BUSINESS CONTINUITY MANAGEMENT IN THE PUBLIC SECTOR A ROUGH GUIDE

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "BUSINESS CONTINUITY MANAGEMENT IN THE PUBLIC SECTOR A ROUGH GUIDE"

Transcription

1 BUSINESS CONTINUITY MANAGEMENT IN THE PUBLIC SECTOR A ROUGH GUIDE Introduction 1. Recently many organisations both public and private have directed much more time, money and effort towards protecting service delivery and ensuring business continuity. This increased impetus can be attributed, in some part, to the unexpected but positive side effect of the Millennium Bug, where organisations focused on being prepared for the Millennium Date Change Period. 2. Many organisations, working under pressure to meet the 01 January 2000 deadline, were compelled to identify risks to their business and the means to mitigate against such risks. Contingencies', or alternative ways of working to ensure continued delivery of critical business, should some major interruption occur, were planned. Liaison with other organisations such as suppliers, customers and partners was embarked upon to identify interdependencies. Application of these business continuity techniques meant that organisations were able to plan not only for the more predicable effects of Y2K but also for the more far reaching and knock on effects, which could have occurred. 3. Although the Y2K date change has come and gone many organisations can congratulate themselves, but should resist viewing their efforts in respect of business continuity in an historical context, as plans and procedures still have currency today. Organisations can take full advantage of their Y2K planning, using it as a springboard towards a more comprehensive approach to business continuity. Assessments and plans should be revisited with the following questions in mind: Have all business critical functions been considered, not just those that were operational during the millennium date change period? Are plans capable of being invoked at any time? (Millennium Operating Regimes could be updated with procedures, which take account of normal working and stand-by arrangements.) Have plans and procedures been thoroughly tested and validated? If the answer to any of the above is no, then the organisation has more to do to fully subscribe to Business Continuity Management (BCM). Time was at a premium in the run up to Y2K but now, in the absence of such pressures, organisations that have identified a need to adopt a more comprehensive approach to business continuity will have the opportunity to do so. However, it must also be remembered that an emergency or other interruption to critical business can occur at any time and without warning. 5. Before describing what BCM is, it is important to state exactly what it is not. It is not simply another term for Disaster Recovery Planning, which traditionally has concentrated on the restoration of facilities after a major incident eg. loss of computing or telecommunications and loss of a building or plant through fire or flood.

2 The responsibility for such disaster plans rested with the various business functions, typically IT, estates and security. In some respects disaster recovery can be viewed as a reactive process whereby the organisation reacts to the emergency once it has occurred. The Emergency Planning Society in the Guide to Business Continuity Planning (1997), notes that in many incidences this approach proves to be too little too late. 6. BCM, in contrast, is a holistic approach which, examines the organisation as a whole and is concerned with anticipating things which could go wrong and takes planned and rehearsed steps to protect the business from such events. It involves the co-ordination and integration of all planning processes across departments and the presentation of a confident image to the outside world. It is a strategic tool which, once understood, exercised well and with commitment from the whole organisation, can safeguard service delivery, maximise opportunity through a crisis, and so proactively demonstrate competent management and enhance positive reputation. 7. The Business Continuity Institute (BCI) identified the following ten disciplines which it considered essential to any BCM process. No particular significance should be attributed to the order in which these disciplines are presented, except that project initiation must be the start point. (i) Project Initiation and Management. This involves establishing the need for a Business Continuity Plan (BCP), including obtaining management support and the organisation and management of the project to completion within agreed time and budget limits. Its not too difficult to demonstrate a need for BCM where evidence has shown that every 5 years, 20% of organisations will suffer a major disruption through fire, flood or storm, power failures, terrorism or IT failures. An ever litigious society coupled with recent legislative developments places responsibility firmly on organisations to demonstrate substantive evidence of foresight and preparedness. It has been promulgated that organisations have a duty of care and looking on business continuity as 'nice to have' is a dereliction of that duty (CBI, Business Continuity Management). Once the need for Business Continuity has been established it is vital to obtain long term commitment to it by convincing senior management that once armed with this tool they will be able to survive their own organisational Nemesis. An accurate assessment of what is involved in terms of staffing, expenditure and time needs to be clearly stated. Projects have floundered because senior management have not had realistic expectations of the level of resources required. A Business Continuity Planning Team should be selected from fully committed senior managers who will be prepared to drive the project forward. Business Continuity Managers should also be selected to oversee the preparation of individual department or business unit plans, which will form the building blocks of the overall business continuity response. Teams must be clear about the aims of the project and must accept ownership for it; it is their plan and their expertise which is required to determine what is critical to the survival of the organisation.

3 (ii) Risk Evaluation and Control. This involves the determination of events and environmental surroundings that can adversely affect the organisation, the damage caused by these events and the controls needed to mitigate against the effects of potential loss. Risk avoidance measures should be determined where possible on the basis that prevention is better than cure. Cost -benefit analysis can be used to justify expenditure on controls to mitigate risks. The modern business environment is characterised by an ever-increasing range of risks where emergencies come in all shapes and sizes.' Natural hazards include storms, floods, subsidence and building collapse, lightning and snow. Man-made hazards include, operator error, explosion, fire, chemical spillage. smoke or water damage, power failure, telecommunications failure, strikes, fraud, arson, malicious damage, bombs, media speculation and castigation, and crippling litigation. (iii) Business Impact Analysis (BIA). This discipline is of fundamental importance to, BCM and involves the identification of the impacts on business from emergency or other interruption scenarios along with techniques that can be used to quantify and qualify such impacts. Critical business functions, their recovery priorities and interdependencies should be established so that the recovery time objectives can be set. The BIA prioritises the I what if t scenarios identified by the risk evaluation by not only identifying how the emergency will affect the individual department involved but the organisation as a whole. The process is proactive in that it identifies the key or business critical functions of an organisation and the likely threats to those functions. The differentiation between critical functions and more peripheral functions means that planning effort can then be directed at ensuring such key functions can continue whatever the circumstances. It is important to realise that this approach is not only concerned with large-scale emergencies such as fire or flood. Generic BCP also covers arrangements to deal with smaller but equally devastating events such as loss of key systems or key personnel. (iv) Developing Business Contingency Strategies. This involves determining and selecting alternative business recovery operating strategies which will allow recovery within the appropriate timeframe, as identified by the BIA, whilst at the same time maintaining the organisation's critical functions. Recovery strategies for those business risks which cannot be prevented should be developed. Establishing the what, how and when is necessary at this stage. Options for alternative methods and locations of working should be determined together with interim measures to protect each department's immediate business processes, with each business unit being responsible for its own contingencies. Critical timescales for restoring core functions and the schedule of priorities are fundamental. (v) Emergency Responses and Operations. This involves the development and implementation of procedures for responding to and stabilising the situation following an emergency or interruption. It will include establishing and managing an emergency operations centre for use as a command centre during the emergency.

