Business Continuity Management

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Business Continuity Management"

Transcription

1 Business Continuity Management Standard Operating Procedure Notice: This document has been made available through the Police Service of Scotland Freedom of Information Publication Scheme. It should not be utilised as guidance or instruction by any police officer or employee as it may have been redacted due to legal exemptions. Owning Department Version Number Risk and Business Assurance 2.00 Date Published 27/05/2016

2 Compliance Record Equality Impact Assessment: Date Completed / Reviewed: 14/12/2015 Information Management Compliant: Yes Health and Safety Compliant: Yes Publication Scheme Compliant: Yes Version Control Table Version History of Amendments Approval Date 1.01 Initial Published Version 26/03/ Inclusion of the requirement to consider EIAs in support of the Business Continuity approach. 29/03/ Minor changes. Various additions regarding legal requirements and BCM roles and responsibilities. 26/05/2016 2

3 Contents 1. Purpose 2. Business Continuity Management Overview 3. Business Continuity Management System (BCMS) Lifecycle 4. Scope of the Business Continuity Management System 5. Understanding of the Organisation and its Context 6. Legal and Regulatory Requirements 7. Understanding the Needs and Expectations of Interested Parties 8. Leadership and Commitment 9. Control of Documented Information 10. Resources 11. Competence 12. Business Impact Analysis 13. Establishing Resource Requirements 14. Protection and Mitigation 15. Fall-back Site 16. Service Level Agreement / Mutual Aid 17. Risk Assessment 18. Business Continuity Strategy 19. Incident Response Structure 20. Business Continuity Plans 21. Exercising and Testing 22. Evaluation of Business Continuity Procedures 23. Internal Audit 24. Continual Improvement 25. Management Commitment 26. BCM Roles and Responsibilities Appendices Appendix A Appendix B Appendix C Appendix D List of Associated Legislation List of Associated Reference Documents List of Associated Forms Notification / Invocation and Escalation Procedures 3

4 1. Purpose 1.1. This Standard Operating Procedure (SOP) supports the Police Service of Scotland, hereafter referred to as Police Scotland, Policy for Business Continuity Management. 1.2 The Civil Contingencies Act 2004, places a statutory duty on the police, as a Category 1 responder, to have a Business Continuity Management System (BCMS) in place to ensure continued delivery of essential services. 1.3 Police Scotland shall align its BCMS arrangements with the International Standards BSI ISO The Standard sets out the process and principles of BCM and enables the Organisation to measure its Business Continuity Management (BCM) capability in a consistent and recognised manner. 1.4 This SOP provides practical guidance on the methodology for developing and implementing BCM within Police Scotland and aims to provide an overview on BCM from initial development to the on-going maintenance of our Business Continuity capability. 1.5 BCM supports emergency planning and is underpinned by the Service s Risk Management Procedures, providing the overall framework within which the Service can comply with the Civil Contingencies Act Business Continuity Management Overview 2.1 A wide range of terminology has been used to describe the processes associated with managing disruptions, such as disaster recovery and contingency planning. These tend to be reactive, requiring a response only after a disruption has occurred. 2.2 However, BCM has evolved and now includes the concepts of risk management and corporate governance. Consequently, it now takes a proactive approach, seeking to identify those potential impacts that could adversely affect the service delivery capability of Police Scotland before they occur. 2.3 The Business Continuity Plan (BCP) identifies the essential resources needed to ensure that critical functions can continue in the event of a disruption. 2.4 Resource, time and capability constraints will mean that Police Scotland has to focus its business continuity activity on those processes most important to the objectives of the organisation. Prioritisation is a key element of business continuity and this may mean the disruption of some business processes for defined periods, until resources are available to restore them. 2.5 All levels of management within the Service need to appreciate that they have a responsibility in maintaining service delivery and therefore need to consider how they would manage disruptions to their functions. 4

5 2.6 Police Scotland has six Strategic Processes: A. Custody Management B. Operational Policing (Response & Community Policing) C. Command Control and Communications D. Criminal Investigation E. Health Safety & Welfare F. Supporting the Criminal Justice System 2.7 Any functions that support the Strategic Processes must be maintained and are known as Critical Functions. 3. Business Continuity Management System Lifecycle 3.1 The International Standard BS ISO applies the Plan-Do-Check-Act (PDCA) model to planning, establishing, implementing, operating, monitoring, reviewing, maintaining and continually improving the effectiveness of an organisation s BCMS. 3.2 Police Scotland will establish, implement, maintain and continually improve a BCMS, including the processes needed and their interactions, in accordance with the requirements of the International Standard BS ISO Business Continuity Management is defined in BS ISO as 'a holistic management process that identifies potential threats to an organisation and the impacts to business operations that those threats, if realised, might cause, and which provides a framework for building organisational resilience with the capability for an effective response that safeguards the interests of its key stakeholders, reputation, brand and value creating activities.' 3.4 BCM is proactive and concentrates on everything needed to continue the strategic processes of an organisation in the event of an interruption. It focuses on the effects and not the cause of the disruption. 3.5 Figure 1 below illustrates how a BCMS takes inputs (interested parties and requirements for continuity management) and, through the necessary actions and processes, produces continuity outcomes (i.e. managed business continuity) that meet those requirements. 5

6 Plan (Establish) Do (Implement and operate) Check (Monitor and review) Act (Maintain and improve) Establish business continuity policy, objectives, targets, controls, processes and procedures relevant to improving business continuity in order to deliver results that align with the organisation s overall policies and objectives. Implement and operate the business continuity policy, controls, processes and procedures. Monitor and review performance against business continuity policy and objectives, report the results to management for review, and determine and authorise actions for remediation and improvement. Maintain and improve the BCMS by taking corrective action, based on the results of management review and reappraising the scope of the BCMS and business continuity policy and objectives. 4. Scope of the Business Continuity Management System 4.1 Police Scotland will: Establish the parts of the Service to be included in the BCMS; Establish BCMS requirements, considering Police Scotland priorities, goals, internal and external obligations (including those related to interested parties), and legal and regulatory responsibilities; 6

7 Identify products and services and all related activities within the scope of the BCMS; and Take into account interested parties needs and interests, such as the supply chain, public and/or community input and needs, expectations and interests (as appropriate). 5. Understanding of the Organisation and its Context 5.1 Police Scotland will determine external and internal factors that are relevant to its purpose and that affect its ability to achieve the intended outcome(s) of its BCMS. 5.2 These factors shall be taken into account when establishing, implementing and maintaining the BCMS. Police Scotland will identify and document the following: Processes, functions, services, products, partnerships, supply chains, relationships with interested parties, and the potential impact related to a disruptive incident; Links between the BCMS and Police Scotland priorities and objectives and other policies, including its overall risk management strategy; and Risk appetite. 6. Legal and Regulatory Requirements 6.1 Police Scotland will establish, implement and maintain a procedure(s) to identify, access and assess the applicable legal and regulatory requirements. This will be related to the continuity of its operations, products and services, as well as the relevant interested parties. 6.2 Police Scotland will ensure that these applicable legal, regulatory and other requirements are taken into account in establishing, implementing and maintaining its BCMS. 6.3 Police Scotland shall document this information and keep it up-to-date. New or variations to legal, regulatory and other requirements shall be communicated to affected employees and other interested parties. 7. Understanding the Needs and Expectations of Interested Parties 7.1 When establishing its BCMS, Police Scotland shall determine: The interested parties that are relevant to the BCMS; and The requirements of these interested parties (i.e. their needs and expectations whether stated, generally implied or obligatory). 7

