BUSINESS CONTINUITY MANAGEMENT IN THE PUBLIC SECTOR A ROUGH GUIDE
|
|
- Duane Tate
- 8 years ago
- Views:
Transcription
1 BUSINESS CONTINUITY MANAGEMENT IN THE PUBLIC SECTOR A ROUGH GUIDE Introduction 1. Recently many organisations both public and private have directed much more time, money and effort towards protecting service delivery and ensuring business continuity. This increased impetus can be attributed, in some part, to the unexpected but positive side effect of the Millennium Bug, where organisations focused on being prepared for the Millennium Date Change Period. 2. Many organisations, working under pressure to meet the 01 January 2000 deadline, were compelled to identify risks to their business and the means to mitigate against such risks. Contingencies', or alternative ways of working to ensure continued delivery of critical business, should some major interruption occur, were planned. Liaison with other organisations such as suppliers, customers and partners was embarked upon to identify interdependencies. Application of these business continuity techniques meant that organisations were able to plan not only for the more predicable effects of Y2K but also for the more far reaching and knock on effects, which could have occurred. 3. Although the Y2K date change has come and gone many organisations can congratulate themselves, but should resist viewing their efforts in respect of business continuity in an historical context, as plans and procedures still have currency today. Organisations can take full advantage of their Y2K planning, using it as a springboard towards a more comprehensive approach to business continuity. Assessments and plans should be revisited with the following questions in mind: Have all business critical functions been considered, not just those that were operational during the millennium date change period? Are plans capable of being invoked at any time? (Millennium Operating Regimes could be updated with procedures, which take account of normal working and stand-by arrangements.) Have plans and procedures been thoroughly tested and validated? If the answer to any of the above is no, then the organisation has more to do to fully subscribe to Business Continuity Management (BCM). Time was at a premium in the run up to Y2K but now, in the absence of such pressures, organisations that have identified a need to adopt a more comprehensive approach to business continuity will have the opportunity to do so. However, it must also be remembered that an emergency or other interruption to critical business can occur at any time and without warning. 5. Before describing what BCM is, it is important to state exactly what it is not. It is not simply another term for Disaster Recovery Planning, which traditionally has concentrated on the restoration of facilities after a major incident eg. loss of computing or telecommunications and loss of a building or plant through fire or flood.
2 The responsibility for such disaster plans rested with the various business functions, typically IT, estates and security. In some respects disaster recovery can be viewed as a reactive process whereby the organisation reacts to the emergency once it has occurred. The Emergency Planning Society in the Guide to Business Continuity Planning (1997), notes that in many incidences this approach proves to be too little too late. 6. BCM, in contrast, is a holistic approach which, examines the organisation as a whole and is concerned with anticipating things which could go wrong and takes planned and rehearsed steps to protect the business from such events. It involves the co-ordination and integration of all planning processes across departments and the presentation of a confident image to the outside world. It is a strategic tool which, once understood, exercised well and with commitment from the whole organisation, can safeguard service delivery, maximise opportunity through a crisis, and so proactively demonstrate competent management and enhance positive reputation. 7. The Business Continuity Institute (BCI) identified the following ten disciplines which it considered essential to any BCM process. No particular significance should be attributed to the order in which these disciplines are presented, except that project initiation must be the start point. (i) Project Initiation and Management. This involves establishing the need for a Business Continuity Plan (BCP), including obtaining management support and the organisation and management of the project to completion within agreed time and budget limits. Its not too difficult to demonstrate a need for BCM where evidence has shown that every 5 years, 20% of organisations will suffer a major disruption through fire, flood or storm, power failures, terrorism or IT failures. An ever litigious society coupled with recent legislative developments places responsibility firmly on organisations to demonstrate substantive evidence of foresight and preparedness. It has been promulgated that organisations have a duty of care and looking on business continuity as 'nice to have' is a dereliction of that duty (CBI, Business Continuity Management). Once the need for Business Continuity has been established it is vital to obtain long term commitment to it by convincing senior management that once armed with this tool they will be able to survive their own organisational Nemesis. An accurate assessment of what is involved in terms of staffing, expenditure and time needs to be clearly stated. Projects have floundered because senior management have not had realistic expectations of the level of resources required. A Business Continuity Planning Team should be selected from fully committed senior managers who will be prepared to drive the project forward. Business Continuity Managers should also be selected to oversee the preparation of individual department or business unit plans, which will form the building blocks of the overall business continuity response. Teams must be clear about the aims of the project and must accept ownership for it; it is their plan and their expertise which is required to determine what is critical to the survival of the organisation.