4 Instructions on the allocation of responsibility and decisions on internal and external communication procedures are vital and should be carefully documented. Everyone involved in the response must know automatically what to do, where to go and who to contact in any time of emergency. Otherwise confusion will abound and any advantage will be lost. (vi) Developing and implementing the business continuity plans. This involves the design, development and implementation of a BCP which will provide recovery within the recovery time objective. All plans, whether departmental or generic, must address the issues affecting people, accommodation, systems, critical information and services to ensure that core business can continue. Plans must be available 24 hours a day, 365 days a year and should be action orientated, crisply written, easy to follow and contain no information that is not required in an emergency situation. Areas that should be covered are; emergency definition and declaration and invocation arrangements for the plan, emergency response, resumption of operations under standby arrangements, resumption of business as usual Plans should detail; roles, responsibilities and reporting requirements, key personnel, other essential contacts and appropriate contact information, action plans with key priorities and timescales for recovery, alternative locations how to find them and relevant security arrangements, lists of resource requirements for recovery and how to get them, logging forms which are used to maintain an audit trail for any subsequent inquiry. (vii) Awareness and Training Programmes. This involves the preparation of a programme to raise corporate awareness and enhance the skills mix required to develop, implement, maintain and execute the BCP. All staff in the organisation must be made aware of the BCP, whether or not they are going to participate in the actual response. Everyone must feel that they have a role to play in the continuation of the organisation's business even if it is simply responding to a telephone call at home asking them to return to work. These factors are the

5 essential prerequisites to success and this is perhaps best illustrated by quoting Eisenhower, 'plans are nothing, planning is everything'. (viii) Maintaining and Exercising Business Continuity Plans. This involves the pre-planning and co-ordination of exercises to test the plan and the evaluation and documentation of lessons learned from such exercising. Processes should be developed which validate contingency capabilities and the BCP document, in accordance with the organisations strategic direction. Plan validation or verification of its effectiveness can be achieved through comparison with a suitable standard eg. BCI, Evaluation Criteria for Business Continuity Plans where the results of this process should be reported in a clear and concise manner. Once plans have been developed they should not be viewed as a panacea for all emergencies. They are of little real value unless they are rehearsed and validated. Before progressing to live exercises it is often useful to test arrangements by realistic table-top exercises which will identify any problems overlooked in the planning stages. Individual or departmental plans should be tested first and once these are working well the full business continuity response can be exercised. Planning must be viewed as a dynamic process which grows with the organisation and not one which is a once and for all activity. Individual plans, which underpin the Business Continuity Plan, are of vital importance and must be kept current. (ix) Public Relations and Crisis Co-ordination. This involves the development, coordination, evaluation and exercise of plans for media liaison and plans for communication with (and as necessary, trauma counsel/ingot) employees, their families, key customers, critical suppliers and corporate management during emergency situations. All stakeholders are kept informed on an as-needed basis. (x) Co-ordination with Public Authorities (and Outside Bodies). This involves the establishment of procedures and policies for co-ordinating continuity and restoration activities with other public authorities while at the same time ensuring compliance with applicable statutes or regulations. The roles and responsibilities of other organisations, who may be involved in dealing with an emergency, must be well known eg. the role of the emergency services and the restrictions they may place on the organisation in the aftermath of a major incident. Contingency arrangements must be agreed with all major suppliers and specialist arrangements with outside bodies (eg. salvage companies) well understood. 8. This phenomenon of preparing to deal with the unknown is evidenced in both the private and public sectors. Industry was swift to recognise the benefits of business continuity but government has also contributed to its promotion, through a number of Home Office publications and the Home Office Emergency Planning College has hosted a number of business continuity events. The subject was placed firmly on the political agenda by the Prime Minister, Tony Blair, in the run up to the Millennium.

6 Conclusion 9. This paper is offered with the intention of provoking the thought processes of readers; it is not intended to be a definitive guide to BCM and should not be taken as such. There are many excellent texts available providing guidance on this complex subject. Details of the ones used in the compilation of this note are provided in Annex A. 10. Investing in BCM is wise, where the resulting resilience and risk reduction reduce everyday outages and provide flexibility in day-to-day operations. However the level of continuous commitment necessary if an organisation is to fully subscribe to BCM should not be underestimated. Adoption of BCM by an organisation has been likened to staring into the abyss, defending the organisation's essential business from every possible risk, risks that collude, conspire and wait for technology to assist them in exploitation of any flaw. Annex A 1. CBI (1999) Business Continuity Management Caspian Publishing Ltd. 2. Emergency Planning Society (1997) - Business Continuity Demystified 3. Business Continuity Institute (1999) - Evaluation Criteria for Business Continuity Plans 4. Hiles, A et al (1999) - The Definitive Handbook of Business Continuity Management J Wiley & Sons Ltd. 5. CCTA (1995) - A Guide to Business Continuity Management - HMSO

Business Continuity Management

Business Continuity Management Business Continuity Management Policy Statement & Strategy July 2009 Basildon District Council Business Continuity Management Policy Statement The Council is committed to ensuring robust and effective

More information

Business Continuity. Is your Business Prepared for the worse? What is Business Continuity? Why use a Business Continuity Plan?

