Business continuity management policy

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Business continuity management policy"

Transcription

1 Business continuity management policy health.wa.gov.au

2 Effective: XXX Title: Business continuity management policy 1. Purpose All public sector bodies are required to establish, maintain and review business continuity plans on a regular basis, in accordance with Public Sector Commissioner s Circular Risk Management and Business Continuity Planning. WA Health s Business Continuity Management (BCM) policy aims to support and foster an organisational culture that proactively manages the impact of uncertainty and disruption-related risk on the organisation s strategic and operational objectives. 2. Scope This policy applies to all WA Health entities and shared services. 3. Background BCM is an element of the wider risk management discipline that prepares the organisation to respond to the unexpected. It is a management process that provides the framework for building resilience to business and service interruption risks, responding in a timely and effective manner to ensure continuity of critical business activities, and ensuring the long term viability of the organisation following a disruptive event. In the health context, BCM can be used to augment demand and surge management strategies, and supplement contingency plans. BCM allows decision-makers to delineate between essential business functions that must continue and less crucial business functions, which may be temporarily suspended, and whose staff and resources may be redeployed to higher priority services. BCM also supports evacuation and relocation plans by mapping the minimum staffing and resourcing requirements for essential business services to continue functioning, albeit at a reduced, but tolerable, level. 4. Definition Business continuity management is a discipline that prepares an organisation for the unexpected. It is a management process that provides the framework for building resilience to business and service interruption risks, responding in a timely and effective manner to ensure continuity of critical business activities, and ensuring the long term viability of the organisation following a disruptive event. Further definitions are available in Appendix A. 5. Delineation between risk management, emergency response, business continuity response and recovery response There is a close relationship between BCM, risk management and emergency response. This aligns with the comprehensive approach that focuses upon the four pillars of emergency management; prevention, preparedness, response and recovery (see figure 1). a. Risk management. Risk management is the practice of dealing with uncertainty and its effect on an organisation. Risk Management incorporates a systematic approach to identifying, 1

3 assessing and responding to risks, and interfaces with the principle of prevention. BCM can be utilised as a control for business disruption related risks. b. Emergency response Emergency response is the initial reaction to an incident or disruption, which aims to protect people and property from immediate harm. This may include the mobilisation of an Incident management and/or emergency response teams (however titled) and activation of contingency and/or emergency management plans, as detailed in colour-coded emergency procedure manuals. For example, the emergency response procedures for an infrastructure or other internal emergency is detailed in Code Yellow hospital emergency response plans. Other colour coded emergencies should be consistent with AS/NZS 4083:2010 planning for emergencies health care facilities and/or AS/NZS 3745:2010 planning for emergencies in facilities. c. Business continuity response Business continuity response refers to the actions taken to ensure that an organisation is able to resume and continue delivering critical business functions in a timely manner following a disruption. Depending upon the nature of the incident, the continuity response may last from hours to weeks. The business continuity response interconnects the period from where normal work practices are suspended to when recovery is affected. As a result, the continuity response bridges the principles of response and recovery. d. Recovery Recovery is the process of restoring normal work practices within the organisation. This may include re-establishing suspended activities, clearing of backlogs and repairing damaged infrastructure. Depending upon the nature of the disruption, the recovery response may take weeks to months. Prevention & Preparedness Planning, training & resiliencebuilding Response Business continuity response (hours / days / weeks) Recovery business-as-usual INCIDENT business continuity resumption of business-as-usual Risk management Emergency response (immediate) Recovery response (longer term) Figure 1: Relationship between risk management, emergency response, business continuity and recovery. 2

4 6. Roles and responsibilities Director General and State Health Coordinator (Tier 1) The Director General is the Accountable Officer and has overall responsibility for risk management and business continuity in WA Health. The Director General has delegated responsibility of State-level BCM to the Director, Disaster Management, Regulation and Planning Directorate, as the delegated State Health Coordinator. Executive sponsors (Tier 2 and 3) Executive sponsors are responsible for overseeing the BCM program; ensuring disruptionrelated risks are identified and adequately addressed by their risk management plans and BCPs; approving the service s BCP and allocating resources to ensure robust continuity strategies are in place. Senior managers (Tier 3 and 4) Senior managers in both corporate and clinical environments are to ensure BCM has been implemented and actively managed in their areas of responsibility. This should include identification of critical business activities through a Business Impact Assessment (BIA), identification of continuity strategies and resources, development of BCPs, and on-going training, exercising and maintenance of the BCPs 7. BCM process The process for developing and implementing a BCM program is to include the following steps: 7.1. Executive awareness and support Executive leadership is required to entrench an organisational culture that is proactive to BCM and organisational resilience. Executive support is required to endorse the establishment of BCM processes, and is to include the provision of human and physical resources to achieve organisational outcomes and establish sound business continuity preparedness and capacity Establishment of a BCM committee A committee should be established that is charged with responsibility for the ongoing maintenance, governance, education and training for BCM. This committee can be absorbed into pre-existing emergency or risk management committees, or established as a separate BCM-focused committee. The committee should report to the executive sponsor and have responsibility for BCM within the health service. The BCM committee should recommend to the Executive sponsor the number of plans required at a regional, hospital or departmental level for that health service Ongoing communication and consultation A stakeholder analysis should be performed prior to the commencement of the BCM planning process. Communication and consultation with internal and external stakeholders is essential in ensuring that staff, relevant stakeholders and interdependencies have input to the BCP and are aware of their role when the BCP is activated. A communication plan should be formulated to ensure all relevant parties are identified and actively involved in the BCP development, implementation and maintenance process Assumptions Assumptions are considerations, suppositions and inferences on which the BCM planning process is based. Assumptions may relate to accommodation, resource requirements, 3

