The aim of the UBL, E-Commerce Emergency Plan is:
• To protect staff members
• To protect consultants
• To protect the archives and records of E-Commerce data of consumers
• To ensure business continuity
• To communicate emergency needs and strategies to relevant partners inside and outside the division
The primary purpose of UBL E-Commerce is to secure customers’ financial information, employees’ working directories and life safety. More or less they are following the entire Bank’s Emergency Plan.
2.0 Introduction to UBL E-Commerce
Founded in 2004, with the aim to provide buying and selling facilities to the existing consumers of UBL over the internet.
2.1 Net Banking
UBL Net Banking (NB) is Pakistan’s first E-Commerce Portal provided by any financial institution. Following are the achievements made by NB
• Open Ended Fund Transfers
• Inter Bank Fund Transfers
• Bill Payments
• Prepaid Vouchers
2.2 Orion (Mobile Wallet)
First time in Pakistan, UBL has launched mobile banking solution. Or simply it’s SMS based banking.
• Pay Bill
• Prepaid Vouched
• P2P Fund Transfers
• Send Gifts
• Buy Grocery
2.2.1 Orion on NB
The two systems are integrated to facilitate the customers in a more convenient manner.
2.2.2 Orion on ATM
This is a strategic product that offers the consumer to use UBL Orion from all over the Pakistan without using any computer or even mobile. The underlying network utilizes ATM’s (Phoenix Network) to perform transactions.
• Cash Withdrawal
• Mini Statement
• Open Ended Funds Transfer
• Inter Bank Funds Transfer
3.1 Emergency Response Plan (ERP)
Emergency response plan is the immediate response, which is performed to the occurred incident. The basis of ERP is the risks, which is identified by the company during risk assessment phase. For example, if fire breaks out, the emergency response to this incident is to evacuate the building, call the fire department and in the meanwhile try to control the fire by the use of fire extinguisher. There may be several kinds of risks that could occur and they may also require emergency response plan. It is better to create common checklist for all risks rather than to create separate ERP for every risk. 
The response procedure of ERP should include the protection of employees first, containment of the incident second and assessment of the situation third.
ERP should include the lists of roles and responsibilities, tools and equipment, resources, actions and procedures.
3.2 Emergency Response Team (ERT)
A company should have an emergency response team in order to response to the incident. Various roles and responsibilities should be defined for each member of the team and each team member should receive specific training according to their concerned roles and responsibilities. The leader of the ERT is responsible for coordination and activation of the emergency response and also for notification to the concerned authorities. The leader of the ERP should also be a member of the Crisis Management Team and should report the team through out the emergency response.
3.3 Crisis Management Team (CMT)
CMT is responsible for making high-level decisions, which might be related to the internal staff, external staff, vendors and contractors. It is also responsible for determining the most appropriate responses to situations as they occur.
3.4 Computer Incident Response Team (CIRT)
An Incident Response Team is established to provide a quick, effective and orderly response to computer related incidents such as virus infections, hacker attempts and break-ins, improper disclosure of confidential information to others, system service interruptions, breach of personal information, and other events with serious information security implications. The Incident Response Team’s mission is to prevent a serious loss of profits, public confidence or information assets by providing an immediate, effective and skillful response to any unexpected event involving computer information systems, networks or databases.
The Incident Response Team is authorized to take appropriate steps deemed necessary to contain, mitigate or resolve a computer security incident. The Team is responsible for investigating suspected intrusion attempts or other security incidents in a timely, cost-effective manner and reporting findings to management and the appropriate authorities as necessary. The Chief Information Security Officer will coordinate these investigations.
The Incident Response Team will subscribe to various security industry alert services to keep abreast of relevant threats, vulnerabilities or alerts from actual incidents.
3.4.1 Incident Response Team
Each of the following areas will have a primary and alternate member:
• Information Security Office (ISO)
• Information Technology Operations Center (ITOC)
• Information Privacy Office (IPO)
• Network Architecture
• Operating System Architecture
• Business Applications
• Online Sales
• Internal Auditing
4.0 Potential Threats
There are various types of threats to individuals to which this plan applies:
• IT Threats
• Accidents including natural disasters (flood, blizzard, hurricane) or other accidents (power failure)
• Terrorist activity
The immediate actions that should be executed in any of the above emergency are given below. A hard copy of this must be distributed at all entrances and exits.