Business Continuity. Is your Business Prepared for the worse? What is Business Continuity? Why use a Business Continuity Plan? Business Continuity Is your Business Prepared for the worse? Major emergencies can develop suddenly without warning. Situations can threaten and disrupt your business and impact upon you and your staff.

More information

1.0 Policy Statement / Intentions (FOIA - Open)

1.0 Policy Statement / Intentions (FOIA - Open) Force Policy & Procedure Reference Number Business Continuity Management D269 Policy Version Date 23 July 2015 Review Date 23 July 2016 Policy Ownership Portfolio Holder Links or overlaps with other policies

More information

Emergency Response and Business Continuity Management Policy

Emergency Response and Business Continuity Management Policy Emergency Response and Business Continuity Management Policy Owner: John Duffy, Registrar & Secretary Last updated: September 2012 Version: 04 Document control Date Version Author Changes To be populated

More information

Risk Management Guidelines

Risk Management Guidelines Business Continuity Management Understanding Risk We live in an unpredictable world. No matter how effectively a business protects itself through insurance, there are some risks that cannot be anticipated,

More information

Business Continuity Planning and Disaster Recovery Planning

Business Continuity Planning and Disaster Recovery Planning 4 Business Continuity Planning and Disaster Recovery Planning Basic Concepts 1. Business Continuity Management: Business Continuity means maintaining the uninterrupted availability of all key business

More information

Introduction UNDERSTANDING BUSINESS CONTINUITY MANAGEMENT

Introduction UNDERSTANDING BUSINESS CONTINUITY MANAGEMENT INFORMATION SECURITY: UNDERSTANDING BUSINESS CONTINUITY MANAGEMENT FACTSHEET This factsheet will introduce you to Business Continuity Management (BCM), which is a process developed to counteract systems

More information

Coping with a major business disruption. Some practical advice

Coping with a major business disruption. Some practical advice Coping with a major business disruption Some practical advice Coping with a major business disruption What is business continuity? Business continuity planning (BCP) is a management process that helps

More information

Business Continuity (Policy & Procedure)

Business Continuity (Policy & Procedure) Business Continuity (Policy & Procedure) Publication Scheme Y/N Can be published on Force Website Department of Origin Force Operations Policy Holder Ch Supt Head of Force Ops Author Business Continuity

More information

Business Continuity Policy

Business Continuity Policy Business Continuity Policy St Mary Magdalene Academy V1.0 / September 2014 Document Control Document Details Document Title Document Type Business Continuity Policy Policy Version 2.0 Effective From 1st

More information

Business Continuity Planning

Business Continuity Planning Business Continuity Planning We believe all organisations recognise the importance of having a Business Continuity Plan, however we understand that it can be difficult to know where to start. That s why

More information

PAPER-6 PART-1 OF 5 CA A.RAFEQ, FCA

PAPER-6 PART-1 OF 5 CA A.RAFEQ, FCA 1 Chapter-4: Business Continuity Planning and Disaster Recovery Planning PAPER-6 PART-1 OF 5 CA A.RAFEQ, FCA Learning Objectives 2 To understand the concept of Business Continuity Management To understand

More information

BUSINESS CONTINUITY MANAGEMENT FRAMEWORK

BUSINESS CONTINUITY MANAGEMENT FRAMEWORK BUSINESS CONTINUITY MANAGEMENT FRAMEWORK Document Author: Civil Contingencies Service - Authorised by the CCS Joint Management Board - Version 1.0. Issued December 2012 Page 1 FRAMEWORK STATEMENT Business

More information

disaster recovery and contingency plan RISK MANAGEMENT MADE TO MEASURE

disaster recovery and contingency plan RISK MANAGEMENT MADE TO MEASURE disaster recovery and contingency plan RISK MANAGEMENT MADE TO MEASURE INTRODUCTION Contingency planning for business continuity (business continuity management) is defined by the Institute of Business

More information

Business Continuity Management

Business Continuity Management Business Continuity Management Standard Operating Procedure Notice: This document has been made available through the Police Service of Scotland Freedom of Information Publication Scheme. It should not

More information

BUSINESS CONTINUITY POLICY

BUSINESS CONTINUITY POLICY BUSINESS CONTINUITY POLICY Last Review Date Approving Body n/a Audit Committee Date of Approval 9 th January 2014 Date of Implementation 1 st February 2014 Next Review Date February 2017 Review Responsibility

More information

Business Continuity Business Continuity Management Policy

Business Continuity Business Continuity Management Policy Business Continuity Business Continuity Management Policy : Date of Issue: 28 January 2009 Version no: 1.1 Review Date: January 2010 Document Owner: Patricia Hughes Document Authoriser: Tony Curtis 1 Version

More information

Business Continuity Policy

Business Continuity Policy Business Continuity Policy Page 1 of 15 Business Continuity Policy First published: Amendment record Version Date Reviewer Comment 1.0 07/01/2014 Debbie Campbell 2.0 11/07/14 Vicky Ryan Updated to include

More information

abcdefghijklmnopqrstu

abcdefghijklmnopqrstu abcdefghijklmnopqrstu Business Continuity A Framework for NHS Scotland Strategic Guidance for NHS Organisations in Scotland 1 Contents 1. Introduction 4 1.1 Business Continuity Overview 5 2. Roles and

More information

BSO Board Director of Human Resources & Corporate Services Business Continuity Policy. 28 February 2012

BSO Board Director of Human Resources & Corporate Services Business Continuity Policy. 28 February 2012 To: From: Subject: Status: Date of Meeting: BSO Board Director of Human Resources & Corporate Services Business Continuity Policy For Approval 28 February 2012 The Board is asked to agree the attached

More information

BUSINESS CONTINUITY MANAGEMENT POLICY

BUSINESS CONTINUITY MANAGEMENT POLICY BUSINESS CONTINUITY MANAGEMENT POLICY AUTHORISED BY: DATE: Andy Buck Chief Executive March 2011 Ratifying Committee: NHS Rotherham Board Date Agreed: Issue No: NEXT REVIEW DATE: 2013 1 Lead Director John

More information

Shankar Gawade VP IT INFRASTRUCTURE ENAM SECURITIES PVT. LTD.