8 8. Leadership and Commitment 8.1 The Executive and other relevant management roles throughout the organisation must demonstrate leadership with respect to the BCMS. 9. Control of Documented Information 9.1 Documented information required by the BCMS shall be controlled to ensure it is available and suitable for use, where and when it is needed and that it is adequately protected. 10. Resources 10.1 Police Scotland will determine and provide the resources needed for the establishment, implementation, maintenance and continual improvement of the BCMS. 11. Competence 11.1 Police Scotland will: Ensure that those involved in the overview, co-ordination and management of the BCMS are competent on the basis of appropriate education, training, and experience; Where applicable, take actions to acquire the necessary competence, and evaluate the effectiveness of the actions taken; and Retain appropriate documented information as evidence of competence Training will be made available to all individuals who have a responsibility within the BCMS and will be tailored to their particular needs or involvement in the system. 12. Business Impact Analysis 12.1 Police Scotland shall establish, implement, and maintain a formal and documented evaluation process for determining continuity and recovery priorities, objectives and targets. This process shall include assessing the impacts of disrupting critical functions that support Police Scotland Strategic Processes. The Business Impact Analysis will include the following: Identifying critical functions that support the provision of Strategic Processes; Assessing the impacts over time of not performing these functions; 8

9 Setting prioritised timeframes for resuming these functions at a specified minimum acceptable level, taking into consideration the time within which the impacts of not resuming them would become unacceptable; and Identifying dependencies and supporting resources for these functions, including suppliers, outsource partners and other relevant interested parties Functions should be identified and prioritised in order of criticality, including those that either deliver or directly or indirectly support the Strategic Processes The process to prioritise functions must also identify the impact of the loss of, or a reduction in the ability to deliver that function and the impact over time in the business cycle of a particular function Two particular timescales must be considered. They are the Maximum Tolerable Period of Disruption, (MTPD) and the Recovery Time Objective, (RTO). In Business Continuity terms the MTPD is defined as the time it would take for adverse impacts, which might arise as a result of not providing a product/service or performing an activity, to become unacceptable What needs to be established is: The maximum time period after the start of any disruption to business within which each function needs to be resumed; The minimum level at which each function needs to be performed upon resumption; and The length of time within which normal levels of operation need to be resumed When considering this, it is clear that the aim must be to recover the function prior to reaching the MTPD A RTO must therefore be set for each function, which will always be less than the MTPD. In Business Continuity terms the RTO is defined as the period of time following an incident within which product or service must be resumed, or activity must be resumed, or resources must be recovered The RTO must be set at a realistic timescale so that there can be a staged recovery and thereafter resumption to normal service. Recovery times should be selected from the Recovery Time Objective Table which can be found in the Business Continuity Plan Template. The Business Continuity Plan template can be obtained from the Business Continuity Officer(s) at Risk and Business Assurance. 9

10 13. Establishing Resource Requirements 13.1 Police Scotland will determine the resource requirements to implement the selected strategies. The types of resources considered shall include but not be limited to: People; Information and data; Buildings, work environment and associated utilities; Facilities, equipment and consumables; Information and communication technology (ICT) systems; Transportation; Finance; and Partners and suppliers. 14. Protection and Mitigation 14.1 For identified risks requiring treatment, Police Scotland will consider proactive measures that: Reduce the likelihood of disruption; Shorten the period of disruption; and Limit the impact of disruption on Strategic Processes. 15. Fall-Back Site 15.1 For each Critical Function included within a BCP, it will be necessary to identify a fall-back site to ensure the continuity of the function, in the event of a permanent loss or temporary denial of access to the principal site. There must be agreement with the Head of the host / guest Business Area / Department identifying the following: The accommodation that is to be used; The circumstances under which it is to be used; Arrangements for gaining access; and Arrangements for contacting relevant staff The arrangements should be documented within the Fall-Back Accommodation Section of the BCP. If arrangements are within own estate please include details within the Accommodation Requirements section of the Business Impact Analysis (BIA). 10

11 15.3 Consideration must also be given to whether a move to fall-back accommodation will impact on any member of staff, or members of the public, from any of the protected groups from the Equality Act. For example a person with a disability which cannot be accommodated for at the fall-back site. Therefore an Equality Impact Assessment should be carried out to assist in decision making As a part of your fall-back arrangements consideration needs to be given to the creation of Battle Boxes / Grab Bags for the BCM Team and Critical Functions. The contents will be determined by those who will be required to use it during a disruption, the following items should be considered: Business Continuity Plan Hard Copy Templates Stationery Mobile Phone charger Note: Battle Boxes / Grab Bags must be secured within Police Premises. 16. Service Level Agreement / Mutual Aid 16.1 Where the continuation of an activity relies on an external agency or supplier, a service level agreement should be formulated agreeing levels of service to be provided. Business Continuity Plan Holders must ensure that the service being provided meets their needs and in particular that the timescales for providing the service matches the Recovery Time Objectives for their critical functions The Business Impact Analysis template will be used to complete and record the above described process. Business Impact Analysis template can be obtained from the Business Continuity Officer (s) at Risk and Business Assurance. 17. Risk Assessment 17.1 Police Scotland will establish, implement, and maintain a formal documented risk assessment process that systematically identifies, analyses and evaluates the risk of disruptive incidents Police Scotland will: Identify risks of disruption to the Strategic Processes and the functions, systems, information, people, assets, outsource partners and other resources that support them; Systematically analyse risk; 11

12 Evaluate which disruption related risks require treatment; and Identify treatments commensurate with business continuity objectives and in accordance with risk appetite. 18. Business Continuity Strategy 18.1 Determination and selection of strategy, including the development of Business Continuity Plans shall be based on the outputs from the BIA and risk assessment. Police Scotland will determine an appropriate business continuity strategy for: Protecting Strategic Processes; Stabilising, continuing, resuming and recovering prioritised functions and their dependencies and supporting resources; and Mitigating, responding to and managing disruptions Consideration shall also be given to conduct evaluations of the business continuity capabilities of suppliers. 19. Incident Response Structure 19.1 The Business Areas BCM Team structure for responding to a disruptive incident will mirror existing arrangements and management structures, as far as possible, without assigning individuals more than one key role. This will ensure the necessary responsibility, authority and competence to manage an incident Notification / Invocation and Escalation Procedures are included in the Business Continuity Plan template (see Appendix D ). 20. Business Continuity Plans 20.1 There must be an explanation of the scope of the plan, including a detailed description of the purpose, and services provided by the Business Area / Department and to whom Plans must include the following information: A process for invoking the plan; Details of contingencies for each of the functions, addressing individually loss of facilities / accommodation; IT and Communications systems; people and supply / support chains, including relevant health, safety and welfare issues; Relevant and necessary contact information for key personnel, internal and external departments/agencies and other key stakeholders; and 12

