MGIC BUSINESS CONTINUITY PROGRAM
|
|
- Chester Maurice Harris
- 8 years ago
- Views:
Transcription
1 MGIC BUSINESS CONTINUITY PROGRAM Mortgage Guaranty Insurance Corporation ("MGIC") and its affiliates recognize the importance of maintaining a viable business continuity strategy and have developed a comprehensive business continuity program ("Program") designed to prevent interruptions in the business operations. MGIC's Business Continuity Planning Process The business continuity planning involves the entire company including MGIC-Australia initiatives. The Program is reviewed and approved by MGIC s Board of Directors (or a Board committee) and by senior management. It is directed by the SVP Information Services/Chief Information Officer and the Vice President Information Services - Chief Information Security Officer and administered by two full-time certified Business Continuity Coordinators dedicated to the development, execution and on-going testing of business continuity/recovery plans for all business units within MGIC, as well as the overall network and system infrastructure. Funding for the Program is through the Information Services Department and covers internal corporate and external business continuity expenditures, including personnel, equipment and services that would be needed to prepare for and respond to a business interruption. Plans are developed based on the full loss of MGIC s operational facilities, but also on the basis of a partial loss of such facilities. At time of an incident, an assessment by the MGIC Management Incident Response Team (MIRT), may result in either a full or partial activation of the business recovery plan(s). The highest-level business recovery team is the MGIC Management Incident Response Team (MIRT). The MIRT is responsible for driving the continuity initiatives for MGIC in the event of a business interruption, including damage assessment, declaration, direction and control for corporate communications, personnel and financial resource allocation, and implementation of the appropriate actions for response, recovery and restoration of MGIC s Critical business processes Example of a full activation: destruction of facilities within MGIC's headquarters where data processing and finance functions are conducted. Example of partial activation: closing of a remote location due to environmental conditions, or loss of a business function caused by an isolated incident, requiring the relocation of personnel and services. MGIC conducts Business Impact Analysis to determine the Maximum Tolerable Outage (MTO) for each business processes. The MTO is the maximum time a business process can remain unavailable before its loss starts to have an unacceptable impact on the goals or survival of the organization. Recovery plans which include Recovery Time Objectives (RTOs) are developed and prioritized based on BIA results. Recovery plans for Critical business processes are reviewed every two years or as needed in response to new or changing business unit requirements. Call trees and personnel contact lists are updated each quarter and tested at minimum on an annual basis using MIR3, MGIC s Emergency Notification Tool. Program funding requirements are reviewed periodically. Critical business processes consist of but are not limited to those business processes which impact key customer relationships, generate revenue, or ensure compliance with contractual or regulatory requirements in a material respect. Page 1
2 Customer Communication following a Business Interruption Declaration s will be sent to all MGIC customer contacts in a timely fashion. Subsequently, information will be available by calling MGIC's Customer Service Department at Program Objectives The principal objectives of the Program are to: Recover MGIC s Critical business processes within 24 hours of a business interruption declaration. Satisfy obligations and commitments to safeguard the confidential information of MGIC, the customers, employees, and other business associates throughout the business resumption process. Minimize adverse financial consequences associated with an interruption of business operations. Business Continuity Team Hierarchical Structure Business continuity is based on a three level team structure. Level 1 Leaders (L1s), a.k.a. the Management Incident Response Team (MIRT), are responsible for overall management and direction of the Program and response to a business interruption. L1s are responsible for approving corporate-wide high level strategy for business continuity and reporting on its status to executive management and the Boards of Directors of MGIC and its affiliates. They approve allocation of funds and resources for these purposes. At the time of a business interruption, they notify persons who need to be mobilized, declare or cancel the assessment of the business interruption, activate emergency responses and resolve questions that arise in the response to the business interruption. Level 2 Leaders (L2s) are responsible for direction of the critical business processes if a business interruption is declared. L2s provide guidance in planning, promote awareness of the Program within MGIC, review and approve elements of planning and participate in testing the Program. At the time of a declaration, they assist the L1s in mobilizing resources and activating emergency responses. Level 3 Leaders (L3s) are responsible for tactical planning and recovery of business processes if a business interruption is declared. L3s create business continuity plans for their teams, review their plans and participate in testing and establish priorities for recovery within their Critical business processes. At the time of a declaration, they Page 2