5 interdependencies and cost justification or response or recovery strategies. For example, an organisation might assume that its suppliers (of particular crucial supplies) have their own BCPs. BCPs are to articulate the assumptions that were made during the BCM planning process. Assumptions should be communicated and agreed to by all stakeholders. Where assumptions relate to response and recovery strategies, they should be tested as part of the BCP exercise schedule Business impact analysis The objective of a BIA is to assess the potential impact severity (such as financial loss, impact on reputation, and non-compliance with regulations) to an organisation of a disruption to its activities, and prioritising the timeframes within which Critical Business Functions (CBFs) must be resumed following a disruption. The BIA identifies the Maximum Tolerable Period of Disruption (MTPD) of the CBF, and the dependencies and minimum resource requirements needed to continue the CBF at a reduced, but tolerable, level. Business function prioritisation assists in distinguishing CBFs from other non-urgent business functions and prioritising response and recovery strategies in the event of a disruption. The BIA should be undertaken using an all hazards approach, whereby the impact of a disruption to a CBF is consistent, regardless of the cause of disruption, or underlying hazard. It is essential that senior executives participate in the BIA process, as the analysis needs to take an organisation-wide perspective of the impact severity of a disruption. CBF prioritisation should be approved by the executive sponsor. There is no requirement to standardise the format of the BIA; however, health services and divisions may utilise the BIA template located at (currently under development) Business continuity strategy Once the CBFs have been determined, the next step is to identify business continuity response strategies to support the business functions, taking into consideration the requirements and alternate arrangements for people, systems, infrastructure, premises, information and work processes. Examples of response strategy include: temporarily suspending the activity / business process transferring the activity / business process to another service working from home relocating the service and/or resources to a back-up site Development of the plan A BCP outlines how the service will respond to a service disruption and is based upon the outputs from the BIA and agreed business continuity strategies. A series of BIAs for different service streams may feed into one BCP for the Health Service. The BCP should dovetail with existing emergency response, contingency and recovery arrangements and plans. A BCP is to ensure that: key organisational objectives and critical business functions are identified identification and linkage of the BCP with the service s contingency and emergency management plans occurs 4

6 alternate locations for critical services within a business unit / Health Service are identified, outlined, communicated, understood and formalised with owners where an alternate location is identified, which relies on another Health Service - service provider, they are aware of, and agree to, the assumptions of co-location where the transfer of CBFs to an alternative service is required, the BCP articulates to which service provider, and what the communication strategy is for this transfer. The receiving health service should be aware of, and agree to, the transfer strategy. interdependencies between business units and/or Health Services are identified there is an identified process for resuming normal business operations within all levels of WA Health all critical services or functions are recovered according to agreed priorities, as determined by the impact of their loss on the business (as identified within the BIA). the position with the authority and delegation to activate the BCP for the health service(s) is clearly identified the BCPs are approved by the executive sponsor(s). There is no requirement to standardise the format of the BCP; however, health services and divisions may utilise the BCP template (currently under development). The BCP should have an amendment certificate and version control. All BCPs are to be published via HealthPoint (or equivalent), in accordance with the policy publication process for the division or health service Establishment of business continuity teams BCPs are to articulate roles, responsibilities and membership of a crisis or Business Continuity Team (BCT), which is mobilised in a crisis to implement the continuity response strategies. BCT members are to have sufficient seniority and be empowered with an appropriate level of delegation to implement BCM strategies for the service they are representing. Consideration should be afforded to succession planning and sustainability of the BCT during prolonged disruptions Training and education of staff on the use of the plan Divisions and health services are responsible for providing education on the BCP and the BCM arrangements for their areas of responsibility. Education programs should be provided at staff induction and orientation programs as well as broader general awareness. Specialised education should be afforded to BCT members and other coopted staff members with prescribed roles and responsibilities Testing, exercise and maintaining the BCP Executive sponsors are responsible for ensuring the BCP is regularly tested, exercised and maintained, as part of a continuous improvement process. The BIAs are to be reviewed on a triennial basis, and the BCP is to be reviewed and updated annually. The effectiveness of the BCP should be regularly tested and exercised within a recognised exercise schedule. Following a test, exercise or real event, recommendations and lessons learned should be used to update the BCP. 8. Activation of business continuity plans A health service may activate their BCP in response to, or in anticipation of, a disruptive incident, such as a surge event or infrastructure failure. As BCM strategies may involve the suspension and/or transfer of critical business processes to alternate facilities, activation of a single hospital or health service s BCP can lead to system-wide ramifications, and the 5

7 requirement for service rationalisation in health services not directly affected by the disruption. Any activation of a metropolitan health service s BCP is to be communicated to the State Health Coordinator (SHC) to allow provision of system-wide coordination. In regional areas, notification, in the first instance, should be to the respective Regional Health Disaster Coordinator, who in turn may choose to escalate the issue to the SHC. This may include activation of relevant State-level emergency management plans. The SHC is to be contacted (via the On Call Duty Officer) on (08) (24 hour paging service). 9. Compliance Compliance with this policy is mandatory for all WA Health employees. 10. Evaluation Divisions and Health Services may be audited to ascertain adherence to this policy. 11. Legislative framework Insurance Commission WA Act 1986 Financial Management Act 2006 Public Sector Management Act 1994 Emergency Management Act 2005 Public Sector Commissioner s Circular Risk Management and Business Continuity Planning Treasurer s Instruction 825: Risk management and security. 12. References Australian Council of Healthcare Standards. EQuIPNational Guidelines. (2012) Criterion Emergency and Disaster Management. Australian Government. (2011). National Strategy for Disaster Resilience. Department of Health (WA). (2012). Redundancy and Disaster Planning in Health s Capital Works Projects, 2nd Ed. International Organisation for Standardisation. (2012). ISO22301:2012. Societal Security business continuity management system requirements. Standards Australia. (2009). AS/NZS ISO 31000:2009 Risk management principles and guidelines. Standards Australia. (2010). AS/NZS 5050: 2010 Business Continuity managing disruption-related risk. Standards Australia. (2010). AS/NZS 4083:2010 Planning for emergencies health care facilities. Standards Australia. (2010). AS/NZS 3745:2010 Planning for emergencies in facilities. Western Australian Government. (2009). Business Continuity Management Guidelines, 2 nd Ed: RiskCover. 13. Related documents and policies Operational Directive 0433/13 WA Health Risk Management Policy. Operational Circular (OP) 1877/04 IT Service Continuity as Related to the Management of Electronic Records Policy Operational Directive 0480/13 ICT Risk Management Policy WA Renal Dialysis Business Continuity Plan Information Circular 0150/13 Emergency Codes In Hospitals And Health Care Facilities 6