3 (ii) Risk Evaluation and Control. This involves the determination of events and environmental surroundings that can adversely affect the organisation, the damage caused by these events and the controls needed to mitigate against the effects of potential loss. Risk avoidance measures should be determined where possible on the basis that prevention is better than cure. Cost -benefit analysis can be used to justify expenditure on controls to mitigate risks. The modern business environment is characterised by an ever-increasing range of risks where emergencies come in all shapes and sizes.' Natural hazards include storms, floods, subsidence and building collapse, lightning and snow. Man-made hazards include, operator error, explosion, fire, chemical spillage. smoke or water damage, power failure, telecommunications failure, strikes, fraud, arson, malicious damage, bombs, media speculation and castigation, and crippling litigation. (iii) Business Impact Analysis (BIA). This discipline is of fundamental importance to, BCM and involves the identification of the impacts on business from emergency or other interruption scenarios along with techniques that can be used to quantify and qualify such impacts. Critical business functions, their recovery priorities and interdependencies should be established so that the recovery time objectives can be set. The BIA prioritises the I what if t scenarios identified by the risk evaluation by not only identifying how the emergency will affect the individual department involved but the organisation as a whole. The process is proactive in that it identifies the key or business critical functions of an organisation and the likely threats to those functions. The differentiation between critical functions and more peripheral functions means that planning effort can then be directed at ensuring such key functions can continue whatever the circumstances. It is important to realise that this approach is not only concerned with large-scale emergencies such as fire or flood. Generic BCP also covers arrangements to deal with smaller but equally devastating events such as loss of key systems or key personnel. (iv) Developing Business Contingency Strategies. This involves determining and selecting alternative business recovery operating strategies which will allow recovery within the appropriate timeframe, as identified by the BIA, whilst at the same time maintaining the organisation's critical functions. Recovery strategies for those business risks which cannot be prevented should be developed. Establishing the what, how and when is necessary at this stage. Options for alternative methods and locations of working should be determined together with interim measures to protect each department's immediate business processes, with each business unit being responsible for its own contingencies. Critical timescales for restoring core functions and the schedule of priorities are fundamental. (v) Emergency Responses and Operations. This involves the development and implementation of procedures for responding to and stabilising the situation following an emergency or interruption. It will include establishing and managing an emergency operations centre for use as a command centre during the emergency.
4 Instructions on the allocation of responsibility and decisions on internal and external communication procedures are vital and should be carefully documented. Everyone involved in the response must know automatically what to do, where to go and who to contact in any time of emergency. Otherwise confusion will abound and any advantage will be lost. (vi) Developing and implementing the business continuity plans. This involves the design, development and implementation of a BCP which will provide recovery within the recovery time objective. All plans, whether departmental or generic, must address the issues affecting people, accommodation, systems, critical information and services to ensure that core business can continue. Plans must be available 24 hours a day, 365 days a year and should be action orientated, crisply written, easy to follow and contain no information that is not required in an emergency situation. Areas that should be covered are; emergency definition and declaration and invocation arrangements for the plan, emergency response, resumption of operations under standby arrangements, resumption of business as usual Plans should detail; roles, responsibilities and reporting requirements, key personnel, other essential contacts and appropriate contact information, action plans with key priorities and timescales for recovery, alternative locations how to find them and relevant security arrangements, lists of resource requirements for recovery and how to get them, logging forms which are used to maintain an audit trail for any subsequent inquiry. (vii) Awareness and Training Programmes. This involves the preparation of a programme to raise corporate awareness and enhance the skills mix required to develop, implement, maintain and execute the BCP. All staff in the organisation must be made aware of the BCP, whether or not they are going to participate in the actual response. Everyone must feel that they have a role to play in the continuation of the organisation's business even if it is simply responding to a telephone call at home asking them to return to work. These factors are the
5 essential prerequisites to success and this is perhaps best illustrated by quoting Eisenhower, 'plans are nothing, planning is everything'. (viii) Maintaining and Exercising Business Continuity Plans. This involves the pre-planning and co-ordination of exercises to test the plan and the evaluation and documentation of lessons learned from such exercising. Processes should be developed which validate contingency capabilities and the BCP document, in accordance with the organisations strategic direction. Plan validation or verification of its effectiveness can be achieved through comparison with a suitable standard eg. BCI, Evaluation Criteria for Business Continuity Plans where the results of this process should be reported in a clear and concise manner. Once plans have been developed they should not be viewed as a panacea for all emergencies. They are of little real value unless they are rehearsed and validated. Before progressing to live exercises it is often useful to test arrangements by realistic table-top exercises which will identify any problems overlooked in the planning stages. Individual or departmental plans should be tested first and once these are working well the full business continuity response can be exercised. Planning must be viewed as a dynamic process which grows with the organisation and not one which is a once and for all activity. Individual plans, which underpin the Business Continuity Plan, are of vital importance and must be kept current. (ix) Public Relations and Crisis Co-ordination. This involves the development, coordination, evaluation and exercise of plans for media liaison and plans for communication with (and as necessary, trauma counsel/ingot) employees, their families, key customers, critical suppliers and corporate management during emergency situations. All stakeholders are kept informed on an as-needed basis. (x) Co-ordination with Public Authorities (and Outside Bodies). This involves the establishment of procedures and policies for co-ordinating continuity and restoration activities with other public authorities while at the same time ensuring compliance with applicable statutes or regulations. The roles and responsibilities of other organisations, who may be involved in dealing with an emergency, must be well known eg. the role of the emergency services and the restrictions they may place on the organisation in the aftermath of a major incident. Contingency arrangements must be agreed with all major suppliers and specialist arrangements with outside bodies (eg. salvage companies) well understood. 8. This phenomenon of preparing to deal with the unknown is evidenced in both the private and public sectors. Industry was swift to recognise the benefits of business continuity but government has also contributed to its promotion, through a number of Home Office publications and the Home Office Emergency Planning College has hosted a number of business continuity events. The subject was placed firmly on the political agenda by the Prime Minister, Tony Blair, in the run up to the Millennium.
