Disaster Recovery and Contingency Planning
|
|
- Wilfrid Summers
- 3 years ago
- Views:
From this document you will learn the answers to the following questions:
What is the process that is being used to improve the business continuity plan?
What is the process in place to develop an overarching business continuity plan?
What does the BCMS development board coordinate activities between?
Transcription
1 ITEM: 7(ii) AUDIT COMMITTEE 2 NOVEMBER Nottingham City Homes Disaster Recovery and Contingency Planning June Final Report Executive Summary & Action Plan Assurance Level: Partly meets expectations Audit Sponsor George Pashley Staff Interviewed Ian Rabett, Robert Allen, Robert Barton, Dave Kelly, Kate Watret, Glenn Langham, Jas Padam Audit Team - Nicola Higginbottom, Ashley Homburg
2 1 Introduction 1 Executive Summary 1.1 We have carried out the audit in accordance with the programme agreed with management and the Audit Committee. Based on the audit work carried out we have concluded that the level of control over disaster recovery and business continuity planning is: Partly Meets Expectations. 1.2 The Organisation is currently progressing the development of its continuity arrangements, and a coordinating role for this process has been allocated to the And Safety. Some areas of the business have well developed incident response plans, and the process in place to develop an overarching business continuity plan is currently gathering information on key business processes and their criticality. 1.3 From our experience at other housing providers we have observed that the current arrangements at NCH are largely aligned with those commonly seen throughout the industry sector, with some areas where these exceed the usual arrangements seen at other social housing providers. Our conclusion (partially meets expectations) is based on our concerns that, at the time of our audit, the arrangements that were in place would not fully meet the recovery needs of NCH. 1.4 NCH is fully reliant on Nottingham City Council for delivery of its ICT service, covering network and core IT servers. Service arrangements are currently defined at a high level, and do not include details of system recovery processes, continuity arrangements or service levels. The Interim Director of ICT is currently negotiating with the Council for a detailed service description and service level agreement. Further details of the Council s infrastructure and resilience arrangements are also being requested. There are several known areas of the ICT infrastructure where reliance is placed on a single piece of ICT hardware or network connection, increasing the likelihood of prolonged service loss after hardware failure. The Finance, Human Resources and Payroll departments have their own contracts with the Council, which include IT systems provision but are out of scope of the ICT service contract. 1.5 We noted a number of areas where the current business continuity plan development process could be enhanced: The current plans have been based on recovering from issues affecting specific departments, for example snow affecting staff access to the customer call centre; or loss of the Nottingham on call building. The overarching business continuity plan may be improved by aligning it to disaster event scenarios, driven by risks identified in the NCH risk register, and supporting coordinated organisationwide recovery activities. The continuity plan development is being progressed by one staff member. Good practice suggests that a business continuity team, including representatives of the key business functions, should work together to develop a Business Continuity Management System (BCMS). 1.6 During the course of our audit the electrical fire at the Lenton Court occurred. We observed the approach adopted in response to this incident by NCH and noted that the recovery effort was carried out in a logical and common sense manner. The 78 tenants were not put in unnecessary danger and were found temporary accommodation while the issue was resolved. Other than the list of emergency contacts there was no business continuity plan or event card covering this scenario. 1.7 Finally, we wish to thank all members of staff for their availability, co-operation and assistance during the course of our review. PKF (UK) LLP June June Executive Summary 1
3 2 Action Plan R1 There is currently no BCMS board to ensure that development of the BCMS is aligned to cross-business needs. Section of ISO:27000 outlines the good practice for Business continuity programme management and governance. A more project-based approach to the development of the BCMS should be adopted. This should include: Formation of a BCMS development board to coordinate activities between departments; Creation of a project plan identifying the tasks that need to be completed, such as continuity plan / event card development, procurement of supporting infrastructure, contracts, kit, etc; Budgeting for resource requirements; and Development of a programme of plan testing. Recommendation requires consideration by the Executive Management Team. George Pashley Director of OD End of August R2 The Business continuity planning process does not currently link with the NCH risk management processes, and does not include all business risk scenarios (that require a Business Continuity mitigation response). The current corporate risk register is being revised, and should be available from mid-july. The BCMS process should be linked to the NCH risk management process and cross-referenced to the revised risk register when available. Recovery scenarios should be based on recognised business risks, and recovery options should consider all (key) departments affected by the event. The latest version of the risk register will be considered and BC risks incorporated into the BC plan. Our BC procedures to be reviewed to ensure that this process becomes a matter of course. End of September June Action Plan 2