3 mobilize team members, conduct recovery team meetings, prioritize recovery initiatives, support recovery efforts and report on their status within their areas of responsibility. MGIC Command and Control (diagram below) At time of a business interruption declaration, Level 1 Leaders will organize into a command and control structure similar to the Incident Command System (ICS). The Incident Command System is a well organized team approach for managing critical incidents. It has been in practice for over 35 years and is used today by Federal, State, County and local emergency response agencies. ICS is being widely adopted by the private sector. MGIC uses a hierarchical team structure for business recovery marked by clear separation of duties, decision making and communication in order to maximize the efficiencies of the recovery teams. The highest-level business recovery team is the Management Incident Response Team (MIRT). The MIRT is responsible for driving the recovery initiatives for MGIC in the event of a business interruption, including damage assessment, declaration, direction and control for corporate communications, personnel and financial resource allocation, and implementation of the appropriate actions for response, recovery and restoration of MGIC s Critical business processes. The MIRT is led by SVP Information Services/Chief Information Officer, who has primary responsibility for the Program, together with the Vice President Information Services - Chief Information Security Officer. Their primary roles and responsibilities include: Declare or cancel the assessment of the business interruption. MGIC will declare a business interruption when natural occurrences, technological problems or other Page 3
4 emergencies interrupt the operations of a critical business process of MGIC, resulting in the time to resume the critical business process exceeding the Maximum Tolerable Outage (MTO) of that critical business process. Activation of the Emergency Operations Center (EOC). The EOC is a pre-defined location that is activated in a business interruption or emergency from which the overall command, control, communication and coordination are conducted. Supervision and management of the MIRT. Management and monitoring of overall recovery efforts. Authorization and prioritization of all recovery efforts. Recovery Process MGIC s goal is to recover all Critical business processes within a recovery time objective of 24 hours from declaration of a business interruption. Critical business processes consist of but not limited to those business processes which impact key customer relationships, generate revenue, or ensure compliance with contractual or regulatory requirements in a material respect. Business Recovery Plans are developed for all Critical business processes. Every three years a complete evaluation is undertaken to define these business functions within MGIC. MGIC protects all electronic and hard-copy "Production" information for the purposes of recovering MGIC's Critical business processes in the event of a business interruption. To ensure an uninterrupted power supply, MGIC has installed diesel powered generators that take over within 15 seconds if a sub-standard power supply is identified. Recovery Data Center - MGIC owns or leases all equipment necessary to recover MGIC's computing environment. This equipment is installed and in a rapid recovery state within a leading co-location hosting services company 90 miles from MGIC s Corporate Headquarters. MGIC owns and maintains an Emergency Operations Center (EOC) as well as office ready workspace which addresses the operational requirements for its Milwaukee based workforce. This workspace includes: desks, PCs, phones, printers, scanners, copiers, direct connectivity to the recovery data center and wireless access for additional connectivity. Functional business recovery exercises are conducted at minimum on an annual basis leveraging the office ready recovery workspace connected directly to the co-location recovery center. Participants execute recovery plans that include the complete loss and recovery/continuation of MGIC s Critical business processes.. MGIC establishes an Emergency Operations Center in the event of a business interruption. MGIC's business recovery plan is developed to support three distinct phases of the business interruption: response; recovery; and resumption of business. (See diagram) Page 4
5 Phases of a Disaster RESPONSE RECOVERY RESUMPTION Emergency Response BCT Command and Control Decision for Declaration Invoke manual procedures for business continuance Recover Critical Business Functions Resume full daily activities of critical functions Address non-critical business functions Address migration or return to permanent facility Event occurs Declaration Critical Functions operational w/current date RTO - Recovery Time Objective Business interruptions at a Customer s Location: An event could interrupt business operations of the customers of MGIC and its affiliates, consisting of mortgage lenders and servicers. The insurance operations of MGIC and its affiliates do not involve direct contact with borrowers whose loans are insured or require physical presence at the insured s property. Therefore, MGIC does not need to deliver personnel, equipment or other resources to the site of a customer's business interruption. MGIC's contacts are almost entirely with lenders which submit loans for insurance and loan servicers who collect mortgage payments and handle and report to MGIC defaults and foreclosures. Those servicers remit premiums to MGIC and report the status of the loan default to MGIC primarily by electronic means, but they can also remit premiums by other methods of payment and report and communicate with MGIC by mail, fax, phone and other customary forms of delivery. MGIC communicates with lenders and servicers and makes claim payments by electronic means, but also by the other above-mentioned means customarily used. MGIC's internal operations at its corporate headquarters and remote field facilities would continue after an event affecting a customer because they are independent of the event impacting the customer. These operations include fraud investigation, claims, premium processing, and underwriting. In particular, MGIC could conduct fraud investigations even after an event affecting a customer in substantially the same way it conducts them before the event, because they are conducted primarily on the basis of files and information available at MGIC's offices and Page 5
