1 Finance and Resources Committee 29 Report on HPC s Disaster Recovery test 21 st May 2010 Executive summary and recommendations An interdepartmental disaster recovery exercise was carried out on the 21 st of May, following two days of small scale testing. The report below indicates the progress of the test, the background scenario, and changes to be made to the plan. Decision The Council/Committee is requested to note the document. No decision is required. Background information HPC s Disaster Recovery Plan Resource implications Requirement to include additional employees in the testing of the plan will require some accommodation within work plans Financial implications No long term costs, but some OPEX when running future tests. Appendices None Date of paper 30 th June
2 Interdepartmental Disaster Recovery Exercise Lessons Learnt 21 st May 2010 On Friday 21 st May 2010 HPC held its annual exercise of the disaster recovery (DR) plan involving members of all departments, at the ICM Disaster Recovery centre near Uxbridge. Participants were pre warned, and asked to assemble in Uxbridge at 10 am. Roy Dunn created the following scenario, having consulted Marc Seale, in advance of the test. The scenario was designed to be more difficult than previous tests, and more closely emulate what happens in real life incidents, and Emergency Services disaster planning tests. The scenario A serious road traffic accident involving Kennington Park Road and Kennington tube station, the details emerging in stages during the day, see the Appendix to this report for details. The participants The following met in the meeting room at the ICM s disaster recovery (DR) centre at New Denham near Uxbridge, chaired by Marc Seale: Osama Ammar (Education), Manj Dhaliwal (Finance), Guy Gaskins (IT), Michael Guthrie (Policy and Standards), Louise Hart (Secretariat), Teresa Haskins (HR), Jacqueline Ladds (Communications), Chantelle Mayoss (Registration), Denis Risman (Projects), Greg Ross-Sampson (Operations), Eve Seall (Fitness to Practise), Marc Seale (Chief Executive and Registrar). Tom Berrie and Roy Dunn (Business Process Improvement), attended the meeting as observers, and to advise and take notes. David Aboagye observed on behalf of the HPC s internal auditors, PKF (UK). The Council Chair, Anna van de Gaag joined the meeting at 11:20 as a part of the exercise and Jonathan Bracken (Bircham Dyson Bell) at 11:46 to advise on legalities. Tyrone Goulbourne and Rick Welsby set up and operated the IT systems in the recovery suite assigned to the HPC for the day. Information route into the exercise HPC currently receive updates from the City Police force via i-modus, an alerting system supported by Vocal Communications. Reports of planned or adhoc demonstrations, suspicious activity, criminal activity, major road traffic accidents and terrorist activity are pushed out to those organisations signed up to the service. This is designed to bridge the gap between the emergency services and organisations that may be impacted, or need to respond in some way.
3 For the purposes of the test the inbound information emulated i-modus messages. The exact content is indicated in the Appendix. The exercise All members of EMT currently available or their representatives and other members of staff involved in the exercise, arrived as previously instructed at about 10:00 am. Members of EMT brought their own copies of the Disaster Recovery Plan. The meeting received the first item of information at 10:15 hrs; (1 ½ hours since the incident): A multiple vehicle RTA has closed Kennington Tube Station. It is expected to be reopened within an hour and a half. This had occurred at about 8:45 that morning. First stage: Recovery Plan Pages ) Decide if you need to evacuate the building. 2) Decide to stay or go In most instances, as set out in the Disaster Recovery Plan, members of EMT and other senior staff would be at the Council s offices and making the decision there, as set out in 1) and 2) of the Plan, whether or not to go to the DR centre near Uxbridge. In this instance, for the purpose of this exercise, the large majority of members of EMT were at the DR centre already. This could well be the case if a disaster occurred before the official office opening hours and word of this could be got to the Chief Executive and Registrar and EMT beforehand. The decision regarding evacuation therefore in such cases would be made remotely, eg from the DR centre, in consultation with the most senior employees still at Park House. However, it is likely that, as for this exercise, the large majority of the rest of the employees would already be in the Council s offices. The meeting received the second item of information11:15 hrs (2 ½ hours since the incident): A localised fire in the vicinity of the Road Traffic Accident has delayed reopening of Kennington tube station. Local residents are asked to stay in doors with windows closed. Normally this would involve some sort of police cordon, preventing access to the affected area round the station. In this instance, this could include the Council s offices.