Shankar Gawade VP IT INFRASTRUCTURE ENAM SECURITIES PVT. LTD. Business Continuity Management & Disaster Recovery Planning Presented by: Shankar Gawade VP IT INFRASTRUCTURE ENAM SECURITIES PVT. LTD. 1 What is Business Continuity Management? Is a holistic management

More information

Information Security Policy. Chapter 11. Business Continuity

Information Security Policy. Chapter 11. Business Continuity Information Security Policy Chapter 11 Business Continuity Author: Policy & Strategy Team Version: 0.5 Date: July 2008 Version 0.5 Page 1 of 6 Document Control Information Document ID Document title Sefton

More information

BUSINESS CONTINUITY MANAGEMENT A Guide for Businesses In Northamptonshire

BUSINESS CONTINUITY MANAGEMENT A Guide for Businesses In Northamptonshire BUSINESS CONTINUITY MANAGEMENT A Guide for Businesses In Northamptonshire 1 What is Business Continuity? Business Continuity is a planning process which provides a framework to ensure the resilience of

More information

Business Continuity Management Framework 2014 2017

Business Continuity Management Framework 2014 2017 Business Continuity Management Framework 2014 2017 Blackpool Council Business Continuity Framework V3.0 Page 1 of 13 CONTENTS 1.0 Forward 03 2.0 Administration 04 3.0 Policy 05 4.0 Business Continuity

More information

Business Continuity and Disaster Recovery Planning

Business Continuity and Disaster Recovery Planning Business Continuity and Disaster Recovery Planning Jennifer Brandt, CISA A p r i l 16, 2015 HISTORY OF STINNETT & ASSOCIATES Stinnett & Associates (Stinnett) is a professional advisory firm offering services

More information

BUSINESS CONTINUITY FRAMEWORK

BUSINESS CONTINUITY FRAMEWORK BUSINESS CONTINUITY FRAMEWORK DOCUMENT INFORMATION DOCUMENT TYPE: DOCUMENT STATUS: POLICY OWNER POSITION: INTERNAL COMMITTEE ENDORSEMENT: APPROVED BY: Strategic document Approved Manager Organisational

More information

BUSINESS CONTINUITY POLICY

BUSINESS CONTINUITY POLICY BUSINESS CONTINUITY POLICY Document Type Corporate Policy Unique Identifier CO-038 Document Purpose To provide a structure through which: i. A comprehensive business continuity management system (BCMS)

More information

LFRS Business Continuity Planning

LFRS Business Continuity Planning LFRS Business Continuity Planning 1.1 INTRODUCTION The LFRS Business Continuity Plan provides a framework for the activation, allocation and deployment of Lancashire Fire and Rescue Services resources

More information

Business Continuity Policy

Business Continuity Policy Page 1 of 16 Business Continuity Policy Issue Date: Aug 2013 Document Number: 00241 Prepared by: Business Management and Continuity Senior Manager Next Review Date: April 2014 Page 2 of 16 NHS England

More information

EMERGENCY PREPAREDNESS PLAN Business Continuity Plan

EMERGENCY PREPAREDNESS PLAN Business Continuity Plan EMERGENCY PREPAREDNESS PLAN Business Continuity Plan GIS Bankers Insurance Group Powered by DISASTER PREPAREDNESS Implementation Small Business Guide to Business Continuity Planning Surviving a Catastrophic

More information

BUSINESS CONTINUITY PLAN

BUSINESS CONTINUITY PLAN How to Develop a BUSINESS CONTINUITY PLAN To print to A4, print at 75%. TABLE OF CONTENTS SUMMARY SUMMARY WHAT IS A BUSINESS CONTINUITY PLAN? CHAPTER PREPARING TO WRITE YOUR BUSINESS CONTINUITY PLAN CHAPTER

More information

NHS Hardwick Clinical Commissioning Group. Business Continuity Policy

NHS Hardwick Clinical Commissioning Group. Business Continuity Policy NHS Hardwick Clinical Commissioning Group Business Continuity Policy Version Date: 26 January 2016 Version Number: 2.0 Status: Approved Next Revision Due: January 2017 Gordon Stevens MBCI Corporate Assurance

More information

BUSINESS CONTINUITY POLICY RM03

BUSINESS CONTINUITY POLICY RM03 BUSINESS CONTINUITY POLICY RM03 Applies to: All NHS LA employees, contractors, secondees and consultants, contractors and/or any other parties who will carry out duties on behalf of the NHS LA Version:

More information

Proposal for Business Continuity Plan and Management Review 6 August 2008

Proposal for Business Continuity Plan and Management Review 6 August 2008 Proposal for Business Continuity Plan and Management Review 6 August 2008 2008/8/6 Contents About Newton IT / Quality of our services. BCM & BS25999 Overview 2. BCM Development in line with BS25999 3.

