Glasgow Life Risk Management & Business Continuity Planning. Final Report
|
|
- Jodie Snow
- 8 years ago
- Views:
Transcription
1 Glasgow Life Risk Management & Business Continuity Planning Final Report INTERNAL AUDIT October 2014 Glasgow City Council Internal Audit 1
2 Glasgow Life Risk Management & Business Continuity Planning Table of Contents Section No Section Title 1 Introduction and Background 2 Audit Remit 3 Audit Opinion 4 Conclusions 5 Recommendations Action Plan Deleted: 6 Deleted: Detailed Findings, Conclusions and Recommendations Glasgow City Council Internal Audit 1
3 Glasgow Life Risk Management & Business Continuity Planning 1. Introduction and Background As part of the agreed programme of work for 2014/15, Internal Audit has undertaken a review of the risk management and business continuity planning (BCP) arrangements in place at Glasgow Life. 2. Audit Remit The purpose of the audit was to gain assurance that Glasgow Life has effective arrangements in place for managing the risks facing the organisation and ensuring suitable arrangements are in place to continue service delivery during or following a serious incident or disaster. 3. Audit Opinion Based on the audit work carried out a reasonable level of assurance can be placed upon the control environment. The audit has identified some scope for improvement in the existing arrangements and 3 recommendations which management should address. 4. Conclusions Based on the audit work carried out the main conclusions reached during the audit were as follows: A Risk Management Policy has been documented and is used to assist senior management to identify, monitor and control risk. The risk register is regularly reviewed and reported to both the Audit Committee and Board. Mitigating actions have been identified and implemented (for the top 5 risks which formed part of the review) to reduce the likelihood and/or impact of risk. The top 5 risks are reported to the Board on a regular basis. The GL Audit Committee has not yet approved the Risk Management Policy therefore may not be aware of, or agree with the planned approaches to risk management across the organisation. It should be noted that this is planned for December Disaster Recovery Plans are in place for all GL locations. Although not all locations have been tested, testing has been undertaken at the major venues and any unique venues in the past few years. Not all possible major events are covered in all individual locations Disaster Recovery Plans, increasing the risk that the plan will lack sufficient detail to allow business to continue during a period of adverse circumstances. All GL individual Disaster Recover Plans vary in content and structure. This could lead to vital information being omitted from the document. Glasgow City Council Internal Audit 2
4 5. Recommendations Resulting from the conclusions, 3 recommendations for improvement, 2 rated medium priority and 1 rated low priority were identified. These recommendations and the organisation s responses are shown below. Glasgow City Council Internal Audit 3
5 Title of the Audit: Glasgow Life Risk Management and Business Continuity Planning High Key controls absent, not being operated as designed or could be improved. Urgent attention required. Risk Ratings for Recommendations Medium Less critically important controls absent, not being operated as designed or could be improved. Low Lower level controls absent, not being operated as designed or could be improved. No. Audit Recommendations Priority Accepted Comments (if appropriate) Officer Responsible for Implementation Key Control: An adequate Risk Management Policy is in place which is reviewed annually and approved by the Board. Timescale for Implementation 1 Glasgow Life must ensure that the Medium Yes Will be covered by updated Risk Management Policy is Nov/Dec Audit approved by the Audit Committee. The Committee every year policy should be reviewed annually and any changes approved by the Audit Committee. (paragraph 6.1.9). Key Control: Business Continuity arrangements are in place, tested and updated. Martin Booth Dec GL should consider drafting a template Disaster Recovery Plan for use by each location to ensure consistency across the organisation with particular reference to the Mitchell Library. The template should include the various events which could disrupt the running of each location. (paragraph 6.2.9). Medium Yes Kathryn Greehy Mar 2015 Glasgow City Council Internal Audit 4
6 Title of the Audit: Glasgow Life Risk Management and Business Continuity Planning (continued) No. Audit Recommendations Priority Accepted Comments (if appropriate) Key Control: Business Continuity arrangements are tested and updated. Officer Responsible for Implementation Timescale for Implementation 3 GL should consider updating their BCP testing timetable to ensure that all venue types are tested within a 3/ 4 year period. A report outlining the previous 3 years testing and the next years testing plan should be reported to the Audit Committee for approval. (paragraph ). Low Yes Kathryn Greehy Dec 2014 Glasgow City Council Internal Audit 5
