Business Continuity Policy

Policy Statement

World of Textiles UK LTD is committed to maintaining resilient operations and minimizing the impact of disruptions to our business, employees, customers, and stakeholders. We recognize that unforeseen events can threaten our ability to deliver products and services, and we have established this Business Continuity Policy to ensure preparedness, rapid response, and effective recovery.

This policy demonstrates our commitment to business continuity management (BCM) as an ongoing process of planning, testing, and continuous improvement.

Purpose and Scope

Purpose

This policy aims to:

• Ensure continuation of critical business functions during and after disruptions
• Protect the health, safety, and welfare of employees and stakeholders
• Minimize financial losses and reputational damage
• Meet legal, regulatory, and contractual obligations
• Maintain customer confidence and service delivery
• Enable rapid and effective recovery from incidents
• Build organizational resilience

Scope

This policy covers:

• All business operations and functions
• All employees, contractors, and third-party providers
• All locations including offices, warehouses, and remote sites
• Supply chain and critical suppliers
• Technology systems and infrastructure
• Customer-facing services and operations

Business Continuity Framework

Key Components

Our business continuity management system includes:

1. Business Impact Analysis (BIA) - Understanding critical functions and dependencies
2. Risk Assessment - Identifying threats and vulnerabilities
3. Business Continuity Plans (BCPs) - Documented response and recovery procedures
4. Emergency Response Plans - Immediate actions for life safety and incident management
5. IT Disaster Recovery Plans - Technology system recovery procedures
6. Crisis Management - Coordinated decision-making during major incidents
7. Testing and Exercises - Regular validation of plans
8. Training and Awareness - Ensuring readiness
9. Continuous Improvement - Learning and adapting

Business Impact Analysis

Critical Business Functions

We have identified the following critical functions that must be maintained or recovered quickly:

Tier 1: Essential (Recovery within 4-8 hours)

• Customer order processing
• Inbound/outbound logistics
• Warehouse operations
• Critical IT systems (email, order management, inventory)
• Financial transactions and payments
• Customer service and support

Tier 2: Important (Recovery within 24-48 hours)

• Procurement and supplier management
• Product quality control
• HR and payroll systems
• Marketing and sales activities
• Management reporting

Tier 3: Supporting (Recovery within 5-7 days)

• Training and development
• Non-critical administrative functions
• Strategic planning activities
• Facilities management

Dependencies and Resources

Critical dependencies include:

• People: Skilled employees in key roles
• Premises: Warehouses, offices, distribution centers
• Technology: IT systems, telecommunications, internet connectivity
• Suppliers: Textile manufacturers, logistics providers, utilities
• Information: Customer data, product specifications, contracts
• Equipment: Warehouse machinery, vehicles, computers

Recovery Time Objectives (RTO)

• Tier 1 Functions: 4-8 hours
• Tier 2 Functions: 24-48 hours
• Tier 3 Functions: 5-7 days

Recovery Point Objectives (RPO)

• Critical Data: Maximum 4 hours data loss acceptable
• Important Data: Maximum 24 hours data loss acceptable
• Other Data: As per backup schedule

Potential Disruption Scenarios

We have planned for various disruption scenarios:

Natural Events

• Severe weather (flooding, snow, storms)
• Fire or explosion
• Earthquake (low risk in UK but considered)
• Pandemic or epidemic
• Extreme temperatures

Technology Failures

• IT system failures or cyber attacks
• Telecommunications outages
• Power failures
• Data breaches or ransomware

Human-Related Incidents

• Key person unavailability (illness, accident)
• Industrial action or labor disputes
• Workplace violence or security threats
• Human error causing system failure

Supply Chain Disruptions

• Supplier failure or insolvency
• Transportation disruptions
• Port closures or delays
• Raw material shortages

Infrastructure Failures

• Building damage or inaccessibility
• Utility failures (gas, water, electricity)
• Transport network disruptions
• Neighboring incidents affecting access