More information

CENTRAL BANK OF KENYA (CBK) PRUDENTIAL GUIDELINE ON BUSINESS CONTINUITY MANAGEMENT (BCM) FOR INSTITUTIONS LICENSED UNDER THE BANKING ACT

CENTRAL BANK OF KENYA (CBK) PRUDENTIAL GUIDELINE ON BUSINESS CONTINUITY MANAGEMENT (BCM) FOR INSTITUTIONS LICENSED UNDER THE BANKING ACT CENTRAL BANK OF KENYA (CBK) PRUDENTIAL GUIDELINE ON BUSINESS CONTINUITY MANAGEMENT (BCM) FOR INSTITUTIONS LICENSED UNDER THE BANKING ACT JANUARY 2008 GUIDELINE ON BUSINESS CONTINUITY GUIDELINE CBK/PG/14

More information

Business Continuity Management Policy

Business Continuity Management Policy Business Continuity Management Policy Business Continuity Policy Version 1.0 1 Version control Version Date Changes Author 0.1 April 13 1 st draft PH 0.2 June 13 Amendments in line with guidance PH 0.3

More information

PAPER-6 PART-5 OF 5 CA A.RAFEQ, FCA

PAPER-6 PART-5 OF 5 CA A.RAFEQ, FCA Chapter-4: Business Continuity Planning and Disaster Recovery Planning PAPER-6 PART-5 OF 5 CA A.RAFEQ, FCA Learning Objectives 2 To understand the concept of Business Continuity Management To understand

More information

PBSi Business Continuity Planning

PBSi Business Continuity Planning Business Continuity Planning Definition Business Continuity planning is a planning process designed to reduce the risk that disruptive failures or events could seriously harm your business. It is designed

More information

Business Continuity Management. Policy Statement and Strategy

Business Continuity Management. Policy Statement and Strategy Business Continuity Management Policy Statement and Strategy November 2011 Title Business Continuity Management Policy & Strategy Date of Publication: Cabinet Council Published by Borough Council of King

More information

Business Continuity Policy and Business Continuity Management System

Business Continuity Policy and Business Continuity Management System Business Continuity Policy and Business Continuity Management System Summary: This policy sets out the structure for ensuring that the PCT has effective Business Continuity Plans in place in order to maintain

More information

Business Continuity Management For Small to Medium-Sized Businesses

Business Continuity Management For Small to Medium-Sized Businesses Business Continuity Management For Small to Medium-Sized Businesses Produced by NORMIT and Norfolk County Council Resilience Team For an electronic copy of this document visit www.normit.org Telephone

More information

Business Continuity Management Governance. Frank Higgins Abu Dhabi March 2015

Business Continuity Management Governance. Frank Higgins Abu Dhabi March 2015 Business Continuity Management Governance Frank Higgins Abu Dhabi March 2015 Different Names Same Concept BCM (Business Continuity Management) BSI 25999 IPOCM (Incident Preparedness & Operational Continuity

More information

Charities & Not for Profit Protecting your organisation, supporting its success. Risk Management Insurance Employee Benefits Investment Management

Charities & Not for Profit Protecting your organisation, supporting its success. Risk Management Insurance Employee Benefits Investment Management Charities & Not for Profit Protecting your organisation, supporting its success Risk Management Insurance Employee Benefits Investment Management Charities are there to help those in need. But who helps

More information

A guide to business continuity jelfsmallbusiness.co.uk 01905 888397

A guide to business continuity jelfsmallbusiness.co.uk 01905 888397 Business Continuity Management A guide to business continuity jelfsmallbusiness.co.uk 01905 888397 We know you re always going to try your best for your business, but things do occasionally and unexpectedly

More information

NORTH HAMPSHIRE CLINICAL COMMISSIONING GROUP BUSINESS CONTINUITY MANAGEMENT POLICY AND PLAN (COR/017/V1.00)

NORTH HAMPSHIRE CLINICAL COMMISSIONING GROUP BUSINESS CONTINUITY MANAGEMENT POLICY AND PLAN (COR/017/V1.00) NORTH HAMPSHIRE CLINICAL COMMISSIONING GROUP BUSINESS CONTINUITY MANAGEMENT POLICY AND PLAN (COR/017/V1.00) Subject and version number of document: Serial Number: Business Continuity Management Policy

More information

South West Lincolnshire NHS Clinical Commissioning Group Business Continuity Policy

South West Lincolnshire NHS Clinical Commissioning Group Business Continuity Policy South West Lincolnshire NHS Clinical Commissioning Group Business Continuity Policy Reference No: CG 01 Version: Version 1 Approval date 18 December 2013 Date ratified: 18 December 2013 Name of Author

More information

NOT PROTECTIVELY MARKED BUSINESS CONTINUITY. Specialist Operations Contingency Planning Business Continuity Manager 17.09.12

NOT PROTECTIVELY MARKED BUSINESS CONTINUITY. Specialist Operations Contingency Planning Business Continuity Manager 17.09.12 POLICY BUSINESS CONTINUITY Policy owners Policy holder Author Head of Services Specialist Operations Contingency Planning Business Continuity Manager Policy No. 132 Approved by Legal Services 17.09.12

More information

Merrycon s Approach to Business Continuity Management

Merrycon s Approach to Business Continuity Management Merrycon s Approach to Business Continuity Management Business Continuity is a management discipline that provides a framework for an organisation to build resilience, providing the capability for an effective

More information

Business continuity management policy

Business continuity management policy Business continuity management policy health.wa.gov.au Effective: XXX Title: Business continuity management policy 1. Purpose All public sector bodies are required to establish, maintain and review business

More information

Section A: Introduction, Definitions and Principles of Infrastructure Resilience

Section A: Introduction, Definitions and Principles of Infrastructure Resilience Section A: Introduction, Definitions and Principles of Infrastructure Resilience A1. This section introduces infrastructure resilience, sets out the background and provides definitions. Introduction Purpose

More information

Business Continuity Planning Manual. Version 1

Business Continuity Planning Manual. Version 1 Business Continuity Planning Manual Version 1 Business Continuity Planning for NHS Organisations Business Continuity Planning Manual CONTENTS INTRODUCTION... 1 BACKGROUND... 3 1. SCOPE, AIMS AND OBJECTIVES...

