Guideline - Business Continuity Plan



Similar documents
How To Manage A Disruption Event

Business continuity management policy

Business Continuity Management

COMCARE BUSINESS CONTINUITY MANAGEMENT

BUSINESS CONTINUITY MANAGEMENT FRAMEWORK

Business Continuity Management Policy

PAPER-6 PART-1 OF 5 CA A.RAFEQ, FCA

Shankar Gawade VP IT INFRASTRUCTURE ENAM SECURITIES PVT. LTD.

BCP and DR. P K Patel AGM, MoF

BUSINESS CONTINUITY MANAGEMENT POLICY

NOT PROTECTIVELY MARKED BUSINESS CONTINUITY. Specialist Operations Contingency Planning Business Continuity Manager

Business Continuity Management Policy

Information Security Policy. Chapter 11. Business Continuity

Business Continuity Policy

Joint Universities Computer Centre Limited ( JUCC ) Information Security Awareness Training- Session Four

Desktop Scenario Self Assessment Exercise Page 1

Institute for Business Continuity Training 1623 Military Road, # 377 Niagara Falls, NY

Business Continuity (Policy & Procedure)

1.0 Policy Statement / Intentions (FOIA - Open)

Business Continuity Business Continuity Management Policy

Business Continuity Management AIRM Presentation

Business Continuity Policy and Business Continuity Management System

BUSINESS CONTINUITY POLICY

Information Services IT Security Policies B. Business continuity management and planning

Business Continuity Management

Business Continuity. Is your Business Prepared for the worse? What is Business Continuity? Why use a Business Continuity Plan?

BUSINESS CONTINUITY MANAGEMENT

Birmingham CrossCity Clinical Commissioning Group. Business Continuity Management Policy

NORTH HAMPSHIRE CLINICAL COMMISSIONING GROUP BUSINESS CONTINUITY MANAGEMENT POLICY AND PLAN (COR/017/V1.00)

Principles for BCM requirements for the Dutch financial sector and its providers.

Business Continuity Management Governance. Frank Higgins Abu Dhabi March 2015

Business Continuity Management Policy and Framework

POLICY. 1) Business Continuity Management 2) Disaster Recovery 3) Critical Incident Management 4) Risk Management

Business Continuity Planning. Presentation and. Direction

VICTOR KHANYE LOCAL MUNICIPALITY PLAASLIKE MUNISIPALITEIT. ICT Business Continuity Plan. DRAFT v0.1 Page 1 of 9

CENTRAL BANK OF KENYA (CBK) PRUDENTIAL GUIDELINE ON BUSINESS CONTINUITY MANAGEMENT (BCM) FOR INSTITUTIONS LICENSED UNDER THE BANKING ACT

Business Continuity Planning and Disaster Recovery Planning

Release: 1. BSBCON601B Develop and maintain business continuity plans

EMERGENCY PREPAREDNESS PLAN Business Continuity Plan

Business Continuity Policy. Version 1.0

BUSINESS CONTINUITY POLICY

ISO BUSINESS CONTINUITY MANAGEMENT SYStEMS (BCMS) EXPERT IMPLEMENTER

Emergency Response and Business Continuity Management Policy

BSO Board Director of Human Resources & Corporate Services Business Continuity Policy. 28 February 2012

Solihull Clinical Commissioning Group

Introduction UNDERSTANDING BUSINESS CONTINUITY MANAGEMENT

Tips and techniques a typical audit programme

External Supplier Control Requirements BCM

Business Continuity Policy

NHS Hardwick Clinical Commissioning Group. Business Continuity Policy

DERBYSHIRE COUNTY COUNCIL BUSINESS CONTINUITY POLICY

Proposal for Business Continuity Plan and Management Review 6 August 2008

Business continuity plan

FINRMFS9 Facilitate Business Continuity Planning and disaster recovery for a financial services organisation