4 It was agreed that the disaster recovery process be invoked and that the initial meeting be formally opened, going through each remaining section of the Disaster Recovery Plan Day 1 strictly in sequence. 3) If invoking (If they were not already there, normally EMT and other key staff would now go by the quickest route to the DR centre.) The Council Chair would now be contacted. It was recognised that the general instruction for residents to close their windows was significant, and in this situation it would not be advisable, at this stage, to evacuate the Council s offices. Oz Ammar for the purpose of the exercise rang Park House, and determined that Kelly Johnson was in the building and was the only member of EMT there. It was agreed that Kelly Johnson would be appointed as the Disaster Recovery Coordinator at the Council s offices. The priority was to account for all persons in the building and more important, those likely to be travelling to the Council s offices, in case they were involved in the accident or to prevent them getting caught up in its consequences. It was agreed that it would be necessary to do whatever possible to stop anyone from travelling to the Council s offices and to instruct them to return from whence they came. Kelly Johnson would be asked to organize the closing of all windows and doors in all buildings, and go round the building to ensure that it had been carried out and that staff remained indoors for their own safety. (There was no decision to shut down the fresh air circulation system.) She would also be instructed to arrange an all-staff meeting, immediately, to give them as much information as was available and list all present, She would be instructed to ring a designated individual at the DR centre every 15 minutes with updates. She would also need to determine who else was in the whole building and likely to be travelling to it, ie Council members, as, for the purpose of the exercise, a Council meeting was timed for 10:30 with two substantive items to agree signing off a fee change and Rules change; and decision on signing a major IT contract panel members and other partners, given that there was for the purpose of the exercise a CPD assessment day taking place and likely to be fitness to practise hearings contractors visitors It was noted that in these circumstances, a coordinator would also be needed at the DR centre, as well as at the Council s offices, with a different title. It was agreed that an additional item for the Plan be considered to include reference to this.
5 Second stage: Recovery Plan Pages ) Commencement meeting Normally this would begin as soon as all arrived. In this instance, all except the Council Chair and Jonathan Bracken were already there and the meeting had already begun. This meeting would be of vital importance; at it all present would be assigned appropriate roles and the following would take place, in this order: 2) and 3) a communications and IT continuity plan would be initiated 4) The HPC lockers or war boxes would be accessed. Two participants accessed the three lockers at the centre assigned to HPC, in which there were two more full copies of the Plan, plus stationery, sets of Council cheques and the Finance Department s card-reader, which gives access to the Council s bank account and enables specific members of the Department to make emergency payments etc. 5) a) The four UK health departments would be contacted. b) As many Council members as possible would be contacted to inform them of the situation. The meeting received the third item of information at 12:15 hrs (3 ½ hours since the incident): The Kennington area SW of the tube station is being evacuated by specialist teams. The area will be closed for at least a week. It was recognised that being evacuated by specialist teams was significant, and therefore staff inside the Council offices would need to remain their until contacted by these teams; in the meantime they would require reassurance and to remain calm. For the exercise, at this stage five members of staff were reported as not in the Council offices and were not otherwise accounted for, and their names were noted. Subsequently four out of the five were accounted for by contacting their next of kin. In this instance it would be necessary to decide whether it would be possible to hold a Council meeting at the DR centre or whether it should be cancelled. On the whole it was considered unrealistic at such short notice to get Council members, many of whom were probably now shut in the Council offices and currently unable to leave, to travel to the centre. 6) Determine business impact of invoking now, any changes to requirements
6 An appropriate business plan would now need to be devised for the foreseeable future, as at least a week could imply considerably longer. The meeting now determined in detail the impact on the organization and its business of invoking the Plan including a) the effect on renewals, CPD submissions etc b) if extra desks, PCs and telephones were needed at the centre, or alternatives c) if additional office space elsewhere needed d) ensure such additional items were booked. 7) Telephone redirection For the exercise, one of the HPC lines was redirected by BT to the centre. At the moment the centre can offer one redirected line, which does not cascade calls to manage the queues callers. It was agreed that ICM be asked if this could be arranged in future. The relevant staff would need to be able to change the recorded phone messages. Post to the Council s offices would also need redirecting to an appropriate designated place. The meeting received the fourth item of information: The Kennington area has potentially been subjected to low level radioactive waste contamination. The meeting then received the sixth item of information at (6 hours after the incident): The Kennington area will be subject to a clean up of localised Hot Spots by specialist teams over the next 3 months. The location of the hot spots will be confirmed over the next week and residents will be temporarily re-housed. Businesses may be offered assistance in finding temporary accommodation where possible from stock in the South London area. This assistance will only be provided after residents in the area have been relocated successfully. HR Specific scenario No casualties reported, other than one lorry driver with chemical burns. It was agreed that HPC would seek the assistance offered at the earliest appropriate moment. Having determined that the HPC would not have access to its offices for some considerable time, it was agreed that the Facilities Manager (or his line manager, the Director of Operations) would immediately be given authority to investigate alternative accommodation for use over an indefinite period.
