Tyne and Wear Fire and Rescue Authority



Similar documents
BUSINESS CONTINUITY POLICY

Business Continuity Management

South West Lincolnshire NHS Clinical Commissioning Group Business Continuity Policy

Business Continuity Management

Business Continuity Policy

Business Continuity Management

LFRS Business Continuity Planning

BUSINESS CONTINUITY MANAGEMENT POLICY

NOT PROTECTIVELY MARKED BUSINESS CONTINUITY. Specialist Operations Contingency Planning Business Continuity Manager

NHS Hardwick Clinical Commissioning Group. Business Continuity Policy

Business Continuity (Policy & Procedure)

BUSINESS CONTINUITY POLICY RM03

WEST YORKSHIRE FIRE & RESCUE SERVICE. Business Continuity Management Strategy

University Emergency Management Plan

BUSINESS CONTINUITY MANAGEMENT FRAMEWORK

Business Continuity Management Policy

Corporate Business Continuity Plan

GROUP BUSINESS CONTINUITY MANAGEMENT POLICY

1.0 Policy Statement / Intentions (FOIA - Open)

Business Continuity Policy and Business Continuity Management System

<Client Name> IT Disaster Recovery Plan Template. By Paul Kirvan, CISA, CISSP, FBCI, CBCP

Business Continuity Policy

BUSINESS CONTINUITY STRATEGY

Offsite Disaster Recovery Plan

I attach the following documents in response:

Business Continuity Management. Policy Statement and Strategy

IT Disaster Recovery Plan Template

VICTOR KHANYE LOCAL MUNICIPALITY PLAASLIKE MUNISIPALITEIT. ICT Business Continuity Plan. DRAFT v0.1 Page 1 of 9

NHS ISLE OF WIGHT CLINICAL COMMISSIONING GROUP BUSINESS CONTINUITY POLICY

How To Manage A Business Continuity Strategy

Business Continuity Management (BCM) Policy

CHAPTER 1: BUSINESS CONTINUITY MANAGEMENT STRATEGY AND POLICY

With the large number of. How to Avoid Disaster: RIM s Crucial Role in Business Continuity Planning. Virginia A. Jones, CRM, FAI RIM FUNDAMENTALS

CENTRAL BANK OF KENYA (CBK) PRUDENTIAL GUIDELINE ON BUSINESS CONTINUITY MANAGEMENT (BCM) FOR INSTITUTIONS LICENSED UNDER THE BANKING ACT

Business Continuity Management Framework

Business Continuity Policy

Business Continuity Planning in IT

Business Continuity Management For Small to Medium-Sized Businesses

Business Continuity Policy & Plans

CITY UNIVERSITY OF HONG KONG Business Continuity Management Standard

NHS Central Manchester Clinical Commissioning Group (CCG) Business Continuity Management (BCM) Policy. Version 1.0

UNIVERSITY OF LONDON GUIDE TO RISK MANAGEMENT. Purpose of the guide... 2

THORNBURG INVESTMENT MANAGEMENT THORNBURG INVESTMENT TRUST. Business Continuity Plan

Departmental Business Continuity Framework. Part 2 Working Guides

BUSINESS CONTINUITY MANAGEMENT PLAN

Company Management System. Business Continuity in SIA

TRUST POLICY FOR EMERGENCY PLANNING

Business continuity management policy

Business Continuity Plan

COMCARE BUSINESS CONTINUITY MANAGEMENT

University of Glasgow. Business Continuity Management. Guidance Notes

PS 170 Business Continuity Management Policy

[INSERT NAME OF SCHOOL] BUSINESS CONTINUITY PLAN

SCHEDULE 25. Business Continuity

Information Security Management: Business Continuity Planning. Presentation by Stanislav Nurilov March 9th, 2005 CS 996: Info. Sec. Mgmt.

