Business Continuity Plan and Disaster Recovery Plan Policy

Purpose

The purpose of this policy is to establish a comprehensive framework for HSG Berhad (HSG) to ensure the continuity of critical business operations and the rapid recovery of IT systems and business functions in the event of a disaster or significant disruption. This policy aims to mitigate the impact of unexpected events and ensure a swift return to normal operations.

Scope

This policy applies to all employees, departments, and operations within HSG. It encompasses all aspects of business continuity and disaster recovery planning, including but not limited to, IT systems, physical infrastructure, human resources, and communication protocols.

Policy Statement

HSG is committed to maintaining business continuity and ensuring the rapid recovery of operations following any disruption. The Group recognizes the importance of having a well-documented Business Continuity Plan (BCP) and Disaster Recovery Plan (DRP) to safeguard the interests of stakeholders, employees, customers, and partners.

Key Areas of Concern

1.Business Continuity Plan (BCP):

  • Risk Assessment: Identify potential risks and vulnerabilities that could impact business operations.
  • Business Impact Analysis (BIA): Assess the impact of disruptions on critical business functions and prioritize recovery efforts.
  • Continuity Strategies: Develop strategies to ensure the continuation of essential business functions during and after a disruption.
  • Communication Plan: Establish clear communication protocols to ensure timely and accurate information dissemination during a crisis.
  • Training and Awareness: Regularly train employees on their roles and responsibilities within the BCP framework.

2.Disaster Recovery Plan (DRP):

  • Data Backup: Implement robust data backup procedures to ensure data integrity and availability.
  • IT System Recovery: Develop detailed plans for the recovery of critical IT systems and applications.
  • Recovery Time Objectives (RTO): Define acceptable time frames for the recovery of key business functions and systems.
  • Testing and Drills: Conduct regular testing and simulation drills to validate the effectiveness of the DRP.
  • Documentation: Maintain comprehensive documentation of all recovery procedures and protocols.
Implementation
  1. Development: The Management will develop and document a comprehensive BCP and DRP tailored to HSG’s specific needs and risks.
  2. Approval: The plans will be reviewed and approved by the Board of Directors to ensure alignment with corporate objectives and regulatory requirements.
  3. Maintenance: The plans will be regularly reviewed and updated to reflect changes in the business environment, technology, and organizational structure.
  4. Testing: Regular testing of the BCP and DRP will be conducted to ensure readiness and identify areas for improvement.
Responsibilities
  1. Management: Responsible for the development, implementation, and maintenance of the BCP and DRP.
  2. Employees: Required to participate in training and drills, and adhere to the procedures outlined in the plans.
  3. IT Department: Ensures that data backup and recovery procedures are implemented and maintained.
  4. BCP/DRP Team: Coordinates the development, testing, and execution of the plans.

Compliance and Review: The BCP and DRP will be reviewed annually or more frequently if necessary, to ensure they remain effective and relevant. Non-compliance with this policy may result in disciplinary action.

Effective Date:

Approval: