disaster recovery and contingency plan RISK MANAGEMENT MADE TO MEASURE



Similar documents
Business Continuity Planning advice for Businesses with employees

Business Continuity Plan

Business Continuity Management For Small to Medium-Sized Businesses

BUSINESS CONTINUITY MANAGEMENT IN THE PUBLIC SECTOR A ROUGH GUIDE

Business Continuity Planning

Risk Management Guidelines

An Introduction to. Business Continuity Planning

The 10 Minute Business Continuity Assessment

Coping with a major business disruption. Some practical advice

Assessment of natural hazards, man made hazards, technical and societal related risks and associated impact.

Preparing a Disaster Recovery Plan (Church)

BUSINESS CONTINUITY GUIDE FOR SMALL BUSINESSES

Offsite Disaster Recovery Plan

Business Continuity Management & Disaster Recovery GETTING STARTED Checklist for Local Businesses & Organisations

It s the Business! Business continuity considerations for all organisations

THE INSURANCE POLICY: SIMPLIFIED!

IT Disaster Recovery Plan Template

<Client Name> IT Disaster Recovery Plan Template. By Paul Kirvan, CISA, CISSP, FBCI, CBCP

Disaster Recovery. 1.1 Introduction. 1.2 Reasons for Disaster Recovery. EKAM Solutions Ltd Disaster Recovery

Business Continuity Management Governance. Frank Higgins Abu Dhabi March 2015

Business Continuity Planning in IT

Information Security Management: Business Continuity Planning. Presentation by Stanislav Nurilov March 9th, 2005 CS 996: Info. Sec. Mgmt.

Expecting the unexpected. Business continuity in an uncertain world

Business Continuity Plan Toolkit

Disaster Recovery. Hendry Taylor Tayori Limited

Emergency Response and Business Continuity Management Policy

Business Continuity Planning and Disaster Recovery Planning

BCP and DR. P K Patel AGM, MoF

SCHEDULE 25. Business Continuity

Business Continuity Plan Template

Business Continuity. Is your Business Prepared for the worse? What is Business Continuity? Why use a Business Continuity Plan?

BUSINESS CONTINUITY POLICY

BUSINESS CONTINUITY ASSESSMENT CHECKLIST

PAPER-6 PART-1 OF 5 CA A.RAFEQ, FCA

BUSINESS CONTINUITY PLAN

Continuity of Operations Planning. A step by step guide for business

Appendix 6c. Final Internal Audit Report Disaster Recovery Planning. June Report 6c Page 1 of 15

NORTH HAMPSHIRE CLINICAL COMMISSIONING GROUP BUSINESS CONTINUITY MANAGEMENT POLICY AND PLAN (COR/017/V1.00)

Business Continuity Planning Assessment

Information Security Policy. Chapter 11. Business Continuity

BUSINESS CONTINUITY POLICY RM03

GUIDE NOTES FOR SCHOOLS, ACADEMIES AND COLLEGES

Learning about an Emergency Management Plan GET READY NOW!

Dealing with risk. Why is risk management important?

BUSINESS CONTINUITY MANAGEMENT SYSTEM STEP BY STEP GUIDE TO DEVELOPING A BUSINESS CONTINUITY MANAGEMENT SYSTEM REPUBLIC OF IRELAND

EMERGENCY PREPAREDNESS PLAN Business Continuity Plan

Business Continuity. Introduction. Safer Business - Better Health. Issue date - December 2007

Introduction UNDERSTANDING BUSINESS CONTINUITY MANAGEMENT

BUSINESS CONTINUITY PLAN

Business continuity plan

University of Hong Kong. Emergency Management Plan

Checklist Fire, Water Damage, Storm Damage or similar

BUSINESS CONTINUITY MANAGEMENT GUIDELINES FOR BANKS AND FINANCIAL INSTITUTIONS

Shankar Gawade VP IT INFRASTRUCTURE ENAM SECURITIES PVT. LTD.

Emergency Preparedness: Learning Objectives. Minimizing and Controlling Future Disasters. SHRM Disaster Preparedness Survey 3.