Global Statement of Business Continuity

24 September 2015 ITEM: 12. Standards and Audit Committee. Thurrock Council BCP and DR status. Key Decision: Key. Wards and communities affected: All

Appendix 2 - Leicester City Council s Business Continuity Management Policy Statement and Strategy Business Continuity Policy Statement 2015

SCHEDULE PART 9 BUSINESS CONTINUITY AND DISASTER RECOVERY

BUSINESS CONTINUITY PLAN OVERVIEW

The PNC Financial Services Group, Inc. Business Continuity Program

BUSINESS CONTINUITY PLAN

Business Continuity Management Plan

Hanh Do, Director, Information System Audit Division, GAA. SUBJECT: Review of HUD s Information Technology Contingency Planning and Preparedness

PAPER-6 PART-1 OF 5 CA A.RAFEQ, FCA

Business Continuity Policy. Version 1.0

BUSINESS CONTINUITY MANAGEMENT POLICY. October 2012

Essex Fire Authority

Departmental Business Continuity Framework. Part 1 Policy and Standards

Version: 3.0. Effective From: 19/06/2014

Emergency Management Plan

Implementing and Auditing a Successful Business Continuity Plan

BUSINESS CONTINUITY POLICY

PROCEDURES BUSINESS CONTINUITY MANAGEMENT FRAMEWORK PURPOSE INTRODUCTION. 1 What is Business Continuity Management? 2 Link to Risk Management

Business Continuity Policy

Business continuity plan

GUIDELINES FOR BUSINESS CONTINUITY IN WHOLESALE MARKETS AND SUPPORT SYSTEMS MARKET SUPERVISION OFFICE. October 2004

London Borough of Merton

Department of Medicine - Departmental Disaster Recovery Plan

DISASTER RECOVERY PLANNING FOR CITY COMPUTER FACILITIES

Risk Management Guidelines

D2-02_01 Disaster Recovery in the modern EPU

Business Continuity Plans

CAMBRIDGESHIRE COMMUNITY SERVICES NHS TRUST BUSINESS CONTINUITY PLAN VERSION 6.0

Emergency Response and Business Continuity Management Policy

DRAFT BUSINESS CONTINUITY MANAGEMENT POLICY

Unit Guide to Business Continuity/Resumption Planning

Business Continuity Policy

London Borough of Bromley. Executive & Resources PDS Committee. Disaster Recovery Plans for London Borough of Bromley

BUSINESS CONTINUITY PLAN

TOCOM s Approach to the Business Continuity Plan (BCP)

Clovis Municipal School District Information Technology (IT) Disaster Recovery Plan

Business Continuity Management

Bank of Papua New Guinea Prudential Standard BPS251: Business Continuity Management

DORSET & WILTSHIRE FIRE AND RESCUE AUTHORITY Performance, Risk and Business Continuity Management Policy

Business Continuity & Crisis Management

Business Continuity Policy

Emergency Management Plan. Section 1. Arrangements

DERBYSHIRE COUNTY COUNCIL BUSINESS CONTINUITY POLICY

State and Regional Emergency Management Committees Part 5: Emergency Management Manual Victoria

Transcription:

Tyne and Wear Fire and Rescue Authority Business Continuity Planning Policy

Index Section Item 1 Policy Statement 2 Introduction 3 Aims 4 Objectives 5 Continuity of Critical Functions 6 Command and Control 7 Business Continuity Management 8 Exercise and Validation 9 Monitoring and Review 10 Financial Implications Appendix one Appendix two Appendix three Events with the potential to cause disruption Continuity plan invocation record Continuity plan report S:\Depts\Civil Contingencies\Draft Policy\BCP Policy v1.2 Page 1

1 Policy Statement 1.1 The Civil Contingencies Act 2004 (the Act) has imposed a number of duties on Tyne and Wear Fire and Rescue Authority (the Authority). Business Continuity Planning is one of these duties. This policy will address how the Authority will deal with the issue of Business Continuity Planning and how it will implement specific strategic and departmental continuity plans in order to comply with the Act and contribute to the successful implementation of the Strategic Plan. 2 Introduction 2.1 The Act places a duty on the Authority to ensure that it is prepared, as far as reasonably practical, to continue to provide critical functions in the event of a disruption i.e. ensuring business continuity. This will be achieved by the development of an overall Business Continuity Management File, Department Continuity Plans (DCPs) and Strategic Continuity Plans (SCPs). 2.2 These continuity plans will identify the critical functions carried within departments; they will also identify the events (appendix one) that may impact upon critical functions. Lastly the plans will detail the recovery actions required should a function be disrupted following an event occurring. 2.3 The development of the Authority s Business Continuity Planning process will be carried out in accordance with current and new guidance as it emerges e.g. BS 25999 1 Code of practice for Business Continuity Management. S:\Depts\Civil Contingencies\Draft Policy\BCP Policy v1.2 Page 2

3 Aims 3.1 To ensure that the Authority meets a key requirement of the Act by having plans in place to ensure that critical service functions can be maintained in the event of a disruptive event occuring. 4 Objectives 4.1 To identify those areas which are critical (directly or indirectly) to the achievement of the Authority s mission. 4.2 To identify and assess the likelihood of events occurring with the potential to disrupt critical functions. 4.3 To develop continuity plans that will ensure that the Authority can continue to operate effectively in times of crisis. 4.4 To exercise and validate the effectiveness of continuity to ensure that they are effective and provide value for money. 5 Continuity of critical functions 5.1 Critical functions are defined as those functions which, when disrupted, will have an adverse impact (directly or indirectly) on the Authority s ability to deliver its services. A Business Impact Analysis (BIA) of all critical functions will be carried out at strategic and department level within the Authority. This analysis will be carried out and recorded using the DCP & SCP frameworks and guidance which has been specifically developed for this purpose. All departments will carry out a BIA on those functions which are determined and agreed as critical to the Authority. 5.2 Each department will complete a risk assessment on events which are identified as having the potential to cause disruption to critical functions. The risk assessment will be carried out using RiskPro, the risk assessment software now in use within the Authority. 5.3 The ability to react positively to events is directly related to the prior identification of actions that can be invoked i.e. continuity plans. Each department will develop, as part of their continuity plan, an action plan detailing the continuance of critical functions in times of crisis. S:\Depts\Civil Contingencies\Draft Policy\BCP Policy v1.2 Page 3

5.4 The action plan will identify three distinct recovery phases: 5.4.1 When an event has occurred, or is expected to occur, it will be necessary to consider invoking the Initial Action Plan. This plan will identify the actions required to prevent the situation from deteriorating by ensuring that some form of intervention is taken e.g. in the case of a pandemic influenza the cancellation of fire safety visits may prevent propagation of the virus within fire and rescue personnel. 5.4.2 As a direct follow-on from the initial actions the Partial Recovery Action Plan considers the actions that must be carried out in order to provide the required service in some limited or interim capacity e.g. Should a premise suffer some form of damage, a specific action could be the relocation of essential services utilising any spare capacity within the premise. 5.4.3 The final set of actions detailed in the Full Resumption Action Plan will identify what is required to return the department to the position it was in prior to any event occurring e.g. Ensuring that all remedial works have been completed to the required standard prior to allowing re-occupation of a premise, or part or a premise. 5.4 Following a subjective analysis of the critical functions carried out within the Authority the following departments have been identified as mission critical and, as a consequence, continuity plans covering them will be developed as a matter of priority. The departments are: Community Fire Stations Mobilising and Control Centre Information, Communication and Technology Finance Procurement Technical Services Strategic Management 5.5 Continuity plans will also be developed by the following departments: Territorial Divisions Operations Human Resources Learning and Development Fire Safety Corporate Planning 5.5 A service-wide continuity plan will also be developed for the following events: Pandemic Influenza Loss of Authority premises S:\Depts\Civil Contingencies\Draft Policy\BCP Policy v1.2 Page 4

6 Command and Control 6.1 The activation, notification and escalation procedure for a specific or several continuity plans will be carried out by the department manager or any of their nominees and will depend on whether the event causing disruption to a function is sufficiently serious to warrant the invocation of a plan. Figure 1 overleaf illustrates the typical sequence of actions required should an event occur, these are covered more comprehensively in specific guidance notes contained within the continuity planning procedure. 6.2 Where an event has occurred or is likely to occur then department managers must make an assessment of the event to determine if it will affect their function. The event may be specific to a geographical area or Authority wide. During normal working hours the Civil Contingencies Planning Officer (CCPO) may assist in assessing the event and in determining which continuity plans are likely to be invoked and by whom. 6.3 Continuity plans specific to departments will be held at those locations and will be made familiar to all staff. In addition to this the Authority s BCP will also be held at Control, Service Headquarters, North Division and South Division. The Authority s Corporate Business Continuity Plan will comprise of all continuity plans and implementation guidance. 6.4 Each continuity plan has a named responsible person and two deputies. If an event occurs any of the named persons can invoke the plan. In the event of a named person being unavailable then Control will inform the relevant principal officer who will nominate a duty officer/manager to invoke a plan. 6.5 The practical implementation of any continuity plans will be recorded on the Invocation Report (appendix two). The Invocation Report must be completed as soon as any plan has been invoked, all relevant details shall be recorded and the completed form should be forwarded to the department manager who owns the DCP and a copy sent to the CCPO, SHQ. 6.6 The DCP Report (appendix three) should be commenced immediately following the invocation of a plan. It should be used to record what actions have been taken and their success or otherwise. This will enable poor performance to be addressed and plans to be updated where necessary. At the point where normal services have been resumed the completed form should be forwarded to the department manager who owns the DCP and a copy sent to the CCPO, SHQ. 6.7 The day to day management of an active plan shall be carried out by the named person, nominate or duty officer/manager. S:\Depts\Civil Contingencies\Draft Policy\BCP Policy v1.2 Page 5

S:\Depts\Civil Contingencies\Draft Policy\BCP Policy v1.2 Page 6 Figure 1

7 Business Continuity Management 7.1 Where an incident occurs that is outwith events that have been planned for, the Emergency Management Group (EMG) will convene, the make up of the group will be dictated by the type and scale of the incident. 7.2 The EMG will determine if any of the existing plans available are suitable for use, and its main consideration will be the maintenance of an operational response to fires and special services. 7.3 The EMG will meet at such times that an event has occurred or is imminent; the ongoing need for and frequency of meetings will be determined by the type and scale of event. 7.4 The EMG will be chaired by the Operations & Technical Services Manager or other Principal Officer. The Chair, AM Operations and Civil Contingencies Planning Officer will under normal circumstances determine who shall attend if an event occurs. 7.5 The EMG will consist of a Chair, and representatives from the following departments, deputy managers must be nominated to cover for absence etc: Chair Ops & Technical Manager (or other PO) Corporate Planning Civil Contingencies Planning officer Operations AM Operations and Technical Fire Safety AM Fire Safety Divisional Commander AM North Division Divisional Commander AM South Division Personnel AM Human Resources Control PFCO Control Corporate Planning Corporate Planning Manager ICT ICT Manager Transport Engineering Resource Manager Finance Finance Manager FBU Employee Representative Procurement Procurement Manager Strategic Property Asset Manager Property Services Officer Health and Safety Health and Safety Manager The composition of the group will reflect the event impacting on the Authority and not all representatives will be required to attend. 7.6 Familiarisation training in respect of Business Continuity Planning will be provided to all personnel responsible for the development and maintenance of departmental continuity plans. The responsibility for providing this training and providing any other support in respect of Business Continuity Planning will rest with the CCPO. S:\Depts\Civil Contingencies\Draft Policy\BCP Policy v1.2 Page 7

8 Exercise and Validation of Plans 8.1 All continuity plans will be exercised by the most appropriate means. Specific exercises will allow the efficacy of each plan to be validated, and, where necessary, adjustments to be made. 8.2 The exercising of any continuity plans will be recorded using an Invocation Record (appendix two). The form will be started as soon as any plan has been invoked and all relevant details will be recorded and the completed form forwarded to the CCPO. The Continuity Plan Report (appendix three) will be used once normal working procedures have been reinstated, this form will identify the success or otherwise of the actions taken, the completed form will be returned to the CCPO. 8.3 An exercise schedule will be developed by the CCPO. Exercises will focus upon all actions that have been identified, this will include an audit of any documentation or guidance that has been referenced, external suppliers/contractors relationships will also be verified to ensure ongoing resilience where necessary. 9 Review and Monitoring 9.1 All continuity plans will be reviewed annually. Furthermore, when new and emerging risks to the critical functions of the Authority are identified, continuity plans will be amended to account for these new risks. Continuity plans should also be updated as and when key personnel transfer, or when key suppliers/contractors circumstances change. 9.2 In all cases it is the department manager who will instigate any changes to continuity plans. However, it is imperative that any changes made are communicated to the CCPO. This will ensure that there are no areas of conflict, the TWFRA Business Continuity Management File is updated and that all relevant personnel are aware of changes. 9.3 The CCPO will at all times monitor the Authority s BCP, any areas identified as inadequate will be raised to the relevant manager for amendment or otherwise. 10 Value for money 10.1 The cost of developing continuity plans is negligible as they will be completed by personnel during normal working hours. Moreover, the benefits of producing such plans far outweighs the time and resources utilised. 10.2 The benefits of business continuity in most cases are immeasurable until some event occurs, that without having a robust plan in place, would have caused significant damage. Moreover, the ability to continue with high quality essential services contributes directly to the attainment of the Authority s Mission. 10.3.1 For some recovery plans there will be a cost involved in implementing specific actions, these costs will be identified within the specific plans. These costs will be accommodated within the Authority budget, where appropriate. S:\Depts\Civil Contingencies\Draft Policy\BCP Policy v1.2 Page 8

Appendix One Events with the potential to cause disruption to a function or department. Fire in all or part of a premises Flood affecting all of part of a premises Structural problems affecting all of part of a premises Access to stations or departments Essential service disruption i.e. gas, electric or water Communications failure e.g. radio network, mobile telephones etc Pandemic influenza Widespread industrial action ICT virus attack ICT main server failure ICT sabotage Transport infrastructure failure White powder incident Please note that this list is not exhaustive and other events may occur with the potential to disrupt departmental functions. S:\Depts\Civil Contingencies\Draft Policy\BCP Policy v1.2 Page 9

Appendix Two DCP Invocation Report* Date (dd/mm/yy) Time (hh/mm) Event (brief description of event and potential/actual disruption to function) DCP invoked Action taken (brief overview of initial action taken) Person(s) responsible for actions if different from person completing form) Name Number Control informed Reported to *The completed form must be forwarded to the department manager who owns the DCP; a copy of the form must also be forwarded to the Civil Contingencies Planning Officer, SHQ. S:\Depts\Civil Contingencies\Draft Policy\BCP Policy v1.2 Page 10

Appendix Three TWFRA DCP Report* Event (brief description of event and potential/actual disruption to function) DCP invoked Plan invoked by Number Date (dd/mm/yy) Time (hh/mm) Person(s) responsible for actions if different from person who invoked plan) Name Number *The completed form must be forwarded to the department manager who owns the DCP; a copy of the form must also be forwarded to the Civil Contingencies Planning Officer, SHQ. S:\Depts\Civil Contingencies\Draft Policy\BCP Policy v1.2 Page 11

Initial Recovery Plan Recovery action(s) taken Were the action(s) successful (yes/no) if no what went wrong S:\Depts\Civil Contingencies\Draft Policy\BCP Policy v1.2 Page 12

What could be improved Partial Recovery Plan Recovery action(s) taken Were the action(s) successful (yes/no) if no what went wrong S:\Depts\Civil Contingencies\Draft Policy\BCP Policy v1.2 Page 13

What could be improved Full Recovery Plan Recovery action(s) taken Were the action(s) successful (yes/no) if no what went wrong S:\Depts\Civil Contingencies\Draft Policy\BCP Policy v1.2 Page 14

What could be improved S:\Depts\Civil Contingencies\Draft Policy\BCP Policy v1.2 Page 15

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information