8 Appendix A Glossary Assumptions Business Continuity Management (BCM) Business Continuity Plan (BCP) Business Impact Analysis (BIA) Critical Business Function (CBF) Disruption Impact Interdependencies Maximum Tolerable Period of Disruption (MTPD) Response and recovery strategies Risk Risk Management State Health Coordinator Considerations, suppositions and inferences on which the BCM planning process is based Business Continuity Management is a discipline that prepares an organisation for the unexpected. It is a management process that provides the framework for building resilience to business and service interruption risks, responding in a timely and effective manner to ensure continuity of critical business activities, and ensuring the long term viability of the organisation following a disruptive event. A plan for responding to a disruption and resuming CBFs. The plan outlines the actions to be taken and resources to be used before, during and after a disruptive event to ensure the timely resumption of critical business activities and long term recovery of the organisation. The process of assessing the potential consequences to an organisation of an outage to its key business activities over varying periods of time, and prioritising the timeframes in which these activities must be resumed following a disruptive event. A business function that is crucial in achieving the organisational objectives, and without which the organisation cannot operate or remain viable. An event causing an interruption to, or loss of, key business activities The measurable consequence or outcome of a risk eventuating. A risk can have multiple impacts. Internal and external processes, resources, functions or organisations that are directly or indirectly critical to the continuity of business activities within an organisation. The maximum period of time that a key business activity can be suspended following a disruption, before the impact becomes unacceptable in intolerable to the organisation. Measures that are put in place to support the continuity and recovery of critical business functions in the event of a disruption. This includes alternate arrangements for people, systems, infrastructure, premises, information and work processes. A chance of something happening that will impact upon the objectives of an organisation. The practice of systematically identifying, understanding and responding to risks encountered by an organisation. See Operational Directive 0433/13 WA Health Risk Management Policy. A delegate of the Director General who has the authority to command and coordinate the use of all health resources within WA Health for responding to, and recovery from, the impacts of a disruption, emergency or disaster. 7

9 Title: Business continuity management policy Contact: Senior Policy Officer, Disaster Preparedness and Management Unit - (08) Directorate: Disaster Management, Regulation and Planning Directorate Version: Date Published: XX/XX/20XX Date of Last Review: XX/XX/20XX Date Next Review: XX/XX/20XX 8

10 This document can be made available in alternative formats on request for a person with a disability. Department of Health 2015 Copyright to this material is vested in the State of Western Australia unless otherwise indicated. Apart from any fair dealing for the purposes of private study, research, criticism or review, as permitted under the provisions of the Copyright Act 1968, no part may be reproduced or re-used for any purposes whatsoever without written permission of the State of Western Australia.

Business Continuity Management Policy

Business Continuity Management Policy Business Continuity Management Policy Business Continuity Policy Version 1.0 1 Version control Version Date Changes Author 0.1 April 13 1 st draft PH 0.2 June 13 Amendments in line with guidance PH 0.3

More information

Business Continuity Management

Business Continuity Management Business Continuity Management Standard Operating Procedure Notice: This document has been made available through the Police Service of Scotland Freedom of Information Publication Scheme. It should not

More information

Birmingham CrossCity Clinical Commissioning Group. Business Continuity Management Policy

Birmingham CrossCity Clinical Commissioning Group. Business Continuity Management Policy Birmingham CrossCity Clinical Commissioning Group Business Continuity Management Policy Version V1.0 Ratified by Operational Development Group Date ratified 6 th November 2014 Name of originator / author

More information

Solihull Clinical Commissioning Group

Solihull Clinical Commissioning Group Solihull Clinical Commissioning Group Business Continuity Policy Version v1 Ratified by SMT Date ratified 24 February 2014 Name of originator / author CSU Corporate Services Review date Annual Target audience

More information

Acknowledgement. First edition August 2006 Second edition July 2009 Third edition June 2015

Acknowledgement. First edition August 2006 Second edition July 2009 Third edition June 2015 WESTERN AUSTRALIAN GOVERNMENT BUSINESS CONTINUITY MANAGEMENT GUIDELINES Third Edition Acknowledgement RiskCover has produced the Business Continuity Management Guidelines to assist the Western Australian

More information

Business Continuity (Policy & Procedure)

Business Continuity (Policy & Procedure) Business Continuity (Policy & Procedure) Publication Scheme Y/N Can be published on Force Website Department of Origin Force Operations Policy Holder Ch Supt Head of Force Ops Author Business Continuity

More information

Business Continuity Policy

Business Continuity Policy Business Continuity Policy 1 NHS England INFORMATION READER BOX Directorate Medical Commissioning Operations Patients and Information Nursing Trans. & Corp. Ops. Commissioning Strategy Finance Publications

More information

Guideline - Business Continuity Plan

Guideline - Business Continuity Plan Guideline - Business Continuity Plan 1. Introduction: The Business Continuity Plan is a component of the Risk and Business Management suite. This suite includes: Risk Management including risk registers

More information

Business Continuity Policy and Business Continuity Management System

Business Continuity Policy and Business Continuity Management System Business Continuity Policy and Business Continuity Management System Summary: This policy sets out the structure for ensuring that the PCT has effective Business Continuity Plans in place in order to maintain

More information

DRAFT BUSINESS CONTINUITY MANAGEMENT POLICY

DRAFT BUSINESS CONTINUITY MANAGEMENT POLICY DRAFT BUSINESS CONTINUITY MANAGEMENT POLICY This document outlines a set of policies and procedures for formalising a Business Continuity programme, and provides guidelines for developing, maintaining

More information

CITY UNIVERSITY OF HONG KONG Business Continuity Management Standard

CITY UNIVERSITY OF HONG KONG Business Continuity Management Standard PUBLIC Version: 1.0 CITY UNIVERSITY OF HONG KONG Business Continuity Management Standard (Approved by the Information Strategy and Governance Committee in December 2013; revision 1.1 approved by Chief

More information

1.0 Policy Statement / Intentions (FOIA - Open)

1.0 Policy Statement / Intentions (FOIA - Open) Force Policy & Procedure Reference Number Business Continuity Management D269 Policy Version Date 23 July 2015 Review Date 23 July 2016 Policy Ownership Portfolio Holder Links or overlaps with other policies

More information

NORTH HAMPSHIRE CLINICAL COMMISSIONING GROUP BUSINESS CONTINUITY MANAGEMENT POLICY AND PLAN (COR/017/V1.00)