7 Departmental sections of the Plan The meeting broke to allow each department s representative to consider their own section of the Plan; during the break the Council Chair arrived at 11:20. Each departmental representative then set out what would be their department s response. During this, the meeting received the sixth item of information: Phone message from Neil Cohen(Registrations Customer Service Manager) The office has been evacuated. The building is locked, but power is still on. An office closed message has been put on the main office number but there was not time to make changes to other lines Guy Gaskins commented that, normally, under such circumstances the power and computing system would remain on, but that IT staff could turn off the computing system remotely if necessary. The meeting discussed further the likely role of individuals at the DR centre at this very early stage of the emergency. Whilst it was acknowledged that it would not be possible to specify each role and function in detail, those present considered whether it would be useful to have some form of advisory document at the centre, which set out the likely roles required and who would likely do what and when. It was agreed that this suggestion be considered in more detail by each department and that they produce their own requirements and guidelines. It was also agreed that each department be recommended to run their own DR exercise and training in cooperation with the Business Process Improvement section. Key members of each department needed to know that they would play an important part in the recovery plan and that they could be asked, in emergency to do the unexpected, and some would need to take charge in a particular situation and circumstance. They therefore needed appropriate preparation. The meeting received the seventh and eighth item of information: Telephone message from Claire Harkin (Registrations Customer Service Manager): Two employees that were due to arrive at the office before 9am did not arrive. and Casualties have been reported at Kennington tube station. And finally,
8 A London Fire Brigade remote camera has located casualties, one of whom was carrying a HPC rucksack. Unable to determine gender at this stage as the body is badly burned. The meeting discussed what would be the appropriate action for HPC, as their employer, for members of staff still unaccounted for and in particular, the above scenario where an, as yet unidentified, body had been found. It would be easy and reasonable to jump to the conclusion that this individual was the member of staff still unaccounted for. It was agreed that at this stage it would be better to leave such matters, for example contacting next of kin, to the police. However, it was acknowledged that the HR Department would need to be prepared to deal with the inevitable emotional and psychological responses of staff to the potential loss of a colleague, and possible trauma and resulting stress. Jonathan Bracken arrived at 11:46. At 11:50 Marc Seale received a simulated phonecall from the Daily Telegraph which he passed to Jacqueline Ladds on behalf of the Communications Department to deal with, as would be the case in a real situation. The meeting discussed whether members of the Communications team should tell representatives of the press or broadcasters that members of staff were still unaccounted for. Jonathan Bracken confirmed the view taken above and advised that, at this stage, they should not do so, as it was a matter for the police. Although the rucksack was an HPC one, this was not incontrovertible proof that the individual was an HPC employee. It could, for example, have been stolen. During Teresa Haskins presentation of the HR section of the Plan, it was agreed that it should include an item on partners. Manj Dhaliwal reported that she had tested the Finance Department s cardreader, which had worked as it should. During Chantelle Mayoss presentation of the Registration Department s section of the Plan the following queries were discussed and responses agreed: For health & safety reasons it was agreed advisable to provide headsets for the phones for the Department s staff answering calls, particularly as they would be, in the first instance, 10 people only and taking calls the entire day. Unprocessed applications, renewals, CPD profiles: The meeting discussed the ways that Registration staff could deal with applications for registration or renewal, CPD profiles, etc for example those that were left in the HPC building and could not be retrieved, and those sent immediately after the evacuation. Discussing whether to waive fees, it was agreed that maintaining the flow of funds to HPC was vital and there were various ways of approving applications quickly in emergency. Jonathan Bracken advised that the Council could legally extend its deadlines for receipt of applications and retention periods, if reasonable. In particular, it would want to avoid inadvertently lapsing large numbers of registrants. A line and machine would be available to take payments over the phone.
9 Emergency Council meeting At 12:40 a simulated Council meeting was held. Jonathan Bracken advised that in a serious emergency such as this, the Privy Council and courts would acknowledge the validity of what was done, provided the Council could demonstrate that the action taken was reasonable. It would therefore be advisable that the reasons for every major decision made be formally set out. A record, probably by the Council Secretary, would therefore need to be kept for each decision. This would also be advisable for insurance purposes, so that the Council s insurers could not refuse payment on grounds that an action had been decided upon and taken unlawfully. In any organization, the large majority of decisions and actions taken are carried out routinely by the executive anyway and do not require additional powers. The Chief Executive as Registrar can take decisions in such circumstances, or jointly with the Council Chair. It is also legitimate to use under these circumstances to get Council s ratification of major items. The fee increase is a good example. The Privy Council and courts would take the view that this could not be a decision taken by the Chief Executive as Registrar alone, as there would be time to make alternative arrangements, such as via . It was agreed that a template for executive decisions in various emergency situations be produced. Recap of the day Following the simulated Council meeting, the meeting discussed the exercise itself and considered matters arising from it. It was agreed that the Plan itself as a document worked well, and that it is very important, both during an exercise and in a real-life incident, to work through it systematically, paragraph by paragraph. This ensures that everything that needs to be covered is covered. The Plan thereby gives format and structure to events which are inherently difficult and uncertain, and are likely to be a source anxiety, even distress. It was agreed that, to ensure continuity, the members of EMT attending the first, commencement meeting at the centre, or their delegates, would need to stay at the meeting, apart from coffee and comfort breaks, and assign others at the centre to go out of the room to carry our required tasks. As a participant in any disaster recovery plan in real life, it was agreed that a copy of the Plan be sent to Jonathan Bracken. It was also agreed that IT and Business Process Improvement would consider whether the Plan should be put onto each manager s Blackberry or laptop. It was emphasized that in any emergency where the Plan is invoked, only the appropriate individuals actually needed there should attend the centre itself and that this should be clearly communicated to all staff. Otherwise a number would be tempted to head towards the DR centre automatically, causing confusion and overcrowding; they would then need to be sent home or to the locations where