6 incidentally by direct contacts with customers and other persons and public records. Those contacts generally can be conducted as described above by various means that should remain available even if the customer is affected by an event. Fraudulent activities can then be reported to regulatory authorities under MGIC's current procedures. Impacted customers can leverage numerous pre-existing communication methods offered by MGIC to continue business. (i.e. internet, fax, traditional mail, electronic mail and telephones) BUSINESS CONTINUITY PROGRAM (6/15)- ljm Page 6
CITY UNIVERSITY OF HONG KONG Business Continuity Management Standard
PUBLIC Version: 1.0 CITY UNIVERSITY OF HONG KONG Business Continuity Management Standard (Approved by the Information Strategy and Governance Committee in December 2013; revision 1.1 approved by Chief
More informationBusiness Continuity Plan
Business Continuity Plan October 2007 Agenda Business continuity plan definition Evolution of the business continuity plan Business continuity plan life cycle FFIEC & Business continuity plan Questions
More informationData Center Assistance Group, Inc. DCAG Contact: Tom Bronack Phone: (718) 591-5553 Email: bronackt@dcag.com Fax: (718) 380-7322
Business Continuity and Disaster Recovery Job Descriptions Table of Contents Business Continuity Services Organization Chart... 2 Director Business Continuity Services Group... 3 Manager of Business Recovery
More informationBusiness Continuity Glossary
Developed In Conjuction with Business Continuity Glossary ACTIVATION: The implementation of business continuity capabilities, procedures, activities, and plans in response to an emergency or disaster declaration;
More informationPPSADOPTED: OCT. 2012 BACKGROUND POLICY STATEMENT PHYSICAL FACILITIES. PROFESSIONAL PRACTICE STATEMENT Developing a Business Continuity Plan
PROFESSIONAL PRACTICE STATEMENT Developing a Business Continuity Plan OCT. 2012 PPSADOPTED: What is a professional practice statement? Professional Practice developed by the Association Forum of Chicagoland
More informationPrinciples for BCM requirements for the Dutch financial sector and its providers.
Principles for BCM requirements for the Dutch financial sector and its providers. Platform Business Continuity Vitale Infrastructuur Financiële sector (BC VIF) Werkgroep BCM requirements 21 September 2011
More informationDisaster Recovery Plan Documentation for Agencies Instructions
California Office of Information Security Disaster Recovery Plan Documentation for Agencies Instructions () November 2009 SCOPE AND PURPOSE The requirements included in this document are applicable to
More informationTechnology Recovery Plan Instructions
State of California California Information Security Office Technology Recovery Plan Instructions SIMM 5325-A (Formerly SIMM 65A) September 2013 REVISION HISTORY REVISION DATE OF RELEASE OWNER SUMMARY OF
More informationBusiness Continuity Management
Business Continuity Management cliftonlarsonallen.com Introductions Brian Pye CliftonLarsonAllen Senior Manager Business Risk Services group 15 years of experience with Business Continuity Megan Moore
More informationBusiness Continuity & Recovery Plan Summary
Introduction An organization s ability to survive a significant business interruption is determined by the company s ability to develop, implement, and maintain viable recovery and business continuity
More informationI.T. Disaster Recovery Plan
I.T. Disaster Recovery Plan Ref 000xxxxQ January, 2015 5, 443 Albany Hwy Victoria Park, WA, 6100 p. 1300 664 136 Info@focusnetworks.com.au www.focusnetworks.com.au I.T. Disaster Recovery Plan - January
More informationBusiness Continuity and Disaster Recovery Planning from an Information Technology Perspective
Business Continuity and Disaster Recovery Planning from an Information Technology Perspective Presenter: David Bird, Director of Sales, Business Technology Consultant phone: 215-672-7100 email: dbird@quatro.com
More informationDocumentation. Disclaimer
HOME UTORprotect DOCUMENTATION AMS/ROSI SERVICES CONTACT Documentation Disaster Recovery Planning Disaster Recovery Planning Disclaimer The following project outline is provided solely as a guide. It is
More informationCode Subsidiary Document No. 0007: Business Continuity Management. September 2015
Code Subsidiary Document No. 0007: September 2015 Change History Version Number Date of Issue Reason For Change Change Control Reference Sections Affected 20150511 11 May 2015 For industry consultation
More informationDRAFT BUSINESS CONTINUITY MANAGEMENT POLICY
DRAFT BUSINESS CONTINUITY MANAGEMENT POLICY This document outlines a set of policies and procedures for formalising a Business Continuity programme, and provides guidelines for developing, maintaining
More informationJoint Universities Computer Centre Limited ( JUCC ) Information Security Awareness Training- Session Four
Joint Universities Computer Centre Limited ( JUCC ) Information Security Awareness Training- Session Four Data Handling in University Business Impact Analysis ( BIA ) Agenda Overview Terminologies Performing
More informationWhy Should Companies Take a Closer Look at Business Continuity Planning?