Emergency Preparedness Guidelines

EMERGENCY MANAGEMENT IN SCHOOLS

Good Security. Good Business

BUSINESS CONTINUITY PLAN

Ohio Supercomputer Center

Andres Llana, Jr. INSIDE. Upper Management s Role; Delegating Responsibilities; Minimum Plan Outline; Business Impact Analysis

business continuity plan for:

PSPSOHS606A Develop and implement crisis management processes

Disaster Recovery Planning

SCHOOLS BUSINESS CONTINUITY PLANNING GUIDANCE

Interactive-Network Disaster Recovery

Business Continuity for the Hospitality Industry

BNA FEDERAL CREDIT UNION DISASTER RECOVERY PLAN

Staying In Business. A Business Continuity White Paper by. Paul O Brien and Gerard Joyce. LinkResQ Limited

NHS 24 - Business Continuity Strategy

Insurance. for your small. business

Business Continuity Management Policy

BUSINESS CONTINUITY MANAGEMENT POLICY

Section A: Introduction, Definitions and Principles of Infrastructure Resilience

Business Continuity Management

How To Manage A Disruption Event

South West Lincolnshire NHS Clinical Commissioning Group Business Continuity Policy

Implementation Date: May 5, Table of Contents. Section Description Page. 1.0 Description Initial Response 2

Service Continuity Planning. A Guide for Community Pharmacists

ICT Disaster Recovery Plan

Business Continuity Planning and Disaster Recovery Planning. Ed Crowley IAM/IEM

By. Mr. Chomnaphas Tangsook Business Director BSI Group ( Thailand) Co., Ltd

Post-Class Quiz: Business Continuity & Disaster Recovery Planning Domain

BUSINESS CONTINUITY POLICY

Disaster Recovery Plan (DRP) / Business Continuity Plan (BCP)

Recovery Action Plan Guidelines

[INSERT NAME OF SCHOOL] BUSINESS CONTINUITY PLAN

Transcription:

disaster recovery and contingency plan RISK MANAGEMENT MADE TO MEASURE

INTRODUCTION Contingency planning for business continuity (business continuity management) is defined by the Institute of Business Continuity Management as an holistic management process that identifies potential impacts that threaten an organisation and provides a framework for building resilience and the capability for an effective response that safeguards the interests of its key stakeholder, reputation, brand and value creating activities. Commitment To be effective a properly formulated Plan must have full support at the highest level. It requires a considerable commitment on behalf of the business. Adequate time and resources must be allocated. There may be financial demands particularly if professional help has to be in sought in formulating the plan or back-up services have to be purchased. Objectives The prime objective is to protect the business or organisation from the effects of damage or some other unforeseen event. Not all losses are covered by insurance. It may not prevent the event but will mitigate its effects. You need to anticipate critical decisions. This is achieved by considering how the business will respond to certain events...... and how it will be restored. It should be understood that it is not possible to plan for every conceivable disaster. Who will be involved? You may decide that you need professional help to guide you through the various stages. Such help is available from specialist companies but is likely to involve a considerable amount of their time and consequently your money. However if you feel you need such help then this is part of the financial commitment to be made. The process will certainly involve your own Management and certain key personnel, as you know your business best. Also major strategic decisions will possibly have to be made which may affect the future activities of the business. The whole process needs to be controlled and steered by a Business Recovery Manager, Team or equivalent operating at Board level or reporting directly to the Board, depending upon the size of the organisation.

Procedures So how do you go about preparing your plan? There are no set procedures for this as every organisation is different and has its own problems. Whatever method you choose it needs to be structured, and the following sequence is suggested: Risk Assessment: You need to examine the threats to the business. These can be the result of natural occurrences, accidents or crime. The following list offers suggestions but is not exhaustive: Fire Flood Storm Burglary Malicious damage Computer failure Telecommunications failure Explosion Earthquake Bomb Arson Pollution Building services failure Subsidence The assessment needs to consider the likely effects of such events on the business and staff, short term and long term. For certain processes, especially chemical, a Hazard and Operability (HAZOP) study may be necessary to establish likely failure points and damage scenarios. What the effect is likely to be of an interruption of supplies or services to customers. It is vital to identify the critical areas and assets of the business. Events outside the organisation also need to be considered such as suppliers or nearby premises. The capability of existing protection measures, or lack of, should be measured against the likely effects. Such measures would include sprinklers, fire and intruder detection systems and flood protection schemes. (This is one area were professional help may be needed. You may not have the necessary knowledge and experience in this area and may underestimate the likely causes and effects). It may be decided as a result of the risk assessment that an improvement in the fire protection measures or some other strategy such as better computer back-up procedures is necessary.

