BUSINESS CONTINUITY STRATEGY 2014-2017



Similar documents
Business Continuity Management

University of Glasgow. Policy for. Business Continuity Management

Business Continuity Management Policy and Framework

Business Continuity Management Policy

HEALTH AND SOCIAL CARE BOARD POLICY ON BUSINESS CONTINUITY MANAGEMENT

Birmingham CrossCity Clinical Commissioning Group. Business Continuity Management Policy

Appendix 2 - Leicester City Council s Business Continuity Management Policy Statement and Strategy Business Continuity Policy Statement 2015

Business Continuity Policy and Business Continuity Management System

Business Continuity Policy

1.0 Policy Statement / Intentions (FOIA - Open)

Business Continuity Management

Community and Built Environment Localities and Safer Communities Business Continuity Management Policy Andrew Fyfe

PS 170 Business Continuity Management Policy

Business Continuity Management

Appendix 1 - Leicester City Council s Business Continuity Management Strategy and Policy Statement

WILTSHIRE POLICE FORCE POLICY

Business Continuity (Policy & Procedure)

Business Continuity Management Policy

Emergency Response and Business Continuity Management Policy

POLICY. 1) Business Continuity Management 2) Disaster Recovery 3) Critical Incident Management 4) Risk Management

Council Policy Business Continuity Management

WEST YORKSHIRE FIRE & RESCUE SERVICE. Business Continuity Management Strategy

By. Mr. Chomnaphas Tangsook Business Director BSI Group ( Thailand) Co., Ltd

Business Continuity Business Continuity Management Policy

Business Continuity Policy

BUSINESS CONTINUITY MANAGEMENT FRAMEWORK

Essex Clinical Commissioning Groups. Business Continuity Management System. Scope and Policy

Solihull Clinical Commissioning Group

Business Continuity Management Framework

CENTRAL BANK OF KENYA (CBK) PRUDENTIAL GUIDELINE ON BUSINESS CONTINUITY MANAGEMENT (BCM) FOR INSTITUTIONS LICENSED UNDER THE BANKING ACT

Proposal for Business Continuity Plan and Management Review 6 August 2008

How To Manage A Disruption Event

External Supplier Control Requirements BCM

Business Continuity Policy

EMERGENCY PREPAREDNESS POLICY

NORTH HAMPSHIRE CLINICAL COMMISSIONING GROUP BUSINESS CONTINUITY MANAGEMENT POLICY AND PLAN (COR/017/V1.00)

Annex 1. Business Continuity Management Policy

Principles for BCM requirements for the Dutch financial sector and its providers.

HOW THE SCHOOL HAS IMPLEMENTED BUSINESS CONTINUITY MANAGEMENT. Andrew Webb Director of Business Continuity

NHS ISLE OF WIGHT CLINICAL COMMISSIONING GROUP BUSINESS CONTINUITY POLICY

Business Continuity Management

BCP and DR. P K Patel AGM, MoF

Business Continuity Management Policy

Update from the Business Continuity Working Group

PAPER-6 PART-1 OF 5 CA A.RAFEQ, FCA

Prudential Standard CPS 232 Business Continuity Management

Business Continuity Management Framework

DRAFT BUSINESS CONTINUITY MANAGEMENT POLICY

Business Continuity Policy

London Borough of Bromley. Executive & Resources PDS Committee. Disaster Recovery Plans for London Borough of Bromley

BS BUSINESS CONTINUITY MANAGEMENT

Business Continuity Management

Business Continuity - IT Disaster Recovery Discussion Paper - - Commercial in Confidence Version V2.0R Wednesday, 5 September 2012

Global Statement of Business Continuity

HOW CAN YOU ENSURE BUSINESS CONTINUITY? ISO AUDITS, CERTIFICATION AND TRAINING

Business Continuity Management

ISO 22301: Societal Security Terminology ISO 22313: BCMS Guidance ISO 22398: Exercises and Testing - Guidance

CHAPTER 1: BUSINESS CONTINUITY MANAGEMENT STRATEGY AND POLICY

Essex Clinical Commissioning Groups. Business Continuity Management System. Business Impact Analysis Process

BUSINESS CONTINUITY PLANNING GUIDELINES

Guideline - Business Continuity Plan

Business Continuity Management Policy

Business continuity management policy

Business Continuity Guidance for Suppliers & Contractors. Blackburn with Darwen Borough Council

Institute for Business Continuity Training 1623 Military Road, # 377 Niagara Falls, NY

INSURANCE REGULATORY AUTHORITY IRA/PG/ GUIDELINE TO THE INSURANCE INDUSTRY ON THE BUSINESS CONTINUITY MANAGEMENT

NOT PROTECTIVELY MARKED BUSINESS CONTINUITY. Specialist Operations Contingency Planning Business Continuity Manager