whitepaper Why Should Companies Take a Closer Look at Business Continuity Planning? How Datalink s business continuity and disaster recovery solutions can help organizations lessen the impact of disasters
More informationBusiness Continuity Planning Instructions
Business Continuity Planning Instructions Business continuity planning is a proactive planning process that ensures critical services or products are delivered during a disruption. In creating the plan,
More informationHow To Manage A Disruption Event
BUSINESS CONTINUITY FRAMEWORK DOCUMENT INFORMATION DOCUMENT TYPE: DOCUMENT STATUS: POLICY OWNER POSITION: INTERNAL COMMITTEE ENDORSEMENT: APPROVED BY: Strategic document Approved Manager Organisational
More informationBusiness Continuity Planning Toolkit. (For Deployment of BCP to Campus Departments in Phase 2)
Business Continuity Planning Toolkit (For Deployment of BCP to Campus Departments in Phase 2) August 2010 CONTENTS: Background Assumptions Business Impact Analysis Risk (Vulnerabilities) Assessment Backup
More informationSAMPLE IT CONTINGENCY PLAN FORMAT
SAMPLE IT CONTINGENCY PLAN FORMAT This sample format provides a template for preparing an information technology (IT) contingency plan. The template is intended to be used as a guide, and the Contingency
More informationEmergency Operations California State University Los Angeles
Business Continuity Plan Emergency Operations California State University Los Angeles 1. Objective & Scope 2. Definition of Disaster 3. Risk and Business Impact Analysis Summary 4. Business Continuity
More informationComprehensive Emergency Management Plan (CEMP) Annex V CONTINUITY OF OPERATIONS PLAN (COOP)
Annex V CONTINUITY OF OPERATIONS PLAN (COOP) Milwaukee County Office of the Sheriff (MCSO) Division of Emergency Management Milwaukee County, ANNEX V CONTINUITY OF OPERATIONS PLAN (COOP) TABLE OF CONTENTS
More informationAPPENDIX 7. ICT Disaster Recovery Plan
APPENDIX 7 ICT Disaster Recovery Plan This policy was approved and ratified by the Governing Body of Cox Green School on 20 th October 2015 Signed: Chair of Governors Date: Version Authorisation Approval
More informationBUSINESS CONTINUITY MANAGEMENT GUIDELINES FOR BANKS AND FINANCIAL INSTITUTIONS
BUSINESS CONTINUITY MANAGEMENT GUIDELINES FOR BANKS AND FINANCIAL INSTITUTIONS DIRECTORATE OF BANKING SUPERVISION AUGUST 2009 TABLE OF CONTENTS PAGE 1.0 INTRODUCTION..3 1.1 Background...3 1.2 Citation...3
More informationDisaster Recovery Planning
Disaster Recovery Planning This is a brief guide, with a suggested table of contents, to help you get started with putting together your Disaster Recovery Plan (DRP) Pensar can assist you in completing
More informationDesktop Scenario Self Assessment Exercise Page 1
Page 1 Neil Jarvis Head of IT Security & IT Risk DHL Page 2 From reputation to data loss - how important is business continuity? Neil Jarvis Head of IT Security (EMEA) DHL Logistics IT Security Taking
More informationUnit Guide to Business Continuity/Resumption Planning
Unit Guide to Business Continuity/Resumption Planning (February 2009) Revised June 2011 Executive Summary... 3 Purpose and Scope for a Unit Business Continuity Plan(BCP)... 3 Resumption Planning... 4 Assumptions
More informationA Guide for School Board Education Continuity Planning
A Guide for School Board Planning by Dave Jackson This resource outlines considerations and guidelines to assist school boards in business continuity planning. Included in the report are: Information regarding
More informationNACo RMA LLC and NACo RMA Disaster Recovery and Business Continuity Plan. January, 2013. Page 1
I. Emergency Contact Persons Our firm s emergency contact person is Mr. Peter Torvik, ptorvik@naco.org. This plan will be updated in the event of a material change, and our Compliance Responsible Person
More informationPost-Class Quiz: Business Continuity & Disaster Recovery Planning Domain
1. What is the most common planned performance duration for a continuity of operations plan (COOP)? A. 30 days B. 60 days C. 90 days D. It depends on the severity of a disaster. 2. What is the business
More informationFacilitated By: Ken M. Shaurette, CISSP, CISA, CISM, CRISC FIPCO Director IT Services
Facilitated By: Ken M. Shaurette, CISSP, CISA, CISM, CRISC FIPCO Director IT Services 1 Today s Agenda Structure of Today s Discussion Set Objectives General overview of DR/BCP Exercise Assumptions Scenarios
More informationProcessing Sites for Commonwealth Agencies
Information Technology Supporting Documentation Commonwealth of Pennsylvania Governor's Office of Administration/Office for Information Technology Document Number: OPD-SYM004A Document Title: Guidelines