NORTH HAMPSHIRE CLINICAL COMMISSIONING GROUP BUSINESS CONTINUITY MANAGEMENT POLICY AND PLAN (COR/017/V1.00) NORTH HAMPSHIRE CLINICAL COMMISSIONING GROUP BUSINESS CONTINUITY MANAGEMENT POLICY AND PLAN (COR/017/V1.00) Subject and version number of document: Serial Number: Business Continuity Management Policy

More information

Business Continuity Management

Business Continuity Management Business Continuity Management Policy Statement & Strategy July 2009 Basildon District Council Business Continuity Management Policy Statement The Council is committed to ensuring robust and effective

More information

COMCARE BUSINESS CONTINUITY MANAGEMENT

COMCARE BUSINESS CONTINUITY MANAGEMENT COMCARE BUSINESS CONTINUITY MANAGEMENT Title Business Continuity Management Version 2.1 Authorised by Executive Committee Effective date Authorisation date 10/7/2012 10/7/2012 COMCARE BUSINESS CONTINUITY

More information

Business Continuity Policy

Business Continuity Policy Business Continuity Policy Page 1 of 15 Business Continuity Policy First published: Amendment record Version Date Reviewer Comment 1.0 07/01/2014 Debbie Campbell 2.0 11/07/14 Vicky Ryan Updated to include

More information

NHS Hardwick Clinical Commissioning Group. Business Continuity Policy

NHS Hardwick Clinical Commissioning Group. Business Continuity Policy NHS Hardwick Clinical Commissioning Group Business Continuity Policy Version Date: 26 January 2016 Version Number: 2.0 Status: Approved Next Revision Due: January 2017 Gordon Stevens MBCI Corporate Assurance

More information

BUSINESS CONTINUITY POLICY

BUSINESS CONTINUITY POLICY BUSINESS CONTINUITY POLICY Document Type Corporate Policy Unique Identifier CO-038 Document Purpose To provide a structure through which: i. A comprehensive business continuity management system (BCMS)

More information

APPENDIX 50. Enterprise risk management - Risk management overview

APPENDIX 50. Enterprise risk management - Risk management overview APPENDIX 50 Enterprise risk management - Risk management overview Energex regulatory proposal October 2014 ENTERPRISE RISK MANAGEMENT Risk Management Overview (RMO) 06 11 2013 Table of Contents 1. INTRODUCTION...

More information

Business Continuity Policy

Business Continuity Policy Business Continuity Policy St Mary Magdalene Academy V1.0 / September 2014 Document Control Document Details Document Title Document Type Business Continuity Policy Policy Version 2.0 Effective From 1st

More information

NHS ISLE OF WIGHT CLINICAL COMMISSIONING GROUP BUSINESS CONTINUITY POLICY

NHS ISLE OF WIGHT CLINICAL COMMISSIONING GROUP BUSINESS CONTINUITY POLICY NHS ISLE OF WIGHT CLINICAL COMMISSIONING GROUP BUSINESS CONTINUITY POLICY AUTHOR/ APPROVAL DETAILS Document Author Written By: Human Resources Authorised Signature Authorised By: Helen Shields Date: 20

More information

BUSINESS CONTINUITY POLICY

BUSINESS CONTINUITY POLICY BUSINESS CONTINUITY POLICY Last Review Date Approving Body n/a Audit Committee Date of Approval 9 th January 2014 Date of Implementation 1 st February 2014 Next Review Date February 2017 Review Responsibility

More information

BUSINESS CONTINUITY FRAMEWORK

BUSINESS CONTINUITY FRAMEWORK BUSINESS CONTINUITY FRAMEWORK DOCUMENT INFORMATION DOCUMENT TYPE: DOCUMENT STATUS: POLICY OWNER POSITION: INTERNAL COMMITTEE ENDORSEMENT: APPROVED BY: Strategic document Approved Manager Organisational

More information

Business Continuity Management

Business Continuity Management Business Continuity Management Version 1 approved by SMG December 2013 Business Continuity Policy Version 1 1 of 9 Business Continuity Management Summary description: This document provides the rationale

More information

BUSINESS CONTINUITY MANAGEMENT FRAMEWORK

BUSINESS CONTINUITY MANAGEMENT FRAMEWORK BUSINESS CONTINUITY MANAGEMENT FRAMEWORK Document Author: Civil Contingencies Service - Authorised by the CCS Joint Management Board - Version 1.0. Issued December 2012 Page 1 FRAMEWORK STATEMENT Business

More information

Flinders University IT Disaster Recovery Framework

Flinders University IT Disaster Recovery Framework Flinders University IT Disaster Recovery Framework Establishment: Flinders University, 1 August 2013 Last Amended: Manager, ITS Security Services, 4 October 2013 Nature of Amendment: Initial release Date

More information

Business Continuity Management Framework 2014 2017

Business Continuity Management Framework 2014 2017 Business Continuity Management Framework 2014 2017 Blackpool Council Business Continuity Framework V3.0 Page 1 of 13 CONTENTS 1.0 Forward 03 2.0 Administration 04 3.0 Policy 05 4.0 Business Continuity

More information

abcdefghijklmnopqrstu

abcdefghijklmnopqrstu abcdefghijklmnopqrstu Business Continuity A Framework for NHS Scotland Strategic Guidance for NHS Organisations in Scotland 1 Contents 1. Introduction 4 1.1 Business Continuity Overview 5 2. Roles and

More information

Statement of Guidance

Statement of Guidance Statement of Guidance Business Continuity Management All Licensees 1. Statement of Objectives 1.1. To enhance the resilience of the financial sector and to minimise the potential impact of a major operational

More information

PAPER-6 PART-1 OF 5 CA A.RAFEQ, FCA

PAPER-6 PART-1 OF 5 CA A.RAFEQ, FCA 1 Chapter-4: Business Continuity Planning and Disaster Recovery Planning PAPER-6 PART-1 OF 5 CA A.RAFEQ, FCA Learning Objectives 2 To understand the concept of Business Continuity Management To understand

More information

South West Lincolnshire NHS Clinical Commissioning Group Business Continuity Policy

South West Lincolnshire NHS Clinical Commissioning Group Business Continuity Policy South West Lincolnshire NHS Clinical Commissioning Group Business Continuity Policy Reference No: CG 01 Version: Version 1 Approval date 18 December 2013 Date ratified: 18 December 2013 Name of Author

More information

Risk Management. Policy

Risk Management. Policy Policy Risk Management Endorsed: 26 February 2014 Brief description The GPC Risk Management Policy and its supporting standards and procedures provide a framework to ensure that risks arising from our