Decide strategy: Having identified the risks to the business, and in particular the critical areas, the Management need to decide a number of key parameters: What are the maximum time scales for the recovery of key areas; this could be for partial and complete recovery. Criticality of customer base; degree to which it needs to be defended and prioritised. Degree of back-up resources necessary, especially in relation to computers and telecommunications. Policy on suppliers of critical raw materials, components and services, e.g. dual sourcing or strategic stock holding. Take opportunity to rebuild or relocate premises. Establish Planning Teams: Having identified the main priorities and set the principal parameters and targets, teams need to be formed to investigate further and establish how these objectives are to be achieved. Different teams may be necessary to deal with different threats or divisions within the organisation, typically the IT department. Team leaders should be appointed who should report back to the main Business Recovery Team, and who will be supported by representatives of all involved departments. These would include, for example, works engineering, production, sales, administration and warehouse staff. Plan development: The key to a successful plan is that it is clear, concise and gives simple instructions. It should be broken down into three main areas of immediate response, short term recovery and long term recovery: 1. Immediate Response: The following are typical of the main points to be addressed: Establish an incident control team. Membership may vary depending on the type of event, and reserve members will be needed in the event of illness or holidays. Where will they meet? for an organisation with a single premises this may have to be a local hotel, friendly neighbouring business etc. but one not vulnerable to the same incident. Define the duties of the incident control team members. Safety of personnel; evacuation procedures and roll calls. For bomb threats, safe shelter areas within the premises may be necessary.

Damage limitation procedures such as isolation of gas or oil supplies, flood defence measures etc. Prepare lists of usual contact numbers (day and night) of key staff, emergency services, suppliers of emergency equipment such as generators or dehumidifiers, coach hire companies, tradesmen and tool hire companies. You will also need to advise your insurance broker/company. It can often be arranged for specific Loss Adjuster to be contacted. News media control: all communication should be through a dedicate person and other staff should be instructed to direct enquiries to that person. Incorrect or inadequate information can easily become distorted resulting in wrong messages being received by customers and the public. If handled correctly good PR can help the organisation s own image by showing that you are in control. Communication with staff: many staff may be better at home until needed. A cascade telephoning system should be considered. Arrangements for communicating with relatives or next of kin need to be agreed in the event of fatalities or serious injuries. Communication with customers: it is better for them to hear of the event from you rather than your competitors or news media. If you show you are in control you have a much better chance of keeping them. Salvage experts are invaluable in relation to damage limitation and recovery and may need to be called in at a very early stage if they are to be effective. The agreement of the Loss Adjuster would normally be required first. Designated team to carry out initial damage assessment: protective clothing and safety wear may be necessary. Bear in mind that Police and emergency services may not allow access immediately. Report to main Business Recovery team to make decision on invocation of full contingency plan. 2. Short and Long Term Planning: These sections will inevitably overlap, and depending on the criticality, may also overlap with the Immediate response actions. The requirements for industrial and computer-based organisations are very different and are therefore considered separately. Criteria to be considered would include: Industrial Define conditions for decision on whether to move (temporary or permanent). Planning permission for redeveloping existing sited should be kept in force and up to date.

Possibility of relocating production or processing to other locations; it should be explored beforehand whether production facilities are compatible and the likely spare capacity situation. Likely impact on Quality Standard procedures. Possibility of sub-contracting: likely candidates should be examined particularly if QA standards or other accreditation is involved. Replacement of machinery and stocks. Availability of critical drawings for dies, moulds, tooling and specialist machinery. Are copies held off site? If facilities can be provided inhouse is a duplicate mirrored computer room necessary or a cold sire where replacement equipment can be plugged in straight in. Will back-up copies of software and data be available access may not be possible to fire-resisting data cabinets for several days. Is there adequate provision for office staff with telephones, PCs etc. as necessary. Can telecommunications be restored or diverted. Explore contingency arrangements with alternative carriers or exchanges. Can damaged tools and dies be replaced quickly in the quantity needed? Are critical items and spares kept in a safe area not in use. Computers Critically of installations. Can recovery be made in the required time frame? If not, then what standby facilities are necessary and can these be provided in-house. If not, then arrangements mat need to be made with a specialist recovery company with a hot, warm or mobile site.

The finished plan The finished plan needs to be proved and should therefore be tested through a series of exercises. These can be desktop sessions but in some cases a simulated exercise, possibly involving the emergency services, could be staged. It is important for a thorough review of the exercise to be carries out and the plan revised if necessary. Because the organisation is a live entity it will continue to change and evolve and the plan therefore needs to change with it. Regular practices and reviews are therefore necessary o keep up to date and to act as a refresher for staff. The finished plan is a vital document and needs to be treated as such. Copies should be kept of site and lodged with all key members of the Recovery Team.

VERSION: april 2006 Wigham House Wakering Road Barking, Essex IG11 8PJ IBEX HOUSE 42-47 Minories London EC3N 1DY Century House North Station Road Colchester, Essex CO1 1RE Colman House King Street Maidstone, Kent ME15 1DN CROYDOn 28 Dingwall Road Croydon, Surrey CR0 2NH Westmead House Farnborough Hampshire GU14 7LP

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information