6 Conclusion 9. This paper is offered with the intention of provoking the thought processes of readers; it is not intended to be a definitive guide to BCM and should not be taken as such. There are many excellent texts available providing guidance on this complex subject. Details of the ones used in the compilation of this note are provided in Annex A. 10. Investing in BCM is wise, where the resulting resilience and risk reduction reduce everyday outages and provide flexibility in day-to-day operations. However the level of continuous commitment necessary if an organisation is to fully subscribe to BCM should not be underestimated. Adoption of BCM by an organisation has been likened to staring into the abyss, defending the organisation's essential business from every possible risk, risks that collude, conspire and wait for technology to assist them in exploitation of any flaw. Annex A 1. CBI (1999) Business Continuity Management Caspian Publishing Ltd. 2. Emergency Planning Society (1997) - Business Continuity Demystified 3. Business Continuity Institute (1999) - Evaluation Criteria for Business Continuity Plans 4. Hiles, A et al (1999) - The Definitive Handbook of Business Continuity Management J Wiley & Sons Ltd. 5. CCTA (1995) - A Guide to Business Continuity Management - HMSO
Business Continuity. Is your Business Prepared for the worse? What is Business Continuity? Why use a Business Continuity Plan?
Business Continuity Is your Business Prepared for the worse? Major emergencies can develop suddenly without warning. Situations can threaten and disrupt your business and impact upon you and your staff.
More informationBusiness Continuity Management
Business Continuity Management Policy Statement & Strategy July 2009 Basildon District Council Business Continuity Management Policy Statement The Council is committed to ensuring robust and effective
More informationBusiness Continuity Planning and Disaster Recovery Planning
4 Business Continuity Planning and Disaster Recovery Planning Basic Concepts 1. Business Continuity Management: Business Continuity means maintaining the uninterrupted availability of all key business
More informationRisk Management Guidelines
Business Continuity Management Understanding Risk We live in an unpredictable world. No matter how effectively a business protects itself through insurance, there are some risks that cannot be anticipated,
More informationEmergency Response and Business Continuity Management Policy
Emergency Response and Business Continuity Management Policy Owner: John Duffy, Registrar & Secretary Last updated: September 2012 Version: 04 Document control Date Version Author Changes To be populated
More information1.0 Policy Statement / Intentions (FOIA - Open)
Force Policy & Procedure Reference Number Business Continuity Management D269 Policy Version Date 23 July 2015 Review Date 23 July 2016 Policy Ownership Portfolio Holder Links or overlaps with other policies
More informationCoping with a major business disruption. Some practical advice
Coping with a major business disruption Some practical advice Coping with a major business disruption What is business continuity? Business continuity planning (BCP) is a management process that helps
More informationBusiness Continuity (Policy & Procedure)
Business Continuity (Policy & Procedure) Publication Scheme Y/N Can be published on Force Website Department of Origin Force Operations Policy Holder Ch Supt Head of Force Ops Author Business Continuity
More informationIntroduction UNDERSTANDING BUSINESS CONTINUITY MANAGEMENT
INFORMATION SECURITY: UNDERSTANDING BUSINESS CONTINUITY MANAGEMENT FACTSHEET This factsheet will introduce you to Business Continuity Management (BCM), which is a process developed to counteract systems
More informationBusiness Continuity Policy
Business Continuity Policy St Mary Magdalene Academy V1.0 / September 2014 Document Control Document Details Document Title Document Type Business Continuity Policy Policy Version 2.0 Effective From 1st
More informationBusiness Continuity Planning
Business Continuity Planning We believe all organisations recognise the importance of having a Business Continuity Plan, however we understand that it can be difficult to know where to start. That s why
More informationBUSINESS CONTINUITY MANAGEMENT FRAMEWORK
BUSINESS CONTINUITY MANAGEMENT FRAMEWORK Document Author: Civil Contingencies Service - Authorised by the CCS Joint Management Board - Version 1.0. Issued December 2012 Page 1 FRAMEWORK STATEMENT Business
More informationPAPER-6 PART-1 OF 5 CA A.RAFEQ, FCA
1 Chapter-4: Business Continuity Planning and Disaster Recovery Planning PAPER-6 PART-1 OF 5 CA A.RAFEQ, FCA Learning Objectives 2 To understand the concept of Business Continuity Management To understand
More informationBusiness Continuity Management
Business Continuity Management Standard Operating Procedure Notice: This document has been made available through the Police Service of Scotland Freedom of Information Publication Scheme. It should not
More informationabcdefghijklmnopqrstu
abcdefghijklmnopqrstu Business Continuity A Framework for NHS Scotland Strategic Guidance for NHS Organisations in Scotland 1 Contents 1. Introduction 4 1.1 Business Continuity Overview 5 2. Roles and
More informationShankar Gawade VP IT INFRASTRUCTURE ENAM SECURITIES PVT. LTD.
Business Continuity Management & Disaster Recovery Planning Presented by: Shankar Gawade VP IT INFRASTRUCTURE ENAM SECURITIES PVT. LTD. 1 What is Business Continuity Management? Is a holistic management
More informationBusiness Continuity Policy
Business Continuity Policy Page 1 of 15 Business Continuity Policy First published: Amendment record Version Date Reviewer Comment 1.0 07/01/2014 Debbie Campbell 2.0 11/07/14 Vicky Ryan Updated to include
More informationBUSINESS CONTINUITY POLICY
BUSINESS CONTINUITY POLICY Last Review Date Approving Body n/a Audit Committee Date of Approval 9 th January 2014 Date of Implementation 1 st February 2014 Next Review Date February 2017 Review Responsibility
More informationBSO Board Director of Human Resources & Corporate Services Business Continuity Policy. 28 February 2012
To: From: Subject: Status: Date of Meeting: BSO Board Director of Human Resources & Corporate Services Business Continuity Policy For Approval 28 February 2012 The Board is asked to agree the attached
More informationdisaster recovery and contingency plan RISK MANAGEMENT MADE TO MEASURE
disaster recovery and contingency plan RISK MANAGEMENT MADE TO MEASURE INTRODUCTION Contingency planning for business continuity (business continuity management) is defined by the Institute of Business
More informationEMERGENCY PREPAREDNESS PLAN Business Continuity Plan
EMERGENCY PREPAREDNESS PLAN Business Continuity Plan GIS Bankers Insurance Group Powered by DISASTER PREPAREDNESS Implementation Small Business Guide to Business Continuity Planning Surviving a Catastrophic
More informationBUSINESS CONTINUITY MANAGEMENT POLICY
BUSINESS CONTINUITY MANAGEMENT POLICY AUTHORISED BY: DATE: Andy Buck Chief Executive March 2011 Ratifying Committee: NHS Rotherham Board Date Agreed: Issue No: NEXT REVIEW DATE: 2013 1 Lead Director John
More informationBusiness Continuity Policy
Page 1 of 16 Business Continuity Policy Issue Date: Aug 2013 Document Number: 00241 Prepared by: Business Management and Continuity Senior Manager Next Review Date: April 2014 Page 2 of 16 NHS England
More informationBusiness Continuity Business Continuity Management Policy
Business Continuity Business Continuity Management Policy : Date of Issue: 28 January 2009 Version no: 1.1 Review Date: January 2010 Document Owner: Patricia Hughes Document Authoriser: Tony Curtis 1 Version
More informationBusiness Continuity Management Framework 2014 2017
Business Continuity Management Framework 2014 2017 Blackpool Council Business Continuity Framework V3.0 Page 1 of 13 CONTENTS 1.0 Forward 03 2.0 Administration 04 3.0 Policy 05 4.0 Business Continuity
More informationBUSINESS CONTINUITY MANAGEMENT A Guide for Businesses In Northamptonshire
BUSINESS CONTINUITY MANAGEMENT A Guide for Businesses In Northamptonshire 1 What is Business Continuity? Business Continuity is a planning process which provides a framework to ensure the resilience of
More informationInformation Security Policy. Chapter 11. Business Continuity
Information Security Policy Chapter 11 Business Continuity Author: Policy & Strategy Team Version: 0.5 Date: July 2008 Version 0.5 Page 1 of 6 Document Control Information Document ID Document title Sefton
More informationBusiness Continuity Policy and Business Continuity Management System
Business Continuity Policy and Business Continuity Management System Summary: This policy sets out the structure for ensuring that the PCT has effective Business Continuity Plans in place in order to maintain
More informationNORTH HAMPSHIRE CLINICAL COMMISSIONING GROUP BUSINESS CONTINUITY MANAGEMENT POLICY AND PLAN (COR/017/V1.00)
NORTH HAMPSHIRE CLINICAL COMMISSIONING GROUP BUSINESS CONTINUITY MANAGEMENT POLICY AND PLAN (COR/017/V1.00) Subject and version number of document: Serial Number: Business Continuity Management Policy
More informationBusiness Continuity Management. Policy Statement and Strategy
Business Continuity Management Policy Statement and Strategy November 2011 Title Business Continuity Management Policy & Strategy Date of Publication: Cabinet Council Published by Borough Council of King
More informationPBSi Business Continuity Planning
Business Continuity Planning Definition Business Continuity planning is a planning process designed to reduce the risk that disruptive failures or events could seriously harm your business. It is designed
More informationKPMG Information Risk Management Business Continuity Management Peter McNally, KPMG Asia Pacific Leader for Business Continuity
INFORMATION RISK MANAGEMENT KPMG Information Risk Management Business Continuity Management Peter McNally, KPMG Asia Pacific Leader for Business Continuity ADVISORY Contents Agenda: Global trends and BCM
More informationBUSINESS CONTINUITY PLAN
How to Develop a BUSINESS CONTINUITY PLAN To print to A4, print at 75%. TABLE OF CONTENTS SUMMARY SUMMARY WHAT IS A BUSINESS CONTINUITY PLAN? CHAPTER PREPARING TO WRITE YOUR BUSINESS CONTINUITY PLAN CHAPTER
More informationBusiness Continuity Management For Small to Medium-Sized Businesses
Business Continuity Management For Small to Medium-Sized Businesses Produced by NORMIT and Norfolk County Council Resilience Team For an electronic copy of this document visit www.normit.org Telephone
More informationCENTRAL BANK OF KENYA (CBK) PRUDENTIAL GUIDELINE ON BUSINESS CONTINUITY MANAGEMENT (BCM) FOR INSTITUTIONS LICENSED UNDER THE BANKING ACT
CENTRAL BANK OF KENYA (CBK) PRUDENTIAL GUIDELINE ON BUSINESS CONTINUITY MANAGEMENT (BCM) FOR INSTITUTIONS LICENSED UNDER THE BANKING ACT JANUARY 2008 GUIDELINE ON BUSINESS CONTINUITY GUIDELINE CBK/PG/14
More informationNHS Hardwick Clinical Commissioning Group. Business Continuity Policy
NHS Hardwick Clinical Commissioning Group Business Continuity Policy Version Date: 26 January 2016 Version Number: 2.0 Status: Approved Next Revision Due: January 2017 Gordon Stevens MBCI Corporate Assurance
More informationBusiness Continuity Management Policy
Business Continuity Management Policy Business Continuity Policy Version 1.0 1 Version control Version Date Changes Author 0.1 April 13 1 st draft PH 0.2 June 13 Amendments in line with guidance PH 0.3
More informationHow To Manage A Disruption Event
BUSINESS CONTINUITY FRAMEWORK DOCUMENT INFORMATION DOCUMENT TYPE: DOCUMENT STATUS: POLICY OWNER POSITION: INTERNAL COMMITTEE ENDORSEMENT: APPROVED BY: Strategic document Approved Manager Organisational
More informationBusiness Continuity and Disaster Recovery Planning
Business Continuity and Disaster Recovery Planning Jennifer Brandt, CISA A p r i l 16, 2015 HISTORY OF STINNETT & ASSOCIATES Stinnett & Associates (Stinnett) is a professional advisory firm offering services
More informationBUSINESS CONTINUITY POLICY
BUSINESS CONTINUITY POLICY Document Type Corporate Policy Unique Identifier CO-038 Document Purpose To provide a structure through which: i. A comprehensive business continuity management system (BCMS)
More informationBUSINESS CONTINUITY POLICY RM03
BUSINESS CONTINUITY POLICY RM03 Applies to: All NHS LA employees, contractors, secondees and consultants, contractors and/or any other parties who will carry out duties on behalf of the NHS LA Version:
More informationDISASTER RECOVERY PLANNING FOR CITY COMPUTER FACILITIES
APPENDIX 1 DISASTER RECOVERY PLANNING FOR CITY COMPUTER FACILITIES March 2008 Auditor General s Office Jeffrey Griffiths, C.A., C.F.E. Auditor General City of Toronto TABLE OF CONTENTS EXECUTIVE SUMMARY...1
More informationNHS 24 - Business Continuity Strategy
NHS 24 - Strategy Version: 0.3 Issue Date: 20/09/2005 Status: Issued for Board Approval Status: draft Page 1 of 13 Table of Contents 1 INTRODUCTION...3 2 PURPOSE...3 3 SCOPE...3 4 ASSUMPTIONS...4 5 BUSINESS
More informationSection A: Introduction, Definitions and Principles of Infrastructure Resilience
Section A: Introduction, Definitions and Principles of Infrastructure Resilience A1. This section introduces infrastructure resilience, sets out the background and provides definitions. Introduction Purpose
More informationA guide to business continuity jelfsmallbusiness.co.uk 01905 888397
Business Continuity Management A guide to business continuity jelfsmallbusiness.co.uk 01905 888397 We know you re always going to try your best for your business, but things do occasionally and unexpectedly
More informationYear 2000 Business Continuity Planning: Guidelines for Financial Institutions Introduction
Year 2000 Business Continuity Planning: Guidelines for Financial Institutions Introduction The purpose of this paper is to help financial institutions, in particular their senior management, address business
More informationNHS Durham Dales, Easington and Sedgefield Clinical Commissioning Group. Business Continuity Plan
NHS Durham Dales, Easington and Sedgefield Clinical Commissioning Group Business Continuity Plan Page 1 Review To be done annually Author Chief Operating Officer Reviewer Head of Corporate Services Version
More informationPAPER-6 PART-5 OF 5 CA A.RAFEQ, FCA
Chapter-4: Business Continuity Planning and Disaster Recovery Planning PAPER-6 PART-5 OF 5 CA A.RAFEQ, FCA Learning Objectives 2 To understand the concept of Business Continuity Management To understand
More informationBusiness Continuity Management Governance. Frank Higgins Abu Dhabi March 2015
Business Continuity Management Governance Frank Higgins Abu Dhabi March 2015 Different Names Same Concept BCM (Business Continuity Management) BSI 25999 IPOCM (Incident Preparedness & Operational Continuity
More informationProposal for Business Continuity Plan and Management Review 6 August 2008
Proposal for Business Continuity Plan and Management Review 6 August 2008 2008/8/6 Contents About Newton IT / Quality of our services. BCM & BS25999 Overview 2. BCM Development in line with BS25999 3.
More informationBusiness continuity management policy
Business continuity management policy health.wa.gov.au Effective: XXX Title: Business continuity management policy 1. Purpose All public sector bodies are required to establish, maintain and review business
More informationDesktop Scenario Self Assessment Exercise Page 1
Page 1 Neil Jarvis Head of IT Security & IT Risk DHL Page 2 From reputation to data loss - how important is business continuity? Neil Jarvis Head of IT Security (EMEA) DHL Logistics IT Security Taking
More informationLFRS Business Continuity Planning
LFRS Business Continuity Planning 1.1 INTRODUCTION The LFRS Business Continuity Plan provides a framework for the activation, allocation and deployment of Lancashire Fire and Rescue Services resources
More informationBusiness Continuity Planning Manual. Version 1
Business Continuity Planning Manual Version 1 Business Continuity Planning for NHS Organisations Business Continuity Planning Manual CONTENTS INTRODUCTION... 1 BACKGROUND... 3 1. SCOPE, AIMS AND OBJECTIVES...
More informationPAPER-6 PART-3 OF 5 CA A.RAFEQ, FCA
Chapter-4: Business Continuity Planning and Disaster Recovery Planning PAPER-6 PART-3 OF 5 CA A.RAFEQ, FCA Learning Objectives 2 To understand the concept of Business Continuity Management To understand
More informationHOW CAN YOU ENSURE BUSINESS CONTINUITY? ISO 22301 AUDITS, CERTIFICATION AND TRAINING
HOW CAN YOU ENSURE BUSINESS CONTINUITY? ISO 22301 AUDITS, CERTIFICATION AND TRAINING ISO 22301 BUSINESS CONTINUITY MANAGEMENT SYSTEMS Most organisations will, at some point, be faced with having to respond
More informationBusiness Continuity Policy
Business Continuity Policy 1 NHS England INFORMATION READER BOX Directorate Medical Commissioning Operations Patients and Information Nursing Trans. & Corp. Ops. Commissioning Strategy Finance Publications
More informationwww.pwc.com Business Resiliency Business Continuity Management - January 14, 2014
www.pwc.com Business Resiliency Business Continuity Management - January 14, 2014 Agenda Key Definitions Risks Business Continuity Management Program BCM Capability Assessment Process BCM Value Proposition
More informationBusiness Continuity Plan Toolkit
Business Continuity Plan Toolkit March 2015 1 Contents The Template instructions for use... 2 Introduction... 3 What is the purpose of this toolkit?... 3 Why do you need a Business Continuity Plan?...
More informationPrepared by Rod Davis, ABCP, MCSA November, 2011
Prepared by Rod Davis, ABCP, MCSA November, 2011 Disaster an event, which causes the loss of an essential service, or part of it, for a length of time which imperils mission achievement. (Andrew Hiles,
More informationNOT PROTECTIVELY MARKED BUSINESS CONTINUITY. Specialist Operations Contingency Planning Business Continuity Manager 17.09.12
POLICY BUSINESS CONTINUITY Policy owners Policy holder Author Head of Services Specialist Operations Contingency Planning Business Continuity Manager Policy No. 132 Approved by Legal Services 17.09.12
More informationBusiness Continuity Planning. Donna Curran, Director Audit and Risk Management February, 2014
Business Continuity Planning Donna Curran, Director Audit and Risk Management February, 2014 Agenda Business Continuity Defined The Importance of a Plan Determining the Costs Business Impact Analysis MTO,
More informationCommunity and Built Environment Localities and Safer Communities Business Continuity Management Policy Andrew Fyfe
Community and Built Environment Localities and Safer Communities Business Continuity Management Policy Andrew Fyfe 4 Aug 14 Draft v4.4 TBC Resilience Team BCM Policy draft v4.4 1 4 Aug 2014 Statement of
More informationCharities & Not for Profit Protecting your organisation, supporting its success. Risk Management Insurance Employee Benefits Investment Management
Charities & Not for Profit Protecting your organisation, supporting its success Risk Management Insurance Employee Benefits Investment Management Charities are there to help those in need. But who helps
More informationMerrycon s Approach to Business Continuity Management
Merrycon s Approach to Business Continuity Management Business Continuity is a management discipline that provides a framework for an organisation to build resilience, providing the capability for an effective
More informationBusiness Continuity Management
Business Continuity Management Continuity Management is January 2004 Willis Business Continuity Management September 2002 1 Continuity Management is It is about managing the risks that threaten the survival
More informationBusiness Continuity Planning
Business Continuity Planning Assistance for Young Enterprise Business Continuity Planning for small to medium-sized businesses This information will guide you through some steps that could help your business