4.1 IT Threats
4.1.1 Breach of Personal Information 
• All data owners must report any suspected or confirmed breach of personal information on individuals to the Chief Security Officer (CSO) immediately upon discovery.
• Location managers are responsible for ensuring all employees in their unit are aware of policies and procedures for protecting personal information.
• Informs the Legal Department and the Chief Privacy Officer that a possible privacy breach has been reported and provides them an overview of the situation.
• Contacts the individual who reported the problem.
• Reviews the preliminary details with the Legal Department and the Chief Privacy Office.
4.1.2 Denial of Service / Distributed Denial of Service
• Inform relevant IT security personnel.
• Ensure all communication links are up.
• Ensure data integrity.
• Provide alternate solutions in case primary communication channels are down.
4.1.3 Virus Outbreak
• Isolate system, devices, servers, etc from the network and switch over to backup equipments.
• Report the situation to the Network Security Officer.
4.2 Fire/Smoke 
• Activate the nearest fire alarm. You may find one at development lobby, server room, kitchen and corridor.
• Call 16 and report location and source of fire, if known.
• If it is possible and safe, turn off all electrical equipments.
• Evacuate the building.
• After reaching a safe location, contact other responsible departments of UBL.
4.3 Bomb or other terrorist threat 
• Call (92-21) 2416626, Bomb Disposal Squad.
• If the threat has been received via phone call then keep talking to the caller and try to get as much information as possible.
• Evacuate the building; depending on the instructions provided by the disposal squad.
4.4 Power / Connectivity Failure 
• Switch off all electrical equipment
• Determine extent of blackout by calling relevant department engineer.
• Make sure that all doors will remain closed before evacuation. Consult the relevant person if any door found unlocked.
• Initiate the telephone tree to ensure that everyone arrives at home safely.
4.5 Heavy Rain 
• Relocate the equipment and records to a dry location which may be affected.
• Determine extent of the rain and its severity for the building.
• Inform the management to take immediate actions for releasing the employees earlier.
• Evacuate the basements in case some rain water poured in.
5.0 Evacuation instructions
• Gather near the designated office exit or stairs case on your floor, close (but do not lock) all doors behind you 
• Follow instructions of emergency personnel or staff responsible for evacuation decisions.
• When instructed, leave the building as quickly as possible.
• Do not use elevators.
• Help those who need special assistance, both staff and the public
• If it is possible and safe, turn off all electronic equipment, close windows, and close doors before leaving.
• Use a planned evacuation route for leaving the building.
• Proceed directly to the pre-decided assembly areas. Make sure that everyone has arrived there safely; use attendance register to count the employees.
• Do not re-enter the building until emergency response personnel have instructed you to do so.
• In the case of a major event, you may be instructed to go home. Use the Telephone Tree to contact and account for your colleagues
5.2 Evacuation Assemble Areas
6.0 Emergency Response Team
The Emergency Response and Disaster Recovery Team is a single team that would address the immediate first response as well as long term needs during an emergency.
7.0 Roles and Responsibilities
The Emergency Response and Disaster Recovery Team, includes a Fire Warden, Deputy Fire Wardens and Searchers, and act as a first response to an immediate emergency that affects the safety and well being of staff.
The Emergency Response Team is composed of individuals to address the various requirements of a prolonged emergency condition such as rain, a fire or similar disaster. The team would be activated in the event of an emergency that affects the work of the department. Depending on the conditions, the Emergency Team is comprised of the Evacuation Team with additional members supplementing the team with specialized fields such as Technology Coordinator and Documentation Coordinator.
Security Focal Points are the primary contacts with UBL Security and Fire and Safety regarding emergency conditions and information. The Security Focal Points and alternates are also designated with updating and maintaining information concerning the Emergency Plan and related activities.