7 Glasgow City Council Internal Audit Deleted: 6. DETAILED FINDINGS, CONCLUSIONS and RECOMMENDATIONS Based on the audit work undertaken, the following areas were found to be satisfactory: A Risk Management Policy has been documented and is used to assist senior management to identify, monitor and control risk. The risk register is regularly reviewed and reported to the Audit Committee and Board. Mitigating actions have been identified and implemented (for the top 5 risks which formed part of the review) to reduce the likelihood and/or impact of risk. The top 5 risks are reported to the Board on a regular basis. 6.1 Risk Management Policy Findings The Glasgow Life Risk Management Policy was last updated in February 2014 to bring the document in line with revisions to the risk scoring matrix by Glasgow City Council. The policy covers the aims and objectives of the risk strategy, risk scoring, risk monitoring and the risk responsibilities of staff at all levels within the organisation. The updated Risk Management Policy has not been approved by the Audit Committee or Board. The auditor was advised by the Assistant Business Support Manager that the 3rd Audit Committee meeting of each year deals with policy matters and that the Risk Management Policy will be taken to the Audit Committee meeting scheduled for 2nd December 2014 for approval. Conclusion The GL Audit Committee has not yet approved the Risk Management Policy therefore may not be aware of, or agree with the planned approaches to Risk management across the organisation. It should be noted that this is planned for December Recommendation Glasgow Life must ensure that the updated Risk Management Policy is approved by the Audit Committee. The policy should... [1]
8 Page 6: [1] Deleted Martin Booth 12/8/ :24:00 AM 6. DETAILED FINDINGS, CONCLUSIONS and RECOMMENDATIONS Based on the audit work undertaken, the following areas were found to be satisfactory: A Risk Management Policy has been documented and is used to assist senior management to identify, monitor and control risk. The risk register is regularly reviewed and reported to the Audit Committee and Board. Mitigating actions have been identified and implemented (for the top 5 risks which formed part of the review) to reduce the likelihood and/or impact of risk. The top 5 risks are reported to the Board on a regular basis. 6.1 Risk Management Policy Findings The Glasgow Life Risk Management Policy was last updated in February 2014 to bring the document in line with revisions to the risk scoring matrix by Glasgow City Council. The policy covers the aims and objectives of the risk strategy, risk scoring, risk monitoring and the risk responsibilities of staff at all levels within the organisation. The updated Risk Management Policy has not been approved by the Audit Committee or Board. The auditor was advised by the Assistant Business Support Manager that the 3rd Audit Committee meeting of each year deals with policy matters and that the Risk Management Policy will be taken to the Audit Committee meeting scheduled for 2nd December 2014 for approval. Conclusion The GL Audit Committee has not yet approved the Risk Management Policy therefore may not be aware of, or agree with the planned approaches to Risk management across the organisation. It should be noted that this is planned for December Recommendation Glasgow Life must ensure that the updated Risk Management Policy is approved by the Audit Committee. The policy should be reviewed annually and any changes approved by the Audit Committee. 6.2 Business Continuity Plan Findings Glasgow Life has also recently updated its Corporate BCP and the individual Disaster Recovery Plans for each of the venues. The Corporate BCP and individual Disaster Recovery Plans are reviewed on an annual basis and updated when required. The Corporate BCP was last updated in April 2014.
9 6.2.2 There is an annual programme for desktop testing and reviewing Business Continuity Plans in place across the organisation, with the testing of 1 or 2 categories of venues each year. The results of the testing are used to inform the plans of other similar venues across the GL estate In the past few years the major venues and unique venues, such as Glasgow Museum Resource Centre, have been tested The auditor was advised that there are over 50 venues within GL and each location has its own Disaster Recovery Plan. A sample of 4 venue Disaster Recovery Plans was chosen to confirm that they sufficiently detail how the various business functions across the organisation should be performed in the event of a major business interruption. The Disaster Recovery Plans selected were - Glasgow Royal Concert Hall (GRCH), Emirates arena, the Mitchell Library and Scotstoun Leisure Centre From reviewing the 4 Disaster Recovery Plans, the auditor found the Mitchell Library Disaster Recovery Plan to be inadequate for the purpose of BCP as the various events which could disrupt the running of the business had not been documented. The auditor also noted that each of the 4 Disaster Recovery Plan varied in structure and content and there was no set template followed. Conclusions Disaster Recovery Plans are in place for all GL locations. Although not all locations have been tested, testing has been undertaken at the major venues and any unique venues in the past few years Not all possible major events are covered in all individual locations Disaster Recovery Plans, increasing the risk that the plan will lack sufficient detail to allow business to continue during a period of adverse circumstances All GL individual Disaster Recover Plans vary in content and structure. This could lead to vital information being omitted from the document. Recommendations GL should consider drafting a template Disaster Recovery Plan for use by each location to ensure consistency across the organisation with particular reference to the Mitchell Library. The template should include the various events which could disrupt the running of each location GL should consider updating their BCP testing timetable to ensure that all venue types are tested within a 3/ 4 year period. A report outlining the previous 3 years testing and the next years testing plan should be reported to the Audit Committee for approval.
