BUSINESS CONTINUITY MANAGEMENT FRAMEWORK



Similar documents
Business Continuity Management

Business Continuity Management Policy

Business Continuity Policy

BSO Board Director of Human Resources & Corporate Services Business Continuity Policy. 28 February 2012

NORTH HAMPSHIRE CLINICAL COMMISSIONING GROUP BUSINESS CONTINUITY MANAGEMENT POLICY AND PLAN (COR/017/V1.00)

NHS Hardwick Clinical Commissioning Group. Business Continuity Policy

Business Continuity Policy and Business Continuity Management System

1.0 Policy Statement / Intentions (FOIA - Open)

BUSINESS CONTINUITY MANAGEMENT POLICY

Business Continuity Management Framework

Business Continuity Management. Policy Statement and Strategy

Business Continuity Management

NHS Central Manchester Clinical Commissioning Group (CCG) Business Continuity Management (BCM) Policy. Version 1.0

CHAPTER 1: BUSINESS CONTINUITY MANAGEMENT STRATEGY AND POLICY

BUSINESS CONTINUITY POLICY

Business Continuity Management

NHS Durham Dales, Easington and Sedgefield Clinical Commissioning Group. Business Continuity Plan

Business Continuity Business Continuity Management Policy

Emergency Response and Business Continuity Management Policy

NHS ISLE OF WIGHT CLINICAL COMMISSIONING GROUP BUSINESS CONTINUITY POLICY

Business Continuity Policy

NOT PROTECTIVELY MARKED BUSINESS CONTINUITY. Specialist Operations Contingency Planning Business Continuity Manager

London Borough of Bromley. Executive & Resources PDS Committee. Disaster Recovery Plans for London Borough of Bromley

Business Continuity Management Policy and Framework

Business Continuity Policy

BUSINESS CONTINUITY POLICY

Business Continuity Management Governance. Frank Higgins Abu Dhabi March 2015

I attach the following documents in response:

Business Continuity Policy

Principles for BCM requirements for the Dutch financial sector and its providers.

WEST YORKSHIRE FIRE & RESCUE SERVICE. Business Continuity Management Strategy

Business Continuity Management For Small to Medium-Sized Businesses

Business Continuity (Policy & Procedure)

Information Services IT Security Policies B. Business continuity management and planning

How To Manage A Disruption Event

Business Continuity Management Policy and Plan

BUSINESS CONTINUITY MANAGEMENT POLICY

Desktop Scenario Self Assessment Exercise Page 1

By. Mr. Chomnaphas Tangsook Business Director BSI Group ( Thailand) Co., Ltd

Version: 3.0. Effective From: 19/06/2014

Essex Clinical Commissioning Groups. Business Continuity Management System. Scope and Policy

Business Continuity Plan Toolkit

Shankar Gawade VP IT INFRASTRUCTURE ENAM SECURITIES PVT. LTD.

BUSINESS CONTINUITY POLICY RM03

South West Lincolnshire NHS Clinical Commissioning Group Business Continuity Policy

Appendix 2 - Leicester City Council s Business Continuity Management Policy Statement and Strategy Business Continuity Policy Statement 2015

BS BUSINESS CONTINUITY MANAGEMENT

GUIDANCE DOCUMENT FOR COMPLETION OF RESIDENTIAL CARE ESTABLISHMENTS BUSINESS CONTINUITY PLAN TEMPLATE WEST MIDLANDS

Business Continuity Management (BCM) Policy

Business Continuity Policy

HOW CAN YOU ENSURE BUSINESS CONTINUITY? ISO AUDITS, CERTIFICATION AND TRAINING

NHS Lancashire North CCG Business Continuity Management Policy and Plan

Coping with a major business disruption. Some practical advice

DORSET & WILTSHIRE FIRE AND RESCUE AUTHORITY Performance, Risk and Business Continuity Management Policy

Global Statement of Business Continuity

Business Continuity - IT Disaster Recovery Discussion Paper - - Commercial in Confidence Version V2.0R Wednesday, 5 September 2012

Birmingham CrossCity Clinical Commissioning Group. Business Continuity Management Policy

