PandaPCP

PandaPCP — Legal

Business Continuity Plan

Lead Social Ltd T/A PandaPCP  ·  FCA FRN: 951156

Disaster Recovery & Business Continuity

← Back to Home

Plan Purpose

This plan sets out how Lead Social Ltd T/A PandaPCP will respond to a disruptive incident that threatens our ability to operate normally. Our objectives are to:

  • Respond effectively to any business disruption in a controlled and structured manner
  • Maintain or restore critical business activities within acceptable timeframes
  • Return to normal business operations as quickly as possible
  • Ensure clients are kept informed and regulatory obligations continue to be met

1. Plan Objectives

The Business Continuity Plan (BCP) is designed to achieve the following objectives:

  • Guide the Business Continuity Team (BCT) in recovering and restoring business activities
  • Set out clear recovery procedures and lines of responsibility
  • Provide guidance on notifying key business partners and stakeholders of disruption
  • Avoid confusion during an incident through clearly defined actions and communication protocols
  • Ensure vital records are protected and accessible during a disruption

2. Plan Activation

This plan may be activated in the event of any disruption that materially impacts normal business operations, including but not limited to:

  • Loss of key members of staff (e.g. long-term absence, sudden departure)
  • Loss of access to critical business systems or technology platforms
  • Denial or damage to business premises or physical facilities
  • Loss of a key supplier or resource critical to service delivery

Activation Authority

This plan is activated at the discretion of the Director, who will assess the severity of the disruption and initiate the appropriate response procedure.

3. Business Continuity Team

The Director of Lead Social Ltd T/A PandaPCP is responsible for leading and coordinating the Business Continuity Team (BCT). Responsibilities include:

  • Making key decisions during an incident
  • Communicating with staff, clients and key partners
  • Liaising with relevant regulatory authorities where required
  • Approving return-to-normal procedures

Contact

Business continuity incidents should be escalated directly to the Director. Internal contact details are held securely by all permanent members of staff.

4. Incident Management

Upon activation of the plan, the following initial steps must be taken:

  • Ensure all staff are safe — evacuate premises if required and contact emergency services
  • Open an incident log to record all decisions, communications and actions taken
  • Assess the nature and scope of the disruption and identify which business functions are affected
  • Notify the Director immediately if not already involved
  • Inform key stakeholders and clients of any service disruption without undue delay

5. Business Continuity Actions

Once the incident has been assessed, the BCT will initiate the following continuity actions:

  • Recover vital records and data from cloud-based backups
  • Activate remote working arrangements for all staff where applicable
  • Access critical systems remotely via cloud platforms (Microsoft 365, Zoho CRM, etc.)
  • Keep clients and key partners informed of expected recovery timescales
  • Maintain FCA regulated activity and client service obligations wherever possible

6. Recovery and Resumption

Once the immediate incident is contained, the following recovery steps will be followed:

  • Carry out salvage and retrieval of any lost or damaged records, assets or equipment
  • Conduct a full debrief with all relevant staff
  • Compile a post-incident report documenting the incident, actions taken, and overall impact
  • Review and update this plan to incorporate lessons learned
  • Report any material operational disruption to the FCA if required under regulatory obligations

7. Incident Provisions

The following table sets out specific provisions for the most likely disruption scenarios:

IncidentAction / Provision
Loss of Office PremisesStaff will work from home. All systems are cloud-based so full access is maintained remotely. Essential staff will use laptops or personal devices.
Theft of AssetsStaff will work from home. Cloud-based systems remain operational. Replacement equipment will be sourced immediately from suppliers.
Loss or Illness of Key PersonnelManagement is trained and experienced to cover the core functions of each other's role in the short to medium term. Close connections with recruitment agencies. Recruitment policy in place. Emergency access available to inboxes, electronic files, telecoms, and PC.
Extensive Loss of Staff (e.g. mass resignation, epidemic)Close connections with recruitment agencies. All team members have the required skills, qualifications, system access and training. Management experienced to recruit and train replacement employees. Back-up infrastructure contractors on standby.
System Failures (Email / CRM / Telecoms)Thorough due diligence carried out to ensure sufficient provisions are in place. Large, stable companies selected as partners (Microsoft, Zoho etc.) with stability, security, and resource in mind.
Server FailurePhysical and cloud-based backups in place. Daily server backups taken. Systems recovered from latest backup snapshot. Refer to IT Security Policy for further details.
Cyber AttackWatchguard firewall and anti-virus in place to minimise risk. Systems and hardware structured to limit the impact any attack would have on the business.
Power CutLaptops sourced (next-day delivery available) and configured with VPN for secure access to cloud. Working from home policy issued to all staff. Cloud-based phone system, email and CRM accessible from any mobile or computer device.

8. Criticality Definitions

The following definitions are used when assessing the criticality of business activities and services during an incident:

RatingDefinition
CriticalLow tolerance to interruption. Must be restored immediately.
SensitiveCan be performed manually at a tolerable cost for an extended period.
VitalCan be substituted with a manual process but only for a short period.
Non-sensitiveNot a high priority in a recovery situation.

9. Recovery Timescales

The following recovery timescales represent our target response and restoration objectives:

24 Hours

Phone message updated for clients. Remote access to cloud systems established for all staff.

48 Hours

Laptops and remote devices configured. Key systems tested and confirmed operational.

72 Hours

Dialler system and client management platforms fully restored and operational.

Questions about this policy?

Lead Social Ltd T/A PandaPCP  ·  FCA FRN: 951156

info@leadsocial.net