NHS 24 - Business Continuity Strategy

Size: px
Start display at page:

Download "NHS 24 - Business Continuity Strategy"

Transcription

1 NHS 24 - Strategy Version: 0.3 Issue Date: 20/09/2005 Status: Issued for Board Approval Status: draft Page 1 of 13

2 Table of Contents 1 INTRODUCTION PURPOSE SCOPE ASSUMPTIONS BUSINESS CONTINUITY POLICY STATEMENT BCM ORGANISATIONAL FRAMEWORK BUSINESS CONTINUITY PLAN STRUCTURE RISK ASSESSMENT CORE BUSINESS CONTINUITY STRATEGIES BCP EXERCISE, TESTING, AND MAINTENANCE APPENDIX A KEY DEFINITIONS APPENDIX B SCENARIO CAUSES...13 Document Details Distribution: Name NHS 24 Board NHS 24 Executive Team Role Document Change Log Version Author Issue Date Comment 0.1 Graeme Newman 10 June 2005 First draft issued for internal review 0.2 Graeme Newman 27 July 2005 Second draft issued for internal review 0.3 Graham Dixon 20 September 2005 Amended after review Status: draft Page 2 of 13

3 1 Introduction 1.1 The NHS 24 service provides 24-hour confidential healthcare advice and information to the Scottish public. 1.2 Continued availability and stability of this service and the components that support it are critical to the long-term success of NHS 24 and to the welfare of the people of Scotland. 1.3 In order to manage this requirement a business continuity planning project has been launched; this document defines the organisation-wide strategy for the implementation of a coherent Management framework within NHS The design and implementation methodology is based on that outlined in the BS7799 standard for Information Security Management which encompasses the development of strategies and plans. 2 Purpose 2.1 This document is designed to provide a logical link between the Business Impact Assessment and associated Risk Assessment as defined in the BS7799 standard and the detailed operational Plans that will be designed to respond to each individual failure scenario. 2.2 Consequently, this document will form a critical component of the overall BCM framework and will meet the requirements identified within the audit reports issued by both PricewaterhouseCoopers and Audit Scotland. 2.3 Appendix A provides a glossary that will ensure consistent terminology is used throughout the organisation in reference to business continuity planning and its various elements. This will help improve understanding of the process and individual responsibilities within it. 2.4 The ultimate objective is the development of a comprehensive and coherent business continuity strategy to safeguard the NHS 24 service and protect the Scottish public. 3 Scope 3.1 The scope of this Strategy is as defined within the Business Impact Assessment. Any changes to the scope of the underlying business impact assessment should be immediately reflected within this document. 3.2 This scope definition should be maintained alongside the Information Security Management System (ISMS) Scope as defined within the ISMS Scoping Document. 3.3 The scope of this strategy will be restricted to the internal operations of NHS 24 and will not extend to the detailed plans that should be maintained by relevant partners and suppliers, except to ensure that a process is in place to enable the integration of NHS 24 plans with those of key partners and suppliers and maintain consistency across the wider NHS organisation. Status: draft Page 3 of 13

4 4 Assumptions 4.1 It is assumed that NHS 24 does not have any business continuity obligations under the Civil Contingencies Act 2004 (neither as a Category 1 nor a Category 2 responder) as the organisation is not a Health Board under the specific definition contained within the Act. 4.2 It is assumed that the key partners and suppliers of NHS 24 have responsibility for the development of their own business continuity plans and these will be made available during the planning process. These critical dependencies will be relied upon by NHS 24 and referenced within the BCP documentation and will be necessary in order to ensure an end-to-end solution. 5 Policy Statement 5.1 The NHS 24 Board and Executive Team are committed to the development and implementation of an organisation-wide Management framework. 5.2 The contents and structure of the Plan will be based upon the findings of an operational risk assessment and comprehensive business impact assessment. 5.3 The Plan will be designed to ensure the continued availability of all mission critical activities in the event of a major adverse incident. 5.4 The Plan will be tested on a periodic basis in order to ensure that the plans are effective and practical and to ensure a process of continuous improvement. 5.5 All members of NHS 24 staff will be made aware of the Plan and their role within it through a structured training and awareness programme. 5.6 The Plan will be continually kept up to date and maintained in order to ensure it remains relevant in light of changing circumstances, risks, and operational procedures. 6 BCM Organisational Framework 6.1 Within NHS 24 the Executive Team have direct responsibility and accountability for ensuring business continuity within the organisation. A single individual within this team should be given ultimate responsibility for business continuity and this currently sits with the Director of IT. 6.2 A Manager should be appointed to oversee the day-to-day development and operation of the BCM framework. It is their responsibility to co-ordinate the development and implementation of coherent Plans across the organisation (and partner / supplier networks) and report on progress to the Executive Team. This role is similar to that of the Emergency Planning Officer (EPO) that is normally a recognised position in each of the other Health Boards in NHS Scotland. 6.3 Individuals should be appointed within each Directorate as Planners. It will be their responsibility to develop the detailed operational Plans in line with the standards established in this high-level strategy and the requirements dictated by the Business Impact Assessment [Ref 1]. Status: draft Page 4 of 13

5 6.4 Other than the Manager / EPO, all of the positions highlighted within Figure 6.1 should be adopted by existing personnel within NHS 24 as an expansion of their existing functions. The Manager should be able to maintain an objective view across the organisation and is not focussed on one particular element (such as IT or Operations). 6.5 Together with the Manager, the Planners will form the Working Group. This group will have the responsibility of developing, implementing, and maintaining the NHS 24 Plans. 6.6 The Forum will represent the single source of all effort within the organisation and will meet on a monthly basis to develop plans, identify inter-dependencies and co-ordinate planning and testing efforts across departments and thereafter on at least a quarterly basis to ensure all documentation is kept up to date. This group will also serve as the forum for meeting with key partners and suppliers to ensure consistency and integration of end-to-end Plans. Figure 6.1: BCP Organisation Chart Status: draft Page 5 of 13