More information

Business Continuity Management Policy and Framework

Business Continuity Management Policy and Framework Management Policy and Framework Version: Produced by: Date Produced: Approved by: Updated: 7 University Manager with the assistance of the Operational Group 11 th March 2010 Steering Group (14 December

More information

NOT PROTECTIVELY MARKED BUSINESS CONTINUITY. Specialist Operations Contingency Planning Business Continuity Manager 17.09.12

NOT PROTECTIVELY MARKED BUSINESS CONTINUITY. Specialist Operations Contingency Planning Business Continuity Manager 17.09.12 POLICY BUSINESS CONTINUITY Policy owners Policy holder Author Head of Services Specialist Operations Contingency Planning Business Continuity Manager Policy No. 132 Approved by Legal Services 17.09.12

More information

Business Continuity Business Impact Analysis arrangements

Business Continuity Business Impact Analysis arrangements Aberdeen City Council Internal Audit Report 2012/2013 for Aberdeen City Council May 2013 Business Continuity Business Impact Analysis arrangements Final Report Contents Section Page 1. Executive Summary

More information

BUSINESS CONTINUITY POLICY RM03

BUSINESS CONTINUITY POLICY RM03 BUSINESS CONTINUITY POLICY RM03 Applies to: All NHS LA employees, contractors, secondees and consultants, contractors and/or any other parties who will carry out duties on behalf of the NHS LA Version:

More information

Principles for BCM requirements for the Dutch financial sector and its providers.

Principles for BCM requirements for the Dutch financial sector and its providers. Principles for BCM requirements for the Dutch financial sector and its providers. Platform Business Continuity Vitale Infrastructuur Financiële sector (BC VIF) Werkgroep BCM requirements 21 September 2011

More information

BSO Board Director of Human Resources & Corporate Services Business Continuity Policy. 28 February 2012

BSO Board Director of Human Resources & Corporate Services Business Continuity Policy. 28 February 2012 To: From: Subject: Status: Date of Meeting: BSO Board Director of Human Resources & Corporate Services Business Continuity Policy For Approval 28 February 2012 The Board is asked to agree the attached

More information

Business Continuity Management Policy

Business Continuity Management Policy Governance 1 Purpose The purpose of this policy is to communicate Business Continuity Management (BCM) framework, responsibilities and guiding principles for Victoria to effectively prepare for and achieve

More information

Business Continuity Management AIRM Presentation

Business Continuity Management AIRM Presentation 16 January, 2008 Business Continuity Management AIRM Presentation David Hamilton, Senior Consultant http://www.marsh.ie Presentation Overview Terms used for BCP Where BCM fits in a business plan Business

More information

Standard 1. Governance for Safety and Quality in Health Service Organisations. Safety and Quality Improvement Guide

Standard 1. Governance for Safety and Quality in Health Service Organisations. Safety and Quality Improvement Guide Standard 1 Governance for Safety and Quality in Health Service Organisations Safety and Quality Improvement Guide 1 1 1October 1 2012 ISBN: Print: 978-1-921983-27-6 Electronic: 978-1-921983-28-3 Suggested

More information

BUSINESS CONTINUITY MANAGEMENT POLICY

BUSINESS CONTINUITY MANAGEMENT POLICY This document is uncontrolled once printed. Please check on the CCG s Intranet site for the most up to date version BUSINESS CONTINUITY MANAGEMENT POLICY DOCUMENT CONTROL Type of Document Document Title

More information

NHS Central Manchester Clinical Commissioning Group (CCG) Business Continuity Management (BCM) Policy. Version 1.0

NHS Central Manchester Clinical Commissioning Group (CCG) Business Continuity Management (BCM) Policy. Version 1.0 NHS Central Manchester Clinical Commissioning Group (CCG) Business Continuity Management (BCM) Policy Version 1.0 Document Control Title: Status: Version: 1.0 Issue date: May 2014 Document owner: (Name,

More information

Shankar Gawade VP IT INFRASTRUCTURE ENAM SECURITIES PVT. LTD.

Shankar Gawade VP IT INFRASTRUCTURE ENAM SECURITIES PVT. LTD. Business Continuity Management & Disaster Recovery Planning Presented by: Shankar Gawade VP IT INFRASTRUCTURE ENAM SECURITIES PVT. LTD. 1 What is Business Continuity Management? Is a holistic management

More information

University of New England Compliance Management Framework and Procedures

University of New England Compliance Management Framework and Procedures University of New England Compliance Management Framework and Procedures Document data: Document type: Administering entity: Framework and Procedures Audit and Risk Directorate Records management system

More information

HB 292 2006 A Practitioners Guide to Business Continuity Management

HB 292 2006 A Practitioners Guide to Business Continuity Management HB 292 2006 A Practitioners Guide to Business Continuity Management HB HB 292 2006 Handbook A practitioners guide to business continuity management First published as HB 292 2006. COPYRIGHT Standards Australia

More information

FRAMEWORK. Approving authority. University Council. Approval date

FRAMEWORK. Approving authority. University Council. Approval date BUSINESS CONTINUITY FRAMEWORK MANAGEMENT Approving authority Approval date Advisor Next scheduled review 2018 University Council TRIM document 2013/0014764 5 August 2013 (3/2013 meeting) Colin McAndrew

More information

PROCEDURES BUSINESS CONTINUITY MANAGEMENT FRAMEWORK PURPOSE INTRODUCTION. 1 What is Business Continuity Management? 2 Link to Risk Management

PROCEDURES BUSINESS CONTINUITY MANAGEMENT FRAMEWORK PURPOSE INTRODUCTION. 1 What is Business Continuity Management? 2 Link to Risk Management PROCEDURES BUSINESS CONTINUITY MANAGEMENT FRAMEWORK PURPOSE This Framework has been developed in support of both the Business Continuity and Crisis Management Policy and the Emergency and Fire Evacuation

More information

Business Continuity Planning Manual. Version 1

Business Continuity Planning Manual. Version 1 Business Continuity Planning Manual Version 1 Business Continuity Planning for NHS Organisations Business Continuity Planning Manual CONTENTS INTRODUCTION... 1 BACKGROUND... 3 1. SCOPE, AIMS AND OBJECTIVES...