Business Continuity Management Policy

WEST YORKSHIRE FIRE & RESCUE SERVICE. Business Continuity Management Strategy

BUSINESS CONTINUITY MANAGEMENT POLICY

Strategic Alliance. Business Continuity Policy

BUSINESS CONTINUITY STRATEGY

Coping with a major business disruption. Some practical advice

The PNC Financial Services Group, Inc. Business Continuity Program

Business Continuity Management

Prudential Practice Guide

CHAPTER 1: BUSINESS CONTINUITY MANAGEMENT STRATEGY AND POLICY

Business Continuity Policy

RISK MANAGEMENT STRATEGY

Risk Management & Business Continuity Manual

#316 The Security Elements of Business Continuity & Disaster Recovery Plans

NHS ISLE OF WIGHT CLINICAL COMMISSIONING GROUP BUSINESS CONTINUITY POLICY

PAPER-6 PART-5 OF 5 CA A.RAFEQ, FCA

HOW CAN YOU ENSURE BUSINESS CONTINUITY? ISO AUDITS, CERTIFICATION AND TRAINING

Essex Clinical Commissioning Groups. Business Continuity Management System. Business Impact Analysis Process

How to measure your business resiliency

Unit Guide to Business Continuity/Resumption Planning

Business Continuity Planning (800)

By. Mr. Chomnaphas Tangsook Business Director BSI Group ( Thailand) Co., Ltd

State of South Carolina Policy Guidance and Training

BUSINESS CONTINUITY MANAGEMENT IN THE PUBLIC SECTOR A ROUGH GUIDE

A GUIDE TO BUSINESS CONTINUITY PLANNING

Business Continuity Management Framework

Risk Management Policy

Business Continuity & Crisis Management

MHA Consulting. Business Continuity Management 101

Business Continuity Policy and Framework and Business Continuity Plan

South West Lincolnshire NHS Clinical Commissioning Group Business Continuity Policy

VMIA Business Continuity Initiatives

Appendix 2 - Leicester City Council s Business Continuity Management Policy Statement and Strategy Business Continuity Policy Statement 2015

Temple university. Auditing a business continuity management BCM. November, 2015

Business Continuity Planning Instructions

Disaster Recovery and Business Continuity Plan

Essex Clinical Commissioning Groups. Business Continuity Management System. Scope and Policy

Joint Universities Computer Centre Limited ( JUCC ) Information Security Awareness Training- Session Three

Transcription:

Guideline - Business Continuity Plan 1. Introduction: The Business Continuity Plan is a component of the Risk and Business Management suite. This suite includes: Risk Management including risk registers Business Continuity Plans including business impact analysis Emergency Response Plans Health and Safety Plans Business continuity management provides the availability of processes and resources in order to ensure the continued achievement of critical objectives 1 This means that we must consider: Clearly defining and understanding our critical objectives Our key deliverables. Identifying what could prevent us from delivering our critical objectives What are the barriers and risks? Evaluating and measuring our risk controls Identifying residual risk Determining how Victoria will continue to achieve its critical objectives in the event of interruptions. The following steps describe how business continuity takes a holistic risk management approach. 2. Content and Guidelines The Business Continuity Plan is made of three stages: Assessing risks; Analysing the impact of an adverse event on a business and its primary objectives; and Documenting the necessary tasks and roles which will enable the business to recover from the adverse event. 2.1 Risk assessment Managers are responsible for assessing risk and escalating where appropriate as part of their business as usual responsibilities. Assessing risk is about identifying the threats and barriers that may be present in our operating environment and considering organisational interdependencies which may be complex and varied in the University setting. Refer to the Risk Management Guidelines for Managers. 1 Business continuity management handbook HB 221:2004 1

2.2 Business Impact Analysis The Business Impact Analysis is an integral component of the Business Continuity Plan. It provides the background upon which a plan is developed. In the analysis managers are responsible for identifying the key business processes and analysing the impacts of an emergency event to service delivery. The manager should identify the business goals, and define the critical functions, components, assets and resources required to achieve the intended outcome. Key considerations include: The damage to Victoria (or the individual business unit) resulting from an intolerable adverse event. Determine whether the deliverable is required by legislation. The different levels of disaster (this should be recorded in the Emergency Response Plan.). Identify the importance or criticality of the goals. Confirm whether they affect the critical or long term success of the University. Understand and define the maximum tolerable down time for each function and prioritise recovery. Each manager should define the recovery requirements for the items identified above and the infrastructure and resources required to enable Victoria to continue to function at a minimum acceptable level. Recovery requirements: The timeframe in which the items above must resume or be replaced. The business requirements for recovery of the above. The technical requirements for the above. The manual process in place that will mitigate loss of the above. (This will also be recorded in the unit s risk management plan). Identification of dependencies A sample impact analysis is included as Appendix 1 2.3 Guidelines for Business Continuity Plans Appendix 2 Managers should consider the following components when developing their Business Continuity Plan (BCP): a. Ensure that the business objectives are clearly understood and recorded. This can be informed by an annual business planor similar. b. Define the scope of the BCP. What are the limitations? Consider the critical business requirements or deliverables and BAU requirements. This can be informed by the business impact analysis described above. c. Ensure that the maximum acceptable outage is considered. d. Ensure that the BCP is properly coordinated to take into account information derived from the risk register and Emergency Response Plan. BCM is a component in the risk management loop. e. Ensure that any assumptions made during the planning process are sufficiently explained and documented. f. Record members of the BCM team and ensure that their roles are clearly defined. It is important that this is included in training and testing the plan. g. If an internal audit has been completed in relation to BCM, ensure that recommendations are addressed. h. If a project plan is required ensure that deliverables, responsibilities, budget and milestones are recorded and managed. 2