13 Fallback arrangements The degree of detail required to be contained within a Plan for a function shall be commensurate with the critical nature of that function Plans shall also consider arrangements needed to ensure smooth transition from Business Continuity mode to the resumption of normal business Once approved the Plan must be signed off by the Plan Holder and copies circulated as necessary. A copy of the plan must be submitted to the Business Continuity Management Officer(s). Further copies will be distributed as necessary and detailed on the Distribution Record of the plan. A hard copy plan will be kept at the fall-back site The Business Continuity Plan template will be used to complete and record this process. All BCM templates can be obtained from the Business Continuity Officer(s). 21. Exercising and Testing 21.1 Police Scotland will conduct exercises and tests that: Are consistent with the scope and objectives of the BCMS; Familiarises BCM Team with their roles; Are based on appropriate scenarios that are well planned with clearly defined aims and objectives; Taken together over time validate the whole of its business continuity arrangements, involving relevant interested parties; Minimise the risk of disruption to operations; Produce formalised post-exercise reports that contain outcomes, recommendations and actions to implement improvements; Are reviewed within the context of promoting continual improvement; and Are conducted at planned intervals and when there are significant changes within Police Scotland or to the environment in which it operates A programme of exercising of plans shall be implemented and will ensure that all plans are subject to an exercise at least once every year. In addition to this further exercises may be arranged. The level and number of exercises shall be commensurate with the level of risk associated with a Business Area or the critical nature of the functions of that Business Area The exercise programme will be co-ordinated by the Business Continuity Management Officer(s). 13

14 22. Evaluation of Business Continuity Procedures 22.1 Police Scotland will conduct evaluations of its business continuity procedures and capabilities in order to ensure their continuing suitability, adequacy and effectiveness. These evaluations shall be undertaken through periodic reviews, exercising, testing, post-incident reporting and performance evaluations. There shall be an annual review of all Business Continuity Plans with a six month health check between review periods. The review cycle will be co-ordinated by the Business Continuity Officers 22.2 Police Scotland has a statutory obligation to conduct an Equality Impact Assessment (EIA) on all policies, procedures, plans, orders, business change etc. This is under the Equality Act 2010 which places an onus on Police Scotland to adhere to the needs of the Public Sector Equality Duty As part of the BCM process it is essential that consideration be given to the impact on the relevant 9 protected characteristics (disability, race, age, gender, gender reassignment, maternity / paternity, marriage / civil partnership, sexual orientation) during the emergency, continuity and recovery phases for each BIA created for a Critical Function If this is sufficiently recorded in an auditable format i.e. within the BIA / BCP, then there will be no need to complete an EIA as this would be evidence of streamlining equality considerations in the process. Please refer to the Equality Impact Assessment SOP for further guidance on this subject The responsibility for this will lie with the Business Continuity Management Team and will be co-ordinated by the Business Continuity Management Officer(s) Significant changes arising shall be reflected in the procedure(s) in a timely manner. There shall be periodic evaluation of compliance with applicable legal and regulatory requirements, industry best practices, and conformance with its own business continuity strategy and objectives. The Police Scotland shall conduct evaluations at planned intervals and when significant changes occur When a disruptive incident occurs which requires the invocation of business continuity procedures, there must be a post-incident review by the Business Areas affected. The results must be explored to determine whether any amendments to procedures is required and to assist in the sharing of good practice where it is identified Part of the responsibility of Risk Management is to assess the business continuity risks faced by the Service. In order to do this, events occurring throughout Police Scotland which may indicate a risk require to be monitored The following three criteria should be applied in considering whether or not an incident should be reported: Time how long the incident lasts for or how long the outage is for; 14

15 Effect the effect the incident has on service, process or system; Scale does the incident impact upon the Force wide, Division/Department or work area Using the table below the following formula should be used: Time + Effect + Scale = Score These factors should be graded and scored, and incidents or occurrences that attract a score of 5 or more, must be reported. Score Time Effect Scale (Outage) 3 4 hrs + Total failure High - Force wide or more than one Command Area 2 1>4 hrs Substantial or significant failure Med - Division / Department or one Command Area 1 0>1 hrs No or limited failure Low local effect only Examples The following table shows some examples of incidents/disruptions. These are shown for guidance purposes using the criteria listed above, however, it should be noted that any incident/disruption regardless of its Score should be reported if it is believed to be in the best interest of Police Scotland. Furthermore, if an incident/disruption falls below the score criteria but is reoccurring consistently or regularly it should be reported. Incident Time Effect Scale Total Report Loss of Crime Recording system for 6hrs Yes at a Public Service Centre Total loss of power at Divisional Office for No 45 mins High sickness level of staff (30%) involving Yes more than one Command Area Loss of system at an HQ Department for 50 minutes No The Governance Report ( ) will be use to complete and record the process of post-incident review. Once complete the Governance Report should be submitted to the Business Continuity Management Officer(s). 23. Internal Audit 23.1 Scottish Police Authority (SPA), Internal Auditors shall conduct audits at planned intervals to provide information on whether the business continuity management system conforms to Police Scotland s own requirements for its BCMS, the requirements of BS ISO and is effectively implemented and maintained. 15

16 24. Continual Improvement 24.1 Police Scotland shall continually improve the suitability, adequacy and effectiveness of the BCMS in line with priorities. 25. Management Commitment 25.1 The Executive of Police Scotland must demonstrate leadership and commitment with respect to the BCMS by: Ensuring that policies and objectives established for the BCMS are compatible with strategic direction; Ensuring the integration of the BCMS requirements into business processes; Ensuring that the resources needed for the BCMS are available; Communicating the importance of effective business continuity management and conforming to the BCMS requirements; Ensuring that the BCMS achieves its intended outcome(s); Directing and supporting persons to contribute to the effectiveness of the BCMS; Promoting continual improvement; Supporting other relevant management roles to demonstrate their leadership and commitment as it applies to their areas of responsibility; and Establishing roles, responsibilities, and competencies for business continuity management. 26. Business Continuity Management Roles and Responsibilities 26.1 BCM Plan Holder Owner of the BCP; Final approval of BCM arrangements for Business Area 26.2 BCM Team Leader and Deputy Requires appropriate seniority and authority to be accountable for BCM implementation; Single point of contact for the Business Continuity Co-ordinator (BCC); Report directly to the Plan Holder with regard to BCM arrangements and disruptions. 16

17 26.3 Business Continuity Co-ordinator and Deputy Administration and maintenance of BCM Plan in respect of their area of business; Communication of Business Area BCM Arrangements; Identification and Co-ordination of Stakeholder activity in their Business Area; Monitor Fall-Back Accommodation within their Business Area; Organisation and administration of local exercising, auditing and amendment of their plan; Single point of contact for BCM Officer(s); Support & Advise BCM Team Leader; Completion of Governance Reports BCM Stakeholders Creation & Maintenance of BIA(s) for relevant Critical Functions; Will be Single Point of Contact for BCC; Will form part of BCM Team if required during a disruption; Will take part in BIA Walkthrough Exercises for relevant BIA(s); Will take part, where required in Local & Central Exercising BCM Officer(s) Support staff on aspects of BCM policy and strategy; Develop and co-ordinate the BCM arrangements and exercise programme for Police Scotland; Monitor and report the results of BCM activity to the Executive of Police Scotland; Provide staff with support, advice and guidance with regard to BCM; Develop, maintain and deliver training in BCM; Conduct BIA Walkthrough Exercises; Maintain Version Control for BCM Plans; Monitor Fall-Back Accommodation agreements between Business Areas; Co-ordinate review of BCM arrangements; Build relationships with External Organisations and Professional Bodies relating to BCM; Promote BCM best practice within Police Scotland. 17

18 Appendix A The Civil Contingencies Act 2004 List of Associated Legislation 18

19 Appendix B List of Associated Reference Documents Equality Impact Assessment SOP International Standards BSI ISO (Hard copy at Scottish Police College library). Police Scotland BCM Guidance Manual (Available from Business Continuity Officers) 19

20 Appendix C List of Associated Forms Business Continuity Management Governance Report ( ). 20

21 Appendix D BCM Notification / Invocation and Escalation Procedures 21

1.0 Policy Statement / Intentions (FOIA - Open)

1.0 Policy Statement / Intentions (FOIA - Open) Force Policy & Procedure Reference Number Business Continuity Management D269 Policy Version Date 23 July 2015 Review Date 23 July 2016 Policy Ownership Portfolio Holder Links or overlaps with other policies

More information

Business Continuity Policy

Business Continuity Policy Business Continuity Policy 1 NHS England INFORMATION READER BOX Directorate Medical Commissioning Operations Patients and Information Nursing Trans. & Corp. Ops. Commissioning Strategy Finance Publications

More information

Essex Clinical Commissioning Groups. Business Continuity Management System. Scope and Policy

Essex Clinical Commissioning Groups. Business Continuity Management System. Scope and Policy Essex Clinical Commissioning Groups Essex Clinical Commissioning Groups Business Continuity Management System Scope and Policy Policy Author: Daniel Hale - Head of Emergency Planning Version: 1.0 Date

More information

Business Continuity Management Policy

Business Continuity Management Policy Business Continuity Management Policy Business Continuity Policy Version 1.0 1 Version control Version Date Changes Author 0.1 April 13 1 st draft PH 0.2 June 13 Amendments in line with guidance PH 0.3

More information

Business Continuity Management Framework 2014 2017

Business Continuity Management Framework 2014 2017 Business Continuity Management Framework 2014 2017 Blackpool Council Business Continuity Framework V3.0 Page 1 of 13 CONTENTS 1.0 Forward 03 2.0 Administration 04 3.0 Policy 05 4.0 Business Continuity

More information

Business Continuity Policy

Business Continuity Policy Business Continuity Policy St Mary Magdalene Academy V1.0 / September 2014 Document Control Document Details Document Title Document Type Business Continuity Policy Policy Version 2.0 Effective From 1st

More information

Business Continuity (Policy & Procedure)

Business Continuity (Policy & Procedure) Business Continuity (Policy & Procedure) Publication Scheme Y/N Can be published on Force Website Department of Origin Force Operations Policy Holder Ch Supt Head of Force Ops Author Business Continuity

More information

Solihull Clinical Commissioning Group

Solihull Clinical Commissioning Group Solihull Clinical Commissioning Group Business Continuity Policy Version v1 Ratified by SMT Date ratified 24 February 2014 Name of originator / author CSU Corporate Services Review date Annual Target audience

More information

Business Continuity Policy

Business Continuity Policy Business Continuity Policy Page 1 of 15 Business Continuity Policy First published: Amendment record Version Date Reviewer Comment 1.0 07/01/2014 Debbie Campbell 2.0 11/07/14 Vicky Ryan Updated to include

More information

By. Mr. Chomnaphas Tangsook Business Director BSI Group ( Thailand) Co., Ltd

By. Mr. Chomnaphas Tangsook Business Director BSI Group ( Thailand) Co., Ltd BS 25999 Business Continuity Management By. Mr. Chomnaphas Tangsook Business Director BSI Group ( Thailand) Co., Ltd 1 Contents slide BSI British Standards 2006 BS 25999(Business Continuity) 2002 BS 15000

More information

WEST YORKSHIRE FIRE & RESCUE SERVICE. Business Continuity Management Strategy

WEST YORKSHIRE FIRE & RESCUE SERVICE. Business Continuity Management Strategy WEST YORKSHIRE FIRE & RESCUE SERVICE Business Continuity Management Strategy Date Issued: 12 November 2012 Review Date: 12 November 2015 Version Control Version Number Date Author Comment 0.1 June 2011

More information

Business Continuity Management Policy

Business Continuity Management Policy Governance: Business Committee Policy Owner: Chief Superintendent, Corporate Services Department: Corporate Services Policy Number: 002 Version: 3.0 Policy Writer: Business Continuity Co-ordinator Effective

More information

BUSINESS CONTINUITY MANAGEMENT POLICY

BUSINESS CONTINUITY MANAGEMENT POLICY BUSINESS CONTINUITY MANAGEMENT POLICY AUTHORISED BY: DATE: Andy Buck Chief Executive March 2011 Ratifying Committee: NHS Rotherham Board Date Agreed: Issue No: NEXT REVIEW DATE: 2013 1 Lead Director John

More information

NHS ISLE OF WIGHT CLINICAL COMMISSIONING GROUP BUSINESS CONTINUITY POLICY

NHS ISLE OF WIGHT CLINICAL COMMISSIONING GROUP BUSINESS CONTINUITY POLICY NHS ISLE OF WIGHT CLINICAL COMMISSIONING GROUP BUSINESS CONTINUITY POLICY AUTHOR/ APPROVAL DETAILS Document Author Written By: Human Resources Authorised Signature Authorised By: Helen Shields Date: 20

More information

NHS Hardwick Clinical Commissioning Group. Business Continuity Policy

NHS Hardwick Clinical Commissioning Group. Business Continuity Policy NHS Hardwick Clinical Commissioning Group Business Continuity Policy Version Date: 26 January 2016 Version Number: 2.0 Status: Approved Next Revision Due: January 2017 Gordon Stevens MBCI Corporate Assurance

More information

Business Continuity Policy

Business Continuity Policy Page 1 of 16 Business Continuity Policy Issue Date: Aug 2013 Document Number: 00241 Prepared by: Business Management and Continuity Senior Manager Next Review Date: April 2014 Page 2 of 16 NHS England

More information

Business Continuity Management

Business Continuity Management Business Continuity Management Version 1 approved by SMG December 2013 Business Continuity Policy Version 1 1 of 9 Business Continuity Management Summary description: This document provides the rationale

More information

BUSINESS CONTINUITY MANAGEMENT FRAMEWORK

BUSINESS CONTINUITY MANAGEMENT FRAMEWORK BUSINESS CONTINUITY MANAGEMENT FRAMEWORK Document Author: Civil Contingencies Service - Authorised by the CCS Joint Management Board - Version 1.0. Issued December 2012 Page 1 FRAMEWORK STATEMENT Business

More information

Business Continuity Management

Business Continuity Management Business Continuity Management Policy Statement & Strategy July 2009 Basildon District Council Business Continuity Management Policy Statement The Council is committed to ensuring robust and effective

More information

NOT PROTECTIVELY MARKED BUSINESS CONTINUITY. Specialist Operations Contingency Planning Business Continuity Manager 17.09.12

NOT PROTECTIVELY MARKED BUSINESS CONTINUITY. Specialist Operations Contingency Planning Business Continuity Manager 17.09.12 POLICY BUSINESS CONTINUITY Policy owners Policy holder Author Head of Services Specialist Operations Contingency Planning Business Continuity Manager Policy No. 132 Approved by Legal Services 17.09.12

More information

BS a framework for resilience and success. Robert Whitcher BCI Webinar June, 2009

BS a framework for resilience and success. Robert Whitcher BCI Webinar June, 2009 BS 25999 a framework for resilience and success Robert Whitcher BCI Webinar June, 2009 2 Scope of Presentation The Standards process Drivers for BCM and BS 25999 BS 25999 development Overview of BS 25999

More information

Business Continuity Management (BCM) Policy

Business Continuity Management (BCM) Policy Business Continuity Management (BCM) Policy Reference number: Corporate 042 Title: Business Continuity Management (BCM) Policy Version number: Version 2 Policy Approved by: LLR PCT Cluster Board Date of

More information

CENTRAL BANK OF KENYA (CBK) PRUDENTIAL GUIDELINE ON BUSINESS CONTINUITY MANAGEMENT (BCM) FOR INSTITUTIONS LICENSED UNDER THE BANKING ACT

CENTRAL BANK OF KENYA (CBK) PRUDENTIAL GUIDELINE ON BUSINESS CONTINUITY MANAGEMENT (BCM) FOR INSTITUTIONS LICENSED UNDER THE BANKING ACT CENTRAL BANK OF KENYA (CBK) PRUDENTIAL GUIDELINE ON BUSINESS CONTINUITY MANAGEMENT (BCM) FOR INSTITUTIONS LICENSED UNDER THE BANKING ACT JANUARY 2008 GUIDELINE ON BUSINESS CONTINUITY GUIDELINE CBK/PG/14

More information

Proposal for Business Continuity Plan and Management Review 6 August 2008

Proposal for Business Continuity Plan and Management Review 6 August 2008 Proposal for Business Continuity Plan and Management Review 6 August 2008 2008/8/6 Contents About Newton IT / Quality of our services. BCM & BS25999 Overview 2. BCM Development in line with BS25999 3.

More information

Business Continuity Policy and Business Continuity Management System

Business Continuity Policy and Business Continuity Management System Business Continuity Policy and Business Continuity Management System Summary: This policy sets out the structure for ensuring that the PCT has effective Business Continuity Plans in place in order to maintain

More information

South West Lincolnshire NHS Clinical Commissioning Group Business Continuity Policy

South West Lincolnshire NHS Clinical Commissioning Group Business Continuity Policy South West Lincolnshire NHS Clinical Commissioning Group Business Continuity Policy Reference No: CG 01 Version: Version 1 Approval date 18 December 2013 Date ratified: 18 December 2013 Name of Author

More information

BUSINESS CONTINUITY POLICY

BUSINESS CONTINUITY POLICY BUSINESS CONTINUITY POLICY Last Review Date Approving Body n/a Audit Committee Date of Approval 9 th January 2014 Date of Implementation 1 st February 2014 Next Review Date February 2017 Review Responsibility

More information

BUSINESS CONTINUITY POLICY RM03

BUSINESS CONTINUITY POLICY RM03 BUSINESS CONTINUITY POLICY RM03 Applies to: All NHS LA employees, contractors, secondees and consultants, contractors and/or any other parties who will carry out duties on behalf of the NHS LA Version:

More information

Business continuity management policy

Business continuity management policy Business continuity management policy health.wa.gov.au Effective: XXX Title: Business continuity management policy 1. Purpose All public sector bodies are required to establish, maintain and review business

More information

Business Continuity Management and BS 25999 by Steve Chan, Head of Training - HK, BSI Management Systems

Business Continuity Management and BS 25999 by Steve Chan, Head of Training - HK, BSI Management Systems Business Continuity Management and BS 25999 by Steve Chan, Head of Training - HK, BSI Management Systems 9 April, 2008 2 Presentation content Drivers for Business Continuity Standards and definitions.

More information

BUSINESS CONTINUITY MANAGEMENT POLICY

BUSINESS CONTINUITY MANAGEMENT POLICY This document is uncontrolled once printed. Please check on the CCG s Intranet site for the most up to date version BUSINESS CONTINUITY MANAGEMENT POLICY DOCUMENT CONTROL Type of Document Document Title

More information

NORTH HAMPSHIRE CLINICAL COMMISSIONING GROUP BUSINESS CONTINUITY MANAGEMENT POLICY AND PLAN (COR/017/V1.00)

NORTH HAMPSHIRE CLINICAL COMMISSIONING GROUP BUSINESS CONTINUITY MANAGEMENT POLICY AND PLAN (COR/017/V1.00) NORTH HAMPSHIRE CLINICAL COMMISSIONING GROUP BUSINESS CONTINUITY MANAGEMENT POLICY AND PLAN (COR/017/V1.00) Subject and version number of document: Serial Number: Business Continuity Management Policy

More information

Information Security Policy. Chapter 11. Business Continuity

Information Security Policy. Chapter 11. Business Continuity Information Security Policy Chapter 11 Business Continuity Author: Policy & Strategy Team Version: 0.5 Date: July 2008 Version 0.5 Page 1 of 6 Document Control Information Document ID Document title Sefton

More information

BUSINESS CONTINUITY FRAMEWORK

BUSINESS CONTINUITY FRAMEWORK BUSINESS CONTINUITY FRAMEWORK DOCUMENT INFORMATION DOCUMENT TYPE: DOCUMENT STATUS: POLICY OWNER POSITION: INTERNAL COMMITTEE ENDORSEMENT: APPROVED BY: Strategic document Approved Manager Organisational

More information

DORSET & WILTSHIRE FIRE AND RESCUE AUTHORITY Performance, Risk and Business Continuity Management Policy

DORSET & WILTSHIRE FIRE AND RESCUE AUTHORITY Performance, Risk and Business Continuity Management Policy Not Protectively Marked Item 6 Appendix B DORSET & WILTSHIRE FIRE AND RESCUE AUTHORITY Management Policy The Dorset & Wiltshire Fire and Rescue Authority () is the combined fire and rescue authority for

More information

Birmingham CrossCity Clinical Commissioning Group. Business Continuity Management Policy

Birmingham CrossCity Clinical Commissioning Group. Business Continuity Management Policy Birmingham CrossCity Clinical Commissioning Group Business Continuity Management Policy Version V1.0 Ratified by Operational Development Group Date ratified 6 th November 2014 Name of originator / author

More information

Principles for BCM requirements for the Dutch financial sector and its providers.