More information

Business Continuity Planning

Business Continuity Planning Business Continuity Planning Assistance for Young Enterprise Business Continuity Planning for small to medium-sized businesses This information will guide you through some steps that could help your business

More information

KPMG Information Risk Management Business Continuity Management Peter McNally, KPMG Asia Pacific Leader for Business Continuity

KPMG Information Risk Management Business Continuity Management Peter McNally, KPMG Asia Pacific Leader for Business Continuity INFORMATION RISK MANAGEMENT KPMG Information Risk Management Business Continuity Management Peter McNally, KPMG Asia Pacific Leader for Business Continuity ADVISORY Contents Agenda: Global trends and BCM

More information

Year 2000 Business Continuity Planning: Guidelines for Financial Institutions Introduction

Year 2000 Business Continuity Planning: Guidelines for Financial Institutions Introduction Year 2000 Business Continuity Planning: Guidelines for Financial Institutions Introduction The purpose of this paper is to help financial institutions, in particular their senior management, address business

More information

Business Continuity Strategy Manual

Business Continuity Strategy Manual Business Continuity Strategy Manual Issue 03 July 2009 Authorised by: Managing Director, Date: 1. Amendments 2. Definitions 3. BCM System Management 4. Purpose 5. Scope 6. Roles & Responsibilities 7. Business

More information

www.pwc.com Business Resiliency Business Continuity Management - January 14, 2014

www.pwc.com Business Resiliency Business Continuity Management - January 14, 2014 www.pwc.com Business Resiliency Business Continuity Management - January 14, 2014 Agenda Key Definitions Risks Business Continuity Management Program BCM Capability Assessment Process BCM Value Proposition

More information

Company Management System. Business Continuity in SIA

Company Management System. Business Continuity in SIA Company Management System Business Continuity in SIA Document code: Classification: Company Project/Service Year Document No. Version Public INDEX 1. INTRODUCTION... 3 2. SIA S BUSINESS CONTINUITY MANAGEMENT

More information

CHAPTER 1: BUSINESS CONTINUITY MANAGEMENT STRATEGY AND POLICY

CHAPTER 1: BUSINESS CONTINUITY MANAGEMENT STRATEGY AND POLICY Zurich Management Services Limited Registered in England: No 2741053 Registered Office The Zurich Centre, 3000 Parkway Whiteley, Fareham Hampshire, PO15 7JZ CHAPTER 1: BUSINESS CONTINUITY MANAGEMENT STRATEGY

More information

NHS Durham Dales, Easington and Sedgefield Clinical Commissioning Group. Business Continuity Plan

NHS Durham Dales, Easington and Sedgefield Clinical Commissioning Group. Business Continuity Plan NHS Durham Dales, Easington and Sedgefield Clinical Commissioning Group Business Continuity Plan Page 1 Review To be done annually Author Chief Operating Officer Reviewer Head of Corporate Services Version

More information

Desktop Scenario Self Assessment Exercise Page 1

Desktop Scenario Self Assessment Exercise Page 1 Page 1 Neil Jarvis Head of IT Security & IT Risk DHL Page 2 From reputation to data loss - how important is business continuity? Neil Jarvis Head of IT Security (EMEA) DHL Logistics IT Security Taking

More information

Prepared by Rod Davis, ABCP, MCSA November, 2011

Prepared by Rod Davis, ABCP, MCSA November, 2011 Prepared by Rod Davis, ABCP, MCSA November, 2011 Disaster an event, which causes the loss of an essential service, or part of it, for a length of time which imperils mission achievement. (Andrew Hiles,

More information

PAPER-6 PART-3 OF 5 CA A.RAFEQ, FCA

PAPER-6 PART-3 OF 5 CA A.RAFEQ, FCA Chapter-4: Business Continuity Planning and Disaster Recovery Planning PAPER-6 PART-3 OF 5 CA A.RAFEQ, FCA Learning Objectives 2 To understand the concept of Business Continuity Management To understand

More information

Business Continuity Plan Template

Business Continuity Plan Template Business Continuity Plan Template Disclaimer This publication has been produced to provide a guide for people anticipating going into business and for business owners. It should not be regarded as an

More information

IT Disaster Recovery...It's Just the Tip of the Business Continuity Iceberg

IT Disaster Recovery...It's Just the Tip of the Business Continuity Iceberg PROFESSIONALADVANTAGE IT Disaster Recovery...It's Just the Tip of the Business Continuity Iceberg The importance of a holistic approach to Business Continuity and the art of making decisions when everyone's

More information

DISASTER RECOVERY PLANNING FOR CITY COMPUTER FACILITIES

DISASTER RECOVERY PLANNING FOR CITY COMPUTER FACILITIES APPENDIX 1 DISASTER RECOVERY PLANNING FOR CITY COMPUTER FACILITIES March 2008 Auditor General s Office Jeffrey Griffiths, C.A., C.F.E. Auditor General City of Toronto TABLE OF CONTENTS EXECUTIVE SUMMARY...1

More information

Business Continuity Plan Toolkit

Business Continuity Plan Toolkit Business Continuity Plan Toolkit March 2015 1 Contents The Template instructions for use... 2 Introduction... 3 What is the purpose of this toolkit?... 3 Why do you need a Business Continuity Plan?...