4 R3 Many of the current business continuity documents pre-date the current BCMS development process, and vary in structure, version control, storage, etc. All existing BCP documentation should be migrated to the current, userfocussed format and they should be stored in an appropriate repository (e.g. on the Intranet with off-site paper copies) and version managed. Agreed. This requirement had already been identified. Priority has been afforded to assessing the BC needs in critical services where no current plan exists. End of Nov R4 There is a text alert system in place to alert staff when an incident has occurred, but no defined core incident response team to identify which of the alerted staff are required to support the recovery process, or when their input is required. An incident response team should be nominated. Their primary role should be to attend incidents (where safe to do so) and identify, mobilise and coordinate other NCH resources and responses as appropriate. The text alert system should be used to place staff on stand-by, but (other than the nominated response team), their presence on site should be by specific request only. The text alert system will remain in place as this works well for us. The recommendation to develop an incident response team will be examined in the first instance as part of the Lenton Court debrief process. End of August June Action Plan 3
5 R5 The processes for providing critical information early after the incident are not fully documented. There is an opportunity to improve the speed at which critical information is provided to the emergency services. We understand that a debrief has been planned which will include input from NCH staff, the fire and rescue team and the Nottingham City Council emergency planning team to identify (information) improvements. Following the planned debrief, NCH should document the information requirements of all the interested parties (i.e. emergency services, NCH and Council) The processes for providing this information in a timely, efficient and user-friendly manner should be documented and supporting infrastructure put in place. The technology for this recommendation was recently introduced at NCH, and was used effectively during the incident at Lenton Court. It is agreed that this could have been utilised earlier, and needs to become part of a documented process. The scope will be examined in the first instance as part of the Lenton Court debrief process. End of August R6 Tenant communication was performed by door-to-door visits by NCH staff after the Lenton Court fire was confirmed as extinguished. Other communication channels could have been deployed earlier (e.g. via the CSC) to inform tenants of the risks and what was required of them. NCH should consider how emergency tenant communication procedures can be made more efficient. This could include using CSC and/or Nottingham on Call to contact tenants and where required their associated support workers / family members. This recommendation will be discussed in the first instance with call centre management as the resources available vary according to the time of day and day of the week. End of August June Action Plan 4
6 R7 There was no emergency response kit, meaning the response team had to spend time locating basic equipment in support of their recovery response. A number of emergency response kits should be prepared and distributed to sites / members of the emergency response team as appropriate. These should be small / portable and include equipment such as: Torches High visibility jackets First aid kit Megaphone Pads and pens The business continuity plan Agreed. Number and content of kits to be identified. End of September. R8 A contract with the Council for ICT service is being renegotiated to include service level targets, service descriptions, etc. As finance, HR and Payroll have their own contracts (which cover systems), they are not included in this negotiation process. All service level agreements, including those covering Finance, HR and Payroll systems, should include clearly defined scopes, service levels for systems and infrastructure availability, resilience controls (e.g. backup) and the expected response times in case of a disaster. As we understand that service delivery for Finance, HR and Payroll are being migrating to shared service models, the revised contracts should also include these prerequisites. Draft ICT SLA has been authored with NCC. Final version shall include details of how the ORACLE system shall be supported by NCC (and EMSS through NCC) if affected by an IT failure. As ORACLE is used by NCC support and contingency arrangements shall be required by NCC in any case, for their own purposes. Robert Allen - Head of ICT End of October June Action Plan 5