10 they should actually be. Each department needs to be clear as to where its staff would need to go, including those who could easily and more appropriately work from home. All departments need to have prepared ways of communicating with their now disparate staff regularly and effectively. Tom Berrie commented that the advantage of this centre was that there are several possible routes to it, including Tube to Uxbridge via the Metropolitan or Piccadilly Lines from several main locations in London overground train to Denham railway station from Marylebone, then bus or taxi road via M25, M40/A40, M4 and A4, with parking at the centre. Each department was asked to ensure that its lists of names and addresses included in all the Disaster Recovery Plan folders are up-to-date. Tom Berrie reminded the meeting that he travels to the centre each month and will make appropriate changes to the two folders there if asked, and would be pleased to take any member of staff with him to show them the centre. Marc Seale stated that he believed all staff should be encouraged to visit the centre at some point, particularly those who would be important in any emergency situation. The meeting discussed ways of recapping and reflecting upon this particular exercise and it was agreed that EMT use one of its extended monthly meetings in the near future for this purpose, inviting the other members of staff who participated to take part for this item. The current ICM centre at New Denham is the one designated for use by HPC. For the next HPC-wide exercise, in 2011, it was agreed that another ICM location be considered, probably the one in Sevenoaks, which would thereby use a centre south of rather than north of the Council s offices. The exercise would look at various possible scenarios.
11 Recommendations to update plan following the test The following is based on an analysis of the test, from either EMT s actions, requests, or from the Test authors. These changes will be implemented in the next version of the plan to be circulated. 1.) Requirement for two Business Continuity Co-ordinators, if the organisation is effectively split by an incident. This was illustrated in this test as a large number of employees and stakeholders were said to be located in the HPC office buildings during the test scenario. The primary Business Continuity Co-ordinator is likely to be located at the DR Recovery site. The secondary location Business Continuity Co-ordinator role should ideally be filled by an experienced member of the HPC team with some form of managerial responsibility and gravitas, able to locally direct the employees at the location. Suggested personnel includes any EMT member or CDT member. 2.) Insert a Call Chain / Call Tree into the DR Plan to assist passing information around the organisation as soon as possible. This can also be used for delegating, where the primary process owner is not available (eg Director of Communications managing could be overseeing IT processes). Specific departmental responsibilities can be attached to named roles where appropriate, eg a back up person to maintain the HPC public website content indicating which Communications Department member is most appropriate. 3.) The plan is a guide to be used in any situation and it is necessarily detailed on many points, but a wide range of activities may not be applicable in all situations. Adhering to the plan in too great a detail could cause delay in essential decision making. As much as possible should be delegated to the Incident Management functions (see 4 below) as soon as possible. 4.) Consider arranging for additional members of each team to attend the DR site upon request, splitting into a traditional military or emergency services tiered set up. (See diagram below Incident Management Structure). EMT would occupy the meeting room, making strategic decisions and ensuring the plan was adhered to, or determining when not to adhere to the plan. An Incident Management Team (CDT and others) would get things running concentrating on tactical / operational issues in the suite with PC s, phones, printers etc. This would include setting up all IT services, redirecting phone lines, answering inbound press queries, post etc. 5.) Instructions on how to shut down the air circulation system where possible should be recorded in the DR Plan Facilities section.
12 6.) All process owners should check their parts of the DR plan for level of detail provided and accuracy and feed back any change requests to Business Process Improvement department as soon as possible. Other items falling under Business Process Improvement Overview - Incident management structure Executive Management Team IT Dir OPS Dir HR Directo r Finance Director BC Specialist Comms Dir Incident Management Team Heads of: Registrations Management HR Communications F acilities IS Departments with business-critical processes BC Specialist Strategic Tactical Operational Incident Response Groups (Ad-hoc) from those available Business Management Finance Payroll Purchasing Legal and Insurance Human Resources Health & Safety Recruitment Compensation and benefits Employee relations Resources Benefits Communications Crisis communications Internal and external Helpline & web site uploads IS Web Services Registration Services Networking Services Telecommunication Services Reporting Services IS Programme Services Facilities/Office Services Health & Safety Premises Security Maintenance Cleaning Catering Post and print GOLD Equivalent SILVER Equivalent BRONZE Equivalent Manage the crisis FTP & Departments with business-critical processes Manage recovery of business processes 7.) Those involved in the test requested that an even more rigorous test should be carried out next year, perhaps with the EMT section in one location and those actually operationally managing the set up of services in another location. This will be investigated. 8.) Consider arranging for other members of the organisation to receive i-modus messages, so that HPC is notified of events should we have to run the DR plan in a real life emergency. 9.) Any other items for discussion are requested.