LFRS Business Continuity Planning

NHS Commissioning Board Business Continuity Management Framework (service resilience)

Business Continuity Management Policy

CENTRAL BANK OF KENYA (CBK) PRUDENTIAL GUIDELINE ON BUSINESS CONTINUITY MANAGEMENT (BCM) FOR INSTITUTIONS LICENSED UNDER THE BANKING ACT

Business Continuity and Risk Management. Ken Kaberia Principal BCM Officer, Enterprise Risk Safaricom Limited

How prepared are you?

abcdefghijklmnopqrstu

PAPER-6 PART-1 OF 5 CA A.RAFEQ, FCA

Appendix 1 - Leicester City Council s Business Continuity Management Strategy and Policy Statement

Risk Management & Business Continuity Manual

Business Continuity Management Policy and Plan

Business Continuity Management Policy

Business Continuity. Is your Business Prepared for the worse? What is Business Continuity? Why use a Business Continuity Plan?

External Supplier Control Requirements BCM

BUSINESS CONTINUITY PLAN

Solihull Clinical Commissioning Group

BUSINESS CONTINUITY PLAN

Departmental Business Continuity Framework. Part 2 Working Guides

DEPARTMENT FOR TRANSPORT BUSINESS CONTINUITY MANAGEMENT POLICY

Guideline - Business Continuity Plan

Business Continuity Policy & Plans

Update from the Business Continuity Working Group

Risk Management Guidelines

Business Continuity Management Policy

Business Continuity Plan

NHS 24 - Business Continuity Strategy

Company Management System. Business Continuity in SIA

TRANSPORT FOR LONDON SAFETY, HEALTH AND ENVIRONMENT ASSURANCE COMMITTEE

Proposal for Business Continuity Plan and Management Review 6 August 2008

Introduction UNDERSTANDING BUSINESS CONTINUITY MANAGEMENT

BUSINESS CONTINUITY MANAGEMENT POLICY

Business continuity management policy

Transcription:

BUSINESS CONTINUITY MANAGEMENT FRAMEWORK Document Author: Civil Contingencies Service - Authorised by the CCS Joint Management Board - Version 1.0. Issued December 2012 Page 1

FRAMEWORK STATEMENT Business Continuity Management (BCM) helps manage the risks to the smooth running of an organisation or delivery of a service both in the private and public sector, by ensuring that the business and the services it delivers can continue in the event of a disruption. The source of the disruption may be internal such as loss of key staff or a technological systems failure, or it might be an external influence such as a weather-related or utility-related incident or even the business failure of one of our key suppliers. BCM provides a framework for improving our resilience to interruption so that key business systems and processes can be recovered while at the same time ensuring we can provide business critical functions and vital services. The BCM arrangements within the Council are guided under the following principles: The Council s business continuity plans are based on standards defined by the good practice guidelines set out by the Business Continuity Institute, the Civil Contingencies Act 2004 and British Standard 25999; Each activity within the Council is to be owned by the designated service. The Director or Senior Manager will ensure that plans capable of maintaining a minimum acceptable standard of delivery are in place for each service with critical functions; The Civil Contingencies Service (CCS) will provide professional support to improve the resilience of critical services and supporting activities identified by the services; Each service is responsible for the annual review of its business continuity plan. The service CRMT s will monitor the review process, benchmark the results and provide support where necessary; Each service is required to undertake appropriate training and exercise on an annual basis to validate the business continuity plan; Services must ensure that they have appropriate representation at any council business continuity events that have been organised by the CCS; All officers and staff must be made aware of the plans that affect their services and their role following activation. This BCM Framework provides the basis or understanding for Business Continuity Plans to be developed, implemented, tested and reviewed and was approved by the Joint Management Board on 12 th November 2012. Whilst the Council believe that all undertaken work is essential to the corporate objectives, if a disruption should occur, there is a need to prioritise the order in which we recover our services and use our resources to deliver critical activities. Document Author: Civil Contingencies Service - Authorised by the CCS Joint Management Board - Version 1.0. Issued December 2012 Page 2

BACKGROUND Business Continuity Management (BCM) is a requirement under the Civil Contingencies Act (CCA) 2004 and is described by the British Standards Institute as: A holistic management process that identifies potential threats to an organisation and the impacts to business operations that those threats, if realised, might cause, and which provides framework for building organisational resilience with the capability for an effective response that safeguards the interests of its key stakeholders, reputation, brand and value-creating activities The Council is committed to ensuring the continuity of essential services in the event of a business disruption, plus the delivery of civil protection functions by responding to emergencies in the community even if the emergency impacts on the organisation. OWNERSHIP This Framework is owned by the Joint Management Board and overseen by the Crisis & Resilience Management Team. The CCS will be the professional lead for business continuity within the Council and will: SCOPE Review and develop the framework in line with industry best practice and the needs of the Council; Monitor standards and compliance with the framework; Provide support and guidance. The Framework applies to all parts of the Council; however focus is given to essential services within Directorates, as agreed by the respective Director and/or Senior Manager. The Council must remain cognisant of the responsibility to assure itself that its key suppliers and partners have effective BCM arrangements in place. The contractor shall have in place, and maintain for the period of the contract, robust Business Continuity Plans to ensure that the service to the authority will be maintained, at the minimum level and timescale specified within this contract. Such plans, subject to sanitization to comply with the Data Protection Act, should be available to the Commissioner to inspect at any reasonable time. The requirement to put in place arrangements applies to activities identified as critical through the Council business continuity methodology or for which the Director or Senior Manager, decides is service critical. BENEFITS The Framework provides a clear commitment to BCM. Effective business continuity will enable the Council to: Continue to provide vital services to the public in times of disruption; Make best use of personnel and other resources at times when both may be scarce; Reduce the period of disruption to the organisation and the communities we serve; Resume normal working more efficiently and effectively after a period of disruption; Comply with standards of corporate governance; Improve the resilience of the organisation's infrastructure to reduce the likelihood of disruption; Reduce the operational and financial impact of any disruption. Document Author: Civil Contingencies Service - Authorised by the CCS Joint Management Board - Version 1.0. Issued December 2012 Page 3

APPLICATION The successful delivery of BCM is underpinned by the ability of the organisation to embed the concept in to the existing culture. Business Continuity Management Cycle BS 25999-1:2006 Business Continuity Management. Code of Practice The Council Business Continuity Framework provides a structure through which: Critical services and their supporting activities/resources can be identified; Plans will be developed to ensure continuity of critical service delivery following disruption, which may arise from loss of facilities, personnel, IT and/or communications or failure within the supply and support chains; Activation of business continuity plans throughout the Council can be managed; Plans are subject to continuous review and validation through exercising and testing; Planning and management responsibilities are assigned to an appropriate Officer. DEFINITION OF CRITICAL SERVICES A service is deemed critical if: The service underpins the capability to respond to emergency incidents and to take effective action to reduce, control or mitigate the effects of an emergency; The loss of the service would cause significant impact on human welfare; The loss of the service would cause significant impact on the environment; The service is legally mandated i.e. there is a statutory requirement to provide the service with the threat of litigation if the service is not delivered or delivered inadequately. This may also include services with a specific government target; Document Author: Civil Contingencies Service - Authorised by the CCS Joint Management Board - Version 1.0. Issued December 2012 Page 4

The loss of the service would cause significant financial implications to the organisation in either loss of revenue or payment of compensation; The loss of the service would significant damage the reputation of the organisation. PROCESS The 2012/13 Business Continuity Program was developed to ensure the maximum input from Service Managers with minimum disruption. In order for this to be achieved the CCS developed a simple and standardised process. Plan Construction The plan construction is designed in such a way that should the organisation undergo a restructure, the plan can be updated with relative ease. The below diagram depicts by example how each section fits within the process: Service Area Restoration Document Department Business Continuity Plan Business Impact Analysis (BIA) Section 6.56 of the Statutory Guidance for Business Continuity Management stipulates that Local Authorities must put in place a process for identifying critical functions. The BIA document is a questionnaire based survey designed to clarify the criticality of functions. A fully completed BIA is a comprehensive assessment of critical business functions. Service managers are requested to provide a broad indication of the possible impacts, associated timescales and subsequent resource requirements in the event of a business disruption. The information provided is updated annually by Service Managers in consultation with the CCS, the detail of which can be used to inform the wider planning arrangements. This includes the following Theme Critical Staffing Critical IT Software Specialist Equipment Essential External Organisations Example Pandemic Influenza Planning, Industrial Action, Sever Weather Planning, Fuel Shortage Planning IT Disaster Recovery Arrangements Emergency Procurement, Supply Chain Resilience Business Continuity Assurance Document Author: Civil Contingencies Service - Authorised by the CCS Joint Management Board - Version 1.0. Issued December 2012 Page 5