More informationSTATE SUPPORT FUNCTION ANNEX 2 COMMUNICATIONS
STATE SUPPORT FUNCTION ANNEX 2 COMMUNICATIONS PRIMARY AGENCIES: Department of Information and Innovation Department of Public Safety, Radio Technology Services SUPPORT AGENCIES: Agency of Transportation
More informationBusiness Continuity and Emergency Preparedness Planning. Vandita Zachariah, MA, MBA, CIA HHSC Internal Audit Division May 21, 2010
Business Continuity and Emergency Preparedness Planning Vandita Zachariah, MA, MBA, CIA HHSC Internal Audit Division May 21, 2010 Overview Define key terms and list essential elements of business continuity
More informationBest Practices in Disaster Recovery Planning and Testing
Best Practices in Disaster Recovery Planning and Testing axcient.com 2015. Axcient, Inc. All Rights Reserved. 1 Best Practices in Disaster Recovery Planning and Testing Disaster Recovery plans are widely
More informationFederal Financial Institutions Examination Council FFIEC. Business Continuity Planning BCP MARCH 2003 MARCH 2008 IT EXAMINATION
Federal Financial Institutions Examination Council FFIEC Business Continuity Planning MARCH 2003 MARCH 2008 BCP IT EXAMINATION H ANDBOOK TABLE OF CONTENTS INTRODUCTION... 1 BOARD AND SENIOR MANAGEMENT
More informationThe Weill Cornell Medical College and Graduate School of Medical Sciences. Responsible Department: Information Technologies and Services (ITS)
Information Technology Disaster Recovery Policy Policy Statement This policy defines acceptable methods for disaster recovery planning, preparedness, management and mitigation of IT systems and services
More informationPAPER-6 PART-1 OF 5 CA A.RAFEQ, FCA
1 Chapter-4: Business Continuity Planning and Disaster Recovery Planning PAPER-6 PART-1 OF 5 CA A.RAFEQ, FCA Learning Objectives 2 To understand the concept of Business Continuity Management To understand
More informationBusiness Continuity and Disaster Recovery Policy
Maine State Government Dept. of Administrative & Financial Services Office of Information Technology (OIT) Business Continuity and Disaster Recovery Policy I. Statement The Office of Information Technology
More informationState of South Carolina Policy Guidance and Training
State of South Carolina Policy Guidance and Training Policy Workshop All Agencies Business Continuity Management Policy June 2014 Agenda Questions & Follow-Up Policy Workshop Overview & Timeline Policy
More informationBuilding a Disaster Recovery Program By: Stieven Weidner, Senior Manager
Building a Disaster Recovery Program By: Stieven Weidner, Senior Manager Part two of a two-part series. If you read my first article in this series, Building a Business Continuity Program, you know that
More informationBusiness Continuity Planning for Risk Reduction
Business Continuity Planning for Risk Reduction Ion PLUMB ionplumb@yahoo.com Andreea ZAMFIR zamfir_andreea_ileana@yahoo.com Delia TUDOR tudordelia@yahoo.com Faculty of Management Academy of Economic Studies
More informationBusiness Continuity & Recovery Plan Summary
Introduction An organization s ability to survive a significant business interruption is determined by the company s ability to develop, implement, and maintain viable recovery and business continuity
More informationTHORNBURG INVESTMENT MANAGEMENT THORNBURG INVESTMENT TRUST. Business Continuity Plan
THORNBURG INVESTMENT MANAGEMENT THORNBURG INVESTMENT TRUST Business Continuity Plan June 2012 Purpose The purpose of this Business Continuity Plan ( BCP ) is to define the strategies and the plans which
More informationBusiness Continuity Overview
Business Continuity Overview Beverley A. Retjos Senior Manager WW SWG Security & Controls 03/12/07 Business Continuity Management (BCM) Process of ensuring that a business is prepared to survive any disruption
More informationSuccess or Failure? Your Keys to Business Continuity Planning. An Ingenuity Whitepaper
Success or Failure? Your Keys to Business Continuity Planning An Ingenuity Whitepaper May 2006 Overview With the level of uncertainty in our world regarding events that can disrupt the operation of an
More informationCENTRAL BANK OF KENYA (CBK) PRUDENTIAL GUIDELINE ON BUSINESS CONTINUITY MANAGEMENT (BCM) FOR INSTITUTIONS LICENSED UNDER THE BANKING ACT
CENTRAL BANK OF KENYA (CBK) PRUDENTIAL GUIDELINE ON BUSINESS CONTINUITY MANAGEMENT (BCM) FOR INSTITUTIONS LICENSED UNDER THE BANKING ACT JANUARY 2008 GUIDELINE ON BUSINESS CONTINUITY GUIDELINE CBK/PG/14
More informationAPPENDIX 7. ICT Disaster Recovery Plan
APPENDIX 7 ICT Disaster Recovery Plan This policy was approved and ratified by the Governing Body of Cox Green School on 15 th October 2013 Signed: Chair of Governors Date: Ratified: Oct 2013 Review: Sep
More informationBusiness Continuity. Disaster Recovery Plan
Business Continuity Disaster Recovery Plan Emergency Contact Persons Phyllis Hollis, President & CEO O: (212) 916 3888 Cell: (917) 804 8021 Email: phollis@cavusecurities.com Kinchen Bizzell, Managing Director,
More informationBusiness Continuity Plan
Business Continuity Plan Introduction This manual documents the business continuity plan for Eastwood Wealth Management, an LPL Financial branch office that conducts business in: equity, fixed income,
More informationBUSINESS IMPACT ANALYSIS
Introduction A Business Impact Analysis (BIA) is an assessment by the Business of the potential financial and non-financial impact of an outage. It is designed to define the basic requirements for the
More informationBusiness Continuity (Policy & Procedure)
Business Continuity (Policy & Procedure) Publication Scheme Y/N Can be published on Force Website Department of Origin Force Operations Policy Holder Ch Supt Head of Force Ops Author Business Continuity
More informationInstitute for Business Continuity Training 1623 Military Road, # 377 Niagara Falls, NY 14304-1745
ECP - 601: Effective Business Continuity Management: ISO 22301 This 3-day course provides an intensive, hands-on workshop covering all major aspects for the design of an effective Business Continuity Plan
More informationTable of Contents... 1
... 1 Chapter 1 Introduction... 4 1.1 Executive Summary... 4 1.2 Goals and Objectives... 5 1.3 Senior Management and Board of Directors Responsibilities... 5 1.4 Business Continuity Planning Processes...
More informationTemple university. Auditing a business continuity management BCM. November, 2015
Temple university Auditing a business continuity management BCM November, 2015 Auditing BCM Agenda 1. Introduction 2. Definitions 3. Standards 4. BCM key elements IT Governance class - IT audit program
More informationCISM Certified Information Security Manager
CISM Certified Information Security Manager Firebrand Custom Designed Courseware Chapter 4 Information Security Incident Management Exam Relevance Ensure that the CISM candidate Establish an effective
More informationCITY OF RICHMOND CONTINUITY OF OPERATIONS (COOP) DEPARTMENT PLAN TEMPLATE
CITY OF RICHMOND CONTINUITY OF OPERATIONS (COOP) DEPARTMENT PLAN TEMPLATE Version 2 February 2010 This template is derived from the Virginia Department of Emergency Management (VDEM) Local Government COOP
More informationBusiness continuity plan
Business continuity plan Business continuity plan for Author:. (Position..) Date: This plan is reviewed annually Please populate the blue areas in this document with the information you collected in the
More informationPrudential Practice Guide
Prudential Practice Guide SPG 232 Business Continuity Management July 2013 www.apra.gov.au Australian Prudential Regulation Authority Disclaimer and copyright This prudential practice guide is not legal
More informationB.1 DISASTER RECOVERY
B.1 DISASTER RECOVERY Technology Recovery Strategy (20 hours) To confirm that MHS has developed an overall strategy to Standard: EM.02.01.01 - The hospital has an Emergency Operations Plan. (EP#4) manage
More informationNORTH HAMPSHIRE CLINICAL COMMISSIONING GROUP BUSINESS CONTINUITY MANAGEMENT POLICY AND PLAN (COR/017/V1.00)
NORTH HAMPSHIRE CLINICAL COMMISSIONING GROUP BUSINESS CONTINUITY MANAGEMENT POLICY AND PLAN (COR/017/V1.00) Subject and version number of document: Serial Number: Business Continuity Management Policy
More informationTufts Health Plan Corporate Continuity Strategy
Tufts Health Plan Corporate Continuity Strategy July 2015 OVERVIEW The intent of this document is to provide external customers and auditors with a highlevel overview of the Tufts Health Plan Corporate
More informationThe University of Iowa. Enterprise Information Technology Disaster Plan. Version 3.1
Version 3.1 November 22, 2004 TABLE OF CONTENTS PART 1: DISASTER RECOVERY EXPECTATIONS... 3 OVERVIEW...3 EXPECTATIONS PRIOR TO AN INCIDENT OCCURRENCE...3 EXPECTATIONS PRIOR TO A DISASTER OCCURRENCE...4
More informationProposal for Business Continuity Plan and Management Review 6 August 2008
Proposal for Business Continuity Plan and Management Review 6 August 2008 2008/8/6 Contents About Newton IT / Quality of our services. BCM & BS25999 Overview 2. BCM Development in line with BS25999 3.
More informationPARKES SHIRE COUNCIL BUSINESS CONTINUITY POLICY
PARKES SHIRE COUNCIL BUSINESS CONTINUITY POLICY PARKES SHIRE COUNCIL BUSINESS CONTINUITY POLICY CONTENTS INTRODUCTION... 1 PURPOSE... 1 POLICY... 1 DEFINITIONS... 1 RESPONSIBILITY... 1 RELATED DOCUMENTATION...