13 Appendix NOT TO BE CIRCULATED TO EMT / DR TEAM BEFORE TEST All EMT & DR list employees potentially invited. Non-employees to be invited: Anna van der Gaag (HPC Chair) Jonathan Bracken (BDB) David Aboagye (PKF Internal Audit) Background HPC Activity over period of test A Council meeting with a couple of high importance, time sensitive items including signing off the Fee change and Rules change; and decision on signing a major IT contract are in the meeting agenda. The DR team will need to decide what to do. Detail on incident. Incident reported at or around Kennington tube station 8.45 am Call local Police contact for further information. No information will be released by this route. However mock imodus messages will be supplied. These messages currently only go to Roy Dunn via . High level scenario A hospital clinical waste truck has been in collision with a fuel tanker. Low to medium level radioactive waste from a local hospital has been spilt by one truck, (this is essentially rubber gloves from the x-ray dept, old components). A resulting fire in the lift shafts has released asbestos and low level radioactive waste to the surrounding area. Prevailing wind at time of fire was to the SSW. The area will remain evacuated for the next month during a clean up of the asbestos and any radioactive hot spots. A decision will therefore be required to find office space for all essential staff for a period of at least one month. (Steve Hall is on vacation during the test so someone else will be required to take on this role). However, the amount of time the office is inaccessible will not be immediately apparent. Up to two employees may be casualties. One known, one not arrived in office, not at home. Information Elapsed time Scenario True time 1 +1 ½ hrs 10:15 RTA reported, Kennington tube closed 2 +2 ½ hrs 11:15 Local fire near or at Kennington tube 3 +3 ½ hrs 12:15 Kennington area being evacuated
14 4 +3 ½ hrs 12:15 Phone message from Neil Cohen 5 +4 hrs 12:45 Kennington potentially subjected to low level radioactive waste 6 +4 ½ hrs 13:15 Phone message from Claire Harkin 7 +4 ½ hrs 13:15 Casualties reported at tube station 8 +5 hrs 14:45 Report on remote camera 9 +6 hrs 15:45 Hot spot report and relocation imodus Message Situation Info #1 Elapsed time 1 ½ hours since incident. A multiple vehicle RTA has closed Kennington Tube Station. It is expected to be reopened within an hour and a half imodus Message Situation Info #2 Elapsed time 2 ½ hours since incident A localised fire in the vicinity of the Road Traffic Accident has delayed reopening of Kennington tube station. Local residents are asked to stay in doors with windows closed imodus Message Situation Info #3 Elapsed time 3 ½ hours since incident The Kennington area SW of the tube station is being evacuated by specialist teams. The area will be closed for at least a week imodus Message Situation Info #4 Elapsed time 4 hours since incident The Kennington area has potentially been subjected to low level radioactive waste contamination imodus Message Situation Info #5 Elapsed time 6 hours since incident The Kennington area will be subject to a clean up of localised Hot Spots by specialist teams over the next 3 months. The location of the hot spots will be confirmed over the next week and residents will be temporarily re-housed. Businesses may be offered assistance in finding temporary accommodation where possible from stock in the South London area. This assistance will only be provided after residents in the area have been relocated successfully. HR Specific scenario No casualties reported, other than one lorry driver with chemical burns.
15 hours since incident: Phone message from Neil Cohen The office has been evacuated. The building is locked, but power is still on. An office closed message has been put on the main office number but there was not time to make changes to other lines ½ hours since incident: Phone message from Clare Harkin Two employees that were due to arrive at the office before 9am did not arrive ½ hours since incident Casualties have been reported at Kennington tube station hours since incident: Phone message from London Ambulance Service (to HPC Human Resources Dept) A London Fire Brigade remote camera has located casualties, one of whom was carrying a HPC rucksack. Unable to determine gender at this stage as the body is badly burned.