GLASGOW LIFE Review of Business Continuity Planning. Final Report
Final Report INTERNAL AUDIT September 2011 Glasgow City Council Internal Audit 1 Table of Contents Section No Section Title 1 Introduction and Background 2 Audit Remit 3 Audit Opinion 4 Conclusions 5 Recommendations
More informationGLASGOW LIFE ATTENDANCE MANAGEMENT
GLASGOW LIFE ATTENDANCE MANAGEMENT Final Report INTERNAL AUDIT April 2013 Glasgow City Council Internal Audit 1 GLASGOW LIFE Attendance Management Table of Contents Section No Section Title 1 Introduction
More informationGLASGOW LIFE Debtors and Debt Management. Final Report
GLASGOW LIFE Debtors and Debt Management Final Report INTERNAL AUDIT May 2012 Glasgow City Council Internal Audit 1 GLASGOW LIFE Debtors and Debt Management Table of Contents Section No Section Title 1
More informationGlasgow Life Performance Management. Final Report
Glasgow Life Performance Management Final Report INTERNAL AUDIT October 2013 Glasgow City Council Internal Audit 1 GLASGOW LIFE Performance Management Table of Contents Section No Section Title 1 Introduction
More informationGlasgow Life Carbon Management. Final Report
Glasgow Life Carbon Management Final Report INTERNAL AUDIT Glasgow City Council Internal Audit 1 November 2014 GLASGOW LIFE Carbon Management Table of Contents Section No Section Title 1 Introduction and
More informationInternal Audit Report Disaster Recovery / Business Continuity Planning
Audit Committee, 28 November 2013 Internal Audit Report Disaster Recovery / Business Continuity Planning Executive summary and recommendations Introduction As part of the Internal Audit Plan for 2013-14,
More informationAnnex 1. Business Continuity Management Policy
Annex 1 Business Continuity Management November 2008 p 2 Thanet District Council Business Continuity Management Contents Foreword...3...4 Definition of Terms...5 Document History...6 This policy is supported
More informationBusiness Continuity Management
Business Continuity Management Standard Operating Procedure Notice: This document has been made available through the Police Service of Scotland Freedom of Information Publication Scheme. It should not
More informationCoping with a major business disruption. Some practical advice
Coping with a major business disruption Some practical advice Coping with a major business disruption What is business continuity? Business continuity planning (BCP) is a management process that helps
More informationGLASGOW LIFE Review of Asset Management. Final Report
GLASGOW LIFE Review of Asset Management Final Report INTERNAL AUDIT March 2012 Glasgow City Council Internal Audit 1 GLASGOW LIFE Review of Asset Management Table of Contents Section No Section Title 1
More informationBusiness Continuity Management Policy and Framework
Management Policy and Framework Version: Produced by: Date Produced: Approved by: Updated: 7 University Manager with the assistance of the Operational Group 11 th March 2010 Steering Group (14 December
More informationInformation Services IT Security Policies B. Business continuity management and planning
Information Services IT Security Policies B. Business continuity management and planning Version 1 Date created: 28th May 2009 Approved by Directorate: 2nd July 2009 Review date: 1st July 2010 Primary
More informationPARKES SHIRE COUNCIL BUSINESS CONTINUITY POLICY
PARKES SHIRE COUNCIL BUSINESS CONTINUITY POLICY PARKES SHIRE COUNCIL BUSINESS CONTINUITY POLICY CONTENTS INTRODUCTION... 1 PURPOSE... 1 POLICY... 1 DEFINITIONS... 1 RESPONSIBILITY... 1 RELATED DOCUMENTATION...