7 R9 There are a number of single points of failure in the ICT infrastructure that may increase the likelihood of service disruption. There are a number of contingency arrangements in place at the Council, but the appropriateness of these for NCH purposes is not known. a) NCH should perform a risk assessment of the single points of failure, system fail-over arrangements and disaster recovery capacity and validate where greater levels of resilience or service levels are required. b) We understand that the Council s Internal Audit function has performed a review of this area recently, and NCH should request access to the findings and action planning arising from this review. Risk assessment to be carried out to establish where greater levels of resilience or service levels are required pending outcome of ongoing accommodation review and SLA negotiations with NCC. Information requested from NCC 03/07/ / Robert Barton - Interim Director of ICT End of October R10 There were areas where the Hounds Gate server room fell below best practice for physical and environmental security. Should the room cease to operate, all telephone and network communications to Hounds Gate (and CSC) would be terminated and none of the key IT systems would be available to office-based staff. The physical and environmental controls in the Hounds Gate server room should be reviewed and improved where deemed appropriate. Risk assessment to be carried out to establish whether or not interim controls are required pending outcome of ongoing accommodation review / Robert Barton - Interim Director of ICT End of September June Action Plan 6
8 3 Definitions Assurance Level Fully meets expectations Substantially meets expectations Partly meets expectations Does not meet expectations Definition Our audit work provides assurance that the arrangements should deliver the objectives and risk management aims of the organisation in the area under review and meet or exceed relevant external requirements. There is only a small risk of failure or non-compliance. Our audit work provides assurance that the arrangements should deliver the key objectives and risk management aims of the organisation in the area under review and meet most relevant external requirements. There is some risk of failure or non-compliance. Our audit work provides assurance that the arrangements will deliver only some of the key objectives and risk management aims of the organisation in the area under review or may not meet relevant external requirements. There is a significant risk of failure or non-compliance. Our audit work provides little assurance. The arrangements will not deliver the key objectives and risk management aims of the organisation in the area under review or will not meet relevant external requirements. There is an almost certain risk of failure or non-compliance. Recommendation priority High priority recommendations priority recommendations Low priority recommendations Definition Those that failure to address would result in a significant and unacceptable risk to the organisation arising or continuing. Those that failure to address would result in a moderate risk to the organisation arising or continuing or relate to significant best practice improvements. Those that failure to address would result in a minor risk to the organisation arising or continuing or relate to moderate best practice improvements. June Definitions 7
IT REVIEW OF THE DISASTER RECOVERY ARRANGEMENTS
NOTTINGHAM CITY HOMES IT REVIEW OF THE DISASTER RECOVERY ARRANGEMENTS Report issued: February 2011 Audit Plan: The matters raised in this report are only those that came to the attention of the auditor
More informationDacorum Borough Council Final Internal Audit Report. IT Business Continuity and Disaster Recovery
Dacorum Borough Council Final Internal Audit Report IT Business Continuity and Disaster Recovery Distribution list: Chris Gordon Group Manager Performance, Policy and Projects John Worts ICT Team Leader
More informationSUBJECT: REPLACEMENT OF CORPORATE ELECTRONIC DATA STORAGE, BACKUP AND DISASTER RECOVERY SOLUTIONS
REPORT TO CABINET TO BE HELD ON 15 SEPTEMBER 2015 Key Decision No Forward Plan Ref No 23K Corporate Priority The proposals in this report contribute to the delivery of all the Council s priorities Cabinet
More informationLFRS Business Continuity Planning
LFRS Business Continuity Planning 1.1 INTRODUCTION The LFRS Business Continuity Plan provides a framework for the activation, allocation and deployment of Lancashire Fire and Rescue Services resources
More informationPAPER-6 PART-1 OF 5 CA A.RAFEQ, FCA
1 Chapter-4: Business Continuity Planning and Disaster Recovery Planning PAPER-6 PART-1 OF 5 CA A.RAFEQ, FCA Learning Objectives 2 To understand the concept of Business Continuity Management To understand
More informationCHAPTER 1: BUSINESS CONTINUITY MANAGEMENT STRATEGY AND POLICY
Zurich Management Services Limited Registered in England: No 2741053 Registered Office The Zurich Centre, 3000 Parkway Whiteley, Fareham Hampshire, PO15 7JZ CHAPTER 1: BUSINESS CONTINUITY MANAGEMENT STRATEGY
More informationSCHOOLS BUSINESS CONTINUITY PLANNING GUIDANCE
SCHOOLS BUSINESS CONTINUITY PLANNING GUIDANCE This guidance is to be used as a tool to support you in your business continuity planning and aligns to the schools business continuity plan template provided.
More informationBCP and DR. P K Patel AGM, MoF
BCP and DR P K Patel AGM, MoF Key difference between BS 25999 and ISO 22301 ISO 22301 puts a much greater emphasis on setting the objectives, monitoring performance and metrics aligning BC to top management
More informationHow to Exercise a Business Continuity Plan (BCP)
How to Exercise a Business Continuity Plan (BCP) This document provides a step by step guide to exercising a Business Continuity Plan (BCP). The exercise of a BCP should not be undertaken in isolation,
More informationNHS Central Manchester Clinical Commissioning Group (CCG) Business Continuity Management (BCM) Policy. Version 1.0
NHS Central Manchester Clinical Commissioning Group (CCG) Business Continuity Management (BCM) Policy Version 1.0 Document Control Title: Status: Version: 1.0 Issue date: May 2014 Document owner: (Name,