6 7 Plan Structure 7.1 It is important to note that the Plan is not a single, unified document, but a set of multiple operational plans and checklists designed to be used in the event of one or more BCP scenarios as defined in section The framework consists of further documents, including the Business Impact Assessment and Strategy, which must all be managed as an integrated, interdependent document set. Changes made in one document will nearly always necessitate changes in the subordinate documents. 7.3 All plans will be based on standard templates used across the wider NHS 24 organisation in order to facilitate ease of integration and simplify usage. 7.4 Figure 7.1 below depicts the major documents contained within the Management framework. Figure 7.1: BCM Framework Document Set 7.5 These documents will be owned by the Manager and will be maintained on a regular basis by the appointed Planners. 7.6 Working copies of all business continuity documentation will be stored on the main shared drive and also stored in hardcopy at each of the contact centres and Delta House. It will be the responsibility of the Manager to ensure that the hard copy documentation is kept up to date at all sites. Status: draft Page 6 of 13

7 Table 7.1: BCM Framework Document Set Ownership Document Title Document Description Document Owner Business Impact Assessment Strategy IT Risk Assessment Operational Risk Assessment High-Level Business Continuity Plan Training & Awareness Plan Test Strategy Business Unit Recovery Plans Contains detailed information relating to Mission Critical Activities and Recovery Objectives for these and their key dependencies. Outlines the high-level approach to implementing a Management framework within this organisation Details the major risks relating to the information systems within the business and recommends strategies for managing these risks This is a risk register maintained within the corporate services department that identifies and quantifies the key operational risks facing this organisation. Provides an overview of the major business continuity plans, identifies interdependencies and provides a call-out tree to navigate between documents. Details the plans for providing training and awareness sessions covering the BCP throughout the wider organisation. Details the strategy for testing the BCP in a live environment, including frequency of tests and volumes. Multiple detailed plans relating to the recovery of individual business units after a BCP event. These will include, for example, alternate manual processes required to maintain continuity in the event of a technology failure. Manager Manager IT Security Manager Risk Manager Manager Manager Test Manager Planners Status: draft Page 7 of 13

8 Emergency Communications Plan Disaster Recovery Plan Crisis Management Plan Test Plans Details the plans, procedures, and protocols required for communication both internally and externally during and after a BCP event. Provides detailed operational and technical procedures for the invocation of the technical disaster recovery solution. Provides key contact information for emergency services and relevant members of staff to be used in the event of a major crisis. Also focuses on procedures for events such as bomb / terrorism threats, including emergency evacuation procedures. Provides detailed, repeatable test scenarios for each individual BCP event. Communications Director IT Director Manager Test Manager 8 Risk Assessment 8.1 The fault tree depicted in Figure 8.1 provides a breakdown of the high-level failure scenarios that the BCP will be designed to respond to. 8.2 The BCP will not be designed to cover a scenario where there is more than one simultaneous failure of a contact centre as this has been deemed to be exceptionally low likelihood and would not be economical to plan for. 8.3 Appendix B provides a sample set of events that may give rise to each of the scenarios shown below. It is recommended, however, that the failure scenarios be managed by business continuity plans at the effect level (e.g. critical application failure) rather than the causal level (e.g. software bug). The operational risk process will focus upon reducing the likelihood of these effects by managing the potential causes. Status: draft Page 8 of 13

9 Figure 8.1: BCP Event Tree 8.4 The scenarios described within the end box of each branch of the tree will constitute the entirety of planned BCP scenarios. 8.5 It should be noted that the business continuity planning process must be closely aligned with the operational risk management process. The organisation s BCP will minimise the impact of the events described above, whereas, the operational risk management process will reduce the likelihood of the individual events occurring (where possible). Status: draft Page 9 of 13

10 9 Core Strategies 9.1 NHS 24 has been designed from the Blueprint stage onwards with resilience and business continuity in mind. In order to respond to the scenarios outlined above, the organisation will make use of the following core strategies: virtualisation, data disaster recovery, callback, and manual operating procedures. Virtualisation 9.2 The contact centre is based on a virtual model, passing calls seamlessly between three geographically disperse centres. It is not currently considered economically viable to plan for a scenario where multiple contact centres fail simultaneously. 9.3 Should there be a major failure at one of the contact centres calls can be immediately rerouted to the other two centres for an indefinite period. Call demand and operational capacity in the remaining centres will have to be carefully managed during this period to ensure a continuous service. Data Disaster Recovery 9.4 A data disaster recovery (DDR) facility has been developed that provides back-up system capacity in the event of a major IT failure. This facility is located at a separate contact centre over 200 miles from the primary site. 9.5 The central PRM database is replicated onto the DDR facility every 15 minutes in order to ensure continuity of data when the system is switched over. Call-Back 9.6 Call management techniques will be used at times of increased service demand or at times where operating capacity is unexpectedly below the anticipated levels. The primary techniques are national call-back and busy messaging. 9.7 National call-back is the process of placing all non-urgent calls into the First Advice Queue, where callers are called-back in priority order. This ensures a clinically safe way of reducing the burden on the service and ensuring that all serious calls can be dealt with despite reduced contact centre capacity. 9.8 Often used in parallel with national call-back, a busy message can be placed at the frontend of the system ensuring that only serious and urgent callers access the service during any BCP event, this will reduce the demand and protect vital resources. Manual Operating Procedures 9.9 In order to manage the cutover period during any major systems outage, comprehensive manual operating procedures have been developed in order to run the service from a paper-based system These procedures will allow the organisation to provide a continuous, clinically safe service in the event of any major systems failure. Status: draft Page 10 of 13

11 10 BCP Exercise, Testing, and Maintenance 10.1 Each element of the overall Plan should be tested in an operational context on at least an annual basis. Testing should be used to simulate each of the defined BCP scenarios at differing volumes of demand and system load The following techniques will be used to test the defined Plans: Desktop document review: a logical process walkthrough by experienced contact centre staff to ensure the completeness and integrity of proposed plans Software simulation: simulation of selected failure scenarios through a software model to test the integrity of proposed plans. This form of testing will be vital prior to conducting a fully functional test Work area recovery tests: a physical simulation of selected scenarios confined to defined work areas and specific continuity plans Fully functional testing: a full simulation of all major failure scenarios in a live environment in order to test the end-to-end business continuity process Results from these simulations should be used to further refine and improve the Business Continuity Plans and ensure they remain current in the changing business context. All plans should be reviewed at least annually even if there are no process improvements identified by the simulations The process of desktop reviews and work area recovery tests will be used as core training techniques to ensure that front-line staff are fully familiar with the processes and procedures to be used in certain failure scenarios. This learning will then be further reinforced during the fully functional tests, coupled with lessons learnt exercises after the event. Status: draft Page 11 of 13