Audit Committee, 20 March 2014 Annual Business Continuity test Executive summary and recommendations Introduction The HCPC Business Continuity Plan is exercised annually and this took place on 29 th November
Business Process Improvement Roy Dunn Human Resources No changes. Quality Management System (QMS) review meetings and internal audits The internal audit schedule for 2010-11 is running. Customer Service,
Major Incident Procedures What businesses and the voluntary sector need to know Introduction This guide is designed to increase the understanding of the roles and responsibilities of the emergency services
EVENT SAFETY MANAGEMENT PLAN For A Small/ Medium Scale Event To be held at Location: Date: CONTENTS Section Page INTRODUCTION 1 1.0 Event Details 2 1.1 Event Overview & Location 1.2 Event Schedule & Timings
Preparing a Disaster Recovery Plan (Church) In the event of a serious fire, a church may be required to close during the rebuilding period. The rebuilding process can take up to two years or more. Heritage
University Emergency Management Plan This plan has been designed to be consistent with the format of the Emergency Action Plans held by the departments and buildings of the University. This will enable
University of Hong Kong Emergency Management Plan (HKU emergency hotline: 3917 2882) Version 1.0 Oct 2014 (Issued by Safety Office) (Appendix 3 not included) UNIVERSITY OF HONG KONG EMERGENCY MANAGEMENT
Business Logo Here BUSINESS CONTINUITY PLAN FOR SMALL TO MEDIUM SIZED BUSINESSES DATE :??? VERSION:?? PRODUCED BY DURHAM CIVIL CONTINGENCIES UNIT BUSINESS CONTINUITY PLAN LIST OF CONTENTS 1. DISCLAIMER...4
Business Continuity Plan IMMEDIATE ACTIONS Manager/Supervisor 1. Ensure emergency services contacted 2. Ensure safety of personnel 3. Co-ordinate with the emergency services 4. Contact Senior members of
IN CONFIDENCE THE BRITISH LIBRARY BOARD BLB 12/35 OLYMPICS BUSINESS CONTINUITY PLANNING: PROGRESS UPDATE 1. PURPOSE OF PAPER The purpose of the paper is to report to the Board on the progress of the Library
Business continuity strategy 2009 2012 Table of contents 1 Why this strategy is needed 3 2 Aim of the strategy 4 3 Our approach to business continuity 4 PROCESS 4 STRUCTURE 5 DOCUMENTATION 6 DISRUPTION
Expecting the unexpected Business continuity in an uncertain world National Counter Terrorism Security Office (NaCTSO) The National Counter Terrorism Security Office is a police unit working to the Association
business continuity plan for: Insert your company name here Our statement of Business Continuity is: > To ensure all employees are competent to do their tasks, and to provide adequate training > To review
Business Continuity Planning Assistance for Young Enterprise Business Continuity Planning for small to medium-sized businesses This information will guide you through some steps that could help your business
Business Continuity Plan Guidance and Template to support Small Businesses Disclaimer This template and guidance is provided as general information about Business Continuity Planning. It is not intended
Gregory Morwood Senior Manager Security Services, KPMG Management Consulting, Melbourne, Australia States that business survival depends on the assured continuity of core business activities and supporting
Auditing Business Continuity Planning Tips and techniques a typical audit programme Karen Wills, Senior Internal Auditor St James s Place Wealth Management February 2014 Contents Background Roles and Responsibilities
THE ROLE OF LEAD GOVERNMENT DEPARTMENTS IN PLANNING FOR AND MANAGING CRISES THE FRAMEWORK FOR ACTION 1. Most incidents are handled at a local level by the emergency services and by the appropriate local
Audit Committee 29 September 2011 Internal audit report Information Security / Data Protection review Executive summary and recommendations Introduction Mazars have undertaken a review of Information Security
Business Continuity Management Promotion A Template for Commercial & Voluntary Organisations Could your business safely handle a major crisis to its operations with a loss of Staff, Premises, Technology,
Business Continuity Plan For Disaster Recovery in the event of a Critical Incident April 2013 Table of Contents 1.0 Introduction... 3 2.0 Definitions... 3 3.0 General Information... 3 3.1 Review and Training...
Corporate Health and Safety Policy November 2013 Ref: HSP/V01/13 EALING COUNCIL Table of Contents PART 1: POLICY STATEMENT... 3 PART 2: ORGANISATION... 4 2.1 THE COUNCIL:... 4 2.2 ALLOCATION OF RESPONSIBILITY...