More informationBusiness Continuity Management
Business Continuity Management Policy Statement & Strategy July 2009 Basildon District Council Business Continuity Management Policy Statement The Council is committed to ensuring robust and effective
More informationFranklin County Emergency Management Department (FCEMD) All County Emergency Response Team (CERT) Agencies. Table of Contents
Concept of Operations Lead Agency Support Agency Standard Operating Procedures Emergency Operations Center (EOC) Franklin County Emergency Management Department (FCEMD) All County Emergency Response Team
More informationEmergency Operations Plan ANNEX K - UTILITIES RESTORATION ESF #3, #12 I. MNWALK REQUIREMENTS. Item #: 1, 4, 46, 53, 54
ANNEX K - UTILITIES RESTORATION ESF #3, #12 I. MNWALK REQUIREMENTS Item #: 1, 4, 46, 53, 54 II. PURPOSE The purpose of this annex is to describe the organization, operational concepts and responsibilities
More informationD2-02_01 Disaster Recovery in the modern EPU
CONSEIL INTERNATIONAL DES GRANDS RESEAUX ELECTRIQUES INTERNATIONAL COUNCIL ON LARGE ELECTRIC SYSTEMS http:d2cigre.org STUDY COMMITTEE D2 INFORMATION SYSTEMS AND TELECOMMUNICATION 2015 Colloquium October
More informationBoston College. Departmental Business Continuity Planning
Boston College Departmental Business Continuity Planning Spring 2013 1 BUSINESS CONTINUITY PROGRAM GOAL The goal of the Boston College Business Continuity Program is to ensure that all departments and
More informationBusiness Continuity. Port environment
Business Continuity Port environment DEFINE BUSINESS CONTINUITY WHAT IT IS NOT RECOVERY FOCUS: PEOPLE PROCESSES TECHNOLOGY DELIVERABLES INFRAGARD DEFINITION MANAGEMENT PROCESS DEVELOPING ADVANCE PROCEDURES
More informationPrudential Practice Guide
Prudential Practice Guide LPG 232 Business Continuity Management March 2007 www.apra.gov.au Australian Prudential Regulation Authority Disclaimer and copyright This prudential practice guide is not legal
More informationBusiness Continuity Management
Business Continuity Management Standard Operating Procedure Notice: This document has been made available through the Police Service of Scotland Freedom of Information Publication Scheme. It should not
More informationBUSINESS CONTINUITY PLAN
BUSINESS CONTINUITY PLAN Signed Governor Print Name Date: Review: 1 To provide guidance to school staff, governors and external parties on how to react to disruption major or minor. 1. Rationale 1.1 To
More informationTitle: DISASTER RECOVERY/ MAJOR OUTAGE COMMUNICATION PLAN
POLICY: This policy is intended to address organizational wide communication executed during a or major IS service outage. When a disaster occurs or when any critical system/infrastructure component is
More informationInformation Security Policy September 2009 Newman University IT Services. Information Security Policy
Contents 1. Statement 1.1 Introduction 1.2 Objectives 1.3 Scope and Policy Structure 1.4 Risk Assessment and Management 1.5 Responsibilities for Information Security 2. Compliance 3. HR Security 3.1 Terms
More informationClinic Business Continuity Plan Guidelines
Clinic Business Continuity Plan Guidelines Published: January 2015 Table of Contents Emergency Notification Contacts Primary... 2 Emergency Notification Contacts Backups (in case primary is unavailable)...
More informationTUFTS HEALTH PLAN CORPORATE CONTINUITY STRATEGY FREQUENTLY ASKED QUESTIONS OVERVIEW CORPORATE CONTINUITY PROGRAM.
TUFTS HEALTH PLAN CORPORATE CONTINUITY STRATEGY FREQUENTLY ASKED QUESTIONS July 2015 OVERVIEW The intent of this document is to provide external customers and auditors with a high-level overview of the
More informationIncident Management Team The Eight Step Implementation Model. The 8 Step
Incident Management Team The Eight Step Implementation Model The 8 Step 1 Incident Management Team Organization The 8 Step 2 The 8 Step 3 Incident Evaluation Flowchart Incident Management Team Activation
More informationBUSINESS CONTINUITY PLANNING
Policy 8.3.2 Business Responsible Party: President s Office BUSINESS CONTINUITY PLANNING Overview The UT Health Science Center at San Antonio (Health Science Center) is committed to its employees, students,
More informationEMERGENCY MANAGEMENT POLICY
Effective Date: November 2, 2009 Supersedes/Amends: VRS-50/December 2006 Originating Office: Office of the Vice-President, Services Policy Number: VPS-50 SCOPE This policy applies to all members of the
More informationBusiness Unit CONTINGENCY PLAN
Contingency Plan Template Business Unit CONTINGENCY PLAN Version 1.0 (Date submitted) Submitted By: Business Unit Date Version 1.0 Page 1 1 Plan Review and Updates... 3 2 Introduction... 3 2.1 Purpose...