12 11 Appendix A Key Definitions 11.1 Management (BCM): A holistic management process that identifies potential impacts that threaten an organisation and provides a framework for building resilience with the capability for an effective response that safeguards the interests of its key stakeholders, reputation, brand and value creating activities Plan (BCP): A clearly defined and documented plan for use at the time of a Emergency, Event, Incident and/or Crisis (E/I/C). Typically a plan will cover all the key personnel, resources, services and actions required to manage the BCM process Business Impact Analysis (BIA): The management level analysis by which an organisation assesses the quantitative (financial) and qualitative (non-financial) impacts, effects and loss that might result if the organisation were to suffer a E/I/C. The findings from a BIA are used to make decisions concerning Business Continuity Management strategy and solutions Business Impact Resource Recovery Analysis (BIRRA): An assessment of the minimum level of resources e.g. personnel, workstations, technology, telephony required, overtime, after a E/I/C to maintain the continuity of the organisation s Mission Critical Activities at a minimum level of service / production. Generally considered to be part of a BIA it is an integral part of any subsequent resource Gap Analysis IT Disaster Recovery Plan: An integral part of the organisation s BCM plan by which it intends to recover and restore its IT and telecommunications capabilities after an event Level of (LBC): The minimum level of business continuity of services and/or products that is acceptable to the organisation or industry to achieve its business objectives that may be influenced or dictated by regulation or legislation Mission Critical Activities (MCA): The critical operational and/or business support activities (either provided internally or outsourced) without which the organisation would quickly be unable to achieve its business objective(s) i.e. services and/or products Operational Risk: The risk that deficiencies in information systems or internal controls will result in unexpected loss. The risk is associated with human error, system failures and inadequate procedures and controls Recovery Point Objective (RPO): The point in time to which data must be restored in the event of a business continuity emergency, event or incident. This dictates the maximum tolerable level of data loss Recovery Time Objective (RTO): An essential output from the BIA that identifies the time by which Mission Critical Activities and/or their dependencies must be recovered Risk Appetite: The willingness of an organisation to accept a defined level of risk in order to conduct its business cost-effectively. Different organisations at different stages of their existence will have different levels of risk appetite Single Point of Failure: The only (single) source of a service, activity and/or process i.e. there is no alternative, whose failure would lead to the total failure of a Mission Critical Activity and/or dependency. Status: draft Page 12 of 13

13 12 Appendix B Scenario Causes 12.1 The table below highlights some of the potential causes of the BCP scenarios described in Section 8. It is not intended to be a definitive list and is merely provided in order to demonstrate the breadth of risks that are covered by managing the identified scenarios. Table 12.1: Failure Scenarios Level 1 Effect Level 2 Effect Level 3 Effect Cause Failure of Contact Centre Facility Failure of Critical Technology Loss of Key Personnel Failure of Critical Supplier / Partner Failure of Building Services / Amenities Damage / Destruction of Buildings Critical Application Failure Incoming / Outgoing Telephony Failure - Air Conditioning Failure Power Failure Water Failure - Fire Flood Earthquake Bomb Explosion Terrorist Attack - Software Bug Unexpected Excess Demand Computer Virus Hack Attack Hardware Failure Network Failure Symposium / Meridian Failure PSTN Failure Software Bug Hardware Failure Supplier Liquidation Cable Damage Regional Power Blackout Unexpected Excess Demand - - Unexpected Excess Demand Mass Illness Absenteeism Industrial Action Severe Weather Failure of GP- OOH Co-op - Unexpected Excess Demand Staff Absent Failure of HNC - Denial of Service Attack Cable Damage Supplier Liquidation Hack Attack Status: draft Page 13 of 13

CENTRAL BANK OF KENYA (CBK) PRUDENTIAL GUIDELINE ON BUSINESS CONTINUITY MANAGEMENT (BCM) FOR INSTITUTIONS LICENSED UNDER THE BANKING ACT

CENTRAL BANK OF KENYA (CBK) PRUDENTIAL GUIDELINE ON BUSINESS CONTINUITY MANAGEMENT (BCM) FOR INSTITUTIONS LICENSED UNDER THE BANKING ACT CENTRAL BANK OF KENYA (CBK) PRUDENTIAL GUIDELINE ON BUSINESS CONTINUITY MANAGEMENT (BCM) FOR INSTITUTIONS LICENSED UNDER THE BANKING ACT JANUARY 2008 GUIDELINE ON BUSINESS CONTINUITY GUIDELINE CBK/PG/14

More information

Emergency Response and Business Continuity Management Policy

Emergency Response and Business Continuity Management Policy Emergency Response and Business Continuity Management Policy Owner: John Duffy, Registrar & Secretary Last updated: September 2012 Version: 04 Document control Date Version Author Changes To be populated

More information

Shankar Gawade VP IT INFRASTRUCTURE ENAM SECURITIES PVT. LTD.

Shankar Gawade VP IT INFRASTRUCTURE ENAM SECURITIES PVT. LTD. Business Continuity Management & Disaster Recovery Planning Presented by: Shankar Gawade VP IT INFRASTRUCTURE ENAM SECURITIES PVT. LTD. 1 What is Business Continuity Management? Is a holistic management

More information

PAPER-6 PART-1 OF 5 CA A.RAFEQ, FCA

PAPER-6 PART-1 OF 5 CA A.RAFEQ, FCA 1 Chapter-4: Business Continuity Planning and Disaster Recovery Planning PAPER-6 PART-1 OF 5 CA A.RAFEQ, FCA Learning Objectives 2 To understand the concept of Business Continuity Management To understand

More information

Business Continuity Policy and Business Continuity Management System

Business Continuity Policy and Business Continuity Management System Business Continuity Policy and Business Continuity Management System Summary: This policy sets out the structure for ensuring that the PCT has effective Business Continuity Plans in place in order to maintain

More information

Business Continuity Planning and Disaster Recovery Planning

Business Continuity Planning and Disaster Recovery Planning 4 Business Continuity Planning and Disaster Recovery Planning Basic Concepts 1. Business Continuity Management: Business Continuity means maintaining the uninterrupted availability of all key business

More information

Business Continuity Management

Business Continuity Management Business Continuity Management Standard Operating Procedure Notice: This document has been made available through the Police Service of Scotland Freedom of Information Publication Scheme. It should not