More informationRISK MANAGEMENT STRATEGY
RISK MANAGEMENT STRATEGY 1 Introduction The purpose of this document is to outline a which facilitates the effective recognition and management of risks facing the University. The Combined Code on Corporate
More informationInternal Audit Report. Corporate Services. Review of Business Continuity
Internal Audit Report Corporate Services Review of Business Continuity February 2010 CONTENTS 1. BACKGROUND 1 Page 2. AUDIT SCOPE AND OBJECTIVES 1 3. AUDIT APPROACH 2 4. SUMMARY OF MAIN FINDINGS 2 5. PLAN
More informationBUSINESS CONTINUITY MANAGEMENT FRAMEWORK
BUSINESS CONTINUITY MANAGEMENT FRAMEWORK Document Author: Civil Contingencies Service - Authorised by the CCS Joint Management Board - Version 1.0. Issued December 2012 Page 1 FRAMEWORK STATEMENT Business
More informationBusiness Continuity Management Policy
Business Continuity Management Policy Business Continuity Policy Version 1.0 1 Version control Version Date Changes Author 0.1 April 13 1 st draft PH 0.2 June 13 Amendments in line with guidance PH 0.3
More informationDesktop Scenario Self Assessment Exercise Page 1
Page 1 Neil Jarvis Head of IT Security & IT Risk DHL Page 2 From reputation to data loss - how important is business continuity? Neil Jarvis Head of IT Security (EMEA) DHL Logistics IT Security Taking
More informationTeam Business Continuity Plan Guide
Team Business Continuity Plan Guide Contents Introduction 1.0 Functional Analysis of your Team 2.0 Business Continuity Risk Assessment 3.0 Team Network of Contacts 4.0 Incident Log Sheet 5.0 Record of
More informationVersion: 3.0. Effective From: 19/06/2014
Policy No: RM66 Version: 3.0 Name of Policy: Business Continuity Planning Policy Effective From: 19/06/2014 Date Ratified 05/06/2014 Ratified Business Service Development Committee Review Date 01/06/2016
More informationFINAL. Internal Audit Report. Data Centre Operations and Security
FINAL Internal Audit Report Data Centre Operations and Security Document Details: Reference: Report nos from monitoring spreadsheet/2013.14 Senior Manager, Internal Audit & Assurance: ext. 6567 Engagement
More informationHow to Exercise a Business Continuity Plan (BCP)
How to Exercise a Business Continuity Plan (BCP) This document provides a step by step guide to exercising a Business Continuity Plan (BCP). The exercise of a BCP should not be undertaken in isolation,
More informationBusiness Continuity Policy
Business Continuity Policy Summary: This policy sets out the structure for ensuring that the PCT has effective Business Continuity Plans in place in order to maintain its essential business functions during
More informationBUSINESS CONTINUITY POLICY
BUSINESS CONTINUITY POLICY Last Review Date Approving Body n/a Audit Committee Date of Approval 9 th January 2014 Date of Implementation 1 st February 2014 Next Review Date February 2017 Review Responsibility
More informationSUBJECT: REPLACEMENT OF CORPORATE ELECTRONIC DATA STORAGE, BACKUP AND DISASTER RECOVERY SOLUTIONS
REPORT TO CABINET TO BE HELD ON 15 SEPTEMBER 2015 Key Decision No Forward Plan Ref No 23K Corporate Priority The proposals in this report contribute to the delivery of all the Council s priorities Cabinet
More informationTips and techniques a typical audit programme
Auditing Business Continuity Planning Tips and techniques a typical audit programme Karen Wills, Senior Internal Auditor St James s Place Wealth Management February 2014 Contents Background Roles and Responsibilities
More informationIT REVIEW OF THE DISASTER RECOVERY ARRANGEMENTS
NOTTINGHAM CITY HOMES IT REVIEW OF THE DISASTER RECOVERY ARRANGEMENTS Report issued: February 2011 Audit Plan: The matters raised in this report are only those that came to the attention of the auditor
More informationNHS ISLE OF WIGHT CLINICAL COMMISSIONING GROUP BUSINESS CONTINUITY POLICY
NHS ISLE OF WIGHT CLINICAL COMMISSIONING GROUP BUSINESS CONTINUITY POLICY AUTHOR/ APPROVAL DETAILS Document Author Written By: Human Resources Authorised Signature Authorised By: Helen Shields Date: 20
More informationSmart Meters Programme Schedule 8.6. (Business Continuity and Disaster Recovery Plan) (CSP North version)
Smart Meters Programme Schedule 8.6 (Business Continuity and Disaster Recovery Plan) (CSP North version) Schedule 8.6 (Business Continuity and Disaster Recovery Plan) (CSP North version) Amendment History
More informationBusiness continuity management and planning
B Business continuity management and planning This document is part of the UCISA Information Security Toolkit providing guidance on the policies and processes needed to implement an organisational information
More informationPOLICY. 1) Business Continuity Management 2) Disaster Recovery 3) Critical Incident Management 4) Risk Management
POLICY Policy Title: Management Descriptors: 1) Management 2) Disaster Recovery 3) Critical Incident Management 4) Risk Management Category: Risk Management Intent Organisational Scope Definitions Policy
More informationBusiness Continuity (Policy & Procedure)
Business Continuity (Policy & Procedure) Publication Scheme Y/N Can be published on Force Website Department of Origin Force Operations Policy Holder Ch Supt Head of Force Ops Author Business Continuity
More informationRisk Management Policy
Risk Management Policy June 2015 1 2 Contents 1. Policy Objectives and Background... 4 1.1. Policy Background... 4 1.2. Policy Objective... 4 1.3. Policy Sponsor and Maintenance... 4 2. Risk Types and
More informationBusiness Continuity Management
Business Continuity Management Policy Statement & Strategy July 2009 Basildon District Council Business Continuity Management Policy Statement The Council is committed to ensuring robust and effective
More informationBUSINESS CONTINUITY PLANNING
BUSINESS CONTINUITY PLANNING INDEX Description Page Index 1 Template 1 - Plan Version Control 2 Background 3 Purpose of Business Continuity Plan 3 Roles and Responsibilities 3 Complimentary Links 4 Service/
More informationRisk Management: Coordinated activities to direct and control an organisation with regard to risk.