Restoration Document The Restoration Document features as a pull-out chapter within the business continuity plan. It displays the collective information taken from the completed BIAs and is validated by the Senior Manager. This includes critical functions, associated timescales and the required resources for each service area. The timescales are colour coded for ease of reference. For example, the box marked as red highlights no tolerance for disruption. The following pages provide a colour coded breakdown of key staffing numbers and resource required to fulfil that function. It also includes a section to highlight possible single points of failure The document can be taken from the plan during a business disruption and could be used to inform resource planning, priority management or decision making processes. The document may also be used in the event of a manager s absence to inform a new in post, or stand-in manager during a business disruption. Document Author: Civil Contingencies Service - Authorised by the CCS Joint Management Board - Version 1.0. Issued December 2012 Page 6

Business Continuity Plan The BS25999 Business Continuity Management Part 1: Code of Practice identifies the key characteristics within a typical plan. The below table illustrates how the standard template of the Business Continuity Plan will ensure compliance: BS25999 Reference 8.3.1 / 8.3.2 BS25999 Plan Requirements Introduction, Purpose and Scope Council Business Continuity Plan Template Structure 1. INTRODUCTION 1.1 Background 1.2 Aims and Objectives 8.3.3 Roles and Responsibilities 2. CO-ORDINATION & CONTROL 2.1 Use of Operational Log Book & Incident Report Forms 2.2 Activating the Plan 2.3 Alerting & Mobilisation Procedures 2.4 Out of Hours Arrangements 2.5 Areas of Responsibility 2.6 Management Structure 2.7 Insurance 2.8 Public Information & Advice 2.9 Other Services 3. RECOVERY 3.1 Staff Health Monitoring, Counselling and Support 3.2 Debriefing 4. RESPONSE & RESTORATION 8.3.4 Plan Invocation 4.1 Response Arrangements 4.1.1 Loss of Premises 4.1.2 Loss of Key Staff 4.1.3 Loss of Key Staff (Industrial Action) 4.1.4 Loss of Systems 5. SERVICE RESTORATION DOCUMENT/S 8.3.5 Maintenance & Review APPENDICIES MAINTENANCE - Records EXERCISING & TRAINING Programme Records 8.3.6 Contact Details KEY CONTACTS DIRECTORY The standardised template is provided to services as a recommendation of plan structure. However, depending on the service needs, the content is subject to change which is at the discretion of the senior manager. Document Author: Civil Contingencies Service - Authorised by the CCS Joint Management Board - Version 1.0. Issued December 2012 Page 7

Training & Exercise The Framework endorses the need for exercising and training of staff or other persons included within a plan. Any exercising or training may extend beyond those employed directly by the Council and may include contractors and other organisations that may play a part in the council s incident response or recovery. These exercises have three main purposes:- To validate plans; To develop staff competencies and given them practice in carrying out their roles; To test procedures. Exercise Type Description Frequency Communications Cascade Those listed within the contacts directory are to be contacted via the details provided. 6-Monthly Tabletop Exercise Scenario based. A walk through of the Services response to a disruption based on their BCP. E.g. Loss of Staff, Loss Systems and Loss of Premises Annually Bespoke Training General Training on Incident Response, Tactical Decision Making, Log Keeping etc. As Required Document Author: Civil Contingencies Service - Authorised by the CCS Joint Management Board - Version 1.0. Issued December 2012 Page 8

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information