More information

abcdefghijklmnopqrstu

abcdefghijklmnopqrstu abcdefghijklmnopqrstu Business Continuity A Framework for NHS Scotland Strategic Guidance for NHS Organisations in Scotland 1 Contents 1. Introduction 4 1.1 Business Continuity Overview 5 2. Roles and

More information

BUSINESS CONTINUITY MANAGEMENT FRAMEWORK

BUSINESS CONTINUITY MANAGEMENT FRAMEWORK BUSINESS CONTINUITY MANAGEMENT FRAMEWORK Document Author: Civil Contingencies Service - Authorised by the CCS Joint Management Board - Version 1.0. Issued December 2012 Page 1 FRAMEWORK STATEMENT Business

More information

1.0 Policy Statement / Intentions (FOIA - Open)

1.0 Policy Statement / Intentions (FOIA - Open) Force Policy & Procedure Reference Number Business Continuity Management D269 Policy Version Date 23 July 2015 Review Date 23 July 2016 Policy Ownership Portfolio Holder Links or overlaps with other policies

More information

University of Glasgow. Policy for. Business Continuity Management

University of Glasgow. Policy for. Business Continuity Management University of Glasgow Policy for Business Continuity Management 1 Policy Statement The University of Glasgow is committed to delivering the highest possible quality of service to our students, and the

More information

ESCB definitions of major business continuity terms in relation to payment and securities settlement systems 1

ESCB definitions of major business continuity terms in relation to payment and securities settlement systems 1 ESCB definitions of major business continuity terms in relation to payment and securities settlement systems 1 June 2007 The ESCB has developed a glossary of major business continuity terms for market

More information

NORTH HAMPSHIRE CLINICAL COMMISSIONING GROUP BUSINESS CONTINUITY MANAGEMENT POLICY AND PLAN (COR/017/V1.00)

NORTH HAMPSHIRE CLINICAL COMMISSIONING GROUP BUSINESS CONTINUITY MANAGEMENT POLICY AND PLAN (COR/017/V1.00) NORTH HAMPSHIRE CLINICAL COMMISSIONING GROUP BUSINESS CONTINUITY MANAGEMENT POLICY AND PLAN (COR/017/V1.00) Subject and version number of document: Serial Number: Business Continuity Management Policy

More information

Business Continuity Policy

Business Continuity Policy Business Continuity Policy Page 1 of 15 Business Continuity Policy First published: Amendment record Version Date Reviewer Comment 1.0 07/01/2014 Debbie Campbell 2.0 11/07/14 Vicky Ryan Updated to include

More information

November 2007 Recommendations for Business Continuity Management (BCM)

November 2007 Recommendations for Business Continuity Management (BCM) November 2007 Recommendations for Business Continuity Management (BCM) Recommendations for Business Continuity Management (BCM) Contents 1. Background and objectives...2 2. Link with the BCP Swiss Financial

More information

CHAPTER 1: BUSINESS CONTINUITY MANAGEMENT STRATEGY AND POLICY

CHAPTER 1: BUSINESS CONTINUITY MANAGEMENT STRATEGY AND POLICY Zurich Management Services Limited Registered in England: No 2741053 Registered Office The Zurich Centre, 3000 Parkway Whiteley, Fareham Hampshire, PO15 7JZ CHAPTER 1: BUSINESS CONTINUITY MANAGEMENT STRATEGY

More information

Business Continuity Policy

Business Continuity Policy Page 1 of 16 Business Continuity Policy Issue Date: Aug 2013 Document Number: 00241 Prepared by: Business Management and Continuity Senior Manager Next Review Date: April 2014 Page 2 of 16 NHS England

More information

BUSINESS CONTINUITY MANAGEMENT GUIDELINES FOR BANKS AND FINANCIAL INSTITUTIONS

BUSINESS CONTINUITY MANAGEMENT GUIDELINES FOR BANKS AND FINANCIAL INSTITUTIONS BUSINESS CONTINUITY MANAGEMENT GUIDELINES FOR BANKS AND FINANCIAL INSTITUTIONS DIRECTORATE OF BANKING SUPERVISION AUGUST 2009 TABLE OF CONTENTS PAGE 1.0 INTRODUCTION..3 1.1 Background...3 1.2 Citation...3

More information

Business continuity strategy

Business continuity strategy Business continuity strategy 2009 2012 Table of contents 1 Why this strategy is needed 3 2 Aim of the strategy 4 3 Our approach to business continuity 4 PROCESS 4 STRUCTURE 5 DOCUMENTATION 6 DISRUPTION

More information

Business Continuity Management

Business Continuity Management Business Continuity Management Policy Statement & Strategy July 2009 Basildon District Council Business Continuity Management Policy Statement The Council is committed to ensuring robust and effective

More information

Business Continuity Management

Business Continuity Management Business Continuity Management Version 1 approved by SMG December 2013 Business Continuity Policy Version 1 1 of 9 Business Continuity Management Summary description: This document provides the rationale

More information

Principles for BCM requirements for the Dutch financial sector and its providers.

Principles for BCM requirements for the Dutch financial sector and its providers. Principles for BCM requirements for the Dutch financial sector and its providers. Platform Business Continuity Vitale Infrastructuur Financiële sector (BC VIF) Werkgroep BCM requirements 21 September 2011

More information

BUSINESS CONTINUITY FRAMEWORK

BUSINESS CONTINUITY FRAMEWORK BUSINESS CONTINUITY FRAMEWORK DOCUMENT INFORMATION DOCUMENT TYPE: DOCUMENT STATUS: POLICY OWNER POSITION: INTERNAL COMMITTEE ENDORSEMENT: APPROVED BY: Strategic document Approved Manager Organisational

More information

Coping with a major business disruption. Some practical advice

Coping with a major business disruption. Some practical advice Coping with a major business disruption Some practical advice Coping with a major business disruption What is business continuity? Business continuity planning (BCP) is a management process that helps

More information

Business Continuity Planning Instructions

Business Continuity Planning Instructions Business Continuity Planning Instructions Business continuity planning is a proactive planning process that ensures critical services or products are delivered during a disruption. In creating the plan,

More information

Business Continuity and Risk Management. Ken Kaberia Principal BCM Officer, Enterprise Risk Safaricom Limited

Business Continuity and Risk Management. Ken Kaberia Principal BCM Officer, Enterprise Risk Safaricom Limited Business Continuity and Risk Management Ken Kaberia Principal BCM Officer, Enterprise Risk Safaricom Limited What does Business Continuity mean? Business Continuity Management- Definition Business Continuity