More information

Risk Management & Business Continuity Manual 2011-2014

Risk Management & Business Continuity Manual 2011-2014 ANNEX C Risk Management & Business Continuity Manual 2011-2014 Produced by the Risk Produced and by the Business Risk and Business Continuity Continuity Team Team February 2011 April 2011 Draft V.10 Page

More information

Business Continuity Management

Business Continuity Management Business Continuity Management Continuity Management is January 2004 Willis Business Continuity Management September 2002 1 Continuity Management is It is about managing the risks that threaten the survival

More information

Business Continuity Management (BCM) Policy

Business Continuity Management (BCM) Policy Business Continuity Management (BCM) Policy Reference number: Corporate 042 Title: Business Continuity Management (BCM) Policy Version number: Version 2 Policy Approved by: LLR PCT Cluster Board Date of

More information

Business Continuity Policy

Business Continuity Policy Business Continuity Policy 1 NHS England INFORMATION READER BOX Directorate Medical Commissioning Operations Patients and Information Nursing Trans. & Corp. Ops. Commissioning Strategy Finance Publications

More information

Corporate Risk Management Policy

Corporate Risk Management Policy Corporate Risk Management Policy Managing the Risk and Realising the Opportunity www.reading.gov.uk Risk Management is Good Management Page 1 of 19 Contents 1. Our Risk Management Vision 3 2. Introduction

More information

Guideline - Business Continuity Plan

Guideline - Business Continuity Plan Guideline - Business Continuity Plan 1. Introduction: The Business Continuity Plan is a component of the Risk and Business Management suite. This suite includes: Risk Management including risk registers

More information

Information Security Management: Business Continuity Planning. Presentation by Stanislav Nurilov March 9th, 2005 CS 996: Info. Sec. Mgmt.

Information Security Management: Business Continuity Planning. Presentation by Stanislav Nurilov March 9th, 2005 CS 996: Info. Sec. Mgmt. Information Security Management: Business Continuity Planning Presentation by Stanislav Nurilov March 9th, 2005 CS 996: Info. Sec. Mgmt. Overview BCP: Definition BCP: Need for (Why?) BCP: When BCP: Who

More information

Business Continuity Management & Disaster Recovery GETTING STARTED Checklist for Local Businesses & Organisations

Business Continuity Management & Disaster Recovery GETTING STARTED Checklist for Local Businesses & Organisations Business Continuity Management & Disaster Recovery GETTING STARTED Checklist for Local Businesses & Organisations Name of Organisation: Date: This Document has been designed to assist local businesses

More information

Essex Clinical Commissioning Groups. Business Continuity Management System. Scope and Policy

Essex Clinical Commissioning Groups. Business Continuity Management System. Scope and Policy Essex Clinical Commissioning Groups Essex Clinical Commissioning Groups Business Continuity Management System Scope and Policy Policy Author: Daniel Hale - Head of Emergency Planning Version: 1.0 Date

More information

Business continuity strategy

Business continuity strategy Business continuity strategy 2009 2012 Table of contents 1 Why this strategy is needed 3 2 Aim of the strategy 4 3 Our approach to business continuity 4 PROCESS 4 STRUCTURE 5 DOCUMENTATION 6 DISRUPTION

More information

Principles for BCM requirements for the Dutch financial sector and its providers.

Principles for BCM requirements for the Dutch financial sector and its providers. Principles for BCM requirements for the Dutch financial sector and its providers. Platform Business Continuity Vitale Infrastructuur Financiële sector (BC VIF) Werkgroep BCM requirements 21 September 2011

More information

INFOSEC.MY KNOWLEDGE SHARING SESSION

INFOSEC.MY KNOWLEDGE SHARING SESSION INFOSEC.MY KNOWLEDGE SHARING SESSION Integration BCM into your Organization: Challenges & Opportunities 31 st October 2007 1 Prabha Ramanathan ( CBCP, MBCI, MBCS, MSCS) Certified Business Continuity Professional.have

More information

NHS ISLE OF WIGHT CLINICAL COMMISSIONING GROUP BUSINESS CONTINUITY POLICY

NHS ISLE OF WIGHT CLINICAL COMMISSIONING GROUP BUSINESS CONTINUITY POLICY NHS ISLE OF WIGHT CLINICAL COMMISSIONING GROUP BUSINESS CONTINUITY POLICY AUTHOR/ APPROVAL DETAILS Document Author Written By: Human Resources Authorised Signature Authorised By: Helen Shields Date: 20

More information

DORSET & WILTSHIRE FIRE AND RESCUE AUTHORITY Performance, Risk and Business Continuity Management Policy

DORSET & WILTSHIRE FIRE AND RESCUE AUTHORITY Performance, Risk and Business Continuity Management Policy Not Protectively Marked Item 6 Appendix B DORSET & WILTSHIRE FIRE AND RESCUE AUTHORITY Management Policy The Dorset & Wiltshire Fire and Rescue Authority () is the combined fire and rescue authority for

More information

NHS 24 - Business Continuity Strategy

NHS 24 - Business Continuity Strategy NHS 24 - Strategy Version: 0.3 Issue Date: 20/09/2005 Status: Issued for Board Approval Status: draft Page 1 of 13 Table of Contents 1 INTRODUCTION...3 2 PURPOSE...3 3 SCOPE...3 4 ASSUMPTIONS...4 5 BUSINESS

More information

HOW CAN YOU ENSURE BUSINESS CONTINUITY? ISO 22301 AUDITS, CERTIFICATION AND TRAINING

HOW CAN YOU ENSURE BUSINESS CONTINUITY? ISO 22301 AUDITS, CERTIFICATION AND TRAINING HOW CAN YOU ENSURE BUSINESS CONTINUITY? ISO 22301 AUDITS, CERTIFICATION AND TRAINING ISO 22301 BUSINESS CONTINUITY MANAGEMENT SYSTEMS Most organisations will, at some point, be faced with having to respond

More information

Community and Built Environment Localities and Safer Communities Business Continuity Management Policy Andrew Fyfe

Community and Built Environment Localities and Safer Communities Business Continuity Management Policy Andrew Fyfe Community and Built Environment Localities and Safer Communities Business Continuity Management Policy Andrew Fyfe 4 Aug 14 Draft v4.4 TBC Resilience Team BCM Policy draft v4.4 1 4 Aug 2014 Statement of

More information

GUIDANCE ON THE COMPILATION OF BUSINESS CONTINUITY PLANS. Front cover Add your logo, company name and the date the plan was last amended.

