LEGAL
Business Continuity Plan
Lead Social Ltd T/A PandaPCP · FCA FRN: 951156
This plan outlines how Lead Social Ltd T/A PandaPCP will respond to disruptive incidents threatening normal operations, so that we can maintain or restore critical activities within acceptable timeframes, keep clients informed, and meet our regulatory obligations.
1. Plan objectives
- Guide the Business Continuity Team in recovery efforts.
- Establish clear recovery procedures and responsibilities.
- Provide guidance on notifying stakeholders.
- Prevent confusion through defined actions and communication protocols.
- Ensure vital records remain protected and accessible.
2. Plan activation
The plan activates when disruptions materially impact operations, including:
- Loss of key staff members.
- Loss of access to critical systems or technology.
- Denial of, or damage to, business premises.
- Loss of critical suppliers or resources.
The Director assesses severity and initiates the appropriate response procedures.
3. Business Continuity Team
The Director leads the Business Continuity Team, with responsibilities including:
- Making key decisions during incidents.
- Communicating with staff, clients and partners.
- Liaising with regulatory authorities.
- Approving return-to-normal procedures.
4. Incident management
- Ensure staff safety; evacuate if necessary.
- Open an incident log documenting decisions and actions.
- Assess the scope of disruption and affected functions.
- Notify the Director immediately.
- Inform stakeholders and clients without delay.
5. Business continuity actions
- Recovery of vital records from cloud backups.
- Activation of remote working arrangements.
- Remote access to critical systems via cloud platforms.
- Client and partner communication about recovery timescales.
- Maintenance of FCA-regulated activities and service obligations.
6. Recovery and resumption
- Salvage and retrieve lost or damaged records and assets.
- Conduct a full debrief with staff.
- Compile a post-incident report documenting impact.
- Review and update the plan.
- Report material disruptions to the FCA if required.
7. Incident provisions
| Incident | Action / Provision |
|---|---|
| Loss of Office Premises | Staff work from home; cloud-based systems maintain full remote access. |
| Theft of Assets | Remote work continues; replacement equipment sourced immediately. |
| Loss or Illness of Key Personnel | Management covers core functions; recruitment agencies engaged; emergency access to files and systems available. |
| Extensive Staff Loss | Recruitment agencies contacted; team members cross-trained; management handles recruitment and training; backup contractors on standby. |
| System Failures | Large, stable partners selected (Microsoft, Zoho) for stability and security. |
| Server Failure | Physical and cloud backups maintained; daily backups taken; systems recovered from the latest snapshot. |
| Cyber Attack | Firewall and anti-virus protection in place; systems structured to limit impact. |
| Power Cut | Next-day laptop delivery available; VPN-configured devices; cloud-based systems accessible from any device. |
8. Criticality definitions
| Rating | Definition |
|---|---|
| Critical | Low tolerance to interruption; must be restored immediately. |
| Sensitive | Can be performed manually at tolerable cost for extended periods. |
| Vital | Can use manual processes, but only short-term. |
| Non-sensitive | Low recovery priority. |
9. Recovery timescales
- 24 hours: Phone message updated; remote cloud access established.
- 48 hours: Laptops configured; key systems tested and operational.
- 72 hours: Dialler system and client management platforms fully restored.
Contact
Questions about this policy can be sent to [email protected].