More informationBusiness Continuity Management & Disaster Recovery GETTING STARTED Checklist for Local Businesses & Organisations
Business Continuity Management & Disaster Recovery GETTING STARTED Checklist for Local Businesses & Organisations Name of Organisation: Date: This Document has been designed to assist local businesses
More informationGuideline - Business Continuity Plan
Guideline - Business Continuity Plan 1. Introduction: The Business Continuity Plan is a component of the Risk and Business Management suite. This suite includes: Risk Management including risk registers
More informationIT Disaster Recovery...It's Just the Tip of the Business Continuity Iceberg
PROFESSIONALADVANTAGE IT Disaster Recovery...It's Just the Tip of the Business Continuity Iceberg The importance of a holistic approach to Business Continuity and the art of making decisions when everyone's
More informationCompany Management System. Business Continuity in SIA
Company Management System Business Continuity in SIA Document code: Classification: Company Project/Service Year Document No. Version Public INDEX 1. INTRODUCTION... 3 2. SIA S BUSINESS CONTINUITY MANAGEMENT
More informationCorporate Risk Management Policy
Corporate Risk Management Policy Managing the Risk and Realising the Opportunity www.reading.gov.uk Risk Management is Good Management Page 1 of 19 Contents 1. Our Risk Management Vision 3 2. Introduction
More informationBS 25999 BUSINESS CONTINUITY MANAGEMENT
BS 25999 BUSINESS CONTINUITY MANAGEMENT AUDIT, CERTIFICATION & training services HOW CAN YOU ENSURE BUSINESS CONTINUITY? BS 25999 AUDITS & CERTIFICATION FROM SGS Most organisations will, at some point,
More informationInformation Security Management: Business Continuity Planning. Presentation by Stanislav Nurilov March 9th, 2005 CS 996: Info. Sec. Mgmt.
Information Security Management: Business Continuity Planning Presentation by Stanislav Nurilov March 9th, 2005 CS 996: Info. Sec. Mgmt. Overview BCP: Definition BCP: Need for (Why?) BCP: When BCP: Who
More informationINFOSEC.MY KNOWLEDGE SHARING SESSION
INFOSEC.MY KNOWLEDGE SHARING SESSION Integration BCM into your Organization: Challenges & Opportunities 31 st October 2007 1 Prabha Ramanathan ( CBCP, MBCI, MBCS, MSCS) Certified Business Continuity Professional.have
More informationBusiness Continuity and Disaster Planning
WHITE PAPER Business Continuity and Disaster Planning A guide to preparing for the unexpected Robert Drewniak Director, Strategic & Advisory Services Disasters are not always the result of high winds and
More informationPrinciples for BCM requirements for the Dutch financial sector and its providers.
Principles for BCM requirements for the Dutch financial sector and its providers. Platform Business Continuity Vitale Infrastructuur Financiële sector (BC VIF) Werkgroep BCM requirements 21 September 2011
More informationUnit Guide to Business Continuity/Resumption Planning
Unit Guide to Business Continuity/Resumption Planning (February 2009) Revised June 2011 Executive Summary... 3 Purpose and Scope for a Unit Business Continuity Plan(BCP)... 3 Resumption Planning... 4 Assumptions
More informationCHAPTER 1: BUSINESS CONTINUITY MANAGEMENT STRATEGY AND POLICY
Zurich Management Services Limited Registered in England: No 2741053 Registered Office The Zurich Centre, 3000 Parkway Whiteley, Fareham Hampshire, PO15 7JZ CHAPTER 1: BUSINESS CONTINUITY MANAGEMENT STRATEGY
More informationBusiness Continuity Management
Business Continuity Management Factsheet To prepare for change, change the way you prepare In an intensely competitive environment, a permanent market presence is essential in order to satisfy customers
More informationNHS ISLE OF WIGHT CLINICAL COMMISSIONING GROUP BUSINESS CONTINUITY POLICY
NHS ISLE OF WIGHT CLINICAL COMMISSIONING GROUP BUSINESS CONTINUITY POLICY AUTHOR/ APPROVAL DETAILS Document Author Written By: Human Resources Authorised Signature Authorised By: Helen Shields Date: 20
More informationNHS Commissioning Board Business Continuity Management Framework (service resilience)
NHS Commissioning Board Business Continuity Management Framework (service resilience) 1 P a g e NHS Commissioning Board Business Continuity Management Framework Date 7 January 2013 Audience NHS Commissioning
More informationCFAM&LBB2 Develop, maintain and evaluate business continuity plans and arrangements
Develop, maintain and evaluate business continuity plans and arrangements Overview This standard is about developing, maintaining and evaluating business continuity plans to ensure that organisations continue
More informationGUIDANCE ON THE COMPILATION OF BUSINESS CONTINUITY PLANS. Front cover Add your logo, company name and the date the plan was last amended.