POLICY CG01 RISK MANAGEMENT Document Control Statement This Policy is maintained by the Governance and Organisational Strategy. Any printed copy may not be up to date and you are advised to check the electronic
More informationBusiness Continuity Plans
Version Number Issue 2 Business Continuity Policy Date Revision Complete Policy Owner Author Reason for Revision Proof Read April 2016 Business Improvement Manager Emma Earle, Business Services Officer
More informationEA-ISP-002-Business Continuity Management and Planning Policy
Technology & Information Services EA-ISP-002-Business Continuity Management and Planning Policy Owner: Adrian Hollister Author: Paul Ferrier Date: 17/03/2015 Document Security Level: PUBLIC Document Version:
More informationJoint Audit Report for South Lakeland District Council. & Eden District Council
Joint Audit Report for South Lakeland District Council & Eden District Council Audit of IT Data Backup and Recovery Arrangements Audit of Development Management 22nd May 2015 11 th June 2015 0 Page 0 Audit
More informationBUSINESS CONTINUITY MANAGEMENT POLICY
BUSINESS CONTINUITY MANAGEMENT POLICY AUTHORISED BY: DATE: Andy Buck Chief Executive March 2011 Ratifying Committee: NHS Rotherham Board Date Agreed: Issue No: NEXT REVIEW DATE: 2013 1 Lead Director John
More informationDERBYSHIRE COUNTY COUNCIL BUSINESS CONTINUITY POLICY
DERBYSHIRE COUNTY COUNCIL BUSINESS CONTINUITY POLICY VERSION 1.0 ISSUED JULY 2015 CONTENTS Page CONTENTS VERSION CONTROL FOREWORD i ii iii POLICY 1 Scope 1 Aim and Objectives 1 Methods and Standards 1
More informationBusiness Continuity Business Continuity Management Policy
Business Continuity Business Continuity Management Policy : Date of Issue: 28 January 2009 Version no: 1.1 Review Date: January 2010 Document Owner: Patricia Hughes Document Authoriser: Tony Curtis 1 Version
More informationBusiness Continuity Management Framework 2014 2017
Business Continuity Management Framework 2014 2017 Blackpool Council Business Continuity Framework V3.0 Page 1 of 13 CONTENTS 1.0 Forward 03 2.0 Administration 04 3.0 Policy 05 4.0 Business Continuity
More information39 GB Guidance for the Development of Business Continuity Plans
39 GB Guidance for the Development of Business Continuity Plans Policy number: Version 2.2 Approved by Name of author/originator Owner (director) 39 GB Executive Committee Date of approval August 2014
More informationThe Council is invited to note the methods used to develop the business continuity plan
For information BUSINESS CONTINUITY PLAN DISCLOSABLE Meeting 26/01/07 Agenda Item 18 Reference No HEFCW/07/12 INTRODUCTION 1 This paper asks the Council to note the development of a business continuity
More informationEssex Fire Authority
Internal Audit Report (2.13/.14) FINAL with the Civil Contingencies Act 1 October 2013 Contents Section Page Executive Summary 1 Action Plan 5 Findings and Recommendations 6 Debrief meeting 15 August 2013
More information1.0 Policy Statement / Intentions (FOIA - Open)
Force Policy & Procedure Reference Number Business Continuity Management D269 Policy Version Date 23 July 2015 Review Date 23 July 2016 Policy Ownership Portfolio Holder Links or overlaps with other policies
More informationManaging Risk Control Environment and Responsibilities
Managing Risk Page 1 of 8 Contents Introduction...3 Risk...3 Risk management - using the framework...3 Source of risk...3 Likelihood and impact...3 Inherent risk...4 Risk-reducing measures...4 Effectiveness...5
More informationFINRMFS9 Facilitate Business Continuity Planning and disaster recovery for a financial services organisation
Facilitate Business Continuity Planning and disaster recovery for a Overview This unit is suitable for those working in risk management roles who have responsibility for facilitating business continuity
More informationColeg Gwent. Business Continuity Plan Test - Post Implementation Review (PIR) Internal Audit Report (12.09/10)
Internal Audit Report 1 June 2010 Business Continuity Plan Test Post Implementation Review (PIR) CONTENTS Section Page Executive Summary 1 Action Plan 4 Findings and Recommendations 5 Debrief meeting 28
More informationPAPER-6 PART-1 OF 5 CA A.RAFEQ, FCA
1 Chapter-4: Business Continuity Planning and Disaster Recovery Planning PAPER-6 PART-1 OF 5 CA A.RAFEQ, FCA Learning Objectives 2 To understand the concept of Business Continuity Management To understand
More informationInformation Governance Strategy
Information Governance Strategy Document Status Draft Version: V2.1 DOCUMENT CHANGE HISTORY Initiated by Date Author Information Governance Requirements September 2007 Information Governance Group Version
More informationInternal Audit Report Business Continuity Planning Arrangements
The Highland Council Community Services Committee 6 November 2014 Agenda Item Report No 19 COM 45/14 Internal Audit Report Planning Arrangements Report by Director of Community Services Summary This report
More informationBusiness Continuity Planning
Business Continuity Planning We believe all organisations recognise the importance of having a Business Continuity Plan, however we understand that it can be difficult to know where to start. That s why
More informationICT Internal Audit Strategy 2009-10 to 2011-12. Report by the Head of Finance
Audit Committee 24 September 2009 Item No. 12 ICT Internal Audit Strategy 2009-10 to 2011-12 Report by the Head of Finance This report introduces the ICT Internal Audit Strategy and asks the Audit Committee
More informationRISK MANAGEMENT POLICY (Revised October 2015)
UNIVERSITY OF LEICESTER RISK MANAGEMENT POLICY (Revised October 2015) 1. This risk management policy ( the policy ) forms part of the University s internal control and corporate governance arrangements.