Principles for BCM requirements for the Dutch financial sector and its providers. Principles for BCM requirements for the Dutch financial sector and its providers. Platform Business Continuity Vitale Infrastructuur Financiële sector (BC VIF) Werkgroep BCM requirements 21 September 2011

More information

www.td.com.au Business Continuity - IT Disaster Recovery Discussion Paper - - Commercial in Confidence Version V2.0R Wednesday, 5 September 2012

www.td.com.au Business Continuity - IT Disaster Recovery Discussion Paper - - Commercial in Confidence Version V2.0R Wednesday, 5 September 2012 Business Continuity - IT Disaster Recovery Discussion Paper - - Version V2.0R Wednesday, 5 September 2012 Commercial in Confidence Melbourne Sydney 79-81 Coppin St Level 2 Richmond VIC 3121 414 Kent St

More information

PAPER-6 PART-1 OF 5 CA A.RAFEQ, FCA

PAPER-6 PART-1 OF 5 CA A.RAFEQ, FCA 1 Chapter-4: Business Continuity Planning and Disaster Recovery Planning PAPER-6 PART-1 OF 5 CA A.RAFEQ, FCA Learning Objectives 2 To understand the concept of Business Continuity Management To understand

More information

Business Continuity in SIA

Business Continuity in SIA Aim of the document: This document describes how SIA develops, implements and maintains its business continuity management system, applying what is stated in the company Business Continuity Guidelines,

More information

Introduction to Business Continuity Management (BCM) Andy Fyfe MBCI Resilience Manager Buckinghamshire County Council

Introduction to Business Continuity Management (BCM) Andy Fyfe MBCI Resilience Manager Buckinghamshire County Council Introduction to Business Continuity Management (BCM) Andy Fyfe MBCI Resilience Manager Buckinghamshire County Council Aim To provide an introduction to Business Continuity Management (BCM). Objectives

More information

Risk Management & Business Continuity Manual 2011-2014

Risk Management & Business Continuity Manual 2011-2014 ANNEX C Risk Management & Business Continuity Manual 2011-2014 Produced by the Risk Produced and by the Business Risk and Business Continuity Continuity Team Team February 2011 April 2011 Draft V.10 Page

More information

CHAPTER 1: BUSINESS CONTINUITY MANAGEMENT STRATEGY AND POLICY

CHAPTER 1: BUSINESS CONTINUITY MANAGEMENT STRATEGY AND POLICY Zurich Management Services Limited Registered in England: No 2741053 Registered Office The Zurich Centre, 3000 Parkway Whiteley, Fareham Hampshire, PO15 7JZ CHAPTER 1: BUSINESS CONTINUITY MANAGEMENT STRATEGY

More information

I attach the following documents in response:

I attach the following documents in response: London Fire Brigade Headquarters 169 Union Street London SE1 0LL T 020 8555 1200 F 020 7960 3602 Minicom 020 7960 3629 www.london-fire.gov.uk Freedom of Information request reference number: FOIA608.1

More information

abcdefghijklmnopqrstu

abcdefghijklmnopqrstu abcdefghijklmnopqrstu Business Continuity A Framework for NHS Scotland Strategic Guidance for NHS Organisations in Scotland 1 Contents 1. Introduction 4 1.1 Business Continuity Overview 5 2. Roles and

More information

Moving from BS 25999-2 to ISO 22301. The new international standard for business continuity management systems. Transition Guide

Moving from BS 25999-2 to ISO 22301. The new international standard for business continuity management systems. Transition Guide Transition Guide Moving from BS 25999-2 to ISO 22301 The new international standard for business continuity management systems Extract from The Route Map to Business Continuity Management: Meeting the

More information

BUSINESS CONTINUITY POLICY

BUSINESS CONTINUITY POLICY BUSINESS CONTINUITY POLICY Document Type Corporate Policy Unique Identifier CO-038 Document Purpose To provide a structure through which: i. A comprehensive business continuity management system (BCMS)

More information

Appendix 2 - Leicester City Council s Business Continuity Management Policy Statement and Strategy 2015. Business Continuity Policy Statement 2015

Appendix 2 - Leicester City Council s Business Continuity Management Policy Statement and Strategy 2015. Business Continuity Policy Statement 2015 Appendix 2 - Leicester City Council s Business Continuity Management Policy Statement and Strategy 2015 Business Continuity Policy Statement 2015 This Policy sets the direction for Business Continuity

More information

Prudential Practice Guide

Prudential Practice Guide Prudential Practice Guide LPG 232 Business Continuity Management March 2007 www.apra.gov.au Australian Prudential Regulation Authority Disclaimer and copyright This prudential practice guide is not legal

More information

Institute for Business Continuity Training 1623 Military Road, # 377 Niagara Falls, NY 14304-1745

Institute for Business Continuity Training 1623 Military Road, # 377 Niagara Falls, NY 14304-1745 ECP - 601: Effective Business Continuity Management: ISO 22301 This 3-day course provides an intensive, hands-on workshop covering all major aspects for the design of an effective Business Continuity Plan

More information

NOT PROTECTIVELY MARKED. Business Continuity Management Policy. Risk and Business Continuity Management

NOT PROTECTIVELY MARKED. Business Continuity Management Policy. Risk and Business Continuity Management Policy Title CCMT Sponsor Department/Area Section/Sector Business Continuity Management Policy Deputy Chief Constable Strategic Development Risk and Business Continuity Management 1.0 Rationale Thames

More information

NHS Commissioning Board Business Continuity Management Framework (service resilience)

NHS Commissioning Board Business Continuity Management Framework (service resilience) NHS Commissioning Board Business Continuity Management Framework (service resilience) 1 P a g e NHS Commissioning Board Business Continuity Management Framework Date 7 January 2013 Audience NHS Commissioning

More information

NHS Central Manchester Clinical Commissioning Group (CCG) Business Continuity Management (BCM) Policy. Version 1.0

NHS Central Manchester Clinical Commissioning Group (CCG) Business Continuity Management (BCM) Policy. Version 1.0 NHS Central Manchester Clinical Commissioning Group (CCG) Business Continuity Management (BCM) Policy Version 1.0 Document Control Title: Status: Version: 1.0 Issue date: May 2014 Document owner: (Name,

More information

South Norfolk Council Business Continuity Policy

South Norfolk Council Business Continuity Policy South Norfolk Council Business Continuity Policy 1 Title: Business Continuity Policy Date of Publication: TBC Version: 2 Published by: Emergency Planning Team Review date: April 2014 Document Owner: Document

More information

Business Continuity Management. Policy Statement and Strategy

Business Continuity Management. Policy Statement and Strategy Business Continuity Management Policy Statement and Strategy November 2011 Title Business Continuity Management Policy & Strategy Date of Publication: Cabinet Council Published by Borough Council of King

More information

Company Management System. Business Continuity in SIA

Company Management System. Business Continuity in SIA Company Management System Business Continuity in SIA Document code: Classification: Company Project/Service Year Document No. Version Public INDEX 1. INTRODUCTION... 3 2. SIA S BUSINESS CONTINUITY MANAGEMENT

More information

Departmental Business Continuity Framework. Part 2 Working Guides

Departmental Business Continuity Framework. Part 2 Working Guides Department for Work and Pensions Departmental Business Continuity Framework Part 2 Working Guides Page 1 of 60 CONTENTS Guide to business impact analysis...3 Guide to business continuity planning...7 Guide

More information

Business continuity management policy

Business continuity management policy Business continuity management policy Issue sheet Document reference Document location Title Author Issued to Reason issued NHSBSADPN001b S:\BSA\IGM\Mng IG\Developing Policy and Strategy\Develop or Review

More information

ISO 22301: Societal Security Terminology ISO 22313: BCMS Guidance ISO 22398: Exercises and Testing - Guidance

ISO 22301: Societal Security Terminology ISO 22313: BCMS Guidance ISO 22398: Exercises and Testing - Guidance The Impact of ISO 22301 Moving Your BCM Program to a Management System Implementing the Newly Approved International Business Continuity Management System Standard & Guidance Documents ISO 22301: Societal