More informationBusiness Continuity Policy
Business Continuity Policy 1 NHS England INFORMATION READER BOX Directorate Medical Commissioning Operations Patients and Information Nursing Trans. & Corp. Ops. Commissioning Strategy Finance Publications
More informationBusiness Continuity Management Policy
Business Continuity Management Policy Business Continuity Policy Version 1.0 1 Version control Version Date Changes Author 0.1 April 13 1 st draft PH 0.2 June 13 Amendments in line with guidance PH 0.3
More informationBusiness Continuity Management. Policy Statement and Strategy
Business Continuity Management Policy Statement and Strategy November 2011 Title Business Continuity Management Policy & Strategy Date of Publication: Cabinet Council Published by Borough Council of King
More informationBusiness Continuity Management Governance. Frank Higgins Abu Dhabi March 2015
Business Continuity Management Governance Frank Higgins Abu Dhabi March 2015 Different Names Same Concept BCM (Business Continuity Management) BSI 25999 IPOCM (Incident Preparedness & Operational Continuity
More informationBusiness Continuity and Disaster Recovery Planning
Business Continuity and Disaster Recovery Planning Jennifer Brandt, CISA A p r i l 16, 2015 HISTORY OF STINNETT & ASSOCIATES Stinnett & Associates (Stinnett) is a professional advisory firm offering services
More informationHow To Manage A Business Continuity Strategy
Business continuity strategy 2009 2012 Table of contents 1 Why this strategy is needed 3 2 Aim of the strategy 4 3 Our approach to business continuity 4 PROCESS 4 STRUCTURE 5 DOCUMENTATION 6 DISRUPTION
More informationBusiness Continuity Management
Business Continuity Management Policy Statement & Strategy July 2009 Basildon District Council Business Continuity Management Policy Statement The Council is committed to ensuring robust and effective
More informationDORSET & WILTSHIRE FIRE AND RESCUE AUTHORITY Performance, Risk and Business Continuity Management Policy
Not Protectively Marked Item 6 Appendix B DORSET & WILTSHIRE FIRE AND RESCUE AUTHORITY Management Policy The Dorset & Wiltshire Fire and Rescue Authority () is the combined fire and rescue authority for
More informationInternal Audit Report Business Continuity Planning Arrangements
The Highland Council Community Services Committee 6 November 2014 Agenda Item Report No 19 COM 45/14 Internal Audit Report Planning Arrangements Report by Director of Community Services Summary This report
More informationSUBMITTED TO: NORFOLK AND SUFFOLK COLLABORATION PANEL - 3 SEPTEMBER 2014 ERP (ENTERPRISE RESOURCE PLANNING) PROJECT UPDATE
ORIGINATOR: CHIEF CONSTABLE PAPER NO: NS14/18 SUBMITTED TO: NORFOLK AND SUFFOLK COLLABORATION PANEL - 3 SEPTEMBER 2014 SUBJECT: ERP (ENTERPRISE RESOURCE PLANNING) PROJECT UPDATE SUMMARY: 1. The Collaboration
More informationCouncil Policy Business Continuity Management
Policy Name: Business Continuity Management Council Policy Business Continuity Management ADOPTED BY COUNCIL: 19 th April 2016 DATE OF NEXT REVIEW: 18 th April 2020 RESPONSIBLE OFFICER: REFERENCES: Chief
More informationBusiness Continuity Management Policy
Governance: Business Committee Policy Owner: Chief Superintendent, Corporate Services Department: Corporate Services Policy Number: 002 Version: 3.0 Policy Writer: Business Continuity Co-ordinator Effective
More informationBusiness Continuity (Policy & Procedure)
Business Continuity (Policy & Procedure) Publication Scheme Y/N Can be published on Force Website Department of Origin Force Operations Policy Holder Ch Supt Head of Force Ops Author Business Continuity
More informationGLASGOW LIFE Review of Business Continuity Planning. Final Report
Final Report INTERNAL AUDIT September 2011 Glasgow City Council Internal Audit 1 Table of Contents Section No Section Title 1 Introduction and Background 2 Audit Remit 3 Audit Opinion 4 Conclusions 5 Recommendations
More informationInformation Security Policy. Chapter 11. Business Continuity
Information Security Policy Chapter 11 Business Continuity Author: Policy & Strategy Team Version: 0.5 Date: July 2008 Version 0.5 Page 1 of 6 Document Control Information Document ID Document title Sefton
More information[INSERT NAME OF SCHOOL] BUSINESS CONTINUITY PLAN
Plan Ref No: [INSERT NAME OF SCHOOL] BUSINESS CONTINUITY PLAN PLAN DETAILS Date Written Plan Owner Plan Writer Version Number Review Schedule 6 monthly Annually Date of Plan Review Date of Plan Exercise
More informationICT & Communications Services Disaster & Recovery Plan
ICT & Communications Services Disaster & Recovery Plan Advanced IT Services with George Spencer Academy www.aitn.co.uk Advanced IT Services - Arthur Mee Road, Stapleford, Nottingham. NG9 7EW Email: info@advanceditservices.co.uk
More informationBusiness Continuity Policy and Business Continuity Management System
Business Continuity Policy and Business Continuity Management System Summary: This policy sets out the structure for ensuring that the PCT has effective Business Continuity Plans in place in order to maintain
More informationBusiness Continuity Policy
Business Continuity Policy St Mary Magdalene Academy V1.0 / September 2014 Document Control Document Details Document Title Document Type Business Continuity Policy Policy Version 2.0 Effective From 1st
More informationDepartmental Business Continuity Framework. Part 2 Working Guides
Department for Work and Pensions Departmental Business Continuity Framework Part 2 Working Guides Page 1 of 60 CONTENTS Guide to business impact analysis...3 Guide to business continuity planning...7 Guide