LINCOLNSHIRE SUPPORTING PEOPLE GUIDANCE ON THE COMPILATION OF BUSINESS CONTINUITY PLANS Front cover Add your logo, company name and the date the plan was last amended. Distribution list List who has a
More informationSouth West Lincolnshire NHS Clinical Commissioning Group Business Continuity Policy
South West Lincolnshire NHS Clinical Commissioning Group Business Continuity Policy Reference No: CG 01 Version: Version 1 Approval date 18 December 2013 Date ratified: 18 December 2013 Name of Author
More informationExternal Supplier Control Requirements BCM
External Supplier Control Requirements BCM BCM Requirement Description BCM Tiers Recovery Time Objective Why this is important 1. Business Continuity Policy Supplier will have a documented Business Continuity
More information85-01-55 Overview of Business Continuity Planning Sally Meglathery Payoff
85-01-55 Overview of Business Continuity Planning Sally Meglathery Payoff Because a business continuity plan affects all functional units within the organization, each functional unit must participate
More informationBusiness Continuity Management (BCM) Policy
Business Continuity Management (BCM) Policy Reference number: Corporate 042 Title: Business Continuity Management (BCM) Policy Version number: Version 2 Policy Approved by: LLR PCT Cluster Board Date of
More informationCouncil Policy Business Continuity Management
Policy Name: Business Continuity Management Council Policy Business Continuity Management ADOPTED BY COUNCIL: 19 th April 2016 DATE OF NEXT REVIEW: 18 th April 2020 RESPONSIBLE OFFICER: REFERENCES: Chief
More informationIDA FAS Sub-Committee Guidelines for Testing 1 As of October 16, 2006
Guidelines for Testing 1 The Contingency Planning Sub-Committee of the IDA compiled the following BCP testing guidelines for the benefit of IDA Members. These guidelines are not mandatory and should be
More informationEssex Clinical Commissioning Groups. Business Continuity Management System. Scope and Policy
Essex Clinical Commissioning Groups Essex Clinical Commissioning Groups Business Continuity Management System Scope and Policy Policy Author: Daniel Hale - Head of Emergency Planning Version: 1.0 Date
More informationwww.td.com.au Business Continuity - IT Disaster Recovery Discussion Paper - - Commercial in Confidence Version V2.0R Wednesday, 5 September 2012
Business Continuity - IT Disaster Recovery Discussion Paper - - Version V2.0R Wednesday, 5 September 2012 Commercial in Confidence Melbourne Sydney 79-81 Coppin St Level 2 Richmond VIC 3121 414 Kent St
More informationRisk Management & Business Continuity Manual 2011-2014
ANNEX C Risk Management & Business Continuity Manual 2011-2014 Produced by the Risk Produced and by the Business Risk and Business Continuity Continuity Team Team February 2011 April 2011 Draft V.10 Page
More informationBUSINESS RESILIENCE READY OR NOT
BUSINESS RESILIENCE READY OR NOT EDC Whitepaper 2014 Table of Contents Executive Summary 2 Need for Effective BCM 2 Government requirements for BCM 4 The Challenge - Disasters and Threats 4 Pandemic and
More informationDORSET & WILTSHIRE FIRE AND RESCUE AUTHORITY Performance, Risk and Business Continuity Management Policy
Not Protectively Marked Item 6 Appendix B DORSET & WILTSHIRE FIRE AND RESCUE AUTHORITY Management Policy The Dorset & Wiltshire Fire and Rescue Authority () is the combined fire and rescue authority for
More informationBCP and DR. P K Patel AGM, MoF
BCP and DR P K Patel AGM, MoF Key difference between BS 25999 and ISO 22301 ISO 22301 puts a much greater emphasis on setting the objectives, monitoring performance and metrics aligning BC to top management
More informationFederal Financial Institutions Examination Council FFIEC BCP. Business Continuity Planning FEBRUARY 2015 IT EXAMINATION H ANDBOOK
Federal Financial Institutions Examination Council FFIEC Business Continuity Planning BCP FEBRUARY 2015 IT EXAMINATION H ANDBOOK Table of Contents Introduction 1 Board and Senior Management Responsibilities
More informationBusiness Continuity Planning in IT
Introduction: Business Continuity Planning in IT The more your business relies on its IT systems, the more you need to consider how unexpected disruptions might affect your business. These disruptions
More informationBusiness Continuity Plan Template
Business Continuity Plan Template Disclaimer This publication has been produced to provide a guide for people anticipating going into business and for business owners. It should not be regarded as an
More informationBusiness Continuity Management Systems. Protecting for tomorrow by building resilience today
Business Continuity Management Systems Protecting for tomorrow by building resilience today Vital statistics 31% 40% of UK businesses have been affected by bad weather related transport problems, power
More information