More information

BUSINESS CONTINUITY PLANNING TOOL KIT GUIDE

BUSINESS CONTINUITY PLANNING TOOL KIT GUIDE BUSINESS CONTINUITY PLANNING TOOL KIT GUIDE 1 Table of Contents INTRODUCTION... 3 What is Business Continuity?... 3 When is a process critical?... 3 What is Business Continuity Planning?... 3 Why you should

More information

Temple university. Auditing a business continuity management BCM. November, 2015

Temple university. Auditing a business continuity management BCM. November, 2015 Temple university Auditing a business continuity management BCM November, 2015 Auditing BCM Agenda 1. Introduction 2. Definitions 3. Standards 4. BCM key elements IT Governance class - IT audit program

More information

Community and Built Environment Localities and Safer Communities Business Continuity Management Policy Andrew Fyfe

Community and Built Environment Localities and Safer Communities Business Continuity Management Policy Andrew Fyfe Community and Built Environment Localities and Safer Communities Business Continuity Management Policy Andrew Fyfe 4 Aug 14 Draft v4.4 TBC Resilience Team BCM Policy draft v4.4 1 4 Aug 2014 Statement of

More information

CENTRAL BANK OF KENYA (CBK) PRUDENTIAL GUIDELINE ON BUSINESS CONTINUITY MANAGEMENT (BCM) FOR INSTITUTIONS LICENSED UNDER THE BANKING ACT

CENTRAL BANK OF KENYA (CBK) PRUDENTIAL GUIDELINE ON BUSINESS CONTINUITY MANAGEMENT (BCM) FOR INSTITUTIONS LICENSED UNDER THE BANKING ACT CENTRAL BANK OF KENYA (CBK) PRUDENTIAL GUIDELINE ON BUSINESS CONTINUITY MANAGEMENT (BCM) FOR INSTITUTIONS LICENSED UNDER THE BANKING ACT JANUARY 2008 GUIDELINE ON BUSINESS CONTINUITY GUIDELINE CBK/PG/14

More information

Joint Universities Computer Centre Limited ( JUCC ) Information Security Awareness Training- Session Four

Joint Universities Computer Centre Limited ( JUCC ) Information Security Awareness Training- Session Four Joint Universities Computer Centre Limited ( JUCC ) Information Security Awareness Training- Session Four Data Handling in University Business Impact Analysis ( BIA ) Agenda Overview Terminologies Performing

More information

www.td.com.au Business Continuity - IT Disaster Recovery Discussion Paper - - Commercial in Confidence Version V2.0R Wednesday, 5 September 2012

www.td.com.au Business Continuity - IT Disaster Recovery Discussion Paper - - Commercial in Confidence Version V2.0R Wednesday, 5 September 2012 Business Continuity - IT Disaster Recovery Discussion Paper - - Version V2.0R Wednesday, 5 September 2012 Commercial in Confidence Melbourne Sydney 79-81 Coppin St Level 2 Richmond VIC 3121 414 Kent St

More information

NHS Commissioning Board Business Continuity Management Framework (service resilience)

NHS Commissioning Board Business Continuity Management Framework (service resilience) NHS Commissioning Board Business Continuity Management Framework (service resilience) 1 P a g e NHS Commissioning Board Business Continuity Management Framework Date 7 January 2013 Audience NHS Commissioning

More information

Prudential Practice Guide

Prudential Practice Guide Prudential Practice Guide LPG 232 Business Continuity Management March 2007 www.apra.gov.au Australian Prudential Regulation Authority Disclaimer and copyright This prudential practice guide is not legal

More information

BUSINESS CONTINUITY MANAGEMENT GUIDELINES FOR BANKS AND FINANCIAL INSTITUTIONS

BUSINESS CONTINUITY MANAGEMENT GUIDELINES FOR BANKS AND FINANCIAL INSTITUTIONS BUSINESS CONTINUITY MANAGEMENT GUIDELINES FOR BANKS AND FINANCIAL INSTITUTIONS DIRECTORATE OF BANKING SUPERVISION AUGUST 2009 TABLE OF CONTENTS PAGE 1.0 INTRODUCTION..3 1.1 Background...3 1.2 Citation...3

More information

Business Continuity Planning and Disaster Recovery Planning

Business Continuity Planning and Disaster Recovery Planning 4 Business Continuity Planning and Disaster Recovery Planning Basic Concepts 1. Business Continuity Management: Business Continuity means maintaining the uninterrupted availability of all key business

More information

Business Continuity Policy

Business Continuity Policy Page 1 of 16 Business Continuity Policy Issue Date: Aug 2013 Document Number: 00241 Prepared by: Business Management and Continuity Senior Manager Next Review Date: April 2014 Page 2 of 16 NHS England

More information

Business Continuity Management (BCM) Policy

Business Continuity Management (BCM) Policy Business Continuity Management (BCM) Policy Reference number: Corporate 042 Title: Business Continuity Management (BCM) Policy Version number: Version 2 Policy Approved by: LLR PCT Cluster Board Date of

More information

BCP and DR. P K Patel AGM, MoF

BCP and DR. P K Patel AGM, MoF BCP and DR P K Patel AGM, MoF Key difference between BS 25999 and ISO 22301 ISO 22301 puts a much greater emphasis on setting the objectives, monitoring performance and metrics aligning BC to top management

More information

Emergency Response and Business Continuity Management Policy

Emergency Response and Business Continuity Management Policy Emergency Response and Business Continuity Management Policy Owner: John Duffy, Registrar & Secretary Last updated: September 2012 Version: 04 Document control Date Version Author Changes To be populated

More information

Chapter 6 Business continuity management

Chapter 6 Business continuity management 74 CHAPTER 6 BUSINESS CONTINUITY MANAGEMENT Chapter 6 Business continuity management Summary The Act requires Category 1 responders to maintain plans to ensure that they can continue to exercise their

More information

EMERGENCY PREPAREDNESS PLAN Business Continuity Plan

EMERGENCY PREPAREDNESS PLAN Business Continuity Plan EMERGENCY PREPAREDNESS PLAN Business Continuity Plan GIS Bankers Insurance Group Powered by DISASTER PREPAREDNESS Implementation Small Business Guide to Business Continuity Planning Surviving a Catastrophic