More information

Statement of Guidance

Statement of Guidance Statement of Guidance Business Continuity Management All Licensees 1. Statement of Objectives 1.1. To enhance the resilience of the financial sector and to minimise the potential impact of a major operational

More information

NHS ISLE OF WIGHT CLINICAL COMMISSIONING GROUP BUSINESS CONTINUITY POLICY

NHS ISLE OF WIGHT CLINICAL COMMISSIONING GROUP BUSINESS CONTINUITY POLICY NHS ISLE OF WIGHT CLINICAL COMMISSIONING GROUP BUSINESS CONTINUITY POLICY AUTHOR/ APPROVAL DETAILS Document Author Written By: Human Resources Authorised Signature Authorised By: Helen Shields Date: 20

More information

Company Management System. Business Continuity in SIA

Company Management System. Business Continuity in SIA Company Management System Business Continuity in SIA Document code: Classification: Company Project/Service Year Document No. Version Public INDEX 1. INTRODUCTION... 3 2. SIA S BUSINESS CONTINUITY MANAGEMENT

More information

Business Continuity Plan

Business Continuity Plan Business Continuity Plan October 2007 Agenda Business continuity plan definition Evolution of the business continuity plan Business continuity plan life cycle FFIEC & Business continuity plan Questions

More information

BUSINESS CONTINUITY PLAN

BUSINESS CONTINUITY PLAN How to Develop a BUSINESS CONTINUITY PLAN To print to A4, print at 75%. TABLE OF CONTENTS SUMMARY SUMMARY WHAT IS A BUSINESS CONTINUITY PLAN? CHAPTER PREPARING TO WRITE YOUR BUSINESS CONTINUITY PLAN CHAPTER

More information

BUSINESS CONTINUITY MANAGEMENT POLICY

BUSINESS CONTINUITY MANAGEMENT POLICY BUSINESS CONTINUITY MANAGEMENT POLICY AUTHORISED BY: DATE: Andy Buck Chief Executive March 2011 Ratifying Committee: NHS Rotherham Board Date Agreed: Issue No: NEXT REVIEW DATE: 2013 1 Lead Director John

More information

BCP and DR. P K Patel AGM, MoF

BCP and DR. P K Patel AGM, MoF BCP and DR P K Patel AGM, MoF Key difference between BS 25999 and ISO 22301 ISO 22301 puts a much greater emphasis on setting the objectives, monitoring performance and metrics aligning BC to top management

More information

Business Continuity Management Policy and Plan

Business Continuity Management Policy and Plan Business Continuity Management Policy and Plan 1 Page No: Contents 1.0 Introduction 3 2.0 Purpose 3 3.0 Definitions 4 4.0 Roles, Duties & Responsibilities 4 4.1 Legal And Statutory Duties, Responsibilities

More information

Business Continuity Management Policy

Business Continuity Management Policy Business Continuity Management Policy Business Continuity Policy Version 1.0 1 Version control Version Date Changes Author 0.1 April 13 1 st draft PH 0.2 June 13 Amendments in line with guidance PH 0.3

More information

Tips and techniques a typical audit programme

Tips and techniques a typical audit programme Auditing Business Continuity Planning Tips and techniques a typical audit programme Karen Wills, Senior Internal Auditor St James s Place Wealth Management February 2014 Contents Background Roles and Responsibilities

More information

NHS Central Manchester Clinical Commissioning Group (CCG) Business Continuity Management (BCM) Policy. Version 1.0

NHS Central Manchester Clinical Commissioning Group (CCG) Business Continuity Management (BCM) Policy. Version 1.0 NHS Central Manchester Clinical Commissioning Group (CCG) Business Continuity Management (BCM) Policy Version 1.0 Document Control Title: Status: Version: 1.0 Issue date: May 2014 Document owner: (Name,

More information

Business Continuity Planning

Business Continuity Planning Business Continuity Planning Public Entities Risk Management Forum 5 th July 2012 Presented by Mark Penberthy FBCI Overcoming Practical Challenges Business Continuity Management (BCM) AGENDA 1. What is

More information

BUSINESS CONTINUITY POLICY

BUSINESS CONTINUITY POLICY BUSINESS CONTINUITY POLICY Last Review Date Approving Body n/a Audit Committee Date of Approval 9 th January 2014 Date of Implementation 1 st February 2014 Next Review Date February 2017 Review Responsibility

More information

The PNC Financial Services Group, Inc. Business Continuity Program

The PNC Financial Services Group, Inc. Business Continuity Program The PNC Financial Services Group, Inc. Business Continuity Program subsidiaries) 1 Content Overview A. Introduction Page 3 B. Governance Model Page 4 C. Program Components Page 4 Business Impact Analysis

More information

Business Continuity Management. Policy Statement and Strategy

Business Continuity Management. Policy Statement and Strategy Business Continuity Management Policy Statement and Strategy November 2011 Title Business Continuity Management Policy & Strategy Date of Publication: Cabinet Council Published by Borough Council of King

More information

[INSERT NAME OF SCHOOL] BUSINESS CONTINUITY PLAN

[INSERT NAME OF SCHOOL] BUSINESS CONTINUITY PLAN Plan Ref No: [INSERT NAME OF SCHOOL] BUSINESS CONTINUITY PLAN PLAN DETAILS Date Written Plan Owner Plan Writer Version Number Review Schedule 6 monthly Annually Date of Plan Review Date of Plan Exercise

More information

Flinders University IT Disaster Recovery Framework

Flinders University IT Disaster Recovery Framework Flinders University IT Disaster Recovery Framework Establishment: Flinders University, 1 August 2013 Last Amended: Manager, ITS Security Services, 4 October 2013 Nature of Amendment: Initial release Date

More information

NHS Lancashire North CCG Business Continuity Management Policy and Plan

NHS Lancashire North CCG Business Continuity Management Policy and Plan Agenda Item 12.0. NHS Lancashire North CCG Business Continuity Management Policy and Plan Version 2 Page 1 of 25 Version Control Version Reason for update 1.0 Draft for consideration by Executive Committee

More information

University of Sunderland Business Assurance Information Security Policy

University of Sunderland Business Assurance Information Security Policy University of Sunderland Business Assurance Information Security Policy Document Classification: Public Policy Reference Central Register Policy Reference Faculty / Service IG 003 Policy Owner Assistant

More information

Information Services IT Security Policies B. Business continuity management and planning

Information Services IT Security Policies B. Business continuity management and planning Information Services IT Security Policies B. Business continuity management and planning Version 1 Date created: 28th May 2009 Approved by Directorate: 2nd July 2009 Review date: 1st July 2010 Primary

More information

Business Continuity Management Policy and Plan

Business Continuity Management Policy and Plan Business Continuity Management Policy and Plan Version No Author Date of Update 0.3 Allan Jude and Charmaine Grundy 05/06/2015 1 P a g e Contents Contents... 2 1. Introduction... 3 2. Purpose... 4 3. Definitions...