More informationCABINET - 26 JULY 2011 REPORT OF THE DIRECTOR OF CORPORATE RESOURCES EAST MIDLANDS SHARED SERVICES: PROCUREMENT OF MANAGED HOSTING SERVICE
N CABINET - 26 JULY 2011 REPORT OF THE DIRECTOR OF CORPORATE RESOURCES EAST MIDLANDS SHARED SERVICES: PROCUREMENT OF MANAGED HOSTING SERVICE Purpose 1. The purpose of the report is to: advise Cabinet of
More informationAUDIT REPORT INTERNAL AUDIT DIVISION. Audit of business continuity and disaster recovery planning at UNON
INTERNAL AUDIT DIVISION AUDIT REPORT Audit of business continuity and disaster recovery planning at UNON Overall results relating to business continuity and disaster recovery planning at UNON were initially
More informationNHS Commissioning Board Business Continuity Management Framework (service resilience)
NHS Commissioning Board Business Continuity Management Framework (service resilience) 1 P a g e NHS Commissioning Board Business Continuity Management Framework Date 7 January 2013 Audience NHS Commissioning
More informationJOB DESCRIPTION CONTRACTUAL POSITION
Ref #: IT/P /01 JOB DESCRIPTION CONTRACTUAL POSITION JOB TITLE: INFORMATION AND COMMUNICATIONS TECHNOLOGY (ICT) SECURITY SPECIALIST JOB SUMMARY: The incumbent is required to provide specialized technical
More informationBusiness Continuity Management Policy and Framework
Management Policy and Framework Version: Produced by: Date Produced: Approved by: Updated: 7 University Manager with the assistance of the Operational Group 11 th March 2010 Steering Group (14 December
More informationIntroduction UNDERSTANDING BUSINESS CONTINUITY MANAGEMENT
INFORMATION SECURITY: UNDERSTANDING BUSINESS CONTINUITY MANAGEMENT FACTSHEET This factsheet will introduce you to Business Continuity Management (BCM), which is a process developed to counteract systems
More informationSound Transit Internal Audit Report - No. 2014-6
Sound Transit Internal Audit Report - No. 2014-6 Maturity Assessment: Information Technology Division Disaster Recovery Planning Report Date: June 5, 2015 Table of Contents Page Executive Summary 2 Background
More informationBusiness Continuity Policy & Plans
Agenda Item 8.3a SNCCG Governing Body 11.03.2014 Business Continuity Policy & Plans Ref Number: Version: 1 Status: Pending Approval Author: A Brown Approval body Governing Body Date Approved Date Issued
More informationOur consultancy team will provide guidance throughout the process helping you to produce the necessary documentation and raise staff awareness.
Service Definition Business Continuity Plan Overview of Service Sapphire provides a bespoke service, working with your organisation to develop a comprehensive Business Continuity Plan (BCP) designed to
More informationCumbria Constabulary. Business Continuity Planning
Cumbria Constabulary Business Continuity Planning 0 Cumbria Shared Internal Audit Service Images courtesy of Carlisle City Council except: Parks (Chinese Gardens), www.sjstudios.co.uk, Monument (Market
More informationBlackboard Collaborate Web Conferencing Hosted Environment Technical Infrastructure and Security
Overview Blackboard Collaborate Web Conferencing Hosted Environment Technical Infrastructure and Security Blackboard Collaborate web conferencing is available in a hosted environment and this document
More informationUpdate from the Business Continuity Working Group
23 June 2014 Performance and Resources Board 19 To note Update from the Business Continuity Working Group Issue 1 The Business Continuity Working Group oversees the development, maintenance and improvement
More informationDisaster Recovery Policy
Disaster Recovery Policy INTRODUCTION This policy provides a framework for the ongoing process of planning, developing and implementing disaster recovery management for IT Services at UCD. A disaster is
More informationBusiness Continuity Management
Business Continuity Management Standard Operating Procedure Notice: This document has been made available through the Police Service of Scotland Freedom of Information Publication Scheme. It should not
More informationBUSINESS CONTINUITY PLAN 1 DRAFTED BY: INTEGRATED GOVERNANCE MANAGER 2 ACCOUNTABLE DIRECTOR: DIRECTOR OF QUALITY AND SAFETY 3 APPLIES TO: ALL STAFF
BUSINESS CONTINUITY PLAN 1 DRAFTED BY: INTEGRATED GOVERNANCE MANAGER 2 ACCOUNTABLE DIRECTOR: DIRECTOR OF QUALITY AND SAFETY 3 APPLIES TO: ALL STAFF 4 COMMITTEE & DATE APPROVED: GOVERNING BODY, 5 MARCH
More information1.0 Policy Statement / Intentions (FOIA - Open)
Force Policy & Procedure Reference Number Business Continuity Management D269 Policy Version Date 23 July 2015 Review Date 23 July 2016 Policy Ownership Portfolio Holder Links or overlaps with other policies
More informationSuccess or Failure? Your Keys to Business Continuity Planning. An Ingenuity Whitepaper
Success or Failure? Your Keys to Business Continuity Planning An Ingenuity Whitepaper May 2006 Overview With the level of uncertainty in our world regarding events that can disrupt the operation of an
More informationBusiness continuity management policy
Business continuity management policy health.wa.gov.au Effective: XXX Title: Business continuity management policy 1. Purpose All public sector bodies are required to establish, maintain and review business
More informationFINRMFS9 Facilitate Business Continuity Planning and disaster recovery for a financial services organisation
Facilitate Business Continuity Planning and disaster recovery for a Overview This unit is suitable for those working in risk management roles who have responsibility for facilitating business continuity
More informationWhy Should Companies Take a Closer Look at Business Continuity Planning?