More information

BUSINESS CONTINUITY MANAGEMENT POLICY

BUSINESS CONTINUITY MANAGEMENT POLICY BUSINESS CONTINUITY MANAGEMENT POLICY AUTHORISED BY: DATE: Andy Buck Chief Executive March 2011 Ratifying Committee: NHS Rotherham Board Date Agreed: Issue No: NEXT REVIEW DATE: 2013 1 Lead Director John

More information

Business Continuity Management Governance. Frank Higgins Abu Dhabi March 2015

Business Continuity Management Governance. Frank Higgins Abu Dhabi March 2015 Business Continuity Management Governance Frank Higgins Abu Dhabi March 2015 Different Names Same Concept BCM (Business Continuity Management) BSI 25999 IPOCM (Incident Preparedness & Operational Continuity

More information

University of Glasgow. Business Continuity Management. Guidance Notes

University of Glasgow. Business Continuity Management. Guidance Notes University of Glasgow Business Continuity Management Guidance Notes 1 Contents Page 1 Introduction to Business Continuity Management 3 2 Roles and Responsibilities 4 3 Business Impact Analysis 5 4 Developing

More information

EPRR: BCP - Checklist

EPRR: BCP - Checklist NHS England Business Continuity Management Toolkit EPRR: BCP - Checklist Appendix 3.2 1 [Intentionally Blank] INTRODUCTION The purpose of this document is to assist those who are developing a business

More information

Version Adoption by Council: 2013 Resolution Number: 2013/177 Current Version: V1.0 Administered by: Governance Coordinator

Version Adoption by Council: 2013 Resolution Number: 2013/177 Current Version: V1.0 Administered by: Governance Coordinator Risk Management Framework Version Adoption by Council: 2013 Resolution Number: 2013/177 Current Version: V1.0 TRIM CON: 12/1132 Administered by: Governance Coordinator Last Review Date: 2013 Next Review

More information

19. Planning. 19 PLANNING p1

19. Planning. 19 PLANNING p1 19. Planning Summary Planning involves the proactive coordination of activities in the medium to long term, with the intention of achieving a unified effort towards a common objective. Planning consists

More information

Prudential Standard LPS 232

Prudential Standard LPS 232 Prudential Standard LPS 232 Business Continuity Management Objective and key requirements of this Prudential Standard This Prudential Standard aims to ensure that each life company implements a whole of

More information

Chapter I: Fundamentals of Business Continuity Management

Chapter I: Fundamentals of Business Continuity Management Chapter I: Fundamentals of Business Continuity Management Objectives Define Business Continuity Management (BCM) Define the relationship between BCM and risk management Review BCM responsibilities Identify

More information

Essex Clinical Commissioning Groups. Business Continuity Management System. Scope and Policy

Essex Clinical Commissioning Groups. Business Continuity Management System. Scope and Policy Essex Clinical Commissioning Groups Essex Clinical Commissioning Groups Business Continuity Management System Scope and Policy Policy Author: Daniel Hale - Head of Emergency Planning Version: 1.0 Date

More information

DERBYSHIRE COUNTY COUNCIL BUSINESS CONTINUITY POLICY

DERBYSHIRE COUNTY COUNCIL BUSINESS CONTINUITY POLICY DERBYSHIRE COUNTY COUNCIL BUSINESS CONTINUITY POLICY VERSION 1.0 ISSUED JULY 2015 CONTENTS Page CONTENTS VERSION CONTROL FOREWORD i ii iii POLICY 1 Scope 1 Aim and Objectives 1 Methods and Standards 1

More information

Appendix 2 - Leicester City Council s Business Continuity Management Policy Statement and Strategy 2015. Business Continuity Policy Statement 2015

Appendix 2 - Leicester City Council s Business Continuity Management Policy Statement and Strategy 2015. Business Continuity Policy Statement 2015 Appendix 2 - Leicester City Council s Business Continuity Management Policy Statement and Strategy 2015 Business Continuity Policy Statement 2015 This Policy sets the direction for Business Continuity

More information

Tips and techniques a typical audit programme

Tips and techniques a typical audit programme Auditing Business Continuity Planning Tips and techniques a typical audit programme Karen Wills, Senior Internal Auditor St James s Place Wealth Management February 2014 Contents Background Roles and Responsibilities

More information

Departmental Business Continuity Framework. Part 2 Working Guides

Departmental Business Continuity Framework. Part 2 Working Guides Department for Work and Pensions Departmental Business Continuity Framework Part 2 Working Guides Page 1 of 60 CONTENTS Guide to business impact analysis...3 Guide to business continuity planning...7 Guide

More information

Monetary Authority of Singapore BUSINESS CONTINUITY MANAGEMENT GUIDELINES

Monetary Authority of Singapore BUSINESS CONTINUITY MANAGEMENT GUIDELINES Monetary Authority of Singapore BUSINESS CONTINUITY MANAGEMENT GUIDELINES June 2003 TABLE OF CONTENTS 1.0 INTRODUCTION... 1 1.1 READINESS IS YOUR ONLY PROTECTION... 1 1.2 APPLICATION OF THE GUIDELINES...

More information

Introduction UNDERSTANDING BUSINESS CONTINUITY MANAGEMENT

Introduction UNDERSTANDING BUSINESS CONTINUITY MANAGEMENT INFORMATION SECURITY: UNDERSTANDING BUSINESS CONTINUITY MANAGEMENT FACTSHEET This factsheet will introduce you to Business Continuity Management (BCM), which is a process developed to counteract systems

More information

HOW CAN YOU ENSURE BUSINESS CONTINUITY? ISO 22301 AUDITS, CERTIFICATION AND TRAINING

HOW CAN YOU ENSURE BUSINESS CONTINUITY? ISO 22301 AUDITS, CERTIFICATION AND TRAINING HOW CAN YOU ENSURE BUSINESS CONTINUITY? ISO 22301 AUDITS, CERTIFICATION AND TRAINING ISO 22301 BUSINESS CONTINUITY MANAGEMENT SYSTEMS Most organisations will, at some point, be faced with having to respond

More information

BUSINESS CONTINUITY MANAGEMENT

BUSINESS CONTINUITY MANAGEMENT BUSINESS CONTINUITY MANAGEMENT Handbook Business Continuity Management Originated as HB 221:2003. Second edition 2004. COPYRIGHT Standards Australia/Standards New Zealand All rights are reserved. No part