Plan Ref No: [INSERT NAME OF SCHOOL] BUSINESS CONTINUITY PLAN PLAN DETAILS Date Written Plan Owner Plan Writer Version Number Review Schedule 6 monthly Annually Date of Plan Review Date of Plan Exercise
Recommended by Emergency Preparedness Committee: April 21, 2009 Recommended by President s Council: May 1, 2009 Approved by Executive Committee: May 5, 2009 NAIT Procedures CS1.2.6 Flood Implementation
Compensation Policy Including statutory compensation, service failure and loss of amenities Version Final By: Watkin Morgan Senior Manager Maria McCarron BOM approved: 22 March 2010 CONTENTS Section Page
Force Policy & Procedure Reference Number Business Continuity Management D269 Policy Version Date 23 July 2015 Review Date 23 July 2016 Policy Ownership Portfolio Holder Links or overlaps with other policies
Merrycon s Approach to Business Continuity Management Business Continuity is a management discipline that provides a framework for an organisation to build resilience, providing the capability for an effective
Data Protection and Information Data - Guidelines for the use of Personal Data Page 1 of 10 Created on: 21/06/2013 Contents 1. Introduction... 3 2. Definitions... 3 4. Physical... 4 5 Electronic... 6 6
BUSINESS CONTINUITY PLAN [Name of Team/Service/Organisation] [Insert Building Name and Address] [Insert date] Detailing arrangements for: Incident Management Business Continuity Recovery and Resumption
EMERGENCY PREPAREDNESS PLAN Promontory Charter School ----------------Emergency 911--------------------- INTRODUCTION The purpose of this Emergency Preparedness Plan for Promontory Charter School is to
This document is a working template designed by a leading multinational company for use by all of its offices and departments. This company has encouraged the culture of business continuity within their
CENTER CONSOLIDATED SCHOOL DISTRICT CRISIS ACTION PLAN ASSESS ACT CONTAIN COMPLETE TEAM PLAN STAGE 1 - ASSESS The first step in any emergency or crisis situation is to gather the Crisis team together to
UK SBS Physical Security Policy Version Date Author Owner Comments 1.0 16 June 14 Head of Risk, Information and Security Compliance (Mel Nash) Senior Information Risk Owner (Andy Layton) Ist Issue following
Audit Committee, 24 June 2014 BSI ISO 9001:2008 Audit Report Executive summary and recommendations Introduction BSI audited HCPC on the 6 May 2014, as the second audit of the new three year audit cycle
Kings Worthy Primary School Critical Incident Plan Effective Date 01 March 2014 Next Review Date 01 September 2015 Committee Responsible: Resources Quick Overview Flow Chart: Responding to Critical Incidents
CRISIS PREPAREDNESS: Parents and School Emergencies The safety of our students and staff are top priorities for Holy Rosary School. www.holyrosaryschool.us Crisis Preparedness: Parents and School Emergencies
Team Brief Guidelines CONTENTS Introduction What is team briefing? The benefits of team briefing The team briefing process The team briefing calendar Guidelines for managers with a responsibility for delivering
SANDYMOOR SCHOOL CRISIS MANAGEMENT POLICY Crisis Management Policy Contents Version History... 2 1. Introduction... 3 2. Aims and Objectives of this Policy... 4 3. Roles and Responsibilities... 4 4. Emergency
Business Continuity Plan Policy Author: Principal Person with overall responsibility for : Principal Review Cycle: Annual Date Reviewed: Date Approved: 19.08.14 Approved by: CET Board CET-TSA Policies/Business
Safer recruitment scheme for the issue of alert notices for healthcare professionals in England November 2006 The issue of alert notices for healthcare professionals Summary 1. NHS Employers and the Department
Leicester City Council Schools Business Continuity Incident Management Plan GLEBELANDS PRIMARY SCHOOL CHANCEL ROAD LEICESTER LE4 2WF OII6 234 0010 email@example.com -! 2 - UPATED 31 March
BUSINESS CONTINUITY POLICY Last Review Date Approving Body n/a Audit Committee Date of Approval 9 th January 2014 Date of Implementation 1 st February 2014 Next Review Date February 2017 Review Responsibility
SMPS - Department of Meteorology H&S Fire and Emergency Evacuation Procedure Fire and Emergency Evacuation procedure These procedures are for the Meteorology building (WO58 and WO62) and the Harry Pitt
Business Continuity Planning advice for Businesses with over 250 employees Where to begin? You can compose an effectual business continuity plan in a relatively short period and for little expenditure.
23 June 2014 Performance and Resources Board 19 To note Update from the Business Continuity Working Group Issue 1 The Business Continuity Working Group oversees the development, maintenance and improvement
Audit Committee 24 June 2009 Internal Audit Report Health & Safety Executive summary and recommendations Introduction As part of the internal audit programme for 2009/10 PKF undertook a review of Health
SAMPLE This plan is meant to provide information for staff to respond quickly to hazards and situations that could disrupt business or cause an evacuation or temporary relocation. The information in this
ST JOSEPH S SCHOOL S O U T H E R N C R O S S CRISIS MANAGEMENT PLANNING IN CATHOLIC SCHOOLS RATIONALE Catholic schools have a responsibility to provide a safe and supportive environment for staff, students
BUSINESS CONTINUITY POLICY & PROCEDURES Latest Revision August 2015 Reviewer: Business Development Director Next Revision August 2016 Compliance Associated Policies Options Organisation & Management Structure
EMERGENCY PLANS FACT SHEET Overview This fact sheet provides general guidance for persons conducting a business or undertaking (PCBUs) and workers on preparing and maintaining general emergency plans for