i. Implement a process for independent review of the plan the Safety and Risk team will review the plan annually. j. Consider back up processes, alternative accommodation and off site storage. k. To ensure that the plan remains current implement programme of periodic testing and review the plan in line with organisational changes. Supporting documentation and processes may include: a. Risk Management Plan and risk register. b. Emergency Response plan. c. Safety Plan d. Business Continuity Plan References AS/NZS ISO 31000:2009. Risk management Principles and guidelines. AS/NZS 5050:2010. Business continuity Managing disruption related risk HB 221:2004. Handbook. Business Continuity Management 3

Appendix 1 Business Impact Analysis (Sample) Business unit: Campus Operations, Safety & Risk Date: 02/09/10 Responsible Title: Telephone #: manager: BIA prepared by: Title: Telephone #: Business objective/goal Provide mail service to VUW Business process Mail collection and delivery Risk 1 Key process 2 Key assets Maximum acceptable outage (Downtime) Service delivery Receive mail Mail room 8 hrs depending on day of week. Maximum severity on Monday due to multiple mail bags received Sort mail Staff Premises 8 hrs depending on day of week. Maximum severity on Monday due to multiple mail bags received Recovery requirements 3 Alternative premises Alternative premises Second staff from Caretakers team Dispatch mail Sorting system Staff Trolleys Road vehicle Franking m/c 16 hrs. Consequential business effect and recovery time increases. Alternative premises Second staff from Caretakers team Hire or loan road vehicle (Get home safe van) Replacement trolley, hire or procure. Replacement or hire franking m/c Substitute franking m/c with postage stamps. Courier service Contractor staff 8 hrs Availability of alternative 4

Record and recover costs for courier services Supervision to Mail room staff and contract contractor Computer 2 weeks Align with ITC BCP system/network Second staff from Staff Caretakers team or Admin staff from Campus Operations team. Record costs on paper record Supervisor 8 hrs Provide cover from Caretakers team. 1. From risk assessment. Risk category E.G. Financial, service delivery 2. Rank key process. Critical business process 3. Ref. also recovery plan and crisis management plan where appropriate. 5

Appendix 2 Business Continuity Plan Guideline for Managers. 1. Cover page Name of the organisation, service or school Author Approval Date Document control information 2. Table of contents 3. Recovery plan 3.1 Roles and responsibilities of key staff who will need to perform functions and make decisions during the recovery stage to BAU. 3.2 Identify how the service or school will respond to a business interruption. 4. Technical recovery plan 4.1 Identify technical or specialist business functions such as IT, Payroll, Finance. 4.2 Document contingency plans 4.3 Document recovery plans 4.4 Identify alternate recovery options 5. Supporting documentation 5.1 Document a list of procedures and processes. 5.2 Ensure relevant documentation to support the BCP is safely stored. 5.3 Link also to the Crisis Management Framework and Emergency Response Plan. 6.0 Contact information. 6.1 Detail a list of employees, contractors and suppliers. 6.2 Document the technical and business relationship between VUW support services, suppliers and schools? 6.3 Identify key staff required to populate the recovery teams and those who will be charged with making decisions during the recovery phase. This will include reference to appropriate delegations. 6.4 Identify the roles and responsibilities of the recovery team. 6.5 Record the key resources, infrastructure, tasks and responsibilities required to support the critical business functions in the event of a disruption. 6

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information