University of Glasgow. Policy for. Business Continuity Management



Similar documents
University of Glasgow. Business Continuity Management. Guidance Notes

Business Continuity (Policy & Procedure)

1.0 Policy Statement / Intentions (FOIA - Open)

Business Continuity Policy

Business Continuity Management

BUSINESS CONTINUITY STRATEGY

Business Continuity Management Policy and Framework

Business Continuity - IT Disaster Recovery Discussion Paper - - Commercial in Confidence Version V2.0R Wednesday, 5 September 2012

POLICY. 1) Business Continuity Management 2) Disaster Recovery 3) Critical Incident Management 4) Risk Management

Recommendation Current Position and Explanation for Slippage: Target Dates:

Business Continuity Management Framework

Business Continuity Management

HOW CAN YOU ENSURE BUSINESS CONTINUITY? ISO AUDITS, CERTIFICATION AND TRAINING

Proposal for Business Continuity Plan and Management Review 6 August 2008

Birmingham CrossCity Clinical Commissioning Group. Business Continuity Management Policy

Business Continuity Management Policy

BS BUSINESS CONTINUITY MANAGEMENT

NHS ISLE OF WIGHT CLINICAL COMMISSIONING GROUP BUSINESS CONTINUITY POLICY

Emergency Response and Business Continuity Management Policy

APPENDIX 50. Enterprise risk management - Risk management overview

The PNC Financial Services Group, Inc. Business Continuity Program

NHS 24 - Business Continuity Strategy

Principles for BCM requirements for the Dutch financial sector and its providers.

Business Continuity Planning and Disaster Recovery Planning

Company Management System. Business Continuity in SIA

Business Continuity Policy

NORTH HAMPSHIRE CLINICAL COMMISSIONING GROUP BUSINESS CONTINUITY MANAGEMENT POLICY AND PLAN (COR/017/V1.00)

BUSINESS CONTINUITY MANAGEMENT FRAMEWORK

Tips and techniques a typical audit programme

Business Continuity Management

Business Continuity Management Program Development Guide

Business Continuity Management. Policy Statement and Strategy

Business Continuity Policy

Business Continuity Policy and Business Continuity Management System

Business Continuity Management Policy

Business Continuity Management Policy

BUSINESS CONTINUITY MANAGEMENT POLICY

The PNC Financial Services Group, Inc. Business Continuity Program

Business Continuity Management For Small to Medium-Sized Businesses

How To Manage A Disruption Event

Business Continuity Management (BCM) Policy

Solihull Clinical Commissioning Group

abcdefghijklmnopqrstu

Business Continuity Policy

CHAPTER 1: BUSINESS CONTINUITY MANAGEMENT STRATEGY AND POLICY

Business Continuity Planning (BCP) 101

I attach the following documents in response:

Business Continuity Management Policy

PAPER-6 PART-1 OF 5 CA A.RAFEQ, FCA

BUSINESS CONTINUITY POLICY RM03

Plan Development Getting from Principles to Paper

Confident in our Future, Risk Management Policy Statement and Strategy

Information Services IT Security Policies B. Business continuity management and planning

Risk Management & Business Continuity Manual

Temple university. Auditing a business continuity management BCM. November, 2015

Cumbria Constabulary. Business Continuity Planning

Business continuity management policy

External Supplier Control Requirements BCM

Shankar Gawade VP IT INFRASTRUCTURE ENAM SECURITIES PVT. LTD.

Update from the Business Continuity Working Group

NHS Central Manchester Clinical Commissioning Group (CCG) Business Continuity Management (BCM) Policy. Version 1.0

WEST YORKSHIRE FIRE & RESCUE SERVICE. Business Continuity Management Strategy

NHS Commissioning Board: Information governance policy

DEPARTMENT FOR TRANSPORT BUSINESS CONTINUITY MANAGEMENT POLICY

NHS Hardwick Clinical Commissioning Group. Business Continuity Policy

Business Resiliency Business Continuity Management - January 14, 2014

Business Continuity Management Policy and Plan

NOT PROTECTIVELY MARKED BUSINESS CONTINUITY. Specialist Operations Contingency Planning Business Continuity Manager

Business Continuity: NHS Workshop Appendix 1.1

Business Continuity Management and BS by Steve Chan, Head of Training - HK, BSI Management Systems

Business Continuity Management Governance. Frank Higgins Abu Dhabi March 2015

Business Continuity Management AIRM Presentation

Update from the Business Continuity Working Group

Dacorum Borough Council Final Internal Audit Report. IT Business Continuity and Disaster Recovery