More informationB U S I N E S S C O N T I N U I T Y P L A N
B U S I N E S S C O N T I N U I T Y P L A N 1 Last Review / Update: December 9, 2015 Table of Contents Purpose...3 Background...3 Books and Records Back-up and Recovery...4 Mission Critical Systems...
More informationBusiness Continuity Planning for Schools, Departments & Support Units
Business Continuity Planning for Schools, Departments & Support Units 1 What is Business Continuity Planning? Examples Planning for an adverse, major or catastrophic event that would cause a disruption
More informationBUSINESS CONTINUITY POLICY
BUSINESS CONTINUITY POLICY Last Review Date Approving Body n/a Audit Committee Date of Approval 9 th January 2014 Date of Implementation 1 st February 2014 Next Review Date February 2017 Review Responsibility
More informationSupervisory Policy Manual
This module should be read in conjunction with the Introduction and with the Glossary, which contains an explanation of abbreviations and other terms used in this Manual. If reading on-line, click on blue
More informationICT Contingency Plan Top Level Plan
ICT Contingency Plan Top Level Plan - 1 - Document Control Information Title: ICT Contingency Plan: Top Level Plan Date: June 2013 Version: 3.0 Authors: John Redeyoff (NCC) Contents by Neil Dudleston /
More informationOhio Conference for Payroll Professionals Disaster Recovery
Ohio Conference for Payroll Professionals Disaster Recovery Speaker Bruce E. Phipps CPP 2011 APA Payroll Man of the Year Principal Product Manager US Legislative Analyst ORACLE Corporation bruce.phipps@oracle.com
More informationFederal Financial Institutions Examination Council FFIEC BCP. Business Continuity Planning FEBRUARY 2015 IT EXAMINATION H ANDBOOK
Federal Financial Institutions Examination Council FFIEC Business Continuity Planning BCP FEBRUARY 2015 IT EXAMINATION H ANDBOOK Table of Contents Introduction 1 Board and Senior Management Responsibilities
More informationBusiness Continuity Plan Assessment Tool v1.0
Appendix 5 Annex F To NSERP Business Continuity Plan Assessment Tool v1.0 Continuity Plan Assessment Tool v1.0.doc Page 1 of 17 Business Continuity Plan Assessment Tool v1.0 This tool is designed to assess
More informationGlossary. Alert. Alternate Site
Glossary This glossary has been adapted from the glossary of terms provided by the editorial advisory board of The Disaster Recovery Journal as a resource for business continuity planning. The full glossary
More informationESCB definitions of major business continuity terms in relation to payment and securities settlement systems 1
ESCB definitions of major business continuity terms in relation to payment and securities settlement systems 1 June 2007 The ESCB has developed a glossary of major business continuity terms for market
More informationLAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL. for INFORMATION RESOURCES
LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL for INFORMATION RESOURCES Updated: June 2007 Information Resources Security Manual 1. Purpose of Security Manual 2. Audience 3. Acceptable
More informationGuideline on Business Continuity Management
Circular No. 033/B/2009-DSB/AMCM (Date: 14/8/2009) Guideline on Business Continuity Management The Monetary Authority of Macao (AMCM), under the powers conferred by Article 9 of the Charter approved by
More informationManaging business risk
Managing business risk What senior managers need to know about business continuity bell.ca/businesscontinuity Information and Communications Technology (ICT) has become more vital than ever to the success
More informationOadby and Wigston Borough Council. Information and Communications Technology (I.C.T.) Section
Appendix 1 Oadby and Wigston Borough Council Information and Communications Technology (I.C.T.) Section Information Communication Technology Contingency and Disaster Recovery Plan Version 0.1 10/04/09
More informationNCUA LETTER TO CREDIT UNIONS
NCUA LETTER TO CREDIT UNIONS NATIONAL CREDIT UNION ADMINISTRATION 1775 Duke Street, Alexandria, VA 22314 DATE: December 2001 LETTER NO.: 01-CU-21 TO: SUBJ: ENCL: All Federally Insured Credit Unions Disaster
More informationDisaster Recovery Policy
Disaster Recovery Policy INTRODUCTION This policy provides a framework for the ongoing process of planning, developing and implementing disaster recovery management for IT Services at UCD. A disaster is
More informationBUSINESS CONTINUITY PLAN
How to Develop a BUSINESS CONTINUITY PLAN To print to A4, print at 75%. TABLE OF CONTENTS SUMMARY SUMMARY WHAT IS A BUSINESS CONTINUITY PLAN? CHAPTER PREPARING TO WRITE YOUR BUSINESS CONTINUITY PLAN CHAPTER
More information