Question: Besides HIPAA, for which other compliance regulations I can use these templates?
Answer: As per research document published by Gartner in July 2005, Gartner analysts looked at four industry sectors — healthcare, government, finance, and utilities— to determine which laws and regulations most influenced Business Continuity Planning and Disaster Recovery Plan in these sectors.

  1. Health Insurance Portability and Accountability Act (HIPAA) of 1996
  2. Food and Drug Administration (FDA) Code of Federal Regulations (CFR), Title XXI, 1999
  3. Sarbanes-Oxley Act (SOX) 2002
  4. Federal Information Security Act (FISMA) of 2002
  5. Title III of the E-Government Act of 2002 (PL 107-347, 17 December 2002)
  6. COOP and Continuity of Government (COG). Federal Preparedness Circular 69, 26 July 1999
  7. Federal Financial Institutions Examination Council (FFIEC) Handbook, 2003-2004
  8. Basel II, Basel Committee on Banking Supervision,
  9. Governmental Accounting Standards Board (GASB) Statement No. 34, June 1999
  10. International Organization for Standardization (ISO) 27002

Question: Who can use Business Resumption Plan Template Suite?
Answer: These Business Resumption Plan templates can be used also by any organizations from any industries who are looking to conduct a risk assessment based on best practices & accepted standards. The Industries which can use these templates are Automotive, Banking, Chemical and Petroleum, Consumer products, Education, Electronics, Financial markets, Government, Healthcare and life sciences, Insurance, Media and Entertainment, Retail, Telecommunications, Travel and Transportation and Wholesale distribution.

These templates can be also by used by covered entities like Hospitals, Insurers, Long Term Care/Skilled Nursing Facilities, Ambulatory Surgery Centers, Assisted Living/Intermediate Care Facilities, Clinical Laboratories, Clinics, Dialysis Providers, Employer Plans, HMOs, Home Health Agencies, Hospices, Pharmacies, Physicians, PPOs, Rehabilitation Facilities and other payers & providers. Purchase of the policy templates grants the organization a one site license. For additional sites license or enterprise license, please call for special discounted prices.

Question: We have questions on the use of these templates and start our project on Business Resumption plan. How can you help us?
Answer: After you buy the templates, you get a one-hour free consultation with one of our Certified Business Continuity Professional (CBCP), who will explain to you how to use the templates. Additional consultation can be purchased on the hourly basis.

Question: We want to buy one site license before we buy the enterprise license (for multiple sites). Can we do it?
Answer: Yes. We request you to get the quote for enterprise license and then inform your sales rep that you want to use the product at one location before buying the enterprise license. You can buy one site license at regular price and when you decide on buying the enterprise license, the price will be adjusted for the amount that you have already paid. For example, the quote for enterprise license was $2500 and you have already paid $1200 for one site license, you just have to pay the balance $1501 for an enterprise license. Please note that the enterprise license quote is valid for 3 weeks only.

Question: We plan to use a consultant to help us with the Business Resumption Planning project, how can your templates save money for us?
Answer: If you use the consultant or do the project on your own, you will have to gather information about your location, persons responsible, server information, systems working on it, procedures etc. for the project. These templates will help you to gather all the necessary information; this will speed up your project and will reduce the time of consultant on the project. You can use the expertise of the consultant to evaluate the information that you have gathered through these templates and create the plan by fine tuning the templates to meet your company’s requirement and help you test the plan.

Question: We don’t have the necessary budget to hire a consultant to start the Business Resumption Planning project but have individuals whom we can spare for this project. How can I use the templates?
Answer: These are one of the most exhaustive templates that one can have for regulatory compliance. You can use your internal resources to populate the templates with the information. You can refer to sample plans given in the suite to understand how the final plan looks. Whenever you have the necessary budget to start the project, you can use all the information that you have gathered using the templates to reduce the consultant/Business Continuity Officer time spent on the project.

Question: We are planning to use your templates but we don’t have the budget for a full-time consultant, how can you help us in this scenario?
Answer: Using the templates will reduce your cost of the project considerably. We can provide a part-time project manager for your project who will guide your team on next steps and help in the successful completion of the project. In this way, you will have a Business Continuity expert to guide your team.

Question: I want to buy just one template from the whole suite. Can I buy it?
Answer: Yes. You need to contact us at sales@supremusgroup.com to receive a quote for the single template that you want to buy. However, given the interrelationship of many of the templates, they will be of greatest value to users if the suite as a whole is obtained. Purchase of the policy templates grants the organization a one site license. For additional sites license or enterprise license, please call for special discounted prices.

Question: Can I use the Risk Assessment templates for my organization even if our organization is not affected by HIPAA?
Answer: Yes. These templates are created based on best practices and standards. The complete package has Risk Assessment templates, forms, worksheets, policies, and standards. Risk Assessment and Business Impact Analysis (BIA) is conducted based on following types of disasters:
1) Weather related:
Earthquake
Flood / Flash Flood
Hurricanes / Tropical Storms
Severe Thunderstorms
Tornado
Winter Storms
2) Facility Related
Bomb Threat
Chemical Spills
Civil Disturbance
Electrical Failure
Fire
HVAC Failure
Water Leaks
Work Stoppage / Strikes
3) Technology Related
Human Error
Loss of Telecommunications
Data Center Outage
Lost / Corrupted Data
Loss of Network Services
Power Failure
Prolonged Equipment Outage
UPS / Generator Loss

Question: Does Regulatory Compliance Security rule require an organization to create Business Resumption Plan?
Answer: Yes. The Regulatory Compliance Security Rule identifies Business Resumption Plan as a standard under Administrative Safeguards. Business Resumption Planning means the overall process of developing an approved set of arrangements and procedures to ensure your business can respond to a disaster and resume its critical business functions within a required time frame objective. The primary objective is to reduce the level of risk and cost to you and the impact on your staff, customers, and suppliers.

Business Resumption Plan templates can jump start Business Resumption project which includes Business Impact Analysis (BIA), Business Continuity Plan (BCP), Disaster Recovery Program (DRP), Emergency Mode Operation Plan (EMOP), Data Backup Plan, Testing, and Revision Procedures and many other projects.

HIPAA Citation HIPAA Security Rule Standard

Implementation Specification

Implementation
ADMINISTRATIVE SAFEGUARDS
164.308(a)(7)(i) Contingency Plan
164.308(a)(7)(ii)(A) Data Backup Plan Required
164.308(a)(7)(ii)(B) Disaster Recovery Plan Required
164.308(a)(7)(ii)(C) Emergency Mode Operation Plan Required
164.308(a)(7)(ii)(D) Testing and Revision Procedures Addressable
164.308(a)(7)(ii)(E) Applications and Data Criticality Analysis Addressable
PHYSICAL SAFEGUARDSDiscount:
164.310(a)(1) Facility Access Controls
164.310(a)(2)(i) Contingency Operations Addressable
164.310(d)(1) Device and Media Controls
164.310(d)(2)(iv) Data Backup and Storage Addressable
TECHNICAL SAFEGUARDS
164.312(a)(1) Access Control
164.312(a)(2)(ii) Emergency Access Procedure Required

To buy individual template packages, visit following links:

Allow us to jump start your Business Resumption planning project with the most comprehensive templates for healthcare industry. Please contact us for more information at Bob@supremusgroup.com or call (515) 865-4591