More information

Federal Financial Institutions Examination Council FFIEC. Business Continuity Planning BCP MARCH 2003 MARCH 2008 IT EXAMINATION

Federal Financial Institutions Examination Council FFIEC. Business Continuity Planning BCP MARCH 2003 MARCH 2008 IT EXAMINATION Federal Financial Institutions Examination Council FFIEC Business Continuity Planning MARCH 2003 MARCH 2008 BCP IT EXAMINATION H ANDBOOK TABLE OF CONTENTS INTRODUCTION... 1 BOARD AND SENIOR MANAGEMENT

More information

Risk Management & Business Continuity Manual 2011-2014

Risk Management & Business Continuity Manual 2011-2014 ANNEX C Risk Management & Business Continuity Manual 2011-2014 Produced by the Risk Produced and by the Business Risk and Business Continuity Continuity Team Team February 2011 April 2011 Draft V.10 Page

More information

By. Mr. Chomnaphas Tangsook Business Director BSI Group ( Thailand) Co., Ltd

By. Mr. Chomnaphas Tangsook Business Director BSI Group ( Thailand) Co., Ltd BS 25999 Business Continuity Management By. Mr. Chomnaphas Tangsook Business Director BSI Group ( Thailand) Co., Ltd 1 Contents slide BSI British Standards 2006 BS 25999(Business Continuity) 2002 BS 15000

More information

Advisory Guidelines of the Financial Supervision Authority. Requirements for Organising the Business Continuity Process of Supervised Entities

Advisory Guidelines of the Financial Supervision Authority. Requirements for Organising the Business Continuity Process of Supervised Entities Advisory Guidelines of the Financial Supervision Authority Requirements for Organising the Business Continuity Process of Supervised Entities These advisory guidelines were established by Resolution No

More information

Business Continuity Management Framework 2014 2017

Business Continuity Management Framework 2014 2017 Business Continuity Management Framework 2014 2017 Blackpool Council Business Continuity Framework V3.0 Page 1 of 13 CONTENTS 1.0 Forward 03 2.0 Administration 04 3.0 Policy 05 4.0 Business Continuity

More information

Introduction to Business Continuity Management (BCM) Andy Fyfe MBCI Resilience Manager Buckinghamshire County Council

Introduction to Business Continuity Management (BCM) Andy Fyfe MBCI Resilience Manager Buckinghamshire County Council Introduction to Business Continuity Management (BCM) Andy Fyfe MBCI Resilience Manager Buckinghamshire County Council Aim To provide an introduction to Business Continuity Management (BCM). Objectives

More information

Business Continuity Plan Toolkit

Business Continuity Plan Toolkit Business Continuity Plan Toolkit March 2015 1 Contents The Template instructions for use... 2 Introduction... 3 What is the purpose of this toolkit?... 3 Why do you need a Business Continuity Plan?...

More information

BUSINESS CONTINUITY PLAN

BUSINESS CONTINUITY PLAN Business Logo Here BUSINESS CONTINUITY PLAN FOR SMALL TO MEDIUM SIZED BUSINESSES DATE :??? VERSION:?? PRODUCED BY DURHAM CIVIL CONTINGENCIES UNIT BUSINESS CONTINUITY PLAN LIST OF CONTENTS 1. DISCLAIMER...4

More information

Business Continuity Business Continuity Management Policy

Business Continuity Business Continuity Management Policy Business Continuity Business Continuity Management Policy : Date of Issue: 28 January 2009 Version no: 1.1 Review Date: January 2010 Document Owner: Patricia Hughes Document Authoriser: Tony Curtis 1 Version

More information

Business Continuity and Disaster Recovery Planning

Business Continuity and Disaster Recovery Planning Business Continuity and Disaster Recovery Planning Jennifer Brandt, CISA A p r i l 16, 2015 HISTORY OF STINNETT & ASSOCIATES Stinnett & Associates (Stinnett) is a professional advisory firm offering services

More information

Business Continuity. Is your Business Prepared for the worse? What is Business Continuity? Why use a Business Continuity Plan?

Business Continuity. Is your Business Prepared for the worse? What is Business Continuity? Why use a Business Continuity Plan? Business Continuity Is your Business Prepared for the worse? Major emergencies can develop suddenly without warning. Situations can threaten and disrupt your business and impact upon you and your staff.

More information

Prudential Practice Guide

Prudential Practice Guide Prudential Practice Guide LPG 232 Business Continuity Management March 2007 www.apra.gov.au Australian Prudential Regulation Authority Disclaimer and copyright This prudential practice guide is not legal

More information

Guidance Note XGN XXX.1

Guidance Note XGN XXX.1 Guidance Note XGN XXX.1 Risk Assessment and Business Continuity Planning 1. This Guidance Note provides further detail on matters institutions should consider in assessing disruption scenarios and certain

More information

Section A: Introduction, Definitions and Principles of Infrastructure Resilience

Section A: Introduction, Definitions and Principles of Infrastructure Resilience Section A: Introduction, Definitions and Principles of Infrastructure Resilience A1. This section introduces infrastructure resilience, sets out the background and provides definitions. Introduction Purpose

More information

Why Should Companies Take a Closer Look at Business Continuity Planning?

Why Should Companies Take a Closer Look at Business Continuity Planning? whitepaper Why Should Companies Take a Closer Look at Business Continuity Planning? How Datalink s business continuity and disaster recovery solutions can help organizations lessen the impact of disasters

More information

Monetary Authority of Singapore BUSINESS CONTINUITY MANAGEMENT GUIDELINES

Monetary Authority of Singapore BUSINESS CONTINUITY MANAGEMENT GUIDELINES Monetary Authority of Singapore BUSINESS CONTINUITY MANAGEMENT GUIDELINES June 2003 TABLE OF CONTENTS 1.0 INTRODUCTION... 1 1.1 READINESS IS YOUR ONLY PROTECTION... 1 1.2 APPLICATION OF THE GUIDELINES...