BCP and DR. P K Patel AGM, MoF

EPRR: Toolkit Facilitator Guide

BUSINESS CONTINUITY & STRATEGY POLICY

RISK MANAGEMENT STRATEGY

Business Continuity Policy

ITIL 2011 Lifecycle Roles and Responsibilities UXC Consulting

BSO Board Director of Human Resources & Corporate Services Business Continuity Policy. 28 February 2012

Business Continuity Business Continuity Management Policy

GLASGOW SCHOOL OF ART OCCUPATIONAL HEALTH AND SAFETY POLICY. 1. Occupational Health and Safety Policy Statement 1

London Borough of Bromley. Executive & Resources PDS Committee. Disaster Recovery Plans for London Borough of Bromley

A Risk Management Standard

BUSINESS CONTINUITY STRATEGY

By. Mr. Chomnaphas Tangsook Business Director BSI Group ( Thailand) Co., Ltd

Business Continuity Management Group Policy

BUSINESS CONTINUITY POLICY

Transcription:

University of Glasgow Policy for Business Continuity Management 1

Policy Statement The University of Glasgow is committed to delivering the highest possible quality of service to our students, and the public. We cannot do this without our employees, and it is essential that they are advised and supported in achieving this, sometimes under challenging circumstances. Our Business and Activity Continuity Plan Policy and Guidance have been carefully developed to take account of our Strategic Plan and key operational objectives in the event of any disruption that could seriously threaten their achievement. They have been developed to complement the University s Emergency Plan (http://www.gla.ac.uk/media/media_220325_en.pdf) and it is intended that they operate alongside this. The scope of the documentation focuses on core activities only i.e. those whose disruption has the potential to impact substantially on the University s core activities of teaching and research and on key support services. The objectives of Business Continuity Planning are: To identify our core activities, any important time constraints and the resources and conditions required to support them; To highlight any potential weaknesses in our systems and ways of operating that could leave the continuity of our activities vulnerable to disruption under certain conditions; To establish preventive measures to minimise the chances of this happening; To provide guidelines for ensuring that any personnel and resources required are available to restore critical processes in the event that such a disruption does occur; To ensure that those tasked with keeping important activities running on track in these difficult situations have the necessary information, training, skills and support to do so. The purpose of this plan is both to minimise the likelihood of a disruption as well as to help us restore our service delivery levels promptly should a serious disruption occur. The Plan is a dynamic document that reflects the changing environment and requirements of The University. It will therefore be regularly and frequently reviewed and updated. Signed by David Newall, Secretary of Court... Date..20 November 2013... 2

1. Introduction 1.1 Aims The Aim of this document, and the accompanying Guidance Notes, is to assist the development of: Appropriate arrangements and appointments to support and co-ordinate Business Continuity Management High Level, Strategic, Business Impact Analyses (BIAs) and Business Continuity Plans (BCPs) for the strategic priority activities of Teaching, Research, and Support Customised versions of these strategic BIAs and BCPs at local level within Colleges/ Schools, Research Institutes and Professional Services A range of strategic and local BCPs which can inform and support the Strategic Group overseeing the University s Emergency Plan and any future Emergency Response. 1.2 Application This Policy, and its associated guidance, is designed to provide advice and information for all Managers who may be responsible for ensuring the continuation of services under atypical conditions. 2. Business Continuity Management ( BCM) Lifecycle BS 25999 is the code of practice which establishes the process, principles and terminology of BCM used in this documentation. Good practice BCM focuses on being prepared to deal with the undesirable consequences of disruptions (rather than their potential causes, which may be numerous) in order to both minimise the burden and optimise the effectiveness of any response. The stages of the BCM process are: 1 BCM Programme Management 2 Identifying Key Activities 3 Determining BCM Options 4 Developing and Implementing a BCM Response 5 Exercising, Maintaining, Auditing and Reviewing 2.1 BCM Programme Management This is the framework, of arrangements and people, providing a clearly defined and documented process for the co-ordination and governance of all BCM activity in the University. 3