whitepaper Why Should Companies Take a Closer Look at Business Continuity Planning? How Datalink s business continuity and disaster recovery solutions can help organizations lessen the impact of disasters
More informationPAPER-6 PART-3 OF 5 CA A.RAFEQ, FCA
Chapter-4: Business Continuity Planning and Disaster Recovery Planning PAPER-6 PART-3 OF 5 CA A.RAFEQ, FCA Learning Objectives 2 To understand the concept of Business Continuity Management To understand
More informationAudit of IMS Disaster Recovery Plan
Audit of IMS Disaster Recovery Plan Internal Audit 378-1-615 April 29, 2009 TABLE OF CONTENTS EXECUTIVE SUMMARY...II 1.0 INTRODUCTION...5 2.0 AUDIT OBJECTIVES AND SCOPE...7 3.0 AUDIT APPROACH AND METHODOLOGY...7
More informationPAAS Public Sector Managed Services
Meritec Limited Meritec House, Acorn Business Park, Skipton, North Yorkshire, BD23 2UE 0845 3451155 servicepoint@meritec.co.uk www.meritec.co.uk Registered In England & Wales No. 3224622 Table of Contents
More informationKEY STRATEGIC RISKS. Northumberland Sustainable Community Strategy
APPENDIX 1 KEY STRATEGIC RISKS Northumberland Objectives: Northumberland Sustainable Community Strategy Northumberland County Council Objectives: Our Vision: Northumberland will be a thriving county where
More informationSummary of Information Technology General Control Environment Findings for the year ended 30 June 2015
Summary of Inmation Technology General Control Environment Findings the year ended 30 June 2015 1 Change management Complete Revisiting the Change Management control process documentation and updating
More informationEMERGENCY PREPAREDNESS PLAN Business Continuity Plan
EMERGENCY PREPAREDNESS PLAN Business Continuity Plan GIS Bankers Insurance Group Powered by DISASTER PREPAREDNESS Implementation Small Business Guide to Business Continuity Planning Surviving a Catastrophic
More informationSCOPE; ENFORCEMENT; AUTHORITY; EXCEPTIONS
Title: DRAFT USG Continuity of Operation Plan Policy Policy Number: 2009-Julian Date Topical Security Area: Document Type: Standard Pages: Words: Lines: 5 1,387 182 Issue Date: May-09 Effective Date: Immediately
More informationOverview TECHIS60851. Manage information security business resilience activities
Overview Information security business resilience encompasses business continuity and disaster recovery from information security threats. As well as addressing the consequences of a major security incident,
More informationAppendix 6c. Final Internal Audit Report Disaster Recovery Planning. June 2007. Report 6c Page 1 of 15
Appendix 6c Final Internal Audit Report Disaster Recovery Planning June 2007 Report 6c Page 1 of 15 Contents Page Executive Summary 3 Observations and Recommendations 8 Appendix 1 - Audit Framework 13
More informationSenior Manager Information Technology (India) Duration of job
Role Profile Job Title Senior Manager Information Technology (India) Directorate or Region South Asia Department/Country Business Support Services, India Location of post Gurgaon Pay Band 6 / Grade G Reports
More informationICT Strategy 2010-2013
ICT Strategy 2010-2013 If you would like to receive this publication in an alternative format (large print, tape format or other languages) please contact us on 01832 742000. East Northamptonshire Council
More informationBusiness Continuity Management Framework
Business Continuity Management Framework Date of Issue: November 2013 Review Date: November 2014 Written by: Jackie Orchard Risk & Business Continuity Manager Authorised by: Signed off by: DCC Francis
More informationBusiness Continuity Management Framework 2014 2017
Business Continuity Management Framework 2014 2017 Blackpool Council Business Continuity Framework V3.0 Page 1 of 13 CONTENTS 1.0 Forward 03 2.0 Administration 04 3.0 Policy 05 4.0 Business Continuity
More informationContact Centers in the Cloud: A Better Way to Source
Contact Centers in the Cloud: A Better Way to Source By Irwin Lazar Vice President and Service Director, Nemertes Research Executive Summary Contact Center Software as a Service (CCSaaS) solutions provide
More informationHow To Write An Audit And Governance Committee Report On An Itd Plan
Public Document Pack Worcestershire County Council Agenda Audit and Governance Committee Friday, 12 September 2014, 10.00 am County Hall, Worcester This document can be made available in other formats
More informationInstitute for Business Continuity Training 1623 Military Road, # 377 Niagara Falls, NY 14304-1745
ECP - 601: Effective Business Continuity Management: ISO 22301 This 3-day course provides an intensive, hands-on workshop covering all major aspects for the design of an effective Business Continuity Plan
More informationBusiness Continuity Plans
Version Number Issue 2 Business Continuity Policy Date Revision Complete Policy Owner Author Reason for Revision Proof Read April 2016 Business Improvement Manager Emma Earle, Business Services Officer
More informationwww.pwc.com Business Resiliency Business Continuity Management - January 14, 2014
www.pwc.com Business Resiliency Business Continuity Management - January 14, 2014 Agenda Key Definitions Risks Business Continuity Management Program BCM Capability Assessment Process BCM Value Proposition
More informationDRAFT Disaster Recovery Policy Template
DRAFT Disaster Recovery Policy Template NOTE: This is a boiler plate template much information is needed from to finalizeconsider this document pre-draft FOREWARD... 3 Policy Overview...