Business Continuity Policy and Business Continuity Management System Summary: This policy sets out the structure for ensuring that the PCT has effective Business Continuity Plans in place in order to maintain
Fire Safety Technical Guide DISABILITY EMERGENCY EGRESS & EVACUATION ISSUES / POLICY Please note: Anyone wishing assistance on Disability Issues at UCL should contact the appropriate person below in respect
BE MINI. MINI ROADSIDE ASSISTANCE & ACCIDENT MANAGEMENT. Driving a MINI is fun. Running into unexpected trouble is not. But with MINI Roadside Assistance & Accident Management, we ll do everything we can
Sample Emergency and Critical Incident Policy and Procedure 1. Purpose and Scope Emergencies and critical incidents in the workplace can affect people physically and psychologically, and affect program
Business Logo or Name here BUSINESS CONTINUITY PLAN FOR RESIDENTIAL CARE HOMES PRODUCED BY DURHAM CIVIL CONTINGENCIES UNIT BUSINESS CONTINUITY PLAN LIST OF CONTENTS 1. DISCLAIMER...4 2. AIM...4 3. BUSINESS
CRITICAL INCIDENT RESPONSE POLICY Policy Status CURRENT Policy Classification Operational Date of Policy 2005 Date of Review 2011 PREAMBLE A critical incident can occur at any time and in turn will affect
Audit Committee, 16 March 2016 Internal Audit - progress report 2015-16 and 2016-17 plan Executive summary and recommendations Introduction Grant Thornton have prepared the attached report which sets out
Business Continuity Policy Summary: This policy sets out the structure for ensuring that the PCT has effective Business Continuity Plans in place in order to maintain its essential business functions during
NETWORK SERVICES WITH SOME CREDIT UNIONS PROCESSING 800,000 TRANSACTIONS ANNUALLY AND MOVING OVER 500 MILLION, SYSTEM UPTIME IS CRITICAL. Your Credit Union information is irreplaceable. Data loss can result
Audit Committee, 22 November 2016 Internal Audit Report Registration appeals process Executive summary and recommendations Introduction As part of the Internal Audit programme agreed at the June 2016 meeting
Middleton-Cross Plains Area Schools Crisis Preparedness Parents and School Emergencies Table of Contents Introduction... 1 What is an emergency?... 2 What do schools do to prepare or practice for emergencies?...
Clovis Municipal School District Information Technology (IT) Disaster Recovery Plan Revision History REVISION DATE NAME DESCRIPTION Draft 1.0 Eric Wimbish IT Backup Disaster Table of Contents Information
` Emergency Recovery Corporate Business Continuity Plan Section Summary: This document is for use when an incident or emergency affects our ability to provide a normal service to our partner responders
Data Protection Act a more detailed guide What does the Act do? The Data Protection Act 1998 places considerable duties on organisations which process personal data; increases the rights of access by data
Disaster Recovery Plan (Updated Aug 30, 2015) St. Thomas School Disaster Plan TABLE OF CONTENTS Introduction... 3 General Definition... 3 Goal... 3 Advance Preparation and Emergency Response Phase Leadership...
Massachusetts Institute of Technology Functional Area Recovery Management Team Plan Development Template Public Distribution Version For further information, contact: Jerry Isaacson MIT Information Security
Management Policy and Framework Version: Produced by: Date Produced: Approved by: Updated: 7 University Manager with the assistance of the Operational Group 11 th March 2010 Steering Group (14 December
Your guide to choosing an IT support provider T: 08452 41 41 55 Contents Introduction 3 IT and business continuity 4 About managed services 5 Modular vs packaged support 6 Checklist of supplier questions
1 Unconfirmed THE HEALTH PROFESSIONS COUNCIL Chief Executive and Registrar: Mr Marc Seale Park House 184 Kennington Park Road London SE11 4BU Telephone: +44 (0)20 7840 9711 Fax: +44 (0)20 7840 9807 e-mail:
Approved by the Board 27 th August 2014 1. Introduction Quality & Risk Committee (QRC) Terms of Reference 1.1 The Quality & Risk Committee is a formally constituted committee of the Trust Board (the Board)
BUSINESS CONTINUITY PLANNING THE 10-MINUTE ASSESSMENT BUSINESS CONTINUITY PLANNING - THE 10 MINUTE ASSESSMENT This is a quick assessment for you to see how far you have got with business continuity planning.
Recommended by Emergency Preparedness Committee: January 26, 2011 Recommended by President s Council: February 11, 2011 Approved by Executive Committee: February 14, 2011 NAIT Guidelines CS1.1 Emergency
SoLO Life Opportunities POLICY AND PROCEDURE Business Continuity Plan 38 Wanut Close Chelmsley Wood Birmingham B37 7PU Charity No. 1102297 England Company No. 5025939 Category: staff and volunteers Policy
The British Section SHAPE International School Aims Security Policy and Procedures The aim of this policy is to ensure that the school can operate on a day-to-day basis in an environment that is safe and
Version Number Issue 2 Business Continuity Policy Date Revision Complete Policy Owner Author Reason for Revision Proof Read April 2016 Business Improvement Manager Emma Earle, Business Services Officer
This document was generated in part from the excellent work done by EPICC (Emergency Preparedness for Industry and Commerce Council). Please refer to EPICC s website http://www.epicc.org/ to learn more
Version: 3.0 Document author(s): Stuart Selkirk Approved by: Executive Partnership Forum Date approved: 17 July 2014 Review date: 30 September 2016 Document scope: Trust-wide Version History Log Use this