More informationDIRECTORATE OF AUDIT, RISK FF AND ASSURANCE. Appendix 2a FOLLOW UP REVIEW OF CORPORATE BUSINESS CONTINUITY
DIRECTORATE OF AUDIT, RISK FF AND ASSURANCE Internal (Foundry Audit Forms Service San/ Font size to 20/ the RBG: 160, GLA 160, 170) Appendix 2a FOLLOW UP REVIEW OF CORPORATE BUSINESS CONTINUITY DISTRIBUTION
More informationDRAFT Revised Guide to the National CDEM Plan 2015 July 2015
19. Planning Summary Planning involves the proactive coordination of CDEM Group and agency activities in the medium to long term, with the intention of achieving a unified effort that works towards a common
More informationBusiness Continuity Planning and Disaster Recovery Planning
4 Business Continuity Planning and Disaster Recovery Planning Basic Concepts 1. Business Continuity Management: Business Continuity means maintaining the uninterrupted availability of all key business
More informationDacorum Borough Council Final Internal Audit Report. IT Business Continuity and Disaster Recovery
Dacorum Borough Council Final Internal Audit Report IT Business Continuity and Disaster Recovery Distribution list: Chris Gordon Group Manager Performance, Policy and Projects John Worts ICT Team Leader
More informationBusiness Continuity Management Policy
Business Continuity Management Policy May 2009 Document Document drafted by Office of Quality and Risk Reference Number OQR032 Document approved by Ms. E. Dunne, Head of Quality and Risk Revision Number
More informationInformation Security Policy. Chapter 11. Business Continuity
Information Security Policy Chapter 11 Business Continuity Author: Policy & Strategy Team Version: 0.5 Date: July 2008 Version 0.5 Page 1 of 6 Document Control Information Document ID Document title Sefton
More informationXYZ Medica Inc. Change Management
XYZ Medica Inc. Change Management December 2006 Suggested additions to this basic report template Classify Changes as per the recommendations of ITIL then report against the separate classifications. This
More informationEssex Clinical Commissioning Groups. Business Continuity Management System. Business Impact Analysis Datasheet
Item 013.2b Essex Clinical Commissioning Groups Business Continuity Management System Business Impact Analysis Datasheet BIA Author: BIA Owner: Version: Daniel Hale - Head of Emergency Planning Draft Date
More informationSouth West Lincolnshire NHS Clinical Commissioning Group Business Continuity Policy
South West Lincolnshire NHS Clinical Commissioning Group Business Continuity Policy Reference No: CG 01 Version: Version 1 Approval date 18 December 2013 Date ratified: 18 December 2013 Name of Author
More informationIT Assurance - Business Continuity and Disaster Recovery
Audit Summary Report October 2006 PAPER D IT Assurance - Business Continuity and Disaster Recovery Audit 2006/2007 Paper D - 1 External audit is an essential element in the process of accountability for
More informationBusiness Continuity Planning. Presentation and. Direction
Business Continuity Planning Presentation and Direction Thomas Bronack, president Data Center Assistance Group, Inc. 15180 20 th Avenue Whitestone, NY 11357 Phone: (718) 591-5553 Email: bronackt@dcag.com
More informationBusiness Continuity Planning for Risk Reduction
Business Continuity Planning for Risk Reduction Ion PLUMB ionplumb@yahoo.com Andreea ZAMFIR zamfir_andreea_ileana@yahoo.com Delia TUDOR tudordelia@yahoo.com Faculty of Management Academy of Economic Studies
More informationAPPENDIX C. Internal Audit Report South Holland District Council Project Management
APPENDIX C Internal Audit Report South Holland District Council Project Management Date: 20th December 2012 Contents Introduction and Scope 1 Executive Summary Assurance Opinion Key Messages 2 3 Management
More informationSFJCCAD2 Promote business continuity management
Overview This unit is about providing advice and assistance on business continuity management, including general advice for the business and voluntary sectors, and specific advice and assistance to individual
More informationBusiness Continuity Policy