More informationCommunity and Built Environment Localities and Safer Communities Business Continuity Management Policy Andrew Fyfe
Community and Built Environment Localities and Safer Communities Business Continuity Management Policy Andrew Fyfe 4 Aug 14 Draft v4.4 TBC Resilience Team BCM Policy draft v4.4 1 4 Aug 2014 Statement of
More informationBUSINESS CONTINUITY MANAGEMENT POLICY
This document is uncontrolled once printed. Please check on the CCG s Intranet site for the most up to date version BUSINESS CONTINUITY MANAGEMENT POLICY DOCUMENT CONTROL Type of Document Document Title
More informationBUSINESS CONTINUITY PLANNING THE 10-MINUTE ASSESSMENT
BUSINESS CONTINUITY PLANNING THE 10-MINUTE ASSESSMENT BUSINESS CONTINUITY PLANNING - THE 10 MINUTE ASSESSMENT This is a quick assessment for you to see how far you have got with business continuity planning.
More informationBedfordshire Fire and Rescue Authority Corporate Services Policy and Challenge Group 9 September 2014 Item No. 6
For Publication Bedfordshire Fire Rescue Authority Corporate Services Policy Challenge Group 9 September 2014 Item No. 6 REPORT AUTHOR: SUBJECT: ASSISTANT CHIEF OFFICER (HUMAN RESOURCES AND ORGANISATIONAL
More informationTactical Cost Reduction
Tactical Cost Reduction G-Cloud Service 1 An overview of the G-Cloud Service Information assurance Backup/restore and disaster recovery On-boarding and Off-boarding processes/scope etc. Pricing Service
More informationService Improvement. Part 3 The Strategic View. Robert.Gormley@ed.ac.uk http://www.is.ed.ac.uk/itil
Service Improvement Part 3 The Strategic View Robert.Gormley@ed.ac.uk http://www.is.ed.ac.uk/itil Service Management House Customers Avail. Mgmt Capacity Mgmt Service Level Mgmt Continuity Mgmt Financial
More informationInternal Audit Report Disaster Recovery / Business Continuity Planning
Audit Committee, 28 November 2013 Internal Audit Report Disaster Recovery / Business Continuity Planning Executive summary and recommendations Introduction As part of the Internal Audit Plan for 2013-14,
More informationAppendix 2 - Leicester City Council s Business Continuity Management Policy Statement and Strategy 2015. Business Continuity Policy Statement 2015
Appendix 2 - Leicester City Council s Business Continuity Management Policy Statement and Strategy 2015 Business Continuity Policy Statement 2015 This Policy sets the direction for Business Continuity
More informationInformation Commissioner's Office
Information Commissioner's Office Ian Falconer Partner T: 0161 953 6480 E: ian.falconer@uk.gt.com Internal Audit 2011-12: Business Continuity Review Last updated 6 February 2012 Will Simpson Senior Manager
More informationICT, PROCUREMENT AND ASSET MANAGEMENT 18 APRIL 2008 SUB-COMMITTEE DISASTER RECOVERY/CONTINGENCY PLANNING
ICT, PROCUREMENT AND ASSET MANAGEMENT 18 APRIL 2008 SUB-COMMITTEE DISASTER RECOVERY/CONTINGENCY PLANNING Report by Director of Finance and Corporate Resources PURPOSE OF REPORT To bring before the Sub-Committee
More informationOhio Supercomputer Center
Ohio Supercomputer Center IT Business Continuity Planning No: Effective: OSC-13 06/02/2009 Issued By: Kevin Wohlever Director of Supercomputer Operations Published By: Ohio Supercomputer Center Original
More informationFM & SECURITY SOLUTIONS. SSS Managed Services. Impartial, innovative, involved
FM & SECURITY SOLUTIONS SSS Managed Services Impartial, innovative, involved SSS MANAGED SERVICES INTRODUCTION SSS Managed Services provides a range of flexible, scalable and service-led solutions for
More informationESSEX FIRE AUTHORITY Essex County Fire & Rescue Service
ESSEX FIRE AUTHORITY Essex County Fire & Rescue Service MEETING Essex Fire Authority AGENDA ITEM 14 MEETING DATE 5 September 2012 REPORT NUMBER SUBJECT REPORT BY Risk and Business Continuity Department
More informationHERTSMERE BOROUGH COUNCIL REPORT TO EXECUTIVE
HERTSMERE BOROUGH COUNCIL REPORT TO EXECUTIVE Item no: 8.4 Document Reference no: EX/12/20 Date of Meeting / Decision: This is not a key decision Urgency: The proposals are not exempt from call-in on the
More informationBusiness Continuity Plan
Version Control: Document Name: Version: Version 1.0 Author: Approved by: Corporate Support Manager Management Board/Executive Committee Date Approved: Review Date November 2016 Introduction The aim of
More informationBusiness Continuity Plan