7.1 Computer Incident Response Team 
7.1.1 Information Security Office
• Determines the nature and scope of the incident
• Contacts qualified information security specialists for advice as needed
• Contacts members of the Incident Response Team
• Determines which Incident Response Team members play an active role in the investigation
• Provides proper training on incident handling
• Escalates to executive management as appropriate
• Contacts auxiliary departments as appropriate
• Monitors progress of the investigation
• Ensures evidence gathering, chain of custody, and preservation is appropriate
• Prepares a written summary of the incident and corrective action taken
7.1.2 Information Technology Operations Center
• Central point of contact for all computer incidents
• Notifies Chief Information Security Office to activate computer incident response team
7.1.3 Information Privacy Office
• Coordinates activities with the Information Security Office
• Documents the types of personal information that may have been breached
• Provides guidance throughout the investigation on issues relating to privacy of customer and employee personal information
• Assists in developing appropriate communication to impacted parties
• Assesses the need to change privacy policies, procedures, and/or practices as a result of the breach
7.1.4 Network Architecture
• Analyzes network traffic for signs of denial of service, distributed denial of service, or other external attacks
• Runs tracing tools such as sniffers, Transmission Control Protocol (TCP) port monitors, and event loggers
• Looks for signs of a firewall breach
• Contacts external Internet service provider for assistance in handling the incident
• Takes action necessary to block traffic from suspected intruder
7.1.5 Operating Systems Architecture
• Ensures all service packs and patches are current on mission-critical computers
• Ensures backups are in place for all critical systems
• Examines system logs of critical systems for unusual activity
7.1.6 Business Applications
• Monitors business applications and services for signs of attack
• Reviews audit logs of mission-critical servers for signs of suspicious activity
• Contacts the Information Technology Operations Center with any information relating to a suspected breach
• Collects pertinent information regarding the incident at the request of the Chief Information Security Office
7.1.7 Internal Auditing
• Reviews systems to ensure compliance with information security policy and controls
• Performs appropriate audit test work to ensure mission-critical systems are current with service packs and patches
• Reports any system control gaps to management for corrective action
7.2 Evacuation/Fire Warden Duties
In the event of fire or fire alarm, ascertain the location of the fire and direct the evacuation of the floor in accordance with directions received from the Fire Command Station via the loudspeakers.
• Keep in contact with the Deputy Fire Warden and all Searchers to receive the “all clear” and to identify any problems.
• Report to UBL Management and UBL-HO regarding any areas that could not be searched.
• As may be instructed, make sure no one uses the elevator.
• Assist in the orderly evacuation of people down the stairwell; instruct people to form single file lines into the stairwell, direct them to exit along the right side of the stairwell, and encourage calm evacuation.
• Ensure that all staff and visitors proceed to the designated meeting place to check in (see Assembly Areas in the main body of the plan) and wait for the “all clear” to re-enter the building.
• Make sure all staff is accounted.
• Supervise the assembly of Evacuation Personnel in the affected area.
• Check all rooms, offices, records storage areas, security vault, rest rooms, conference rooms, and remote areas, closing doors of areas that have been searched.
• Advise staff or other persons on the floor about the emergency and the requirement to evacuate.
• Discourage people from taking heavy or awkward items with them. Personal belongings only.
• As appropriate, take sign-in sheets (Staff and Visitor) to check that all visitors and all staff on duty at the time of evacuation can be accounted for.
• Assist any physically handicapped individuals (possibly researchers) into the stairwell or other predetermined area of refuge.
• Report any persons refusing to leave or other problems to the Fire/Evacuation Warden.
• Notify the Fire Warden that the floor is “clear” and proceed out of the building.
7.4 Security Focal Points
• Ensure that basic security and evacuation plans are up to date and carried out;
• Inform staff of Hotline information; contact staff with authorized messages concerning any crisis;
• After any evacuation of the building, either directly or through the Telephone Tree, speak to each staff member to ensure that all have reached home safely and ensure that UBL management is advised that all staff are accounted for;
• Brief new staff members, consultants, or other individuals, within a week of arrival, on emergency procedures.
8.0 Building Protection Systems 
8.1 Fire Protection Systems
• The fire protection system in both Buildings consists of
• Smoke detectors in the HVAC system
• Wet pipe sprinklers
• Fire alarm pulls located throughout the facilities
• Fire extinguishers are also available and contain Dry Chemical (ABC type).
8.2 Security Systems
The security system includes closed circuit television (CCTV) cameras, door contacts, magnetic locks, and perimeter and interior motion detectors.
8.3 Building Access
Magnetic locks are installed on the perimeter doors (e.g., front and rear entrances). Access is through a card swipe.
8.4 Water Protection
There is currently no water protection (e.g., water alarms in case of flooding) in the buildings.
9.0 Plan Activation Flowchart
 AICPA – Template for Emergency Response Plan
 Business Continuity Planning and Disaster Recovery by Susan Snedaker
 ARMS Emergency Plan
 Kings Bridge Disaster Recovery [http://www.disasterrecovery.com]
 Computer Security Incident Response Planning by Internet Security Systems
 Emergency Management Guide for Business Industry