Business Continuity Policy St Mary Magdalene Academy V1.0 / September 2014 Document Control Document Details Document Title Document Type Business Continuity Policy Policy Version 2.0 Effective From 1st
More informationComhairle nan Eilean Siar Internal Audit Review DISASTER RECOVERY ARRANGEMENTS Information Technology. Final Report 2014/15-06
Comhairle nan Eilean Siar Internal Audit Review Information Technology Final Report 2014/15-06 3 rd November 2014 CONTENTS Page SECTION 1 - EXECUTIVE SUMMARY 1-6 SECTION 2 - DETAILED FINDINGS AND RECOMMENDATIONS
More informationBUSINESS CONTINUITY STRATEGY
BUSINESS CONTINUITY STRATEGY January 2009 CONTENTS Page BACKGROUND 1 OVERVIEW 1 AIM AND OBJECTIVES 1 CORE BUSINESS OF THE COUNCIL 2 ORGANISATION STRUCTURE 2 RISK IDENTIFICATION AND MITIGATION STRATEGIES
More informationCHAPTER 1: BUSINESS CONTINUITY MANAGEMENT STRATEGY AND POLICY
Zurich Management Services Limited Registered in England: No 2741053 Registered Office The Zurich Centre, 3000 Parkway Whiteley, Fareham Hampshire, PO15 7JZ CHAPTER 1: BUSINESS CONTINUITY MANAGEMENT STRATEGY
More informationCENTRAL LINCOLNSHIRE LOCAL PLAN HIGHLIGHT REPORT
Public Sector Auditing.. Private Sector Thinking CENTRAL LINCOLNSHIRE LOCAL PLAN HIGHLIGHT REPORT Date: 7 th November 2014 Author: Rachel Abbott Principal Auditor Introduction & Scope The National Planning
More informationBusiness Continuity Management For Small to Medium-Sized Businesses
Business Continuity Management For Small to Medium-Sized Businesses Produced by NORMIT and Norfolk County Council Resilience Team For an electronic copy of this document visit www.normit.org Telephone
More informationThe Corporate Select Committee is asked to note the attached report.
CORPORATE SELECT COMMITTEE RISK MANAGEMENT Report Author: Peter Grimshaw Internal Audit Manager Executive Member: Councillor John Faulkner Agenda Item 12 13 September 2005 1. PURPOSE This is a regular
More informationMinutes of the meeting of 30 June 2014
Minutes of the meeting of 30 June 2014 The meeting opened at 10.34. Present: Brian Baverstock, Chair Linda Watt, committee member Andrew Thin, committee member Also present: Boyd McAdam, National Convener/Interim
More informationAttachment #2. BUSINESS CONTINUITY PLAN Plan Development Guidelines
Version 2 May 2004 TABLE OF CONTENTS PURPOSE OF DOCUMENT... 2 ASSOCIATION RULE REQUIREMENT BY-LAW NO. 17.19.... ERROR! BOOKMARK NOT DEFINED. GUIDELINES FOR NING... 2 SCOPE OF THE PLAN... 2 GOVERNANCE AND
More informationGuideline - Business Continuity Plan
Guideline - Business Continuity Plan 1. Introduction: The Business Continuity Plan is a component of the Risk and Business Management suite. This suite includes: Risk Management including risk registers
More informationAppenidx 1a. DIRECTORATE OF AUDIT, RISK AND ASSURANCE Internal Audit Service to the GLA REVIEW OF HOUSING COMPLIANCE AUDIT PROGRAMME
Appenidx 1a DIRECTORATE OF AUDIT, RISK AND ASSURANCE Internal Audit Service to the GLA REVIEW OF HOUSING COMPLIANCE AUDIT PROGRAMME DISTRIBUTION LIST Audit Team David Esling, Head of Audit and Assurance
More informationEssex Clinical Commissioning Groups. Business Continuity Management System. Scope and Policy
Essex Clinical Commissioning Groups Essex Clinical Commissioning Groups Business Continuity Management System Scope and Policy Policy Author: Daniel Hale - Head of Emergency Planning Version: 1.0 Date
More informationCouncil Policy Business Continuity Management
Policy Name: Business Continuity Management Council Policy Business Continuity Management ADOPTED BY COUNCIL: 19 th April 2016 DATE OF NEXT REVIEW: 18 th April 2020 RESPONSIBLE OFFICER: REFERENCES: Chief
More informationA GUIDE TO BUSINESS CONTINUITY PLANNING
A GUIDE TO BUSINESS CONTINUITY PLANNING Introduction The Civil Contingencies Act 2004 places a duty on Local Authorities to ensure that local businesses and voluntary sector organisations in their area
More informationIntroduction UNDERSTANDING BUSINESS CONTINUITY MANAGEMENT
INFORMATION SECURITY: UNDERSTANDING BUSINESS CONTINUITY MANAGEMENT FACTSHEET This factsheet will introduce you to Business Continuity Management (BCM), which is a process developed to counteract systems