More information

Business Continuity Business Continuity Management Policy

Business Continuity Business Continuity Management Policy Business Continuity Business Continuity Management Policy : Date of Issue: 28 January 2009 Version no: 1.1 Review Date: January 2010 Document Owner: Patricia Hughes Document Authoriser: Tony Curtis 1 Version

More information

Business Continuity Management Governance. Frank Higgins Abu Dhabi March 2015

Business Continuity Management Governance. Frank Higgins Abu Dhabi March 2015 Business Continuity Management Governance Frank Higgins Abu Dhabi March 2015 Different Names Same Concept BCM (Business Continuity Management) BSI 25999 IPOCM (Incident Preparedness & Operational Continuity

More information

DORSET & WILTSHIRE FIRE AND RESCUE AUTHORITY Performance, Risk and Business Continuity Management Policy

DORSET & WILTSHIRE FIRE AND RESCUE AUTHORITY Performance, Risk and Business Continuity Management Policy Part Two Part One Not Protectively Marked DORSET & WILTSHIRE FIRE AND RESCUE AUTHORITY Performance, Risk and Business Continuity Management Policy. The Dorset & Wiltshire Fire and Rescue Authority (DWFRA)

More information

Business Continuity Policy

Business Continuity Policy Business Continuity Policy Reference Number: 243 Author & Title: Siân Dyson Resilience Manager Responsible Director: Chief Operating Officer Review Date: 29 May 2018 Ratified by: Francesca Thompson Chief

More information

ISO The Route Map to Business Continuity Management

ISO The Route Map to Business Continuity Management ISO 22301- The Route Map to Business Continuity Management John A. DiMaria; CSSBB, HISP, MHISP, AMBCI ISO Product Manager; BSI Group Americas Inc. Agenda A basic understanding of ISO 22301:2012 How identifying

More information

BSO Board Director of Human Resources & Corporate Services Business Continuity Policy. 28 February 2012

BSO Board Director of Human Resources & Corporate Services Business Continuity Policy. 28 February 2012 To: From: Subject: Status: Date of Meeting: BSO Board Director of Human Resources & Corporate Services Business Continuity Policy For Approval 28 February 2012 The Board is asked to agree the attached

More information

Business Continuity Planning and Disaster Recovery Planning

Business Continuity Planning and Disaster Recovery Planning 4 Business Continuity Planning and Disaster Recovery Planning Basic Concepts 1. Business Continuity Management: Business Continuity means maintaining the uninterrupted availability of all key business

More information

WILTSHIRE POLICE FORCE POLICY

WILTSHIRE POLICE FORCE POLICY Template v4 WILTSHIRE POLICE FORCE POLICY BUSINESS CONTINUITY MANAGEMENT SYSTEMS (BCMS) Effective from: July 2013 Version: 2.0 Next Review Date: July 2015 POLICY STATEMENT Wiltshire Police has a statutory

More information

Guideline - Business Continuity Plan

Guideline - Business Continuity Plan Guideline - Business Continuity Plan 1. Introduction: The Business Continuity Plan is a component of the Risk and Business Management suite. This suite includes: Risk Management including risk registers

More information

Update from the Business Continuity Working Group

Update from the Business Continuity Working Group 23 June 2014 Performance and Resources Board 19 To note Update from the Business Continuity Working Group Issue 1 The Business Continuity Working Group oversees the development, maintenance and improvement

More information

Cumbria Constabulary. Business Continuity Planning

Cumbria Constabulary. Business Continuity Planning Cumbria Constabulary Business Continuity Planning 0 Cumbria Shared Internal Audit Service Images courtesy of Carlisle City Council except: Parks (Chinese Gardens), www.sjstudios.co.uk, Monument (Market

More information

HOW CAN YOU ENSURE BUSINESS CONTINUITY? ISO 22301 AUDITS, CERTIFICATION AND TRAINING

HOW CAN YOU ENSURE BUSINESS CONTINUITY? ISO 22301 AUDITS, CERTIFICATION AND TRAINING HOW CAN YOU ENSURE BUSINESS CONTINUITY? ISO 22301 AUDITS, CERTIFICATION AND TRAINING ISO 22301 BUSINESS CONTINUITY MANAGEMENT SYSTEMS Most organisations will, at some point, be faced with having to respond

More information

NHS Durham Dales, Easington and Sedgefield Clinical Commissioning Group. Business Continuity Plan

NHS Durham Dales, Easington and Sedgefield Clinical Commissioning Group. Business Continuity Plan NHS Durham Dales, Easington and Sedgefield Clinical Commissioning Group Business Continuity Plan Page 1 Review To be done annually Author Chief Operating Officer Reviewer Head of Corporate Services Version

More information

BUSINESS CONTINUITY MANAGEMENT GUIDELINES FOR BANKS AND FINANCIAL INSTITUTIONS

BUSINESS CONTINUITY MANAGEMENT GUIDELINES FOR BANKS AND FINANCIAL INSTITUTIONS BUSINESS CONTINUITY MANAGEMENT GUIDELINES FOR BANKS AND FINANCIAL INSTITUTIONS DIRECTORATE OF BANKING SUPERVISION AUGUST 2009 TABLE OF CONTENTS PAGE 1.0 INTRODUCTION..3 1.1 Background...3 1.2 Citation...3

More information

Emergency Response and Business Continuity Management Policy

Emergency Response and Business Continuity Management Policy Emergency Response and Business Continuity Management Policy Owner: John Duffy, Registrar & Secretary Last updated: September 2012 Version: 04 Document control Date Version Author Changes To be populated

More information

Harrow Business Consultative Panel. Business Continuity Management. Responsible Officer: Myfanwy Barrett Director of Finance and Business Strategy

Harrow Business Consultative Panel. Business Continuity Management. Responsible Officer: Myfanwy Barrett Director of Finance and Business Strategy Meeting: Harrow Business Consultative Panel Date: 18 th July 2006 Subject: Business Continuity Management Responsible Officer: Myfanwy Barrett Director of Finance and Business Strategy Contact Officer:

More information

Guidance Note XGN XXX.1

Guidance Note XGN XXX.1 Guidance Note XGN XXX.1 Risk Assessment and Business Continuity Planning 1. This Guidance Note provides further detail on matters institutions should consider in assessing disruption scenarios and certain

More information

Business Continuity Strategy Manual

Business Continuity Strategy Manual Business Continuity Strategy Manual Issue 03 July 2009 Authorised by: Managing Director, Date: 1. Amendments 2. Definitions 3. BCM System Management 4. Purpose 5. Scope 6. Roles & Responsibilities 7. Business

More information

RISK MANAGEMENT POLICY & FRAMEWORK. \\vmfileserver02\company\council\judy\risk Management\Risk Management Framework 2013 (2).

