration.

2 Months (or more)

Business will be paralyzed due to lack of cash, stock and credibility with customers. Customers will be looking elsewhere for packaging supplies. Negative publicity from the press and social media. Key staff may look elsewhere for jobs.

Who you depend upon to deliver this function? (list parties / suppliers / stakeholders)

Who is dependent upon this function? (list key customers / stakeholders)

Ian Steedman (Finance Director)Barbara Lowres (Accounts Manager)Kathleen Reynolds (Accounts)

All customersPurchasingOperationsPartners / MembersSales & Marketing

Page 8

What information do we need and will we access it?(i.e. Microsoft software, VISMA, Super Office CRM, Adobe Creative Suite ect...)

Information / Records Hardcopy / Computerised Software needed toaccess files

Location of backup copies

Sales Ledger Computerized VISMA ERP Off-site (ask Managing Director)

Purchase Ledger Computerized VISMA ERP Off-site (ask Managing Director)

customer contact records

Computerized Super Office CRM Off-site (ask Managing Director)

Duration What equipment do you require to deliver this function? (i.e. computers, desks, chairs, stationary, forms, telephones and lines, ect...)

Equipment Units

24 hours Computers, desks and chairs, access to Visma accounting system software. Office space

3

3 days Ditto1 week Ditto4 weeks Ditto2 months (or more) Ditto

Business Impact Analysis - continued

Duration What staff or skills do we require to deliver this critical function?

Number of Staff Skills required by staff

24 hours 1 High level of expertise in the Visma software, and thorough knowledge of processes.

3 days 2 As above.1 week 24 weeks 3 Finance Director will be needed to oversee cash- flow and

payments to suppliers.

2 months (or more)

How long, if at all could our Business operate without this function 1 week maximum

Assessment carried out by: Michael Steedman

Assessment completed on: 27th October 2017

Where will this function relocate to if access were denied to the normal place of operations?

Unit 2 Watt Road where there are spare offices. However 90% of this function can be carried out remotely providing the Operations Dept. are functioning and able to liaise with Accounts.

Page 9

11. 0. Notification Tree

TVP staff member (potential or actual crisis in progress)

Managing Director

Member of the management

team

TeamLeaders

EmergencyServices

All TVP staff Sub contractors

Issue statement to the media(if needed)

In the event of a crisis, or a situation which, if left, would become a crisis, then the Managing Director should be notified. If he/she cannot be contacted then one of the management team should be advised.

The MD (or management team member) will advise Team Leaders and issue instructions, and will confirm that, where appropriate, that the emergency services have been called. A media statement will be drafted and sent if needed.

Page 10

12. 0.

13. 0.

Emergency Response Checklist

Log of Actions Taken

Action Tick

Consider the welfare of staff and visitors

Start a log of actions taken

Liaise with Emergency services if appropriate

Identify any damage

Identify functions disrupted

Convene response/recovery team

Provide information to staff

Decide on a course of action

Communicate decisions to staff and stakeholders

Provide public information to maintain reputation and business

Agree a debrief

Review Business Continuity Plan

Action By: Time:

Page 11