Regulatory and Legal

• Regulatory changes requiring operational adjustments
• Legal injunctions affecting operations
• Reputational crises

Emergency Response

Immediate Actions

In the event of any incident:

1. Ensure Safety - Priority is life safety of all persons
2. Notify Emergency Services - Call 999 if required for fire, medical, or security emergencies
3. Activate Emergency Procedures - Follow fire evacuation, first aid, or security procedures
4. Secure the Scene - Prevent further harm or damage if safe to do so
5. Account for Personnel - Ensure all staff are safe and accounted for
6. Notify Management - Inform appropriate managers immediately

Emergency Contact Information

Emergency Services: 999 (Fire, Police, Ambulance)

Internal Emergency Contacts:

• Crisis Management Team Leader: [Senior Management Contact]
• Facilities Manager: [Contact Details]
• IT Manager: [Contact Details]
• Health & Safety Officer: [Contact Details]
• Main Office: +44 1234 567 890
• Email: info@worldoftextiles.com

External Support:

• Utilities: Power, gas, water emergency numbers
• Building Management: Landlord/property emergency line
• Insurance: 24-hour incident notification line
• Key Suppliers: Emergency contact list maintained

Crisis Management Team (CMT)

CMT Structure

The Crisis Management Team is responsible for coordinating response to major incidents:

CMT Leader (Managing Director / Senior Executive)

• Overall authority and decision-making
• External communications and media liaison
• Resource allocation

Operations Manager

• Coordinate operational response
• Implement business continuity plans
• Manage recovery activities

IT Manager

• Technology systems recovery
• IT infrastructure and communications
• Cybersecurity incident response

Finance Manager

• Financial impact assessment
• Insurance claims management
• Budget and cost control

HR Manager

• Employee welfare and communication
• Staffing arrangements and redeployment
• Occupational health support

Facilities/Logistics Manager

• Alternative premises arrangements
• Equipment and supplies
• Transportation and logistics

CMT Responsibilities

• Assess the situation and activate appropriate plans
• Make strategic decisions on response and recovery
• Coordinate internal and external resources
• Communicate with stakeholders (employees, customers, suppliers, authorities)
• Monitor progress and adjust strategies
• Document decisions and actions
• Declare end of incident and transition to recovery

CMT Activation

The CMT is activated when:

• A major incident threatens critical business functions
• Multiple departments or locations are affected
• External assistance is required
• Media attention is likely
• Customer service is significantly impacted
• Employee safety is at risk
• Estimated recovery time exceeds normal operational capacity

Business Continuity Plans

Plan Components

Each critical function has a documented BCP including:

• Purpose and Scope - What the plan covers
• Activation Criteria - When to invoke the plan
• Roles and Responsibilities - Who does what
• Recovery Procedures - Step-by-step actions
• Alternative Arrangements - Workarounds and backup options
• Resource Requirements - People, equipment, facilities needed
• Communication Protocols - Internal and external notifications
• Recovery Timelines - Target restoration times
• Return to Normal - Criteria for resuming normal operations

Workaround Strategies

Alternative Work Locations:

• Home working for office-based staff
• Reciprocal arrangements with partner organizations
• Serviced office space agreements
• Mobile/flexible working capabilities

Alternative Technology:

• Cloud-based systems accessible from any location
• Backup servers and failover systems
• Manual processes for critical transactions
• Alternative communication methods (mobile phones, web-based email)

Alternative Staffing:

• Cross-training for critical roles
• Succession plans for key positions
• Contractor or agency staff agreements
• Flexible working arrangements

Alternative Suppliers:

• Secondary suppliers for critical materials
• Diversified supply base
• Strategic stock holdings
• Alternative logistics providers

IT Disaster Recovery

IT Recovery Priorities

1. Email and communications systems
2. Customer order management and CRM
3. Inventory and warehouse management systems
4. Financial systems and payment processing
5. HR and payroll systems
6. Website and e-commerce platform