More information

South West Lincolnshire NHS Clinical Commissioning Group Business Continuity Policy

South West Lincolnshire NHS Clinical Commissioning Group Business Continuity Policy South West Lincolnshire NHS Clinical Commissioning Group Business Continuity Policy Reference No: CG 01 Version: Version 1 Approval date 18 December 2013 Date ratified: 18 December 2013 Name of Author

More information

Proposal for Business Continuity Plan and Management Review 6 August 2008

Proposal for Business Continuity Plan and Management Review 6 August 2008 Proposal for Business Continuity Plan and Management Review 6 August 2008 2008/8/6 Contents About Newton IT / Quality of our services. BCM & BS25999 Overview 2. BCM Development in line with BS25999 3.

More information

Business Continuity Policy

Business Continuity Policy Business Continuity Policy 1 NHS England INFORMATION READER BOX Directorate Medical Commissioning Operations Patients and Information Nursing Trans. & Corp. Ops. Commissioning Strategy Finance Publications

More information

August 2013 Recommendations for Business Continuity Management (BCM)

August 2013 Recommendations for Business Continuity Management (BCM) August 2013 Recommendations for Business Continuity Management (BCM) 1 Background and objectives... 2 2 Principles... 3 3 Scope of application and threats... 4 4 Recommendations... 6 4.1 Definition and

More information

Federal Financial Institutions Examination Council FFIEC BCP. Business Continuity Planning FEBRUARY 2015 IT EXAMINATION H ANDBOOK

Federal Financial Institutions Examination Council FFIEC BCP. Business Continuity Planning FEBRUARY 2015 IT EXAMINATION H ANDBOOK Federal Financial Institutions Examination Council FFIEC Business Continuity Planning BCP FEBRUARY 2015 IT EXAMINATION H ANDBOOK Table of Contents Introduction 1 Board and Senior Management Responsibilities

More information

Business continuity plan

Business continuity plan Business continuity plan CONTENTS INTRODUCTION 2 - Scope - Components BUSINESS IMPACT ANALYSIS 3 - Business Affairs - Information Technology RISK ASSESSMENT 5 - Broad Categories of Hazards - Hazard Table

More information

NHS Hardwick Clinical Commissioning Group. Business Continuity Policy

NHS Hardwick Clinical Commissioning Group. Business Continuity Policy NHS Hardwick Clinical Commissioning Group Business Continuity Policy Version Date: 26 January 2016 Version Number: 2.0 Status: Approved Next Revision Due: January 2017 Gordon Stevens MBCI Corporate Assurance

More information

BT Conferencing Business Continuity Management. Planning to stay in business

BT Conferencing Business Continuity Management. Planning to stay in business BT Conferencing Business Continuity Management Planning to stay in business Planning for the unexpected In today s connected world, businesses are increasingly dependent on their communications and networked

More information

The Education Fellowship IT Business Continuity Plan

The Education Fellowship IT Business Continuity Plan The Education Fellowship IT Business Continuity Plan OVERVIEW 1. Definition of IT Business Continuity Management IT Business Continuity Management is defined as a holistic management process that identifies

More information

Business Continuity (Policy & Procedure)

Business Continuity (Policy & Procedure) Business Continuity (Policy & Procedure) Publication Scheme Y/N Can be published on Force Website Department of Origin Force Operations Policy Holder Ch Supt Head of Force Ops Author Business Continuity

More information

BUSINESS CONTINUITY MANAGEMENT POLICY

BUSINESS CONTINUITY MANAGEMENT POLICY BUSINESS CONTINUITY MANAGEMENT POLICY Version No: 1 Issue Status: awaiting Trust Board approval Date of Ratification: 11th April 2012 Ratified by: Risk Management Committee Policy Author(s): Stuart Coalwood

More information

BUSINESS CONTINUITY PLAN OVERVIEW

BUSINESS CONTINUITY PLAN OVERVIEW BUSINESS CONTINUITY PLAN OVERVIEW INTRODUCTION The purpose of this document is to provide Loomis customers with an overview of the company s Business Continuity Plan (BCP). Because of the specific and

More information

Disaster Recovery. Hendry Taylor Tayori Limited

Disaster Recovery. Hendry Taylor Tayori Limited Disaster Recovery Hendry Taylor Tayori Limited Agenda What is Business Continuity planning (BCP) What is Disaster Recovery (DR) and Disaster Recovery Planning (DRP) Overview Lifecycle Analysis Plan design

More information

Information Security Policy. Chapter 11. Business Continuity

Information Security Policy. Chapter 11. Business Continuity Information Security Policy Chapter 11 Business Continuity Author: Policy & Strategy Team Version: 0.5 Date: July 2008 Version 0.5 Page 1 of 6 Document Control Information Document ID Document title Sefton

More information

Business Continuity Management

Business Continuity Management Business Continuity Management Factsheet To prepare for change, change the way you prepare In an intensely competitive environment, a permanent market presence is essential in order to satisfy customers

More information

Business Continuity Management Governance. Frank Higgins Abu Dhabi March 2015

Business Continuity Management Governance. Frank Higgins Abu Dhabi March 2015 Business Continuity Management Governance Frank Higgins Abu Dhabi March 2015 Different Names Same Concept BCM (Business Continuity Management) BSI 25999 IPOCM (Incident Preparedness & Operational Continuity

More information

Table of Contents... 1

Table of Contents... 1 ... 1 Chapter 1 Introduction... 4 1.1 Executive Summary... 4 1.2 Goals and Objectives... 5 1.3 Senior Management and Board of Directors Responsibilities... 5 1.4 Business Continuity Planning Processes...

More information

HOW CAN YOU ENSURE BUSINESS CONTINUITY? ISO 22301 AUDITS, CERTIFICATION AND TRAINING

HOW CAN YOU ENSURE BUSINESS CONTINUITY? ISO 22301 AUDITS, CERTIFICATION AND TRAINING HOW CAN YOU ENSURE BUSINESS CONTINUITY? ISO 22301 AUDITS, CERTIFICATION AND TRAINING ISO 22301 BUSINESS CONTINUITY MANAGEMENT SYSTEMS Most organisations will, at some point, be faced with having to respond

More information

Staying In Business. A Business Continuity White Paper by. Paul O Brien and Gerard Joyce. LinkResQ Limited

Staying In Business. A Business Continuity White Paper by. Paul O Brien and Gerard Joyce. LinkResQ Limited Staying In Business A Business Continuity White Paper by Paul O Brien and Gerard Joyce LinkResQ Limited Contents: Introduction. 2 What is Business Continuity? 2 Loss Events = Opportunities for Disaster..