More information

Cumbria Constabulary. Business Continuity Planning

Cumbria Constabulary. Business Continuity Planning Cumbria Constabulary Business Continuity Planning 0 Cumbria Shared Internal Audit Service Images courtesy of Carlisle City Council except: Parks (Chinese Gardens), www.sjstudios.co.uk, Monument (Market

More information

Business Continuity Management; Guidance for Policy Implementation

Business Continuity Management; Guidance for Policy Implementation Business Continuity Management; Guidance for Policy Implementation May 2009 Document Document drafted by Office of Quality and Risk Reference Number OQR033 Document approved by Ms. E. Dunne, Head of Quality

More information

SUPERVISORY AND REGULATORY GUIDELINES: PU19-0406 BUSINESS CONTINUITY GUIDELINES

SUPERVISORY AND REGULATORY GUIDELINES: PU19-0406 BUSINESS CONTINUITY GUIDELINES SUPERVISORY AND REGULATORY GUIDELINES: PU19-0406 Business Continuity Issued: 1 st May, 2007 Revised: 14 th October 2008 BUSINESS CONTINUITY GUIDELINES I. INTRODUCTION The Central Bank of The Bahamas (

More information

Success or Failure? Your Keys to Business Continuity Planning. An Ingenuity Whitepaper

Success or Failure? Your Keys to Business Continuity Planning. An Ingenuity Whitepaper Success or Failure? Your Keys to Business Continuity Planning An Ingenuity Whitepaper May 2006 Overview With the level of uncertainty in our world regarding events that can disrupt the operation of an

More information

NHS 24 - Business Continuity Strategy

NHS 24 - Business Continuity Strategy NHS 24 - Strategy Version: 0.3 Issue Date: 20/09/2005 Status: Issued for Board Approval Status: draft Page 1 of 13 Table of Contents 1 INTRODUCTION...3 2 PURPOSE...3 3 SCOPE...3 4 ASSUMPTIONS...4 5 BUSINESS

More information

VISION FOR LEARNING AND DEVELOPMENT

VISION FOR LEARNING AND DEVELOPMENT VISION FOR LEARNING AND DEVELOPMENT As a Council we will strive for excellence in our approach to developing our employees. We will: Value our employees and their impact on Cardiff Council s ability to

More information

Introduction to Business Continuity Management (BCM) Andy Fyfe MBCI Resilience Manager Buckinghamshire County Council

Introduction to Business Continuity Management (BCM) Andy Fyfe MBCI Resilience Manager Buckinghamshire County Council Introduction to Business Continuity Management (BCM) Andy Fyfe MBCI Resilience Manager Buckinghamshire County Council Aim To provide an introduction to Business Continuity Management (BCM). Objectives

More information

Business Continuity Policy

Business Continuity Policy Business Continuity Policy Reference Number: 243 Author & Title: Siân Dyson Resilience Manager Responsible Director: Chief Operating Officer Review Date: 29 May 2018 Ratified by: Francesca Thompson Chief

More information

BUSINESS CONTINUITY MANAGEMENT IN THE PUBLIC SECTOR A ROUGH GUIDE

BUSINESS CONTINUITY MANAGEMENT IN THE PUBLIC SECTOR A ROUGH GUIDE BUSINESS CONTINUITY MANAGEMENT IN THE PUBLIC SECTOR A ROUGH GUIDE Introduction 1. Recently many organisations both public and private have directed much more time, money and effort towards protecting service

More information

INTERNAL AUDIT POLICY

INTERNAL AUDIT POLICY INTERNAL AUDIT POLICY Version control information Document Name: INTERNAL AUDIT POLICY Prepared by: D Davis Version: V 1.0 Date 08/06/2016 health.wa.gov.au MP 0008-16 Effective: 1/7/2016 Title: INTERNAL

More information

Business Continuity Policy & Plans

Business Continuity Policy & Plans Agenda Item 8.3a SNCCG Governing Body 11.03.2014 Business Continuity Policy & Plans Ref Number: Version: 1 Status: Pending Approval Author: A Brown Approval body Governing Body Date Approved Date Issued

More information

Business Continuity Management Group Policy

Business Continuity Management Group Policy THE WAREHOUSE GROUP LIMITED ( the Company ) 1. Purpose of Policy This policy is to communicate The Warehouse Group Limited ( TWG ) governance requirements and arrangements for developing and sustaining

More information

Information Services IT Security Policies B. Business continuity management and planning

Information Services IT Security Policies B. Business continuity management and planning Information Services IT Security Policies B. Business continuity management and planning Version 1 Date created: 28th May 2009 Approved by Directorate: 2nd July 2009 Review date: 1st July 2010 Primary

More information

EPRR: Toolkit Business Impact

EPRR: Toolkit Business Impact NHS England Business Continuity Management EPRR: Toolkit Business Impact Assessment (BIA) Template Appendix 3.1 0 [Intentionally Blank] 1 INTRODUCTION The purpose of this document is to assist those who

More information

By. Mr. Chomnaphas Tangsook Business Director BSI Group ( Thailand) Co., Ltd

By. Mr. Chomnaphas Tangsook Business Director BSI Group ( Thailand) Co., Ltd BS 25999 Business Continuity Management By. Mr. Chomnaphas Tangsook Business Director BSI Group ( Thailand) Co., Ltd 1 Contents slide BSI British Standards 2006 BS 25999(Business Continuity) 2002 BS 15000

More information

Creating a Business Continuity Plan for your Health Center

Creating a Business Continuity Plan for your Health Center Creating a Business Continuity Plan for your Health Center 1 Page Left Intentionally Blank 2 About This Manual This tool is the result of collaboration between the Primary Care Development Corporation

More information

Data Center Assistance Group, Inc. DCAG Contact: Tom Bronack Phone: (718) 591-5553 Email: bronackt@dcag.com Fax: (718) 380-7322

Data Center Assistance Group, Inc. DCAG Contact: Tom Bronack Phone: (718) 591-5553 Email: bronackt@dcag.com Fax: (718) 380-7322 Business Continuity and Disaster Recovery Job Descriptions Table of Contents Business Continuity Services Organization Chart... 2 Director Business Continuity Services Group... 3 Manager of Business Recovery

More information

Business Continuity Management. Policy Statement and Strategy

Business Continuity Management. Policy Statement and Strategy Business Continuity Management Policy Statement and Strategy November 2011 Title Business Continuity Management Policy & Strategy Date of Publication: Cabinet Council Published by Borough Council of King

More information