Recovery Procedures

• Data Backup: Daily automated backups to off-site/cloud storage
• System Redundancy: Critical systems have failover capability
• Disaster Recovery Site: Cloud-based recovery environment
• Recovery Procedures: Documented step-by-step restoration guides
• Testing: Quarterly DR testing and annual full recovery test
• RTO Targets: Critical systems within 4-8 hours

Cybersecurity Incidents

For ransomware, malware, or cyber attacks:

1. Isolate affected systems immediately
2. Activate IT incident response team
3. Assess scope and impact
4. Engage cybersecurity specialists if needed
5. Restore from clean backups
6. Report to authorities (ICO, Action Fraud) if required
7. Communicate with affected customers/suppliers
8. Implement additional security measures

Communication Strategy

Internal Communications

During a business continuity event:

• Employees: Regular updates via email, SMS, phone tree, intranet
• Management: Situation reports and decision briefings
• CMT: Real-time coordination via dedicated communication channel
• Message Content: Situation status, actions taken, expected timeline, what employees should do

External Communications

• Customers: Proactive notification of service impacts, alternative arrangements, estimated resolution
• Suppliers: Coordination on delivery schedules, alternative arrangements
• Regulatory Authorities: Compliance with notification requirements
• Insurance: Prompt incident notification
• Media: Coordinated messaging through designated spokesperson only
• General Public: As appropriate via website, social media

Communication Principles

• Timely: Communicate early and update regularly
• Accurate: Provide factual information, avoid speculation
• Consistent: Single source of truth, coordinated messages
• Transparent: Honest about situation and impacts
• Empathetic: Acknowledge concerns and impacts
• Actionable: Clear guidance on what stakeholders should do

Supply Chain Resilience

Supplier Risk Management

• Critical Supplier Identification: Mapping of essential suppliers
• Business Continuity Assessment: Review supplier BCM capabilities
• Alternative Suppliers: Maintain relationships with backup suppliers
• Contract Clauses: Include business continuity obligations
• Regular Reviews: Monitor supplier financial stability and capacity
• Communication Plans: Established contact procedures

Inventory Management

• Safety Stock: Strategic inventory of critical materials
• Buffer Periods: Extra lead times for key items
• Diversification: Avoid single-source dependencies
• Demand Forecasting: Improved planning to avoid supply shocks

Testing and Exercising

Testing Program

We conduct regular tests of our business continuity arrangements:

Desktop Exercises (Quarterly)

• Discussion-based scenario walkthrough
• Test decision-making and coordination
• Identify plan gaps and improvements

Functional Tests (Bi-annually)

• Test specific plan elements (e.g., alternative work location, system failover)
• Validate procedures and resources
• Measure recovery times

Full-Scale Exercise (Annually)

• Simulate major incident end-to-end
• Activate CMT and test all plans
• Involve external parties where appropriate
• Measure against RTO/RPO objectives

Component Testing (Monthly)

• IT backup and restore tests
• Call tree and communication checks
• Equipment functionality checks

Post-Exercise Review

After each test:

• Debrief participants
• Document lessons learned
• Identify improvement actions
• Update plans and procedures
• Track completion of actions

Training and Awareness

Training Requirements

All Employees:

• Business continuity awareness during induction
• Annual refresher on emergency procedures
• Specific role responsibilities in BCPs

Crisis Management Team:

• CMT roles and responsibilities training
• Crisis decision-making exercises
• Media and stakeholder communication training

Plan Owners:

• Detailed training on their specific BCPs
• Regular updates on plan changes
• Testing and exercise facilitation

IT Staff:

• DR procedures and system recovery
• Incident response protocols
• Technical restoration techniques

Awareness Activities

• Business continuity updates in staff meetings
• Emergency procedure reminders
• Scenario awareness exercises
• BCP accessibility (easy-to-find plans)
• Success stories and lessons learned sharing