More informationRiver Stour (Kent) Internal Drainage Board Risk Management Strategy and Policy
River Stour (Kent) Internal Drainage Board Risk Management Strategy and Policy Page: 1 Contents 1. Purpose, Aims & Objectives 2. Accountabilities, Roles & Reporting Lines 3. Skills & Expertise 4. Embedding
More informationGuidance Note XGN XXX.1
Guidance Note XGN XXX.1 Risk Assessment and Business Continuity Planning 1. This Guidance Note provides further detail on matters institutions should consider in assessing disruption scenarios and certain
More informationEMERGENCY PREPAREDNESS POLICY
EMERGENCY PREPAREDNESS POLICY CONTROLLED DOCUMENT CATEGORY: CLASSIFICATION: Policy Emergency Planning PURPOSE This document sets out the strategic framework for the management of emergency preparedness
More informationUnit Guide to Business Continuity/Resumption Planning
Unit Guide to Business Continuity/Resumption Planning (February 2009) Revised June 2011 Executive Summary... 3 Purpose and Scope for a Unit Business Continuity Plan(BCP)... 3 Resumption Planning... 4 Assumptions
More informationBusiness Continuity Management
Annex A Business Continuity Management Programme Business Continuity Management Policy 1. Introduction This Business Continuity Management (BCM) Policy defines the scope of the SPCB s ability to maintain
More informationBusiness Continuity Plans Of Hammersmith & Fulham borough
Hammersmith & Fulham borough of opportunity Business Continuity Manager Residents Services Application Pack Job description Designation: Business Continuity Manager Post Number : Department: Residents
More informationExternal Supplier Control Requirements BCM
External Supplier Control Requirements BCM BCM Requirement Description BCM Tiers Recovery Time Objective Why this is important 1. Business Continuity Policy Supplier will have a documented Business Continuity
More informationUpdate from the Business Continuity Working Group
18 June 2015 Performance and Resources Board 14 To note Update from the Business Continuity Working Group Issue 1 The Business Continuity Working Group oversees the development, maintenance and improvement
More informationAudit of Business Continuity Planning
Cumbria Office of the Police & Crime Commissioner Audit of Business Continuity Planning 0 Cumbria Shared Internal Audit Service Images courtesy of Carlisle City Council except: Parks (Chinese Gardens),
More informationBusiness Continuity Policy and Business Continuity Management System
Business Continuity Policy and Business Continuity Management System Summary: This policy sets out the structure for ensuring that the PCT has effective Business Continuity Plans in place in order to maintain
More informationBUSINESS CONTINUITY PLAN
BUSINESS CONTINUITY PLAN [Name of Team/Service/Organisation] [Insert Building Name and Address] [Insert date] Detailing arrangements for: Incident Management Business Continuity Recovery and Resumption
More informationAberdeen City Council IT Disaster Recovery
Aberdeen City Council IT Disaster Recovery Internal Audit Report 2014/2015 for Aberdeen City Council January 2015 Terms or reference agreed 4 weeks prior to fieldwork Target Dates per agreed Actual Dates
More informationPOL ENTERPRISE RISK MANAGEMENT SC51. Executive Services Department BUSINESS UNIT: Executive Support Services SERVICE UNIT:
POL ENTERPRISE RISK MANAGEMENT SC51 POLICY CODE: SC51 DIRECTORATE: Executive Services Department BUSINESS UNIT: Executive Support Services SERVICE UNIT: Executive Support Services RESPONSIBLE OFFICER:
More informationUniversity of Glasgow. Policy for. Business Continuity Management
University of Glasgow Policy for Business Continuity Management 1 Policy Statement The University of Glasgow is committed to delivering the highest possible quality of service to our students, and the
More informationBusiness Continuity. Is your Business Prepared for the worse? What is Business Continuity? Why use a Business Continuity Plan?
Business Continuity Is your Business Prepared for the worse? Major emergencies can develop suddenly without warning. Situations can threaten and disrupt your business and impact upon you and your staff.
More information