RISK MANAGEMENT POLICY & FRAMEWORK. \\vmfileserver02\company\council\judy\risk Management\Risk Management Framework 2013 (2). RISK MANAGEMENT POLICY & FRAMEWORK \\vmfileserver02\company\council\judy\risk Management\Risk Management Framework 2013 (2).doc 20 Page 1 of Table of Contents Risk Management Policy...3 Risk Management

More information

BUSINESS CONTINUITY & STRATEGY POLICY

BUSINESS CONTINUITY & STRATEGY POLICY BUSINESS CONTINUITY & STRATEGY POLICY Authorship: Chris Wallace, Information Governance Manager Committee Approved: Quality and Clinical Governance Committee Approved date: 1 Feb 2014 Review Date: Jan

More information

PS 170 Business Continuity Management Policy

PS 170 Business Continuity Management Policy PS 170 Business Continuity Management Policy July 2013 Version 2 Statement of legislative compliance This document has been drafted to comply with the general and specific duties in the Equality Act 2010;

More information

Version: 3.0. Effective From: 19/06/2014

Version: 3.0. Effective From: 19/06/2014 Policy No: RM66 Version: 3.0 Name of Policy: Business Continuity Planning Policy Effective From: 19/06/2014 Date Ratified 05/06/2014 Ratified Business Service Development Committee Review Date 01/06/2016

More information

DRAFT BUSINESS CONTINUITY MANAGEMENT POLICY

DRAFT BUSINESS CONTINUITY MANAGEMENT POLICY DRAFT BUSINESS CONTINUITY MANAGEMENT POLICY This document outlines a set of policies and procedures for formalising a Business Continuity programme, and provides guidelines for developing, maintaining

More information

Appendix 1 - Leicester City Council s Business Continuity Management Strategy and Policy Statement - 2016

Appendix 1 - Leicester City Council s Business Continuity Management Strategy and Policy Statement - 2016 Appendix 1 - Leicester City Council s Business Continuity Management Strategy and Policy Statement - 2016 Policy Statement - 2016 This Policy sets the direction for Business Continuity Management at Leicester

More information

Procedures. Issue Date: June 2014 Version Number: 2.0. Document Number: POL_1009. Status: Approved Next Review Date: April 2017 Page 1 of 17

Procedures. Issue Date: June 2014 Version Number: 2.0. Document Number: POL_1009. Status: Approved Next Review Date: April 2017 Page 1 of 17 Proforma: Information Policy Security & Corporate Policy Procedures Status: Approved Next Review Date: April 2017 Page 1 of 17 Issue Date: June 2014 Prepared by: Information Governance Senior Manager Status:

More information

All CCG staff. This policy is due for review on the latest date shown above. After this date, policy and process documents may become invalid.

All CCG staff. This policy is due for review on the latest date shown above. After this date, policy and process documents may become invalid. Policy Type Information Governance Corporate Standing Operating Procedure Human Resources X Policy Name CCG IG03 Information Governance & Information Risk Policy Status Committee approved by Final Governance,

More information

Business Continuity Policy

Business Continuity Policy Business Continuity Policy Summary: This policy sets out the structure for ensuring that the PCT has effective Business Continuity Plans in place in order to maintain its essential business functions during

More information

University of Sunderland Business Assurance Information Security Policy

University of Sunderland Business Assurance Information Security Policy University of Sunderland Business Assurance Information Security Policy Document Classification: Public Policy Reference Central Register Policy Reference Faculty / Service IG 003 Policy Owner Assistant

More information

BCP and DR. P K Patel AGM, MoF

BCP and DR. P K Patel AGM, MoF BCP and DR P K Patel AGM, MoF Key difference between BS 25999 and ISO 22301 ISO 22301 puts a much greater emphasis on setting the objectives, monitoring performance and metrics aligning BC to top management

More information

The PNC Financial Services Group, Inc. Business Continuity Program

The PNC Financial Services Group, Inc. Business Continuity Program The PNC Financial Services Group, Inc. Business Continuity Program 1 Content Overview A. Introduction Page 3 B. Governance Model Page 4 C. Program Components Page 4 Business Impact Analysis (BIA) Page

More information

University of Glasgow. Policy for. Business Continuity Management

University of Glasgow. Policy for. Business Continuity Management University of Glasgow Policy for Business Continuity Management 1 Policy Statement The University of Glasgow is committed to delivering the highest possible quality of service to our students, and the

More information

Business Continuity Planning Manual. Version 1

Business Continuity Planning Manual. Version 1 Business Continuity Planning Manual Version 1 Business Continuity Planning for NHS Organisations Business Continuity Planning Manual CONTENTS INTRODUCTION... 1 BACKGROUND... 3 1. SCOPE, AIMS AND OBJECTIVES...

More information

Freedom of Information Act Publication Scheme Protective Marking. Publication Scheme Y/N Yes Title. Version 3.0 Summary

Freedom of Information Act Publication Scheme Protective Marking. Publication Scheme Y/N Yes Title. Version 3.0 Summary Freedom of Information Act Publication Scheme Protective Marking Not Protectively Marked Publication Scheme Y/N Yes Title Business Continuity Policy and Equality Impact Assessment Version 3.0 Summary This

More information

Business Continuity Management Policy and Framework

Business Continuity Management Policy and Framework Management Policy and Framework Version: Produced by: Date Produced: Approved by: Updated: 7 University Manager with the assistance of the Operational Group 11 th March 2010 Steering Group (14 December

More information

Business Continuity Management

Business Continuity Management Annex A Business Continuity Management Programme Business Continuity Management Policy 1. Introduction This Business Continuity Management (BCM) Policy defines the scope of the SPCB s ability to maintain

More information

BUSINESS CONTINUITY PLAN

BUSINESS CONTINUITY PLAN MEETING DATE: 10 April 2014 AGENDA ITEM NUMBER: Item 7.6.2 AUTHOR: JOB TITLE: DEPARTMENT: Julie Killingbeck/Catherine Wylie Relationship Manager Commissioning/Director Quality and Assurance NHS North Lincolnshire

More information

Risk Management Guidelines

Risk Management Guidelines Business Continuity Management Understanding Risk We live in an unpredictable world. No matter how effectively a business protects itself through insurance, there are some risks that cannot be anticipated,

More information

DERBYSHIRE COUNTY COUNCIL BUSINESS CONTINUITY POLICY

DERBYSHIRE COUNTY COUNCIL BUSINESS CONTINUITY POLICY DERBYSHIRE COUNTY COUNCIL BUSINESS CONTINUITY POLICY VERSION 1.0 ISSUED JULY 2015 CONTENTS Page CONTENTS VERSION CONTROL FOREWORD i ii iii POLICY 1 Scope 1 Aim and Objectives 1 Methods and Standards 1

More information

Prudential Practice Guide

Prudential Practice Guide Prudential Practice Guide SPG 232 Business Continuity Management July 2013 www.apra.gov.au Australian Prudential Regulation Authority Disclaimer and copyright This prudential practice guide is not legal

More information

Community and Built Environment Localities and Safer Communities Business Continuity Management Policy Andrew Fyfe

Community and Built Environment Localities and Safer Communities Business Continuity Management Policy Andrew Fyfe Community and Built Environment Localities and Safer Communities Business Continuity Management Policy Andrew Fyfe 4 Aug 14 Draft v4.4 TBC Resilience Team BCM Policy draft v4.4 1 4 Aug 2014 Statement of

More information

Checklist of ISO 22301 Mandatory Documentation

Checklist of ISO 22301 Mandatory Documentation Checklist of ISO 22301 Mandatory Documentation 1) Which documents and records are required? The list below shows the minimum set of documents and records required by ISO 22301:2012 (the standard refers

More information