Maintenance and Review

Plan Maintenance

BCPs and supporting documents are reviewed and updated:

• Annually as a minimum
• Following organizational changes (structure, processes, systems)
• After incidents or exercises revealing gaps
• When key personnel change
• When technology or suppliers change
• When risk assessments identify new threats

Version Control

• All plans are version-controlled
• Changes are documented and approved
• Obsolete versions are archived
• Current plans are readily accessible

Responsibilities

• Plan Owners: Maintain their specific BCPs
• CMT Leader: Oversee overall program
• BC Coordinator: Coordinate updates and testing
• Department Heads: Ensure departmental plans are current

Performance Measurement

We measure business continuity effectiveness through:

Metrics:

• Percentage of critical functions with documented BCPs
• Testing completion rates
• Training completion rates
• Actual recovery times vs. RTO targets
• Incident response times
• Plan update frequency

Key Performance Indicators (KPIs):

• 100% of Tier 1 functions have tested BCPs
• CMT members complete annual training
• Quarterly testing schedule achieved
• Plans reviewed annually
• Critical supplier BCM assessment completion

Reporting:

• Quarterly reports to senior management
• Annual BC program review
• Post-incident reports
• Testing results and improvement actions

Responsibilities

Senior Management

• Endorse business continuity policy
• Allocate adequate resources
• Participate in CMT
• Review BC program performance
• Champion BC culture

Business Continuity Coordinator

• Maintain BC framework and plans
• Coordinate testing and exercises
• Provide BC guidance and training
• Monitor and report on BC program
• Facilitate continuous improvement

Department Managers / Plan Owners

• Develop and maintain departmental BCPs
• Identify critical functions and resources
• Participate in testing
• Train staff on BC procedures
• Implement recovery actions when activated

All Employees

• Understand emergency procedures
• Know their role in business continuity
• Participate in testing and training
• Report incidents promptly
• Follow BC procedures when activated

Compliance and Governance

Legal and Regulatory Obligations

We comply with:

• Health and Safety legislation (employee welfare)
• Data Protection regulations (data protection during incidents)
• Employment law (staff notification and rights)
• Contractual obligations to customers and suppliers
• Insurance policy requirements
• Industry standards and best practices

Audit and Assurance

• Internal audits of BC program
• External assessments where appropriate
• Compliance checks against standards (e.g., ISO 22301)
• Insurance assessments

Recovery and Return to Normal

Recovery Phase

Actions during recovery:

• Implement interim operational arrangements
• Monitor recovery progress against targets
• Adjust strategies based on actual conditions
• Maintain stakeholder communications
• Document costs and impacts
• Support employee welfare

Return to Normal Operations

Criteria for ending BC activation:

• Critical functions restored to acceptable levels
• Normal premises/systems accessible and functional
• Sufficient staffing available
• Supply chain stabilized
• No immediate re-occurrence threat
• Lessons learned captured

Post-Incident Review

After every activation:

• Conduct comprehensive debrief
• Assess response effectiveness
• Document financial impacts
• Identify what worked well
• Identify improvement opportunities
• Update plans based on lessons learned
• Recognize and thank responders

Contact Information

For business continuity matters:

• BC Coordinator: info@worldoftextiles.com
• CMT Leader: +44 1234 567 890
• Emergency Line: [To be established]

External Resources:

• Business Continuity Institute (BCI): www.thebci.org
• UK Government BC Guidance: www.gov.uk/business-continuity-planning
• Local Resilience Forum: [Local emergency planning partnership]

Commitment

We are committed to:

• Protecting our employees, customers, and stakeholders
• Maintaining operational resilience
• Learning and adapting from incidents and exercises
• Investing in business continuity capabilities
• Fostering a culture of preparedness

Business continuity is not just a plan – it’s how we operate.

Approved by: Board of Directors Policy Owner: Senior Management Team BC Coordinator: [To be assigned] Next Review Date: December 2026 Version: 1.0