GUIDANCE ON THE COMPILATION OF BUSINESS CONTINUITY PLANS. Front cover Add your logo, company name and the date the plan was last amended. LINCOLNSHIRE SUPPORTING PEOPLE GUIDANCE ON THE COMPILATION OF BUSINESS CONTINUITY PLANS Front cover Add your logo, company name and the date the plan was last amended. Distribution list List who has a

More information

Business Continuity Planning in IT

Business Continuity Planning in IT Introduction: Business Continuity Planning in IT The more your business relies on its IT systems, the more you need to consider how unexpected disruptions might affect your business. These disruptions

More information

Business Continuity Planning. Donna Curran, Director Audit and Risk Management February, 2014

Business Continuity Planning. Donna Curran, Director Audit and Risk Management February, 2014 Business Continuity Planning Donna Curran, Director Audit and Risk Management February, 2014 Agenda Business Continuity Defined The Importance of a Plan Determining the Costs Business Impact Analysis MTO,

More information

COMCARE BUSINESS CONTINUITY MANAGEMENT

COMCARE BUSINESS CONTINUITY MANAGEMENT COMCARE BUSINESS CONTINUITY MANAGEMENT Title Business Continuity Management Version 2.1 Authorised by Executive Committee Effective date Authorisation date 10/7/2012 10/7/2012 COMCARE BUSINESS CONTINUITY

More information

www.td.com.au Business Continuity - IT Disaster Recovery Discussion Paper - - Commercial in Confidence Version V2.0R Wednesday, 5 September 2012

www.td.com.au Business Continuity - IT Disaster Recovery Discussion Paper - - Commercial in Confidence Version V2.0R Wednesday, 5 September 2012 Business Continuity - IT Disaster Recovery Discussion Paper - - Version V2.0R Wednesday, 5 September 2012 Commercial in Confidence Melbourne Sydney 79-81 Coppin St Level 2 Richmond VIC 3121 414 Kent St

More information

Business Continuity and Disaster Planning

Business Continuity and Disaster Planning WHITE PAPER Business Continuity and Disaster Planning A guide to preparing for the unexpected Robert Drewniak Director, Strategic & Advisory Services Disasters are not always the result of high winds and

More information

Federal Financial Institutions Examination Council FFIEC BCP. Business Continuity Planning FEBRUARY 2015 IT EXAMINATION H ANDBOOK

Federal Financial Institutions Examination Council FFIEC BCP. Business Continuity Planning FEBRUARY 2015 IT EXAMINATION H ANDBOOK Federal Financial Institutions Examination Council FFIEC Business Continuity Planning BCP FEBRUARY 2015 IT EXAMINATION H ANDBOOK Table of Contents Introduction 1 Board and Senior Management Responsibilities

More information

Unit Guide to Business Continuity/Resumption Planning

Unit Guide to Business Continuity/Resumption Planning Unit Guide to Business Continuity/Resumption Planning (February 2009) Revised June 2011 Executive Summary... 3 Purpose and Scope for a Unit Business Continuity Plan(BCP)... 3 Resumption Planning... 4 Assumptions

More information

Business Continuity Planning for Risk Reduction

Business Continuity Planning for Risk Reduction Business Continuity Planning for Risk Reduction Ion PLUMB ionplumb@yahoo.com Andreea ZAMFIR zamfir_andreea_ileana@yahoo.com Delia TUDOR tudordelia@yahoo.com Faculty of Management Academy of Economic Studies

More information

Federal Financial Institutions Examination Council FFIEC. Business Continuity Planning BCP MARCH 2003 MARCH 2008 IT EXAMINATION

Federal Financial Institutions Examination Council FFIEC. Business Continuity Planning BCP MARCH 2003 MARCH 2008 IT EXAMINATION Federal Financial Institutions Examination Council FFIEC Business Continuity Planning MARCH 2003 MARCH 2008 BCP IT EXAMINATION H ANDBOOK TABLE OF CONTENTS INTRODUCTION... 1 BOARD AND SENIOR MANAGEMENT

More information

IDA FAS Sub-Committee Guidelines for Testing 1 As of October 16, 2006

IDA FAS Sub-Committee Guidelines for Testing 1 As of October 16, 2006 Guidelines for Testing 1 The Contingency Planning Sub-Committee of the IDA compiled the following BCP testing guidelines for the benefit of IDA Members. These guidelines are not mandatory and should be

More information

Resilience Audit Checklist ORG 5 RESILIENCE AUDIT CHECKLIST ORG 5

Resilience Audit Checklist ORG 5 RESILIENCE AUDIT CHECKLIST ORG 5 ORG 5 Andrew Wood, Organisational Resilience Consultant 1 Introduction We define organisational resilience as the ability and capability to anticipate, avoid, deter, protect, respond and adapt to threats

More information

DRAFT BUSINESS CONTINUITY MANAGEMENT POLICY

DRAFT BUSINESS CONTINUITY MANAGEMENT POLICY DRAFT BUSINESS CONTINUITY MANAGEMENT POLICY This document outlines a set of policies and procedures for formalising a Business Continuity programme, and provides guidelines for developing, maintaining

More information

Business Continuity Planning 101. +1 610 768-4120 (800) 634-2016 www.strohlsystems.com info@strohlsystems.com

Business Continuity Planning 101. +1 610 768-4120 (800) 634-2016 www.strohlsystems.com info@strohlsystems.com Business Continuity Planning 101 Presentation Overview What is business continuity planning Plan Development Plan Testing Plan Maintenance Future advancements in BCP Question & Answer What is a Disaster?

More information

85-01-55 Overview of Business Continuity Planning Sally Meglathery Payoff

85-01-55 Overview of Business Continuity Planning Sally Meglathery Payoff 85-01-55 Overview of Business Continuity Planning Sally Meglathery Payoff Because a business continuity plan affects all functional units within the organization, each functional unit must participate

More information

Business Continuity Management

Business Continuity Management Business Continuity Management Version 1 approved by SMG December 2013 Business Continuity Policy Version 1 1 of 9 Business Continuity Management Summary description: This document provides the rationale

More information