Business Continuity Plan October 2007 Agenda Business continuity plan definition Evolution of the business continuity plan Business continuity plan life cycle FFIEC & Business continuity plan Questions
More informationLondon Borough of Merton
London Borough of Merton STRATEGIC BUSINESS CONTINUITY PLAN April 2014 Distribution List: Name Ged Curran Caroline Holland Yvette Stanley Simon Williams Chris Lee Title Chief Executive Director of Corporate
More informationVersion: 3.0. Effective From: 19/06/2014
Policy No: RM66 Version: 3.0 Name of Policy: Business Continuity Planning Policy Effective From: 19/06/2014 Date Ratified 05/06/2014 Ratified Business Service Development Committee Review Date 01/06/2016
More informationBusiness Continuity Management For Small to Medium-Sized Businesses
Business Continuity Management For Small to Medium-Sized Businesses Produced by NORMIT and Norfolk County Council Resilience Team For an electronic copy of this document visit www.normit.org Telephone
More informationInternal Audit Progress Report Performance and Overview Committee (19 th August 2015) Cheshire Fire Authority
Internal Audit Progress Report (19 th August 2015) Contents 1. Introduction 2. Key Messages for Committee Attention 3. Work in progress Appendix A: Risk Classification and Assurance Levels Appendix B:
More informationAudit of Business Continuity Planning
Cumbria Office of the Police & Crime Commissioner Audit of Business Continuity Planning 0 Cumbria Shared Internal Audit Service Images courtesy of Carlisle City Council except: Parks (Chinese Gardens),
More informationNEEDS BASED PLANNING FOR IT DISASTER RECOVERY
The Define/Align/Approve Reference Series NEEDS BASED PLANNING FOR IT DISASTER RECOVERY Disaster recovery planning is essential it s also expensive. That s why every step taken and dollar spent must be
More informationIT control environment Caerphilly County Borough Council
Audit 2008/2009 November 2009 Author: PricewaterhouseCoopers LLP Ref: C09366 IT control environment Caerphilly County Borough Council We found the overall IT control environment at Caerphilly County Borough
More informationUnit Guide to Business Continuity/Resumption Planning
Unit Guide to Business Continuity/Resumption Planning (February 2009) Revised June 2011 Executive Summary... 3 Purpose and Scope for a Unit Business Continuity Plan(BCP)... 3 Resumption Planning... 4 Assumptions
More informationBUSINESS CONTINUITY STRATEGY 2014-2017
BUSINESS CONTINUITY STRATEGY 2014-2017 This strategy covers the period 01 April 2014 31 March 2017 and was approved by the Major Incident Working Group 19.03.2014 Caroline Rushmer Major Incident and Business
More informationTRANSPORT FOR LONDON SAFETY, HEALTH AND ENVIRONMENT ASSURANCE COMMITTEE
AGENDA ITEM 9 TRANSPORT FOR LONDON SAFETY, HEALTH AND ENVIRONMENT ASSURANCE COMMITTEE SUBJECT: REVIEW OF TFL RESILIENCE MANAGEMENT POLICY FRAMEWORK DATE: 20 JULY 2010 1 PURPOSE AND DECISION REQUIRED 1.1
More informationBusiness Continuity Planning
Business Continuity Planning Public Entities Risk Management Forum 5 th July 2012 Presented by Mark Penberthy FBCI Overcoming Practical Challenges Business Continuity Management (BCM) AGENDA 1. What is
More informationBusiness Continuity Policy
Business Continuity Policy Page 1 of 15 Business Continuity Policy First published: Amendment record Version Date Reviewer Comment 1.0 07/01/2014 Debbie Campbell 2.0 11/07/14 Vicky Ryan Updated to include
More information24 September 2015 ITEM: 12. Standards and Audit Committee. Thurrock Council BCP and DR status. Key Decision: Key. Wards and communities affected: All
24 September 2015 ITEM: 12 Standards and Audit Committee Thurrock Council BCP and DR status Wards and communities affected: All Key Decision: Key Report of: Gary Staples, ICT Commercial Manager Accountable
More informationEssex Fire Authority
Internal Audit Report (2.13/.14) FINAL with the Civil Contingencies Act 1 October 2013 Contents Section Page Executive Summary 1 Action Plan 5 Findings and Recommendations 6 Debrief meeting 15 August 2013
More informationREPORT 2014/001 INTERNAL AUDIT DIVISION. Audit of information and communications technology help desk operations at United Nations Headquarters
INTERNAL AUDIT DIVISION REPORT 2014/001 Audit of information and communications technology help desk operations at United Nations Headquarters Overall results relating to the adequacy and effectiveness
More information