Question: Besides HIPAA, for which other compliance regulations I can use these templates?
Answer: As per the research document published by Gartner in July 2005, Gartner analysts looked at four industry sectors — healthcare, government, finance, and utilities— to determine which laws and regulations most influenced Business Continuity Planning and Disaster Recovery Plan in these sectors.

  1. Health Insurance Portability and Accountability Act (HIPAA) of 1996
  2. Food and Drug Administration (FDA) Code of Federal Regulations (CFR), Title XXI, 1999
  3. Sarbanes-Oxley Act (SOX) 2002
  4. Federal Information Security Act (FISMA) of 2002
  5. Title III of the E-Government Act of 2002 (PL 107-347, 17 December 2002)
  6. COOP and Continuity of Government (COG). Federal Preparedness Circular 69, 26 July 1999
  7. Federal Financial Institutions Examination Council (FFIEC) Handbook, 2003-2004
  8. Basel II, Basel Committee on Banking Supervision,
  9. Governmental Accounting Standards Board (GASB) Statement No. 34, June 1999
  10. International Organization for Standardization (ISO) 27002

Question: Who can use Business Resumption Plan Template Suite?
Answer: These Business Resumption Plan templates can be used also by any organization from any industry that is looking to conduct a risk assessment based on best practices & accepted standards. The Industries which can use these templates are Automotive, Banking, Chemical and Petroleum, Consumer products, Education, Electronics, Financial markets, Government, Healthcare and life sciences, Insurance, Media and Entertainment, Retail, Telecommunications, Travel and Transportation, and Wholesale distribution.

These templates can be also be used by covered entities like Hospitals, Insurers, Long Term Care/Skilled Nursing Facilities, Ambulatory Surgery Centers, Assisted Living/Intermediate Care Facilities, Clinical Laboratories, Clinics, Dialysis Providers, Employer Plans, HMOs, Home Health Agencies, Hospices, Pharmacies, Physicians, PPOs, Rehabilitation Facilities and other payers & providers. Purchase of the policy templates grants the organization a one-site license. For additional sites licenses or enterprise licenses, please call for special discounted prices.

Question: We have questions on the use of these templates and start our project on the Business Resumption plan. How can you help us?
Answer: After you buy the templates, you get a one-hour free consultation with one of our Certified Business Continuity Professional (CBCP), who will explain to you how to use the templates. Additional consultation can be purchased on an hourly basis.

Question: We want to buy one site license before we buy the enterprise license (for multiple sites). Can we do it?
Answer: Yes. We request you to get the quote for the enterprise license and then inform your sales rep that you want to use the product at one location before buying the enterprise license. You can buy one site license at a regular price and when you decide on buying the enterprise license, the price will be adjusted for the amount that you have already paid. For example, the quote for an enterprise license was $2500 and you have already paid $1200 for one site license, you just have to pay the balance of $1501 for an enterprise license. Please note that the enterprise license quote is valid for 3 weeks only.

Question: We plan to use a consultant to help us with the Business Resumption Planning project, how can your templates save money for us?
Answer: If you use the consultant or do the project on your own, you will have to gather information about your location, persons responsible, server information, systems working on it, procedures, etc. for the project. These templates will help you to gather all the necessary information; this will speed up your project and will reduce the time of consultants on the project. You can use the expertise of the consultant to evaluate the information that you have gathered through these templates and create the plan by fine-tuning the templates to meet your company’s requirements and help you test the plan.

Question: We don’t have the necessary budget to hire a consultant to start the Business Resumption Planning project but have individuals whom we can spare for this project. How can I use the templates?
Answer: These are some of the most exhaustive templates that one can have for regulatory compliance. You can use your internal resources to populate the templates with the information. You can refer to sample plans given in the suite to understand how the final plan looks. Whenever you have the necessary budget to start the project, you can use all the information that you have gathered using the templates to reduce the consultant/Business Continuity Officer time spent on the project.

Question: We are planning to use your templates but we don’t have the budget for a full-time consultant, how can you help us in this scenario?
Answer: Using the templates will reduce your cost of the project considerably. We can provide a part-time project manager for your project who will guide your team on the next steps and help in the successful completion of the project. In this way, you will have a Business Continuity expert to guide your team.

Question: I want to buy just one template from the whole suite. Can I buy it?
Answer: Yes. You need to contact us at sales@supremusgroup.com to receive a quote for the single template that you want to buy. However, given the interrelationship of many of the templates, they will be of the greatest value to users if the suite as a whole is obtained. Purchase of the policy templates grants the organization a one-site license. For additional sites licenses or enterprise licenses, please call for special discounted prices.

Question: Can I use the Risk Assessment templates for my organization even if our organization is not affected by HIPAA?
Answer: Yes. These templates are created based on best practices and standards. The complete package has Risk Assessment templates, forms, worksheets, policies, and standards. Risk Assessment and Business Impact Analysis (BIA) is conducted based on the following types of disasters:
1) Weather-related:
Earthquake
Flood / Flash Flood
Hurricanes / Tropical Storms
Severe Thunderstorms
Tornado
Winter Storms
2) Facility Related
Bomb Threat
Chemical Spills
Civil Disturbance
Electrical Failure
Fire
HVAC Failure
Water Leaks
Work Stoppage / Strikes
3) Technology Related
Human Error
Loss of Telecommunications
Data Center Outage
Lost / Corrupted Data
Loss of Network Services
Power Failure
Prolonged Equipment Outage
UPS / Generator Loss

Question: Does the Regulatory Compliance Security rule require an organization to create a Business Resumption Plan?
Answer: Yes. The Regulatory Compliance Security Rule identifies Business Resumption Plan as a standard under Administrative Safeguards. Business Resumption Planning means the overall process of developing an approved set of arrangements and procedures to ensure your business can respond to a disaster and resume its critical business functions within a required time frame objective. The primary objective is to reduce the level of risk and cost to you and the impact on your staff, customers, and suppliers.

Business Resumption Plan templates can jump start Business Resumption project which includes Business Impact Analysis (BIA), Business Continuity Plan (BCP), Disaster Recovery Program (DRP), Emergency Mode Operation Plan (EMOP), Data Backup Plan, Testing, and Revision Procedures and many other projects.

HIPAA Citation HIPAA Security Rule Standard

Implementation Specification

Implementation
ADMINISTRATIVE SAFEGUARDS
164.308(a)(7)(i) Contingency Plan
164.308(a)(7)(ii)(A) Data Backup Plan Required
164.308(a)(7)(ii)(B) Disaster Recovery Plan Required
164.308(a)(7)(ii)(C) Emergency Mode Operation Plan Required
164.308(a)(7)(ii)(D) Testing and Revision Procedures Addressable
164.308(a)(7)(ii)(E) Applications and Data Criticality Analysis Addressable
PHYSICAL SAFEGUARDSDiscount:
164.310(a)(1) Facility Access Controls
164.310(a)(2)(i) Contingency Operations Addressable
164.310(d)(1) Device and Media Controls
164.310(d)(2)(iv) Data Backup and Storage Addressable
TECHNICAL SAFEGUARDS
164.312(a)(1) Access Control
164.312(a)(2)(ii) Emergency Access Procedure Required

To buy individual template packages, visit the following links:

Allow us to jump start your Business Resumption planning project with the most comprehensive templates for the healthcare industry. Please contact us for more information at Bob@supremusgroup.com or call (515) 865-4591