More information

I attach the following documents in response:

I attach the following documents in response: London Fire Brigade Headquarters 169 Union Street London SE1 0LL T 020 8555 1200 F 020 7960 3602 Minicom 020 7960 3629 www.london-fire.gov.uk Freedom of Information request reference number: FOIA608.1

More information

Business Continuity Planning

Business Continuity Planning Business Continuity Planning We believe all organisations recognise the importance of having a Business Continuity Plan, however we understand that it can be difficult to know where to start. That s why

More information

Business Continuity Management (BCM) Policy

Business Continuity Management (BCM) Policy Business Continuity Management (BCM) Policy Reference number: Corporate 042 Title: Business Continuity Management (BCM) Policy Version number: Version 2 Policy Approved by: LLR PCT Cluster Board Date of

More information

AUDITOR GENERAL S REPORT. Protection of Critical Infrastructure Control Systems. Report 5 August 2005

AUDITOR GENERAL S REPORT. Protection of Critical Infrastructure Control Systems. Report 5 August 2005 AUDITOR GENERAL S REPORT Protection of Critical Infrastructure Control Systems Report 5 August 2005 Serving the Public Interest Serving the Public Interest THE SPEAKER LEGISLATIVE ASSEMBLY THE PRESIDENT

More information

How to write a DISASTER RECOVERY PLAN. To print to A4, print at 75%.

How to write a DISASTER RECOVERY PLAN. To print to A4, print at 75%. How to write a DISASTER RECOVERY PLAN To print to A4, print at 75%. TABLE OF CONTENTS SUMMARY SUMMARY WHAT IS A DRP AND HOW CAN IT HELP MY COMPANY? CHAPTER PREPARING TO WRITE YOUR DISASTER RECOVERY PLAN

More information

Temple university. Auditing a business continuity management BCM. November, 2015

Temple university. Auditing a business continuity management BCM. November, 2015 Temple university Auditing a business continuity management BCM November, 2015 Auditing BCM Agenda 1. Introduction 2. Definitions 3. Standards 4. BCM key elements IT Governance class - IT audit program

More information

Business Continuity Management

Business Continuity Management Business Continuity Management cliftonlarsonallen.com Introductions Brian Pye CliftonLarsonAllen Senior Manager Business Risk Services group 15 years of experience with Business Continuity Megan Moore

More information

Prudential Practice Guide

Prudential Practice Guide Prudential Practice Guide SPG 232 Business Continuity Management July 2013 www.apra.gov.au Australian Prudential Regulation Authority Disclaimer and copyright This prudential practice guide is not legal

More information

IT Disaster Recovery Plan Template

IT Disaster Recovery Plan Template HOPONE INTERNET CORP IT Disaster Recovery Plan Template Compliments of: Tim Sexton 1/1/2015 An information technology (IT) disaster recovery (DR) plan provides a structured approach for responding to unplanned

More information

Business Continuity Planning advice for Businesses with 50-250 employees

Business Continuity Planning advice for Businesses with 50-250 employees Business Continuity Planning advice for Businesses with 50-250 employees Where to begin? A business continuity plan should consist of a business and contingencies analysis. It needs to be developed by

More information

www.pwc.com Business Resiliency Business Continuity Management - January 14, 2014

www.pwc.com Business Resiliency Business Continuity Management - January 14, 2014 www.pwc.com Business Resiliency Business Continuity Management - January 14, 2014 Agenda Key Definitions Risks Business Continuity Management Program BCM Capability Assessment Process BCM Value Proposition

More information

Appendix 2 - Leicester City Council s Business Continuity Management Policy Statement and Strategy 2015. Business Continuity Policy Statement 2015

Appendix 2 - Leicester City Council s Business Continuity Management Policy Statement and Strategy 2015. Business Continuity Policy Statement 2015 Appendix 2 - Leicester City Council s Business Continuity Management Policy Statement and Strategy 2015 Business Continuity Policy Statement 2015 This Policy sets the direction for Business Continuity

More information

Business Continuity Management For Small to Medium-Sized Businesses

Business Continuity Management For Small to Medium-Sized Businesses Business Continuity Management For Small to Medium-Sized Businesses Produced by NORMIT and Norfolk County Council Resilience Team For an electronic copy of this document visit www.normit.org Telephone

More information

BUSINESS CONTINUITY POLICY RM03

BUSINESS CONTINUITY POLICY RM03 BUSINESS CONTINUITY POLICY RM03 Applies to: All NHS LA employees, contractors, secondees and consultants, contractors and/or any other parties who will carry out duties on behalf of the NHS LA Version:

More information

South Norfolk Council Business Continuity Policy

South Norfolk Council Business Continuity Policy South Norfolk Council Business Continuity Policy 1 Title: Business Continuity Policy Date of Publication: TBC Version: 2 Published by: Emergency Planning Team Review date: April 2014 Document Owner: Document

More information

The PNC Financial Services Group, Inc. Business Continuity Program

The PNC Financial Services Group, Inc. Business Continuity Program The PNC Financial Services Group, Inc. Business Continuity Program 1 Content Overview A. Introduction Page 3 B. Governance Model Page 4 C. Program Components Page 4 Business Impact Analysis (BIA) Page

More information

White Paper: ISO 22301 Business Continuity Management An Overview. ISO 22301 Business Continuity Management An Overview

White Paper: ISO 22301 Business Continuity Management An Overview. ISO 22301 Business Continuity Management An Overview White Paper: ISO 22301 Business Continuity Management An Overview ISO 22301 Business Continuity Management An Overview Introduction As incidents such as malicious activism, terrorist attacks and environmental

More information

BUSINESS CONTINUITY MANAGEMENT IN THE PUBLIC SECTOR A ROUGH GUIDE

BUSINESS CONTINUITY MANAGEMENT IN THE PUBLIC SECTOR A ROUGH GUIDE BUSINESS CONTINUITY MANAGEMENT IN THE PUBLIC SECTOR A ROUGH GUIDE Introduction 1. Recently many organisations both public and private have directed much more time, money and effort towards protecting service

More information