BCM will be addressed at two levels within the University; a strategic level approach which considers those generic issues likely to impact on business continuity, and at School/ Research Institute/ Professional Service to identify local issues. An essential element of developing successful BCM is the proactive support of senior management. By demonstrating commitment and playing an active role in the BCM process they can ensure its successful implementation. Consideration must be given to the necessity of maintaining operations as usual, whilst simultaneously dealing with a disruption requiring business continuity management and the potential need for an emergency response should the disruption escalate, or a separate event occur. Therefore, the BCM infrastructure should mirror existing arrangements, as far as possible. Appointed Bodies/ Persons: Strategic Business Continuity Steering Groups Nominations will be made from the relevant University forums to populate three strategic BC steering groups, representing each of the strategic objectives fields i.e.: Teaching Research Support Services These steering groups will lead the BCM process at strategic level, developing generic Business Impact Analyses and Business Continuity Plans. Business Continuity Coordinator Each School, Research Institute and Professional Service is required to appoint a Business Continuity Coordinator, whose role will be to coordinate BCM within their area. This will involve customising strategic level documentation to inform local BC plans, identifying areas missed and following up these gaps. The BC Coordinator will also be responsible for ensuring that local plans remain current and for coordinating exercises of the BC plans. S/he must attend the BC training course available from the BC Management Officer (Director of Health, Safety & Wellbeing). Other aspects of the role of the BC Coordinator include raising and maintaining the local profile of BC management arrangements and collaborating with colleagues involved in other risk management arrangements to help align the processes. 4

It is important to appreciate that after an incident the various phases required to deal with that incident will overlap. The three main phases are: Emergency Response: starting immediately after the incident and continuing for a relatively short period of time - e.g. from a few hours to a couple of days. Business Continuity: starting shortly after the emergency response is invoked and designed to achieve a minimum acceptable level of critical activities. Overlapping with the start of the business recovery phase. Business Recovery: starting during the business continuity phase and continuing until critical activities back up to their business as usual status 2.2 Identifying Key Activities Prior to determining BCM options, each Steering Group must carry out a scoping exercise to identify those key activities, within the relevant field, whose disruption would have the most potential to impact on the University s ability to meet this strategic objective. It is these key activities, not every single activity, which will be the focus of the BCM process as it moves forward Once the scoping exercise is complete and those activities deemed to be appropriate for the BCM process identified, the proposed scope for each steering group should be submitted to the Senior Management Group to ensure they are in agreement. 2.3 Determining BCM Options - Business Impact Analysis (BIA) Having established the scope, the next stage is to select strategies for continuing these key activities after an incident, to an agreed minimum level. A process must be undertaken to analyse the potential impact of disruptions. This is known as a Business Impact Analysis (BIA) and helps determine the options available for dealing with events or, more particularly, with their impact on key activities. Information on conducting a BIA and template documentation is included in the accompanying Business Continuity Management Guidance Notes. 2.4 Developing and Implementing a BCM Response preparing a Business Continuity Plan (BCP) Strategic BCPs should provide an effective, predefined and documented framework and process to respond to disruptive incidents affecting the University s critical functions and activities. They should also help inform the scope of local level plans, identifying generic issues for consideration. 5

Developing a BCP The BCP uses the information gained during BIA to develop a plan for responding to and managing disruptive events. It should cover both the immediate response when activities may well need to be prioritised, along with the recovery process for returning to normal operations. Detail on what to include within a BCP, along with template documentation, is provided in the accompanying Business Continuity Management Guidance Notes. Implementing BCM Response - Embedding BCM in the University s culture To be effective, BCM has to become an integral part of the strategic and day-to-day management activity through awareness raising and training. The Senior Management Group will promote the importance of BCM throughout the University and its integration within day to day management arrangements. Heads of College and School, along with Directors of Research Institutes and Professional Services, will seek to develop a BCM culture in their area of responsibility by: Giving proactive support to the BCM process Encouraging training and awareness in BCM Ensuring ownership of BCM Demonstrating a commitment to the programme of audit, maintenance and review of the BCM plans Communicating the importance of BCM to all staff, as well as their roles and responsibilities 2.5 BCM exercising, maintaining, auditing & review It is important to exercise any BCP to ensure its effectiveness. Maintaining currency of plans and auditing are essential to ensure compliance with the standards adopted. We will continually review our arrangements and test the plans appropriately. All plans should be reviewed at appropriate frequency, and fully exercised over a 3 year rolling programme. The University exists in a dynamic environment. It is subject to changes in people, processes, supplies, risk and environment. To remain current, BCM arrangements must be reviewed and updated, as well as being subject to audit and inspection. The Strategic BC Steering Groups are responsible for the maintaining, review and testing of the University s strategic BCP(s). Local BC Coordinators are responsible for the maintenance, review and testing of local BCP(s). The University s BCM Officer is responsible for the high level monitoring of BC Management procedures. 6

Appendix Glossary of terms and acronyms BCM BCMT BCP BIA CMG MPTD MTDL RTO Business Continuity Management Business Continuity Management Team Business Continuity Plan Business Impact Assessment College Management Group Maximum Period of Tolerable Disruption Maximum Tolerable Data Loss Recovery Time Objective 7

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information