BSO Board Director of Human Resources & Corporate Services Business Continuity Policy. 28 February 2012

BUSINESS CONTINUITY MANAGEMENT POLICY

CITY UNIVERSITY OF HONG KONG Business Continuity Management Standard

State of South Carolina Policy Guidance and Training

Bank of Papua New Guinea Prudential Standard BPS251: Business Continuity Management

Business Continuity and Disaster Recovery Policy

Temple university. Auditing a business continuity management BCM. November, 2015

--- Sunshine Coast Council ~1'/12- ORGANISATIONAL POLICY. Business Continuity Management Policy

Business Continuity. Is your Business Prepared for the worse? What is Business Continuity? Why use a Business Continuity Plan?

EMERGENCY MANAGEMENT POLICY

abcdefghijklmnopqrstu

EPRR: Toolkit Facilitator Guide

London Local Authorities Business Continuity Guidance for Suppliers & Contractors

How To Manage A Business Continuity Strategy

Information Security Policy. Chapter 11. Business Continuity

APPENDIX 50. Enterprise risk management - Risk management overview

Business Resiliency Business Continuity Management - January 14, 2014

Disaster Recovery Policy

Enterprise South Liverpool Academy

Business Continuity Business Impact Analysis arrangements

Business Continuity and Risk Management. Ken Kaberia Principal BCM Officer, Enterprise Risk Safaricom Limited

Shankar Gawade VP IT INFRASTRUCTURE ENAM SECURITIES PVT. LTD.

Tips and techniques a typical audit programme

" # $% "%&$& Lesley Fayers Exercising the BCP workbook.doc Page 1 of 12

Risk Management & Business Continuity Manual

London Borough of Merton

Business Continuity Management. Policy Statement and Strategy

PAPER-6 PART-3 OF 5 CA A.RAFEQ, FCA

Update from the Business Continuity Working Group

BUSINESS CONTINUITY POLICY

#316 The Security Elements of Business Continuity & Disaster Recovery Plans

Information Services IT Security Policies B. Business continuity management and planning

BUSINESS CONTINUITY MANAGEMENT POLICY

Transcription:

BUSINESS CONTINUITY STRATEGY 2014-2017 This strategy covers the period 01 April 2014 31 March 2017 and was approved by the Major Incident Working Group 19.03.2014 Caroline Rushmer Major Incident and Business Continuity Manager Oxford Brookes University Business Continuity Strategy Version 0.3 Page 1

Document Name: Oxford Brookes University Business Continuity Strategy 2014-2017 Document Owner: Caroline Rushmer Version Control Version Date Change 0.1 24.05.2013 First draft 0.2 09.01.2014 Second draft 0.3 19.03.2014 Approved by MIWG Sign off Control Version Committee Name Date of Final Sign Off 0.3 Major Incident Working Group 19.03.2014 0.3 Executive Board 31.03.2014

Contents Introduction... 4 Business Continuity Management Framework... 4 Aim... 4 Key Objectives... 4 Key Objective 1 Maintain, develop and review directorate and faculty BCPs and BIAs and IT DR plan... 6 Key Objective 2 Ensure that we have knowledgeable, experienced and effective BC teams within faculties and directorates through BCP exercises and testing, including the Information Technology Disaster Recovery Plan (IT DR)... 7 Key Objective 3 Embed BCM within the organisation and create an ethos whereby building resilience and mitigating vulnerability should be regarded as an aspect of normal business under strategic direction (BCPs)... 7 Key Objective 4 Increase risk awareness and horizon scanning... 8 Key Objective 5 Roles and responsibilities... 8 Acronyms used in Oxford Brookes Major Incident and Business Continuity documents: BC BCM BIA CIO IT DR MI MIP MIT MIWG MADL MAPD RTO SMT Business Continuity Business Continuity Management Business Impact Analysis Chief Information Officer Information Technology Disaster Recovery (Plan) Major Incident Major Incident and Business Continuity Manager Major Incident Plan Major Incident Team Major Incident Working Group Maximum Acceptable Data Loss Maximum Tolerable Period of Disruption Major Incident and Business Continuity Manager Recovery Time Objective Senior Management Team

Introduction Oxford Brookes University has a robust business continuity methodology and processes. Over the past three years many improvements have been made including the publication of an updated BC plan (BCP) in line with the University s redesigned Major Incident Plan (MIP), both of which are aligned to sector good practice. An updated Business Continuity Policy has been published and a Major Incident and Business Continuity Google site has been developed as a central repository of key documentation. Staff receive regular training and are involved in MI and BC exercises. The following document outlines the strategy to achieve an integrated business continuity and major incident management process for Oxford Brookes. The overall objective of the strategy is to try and ensure that organisational resilience is effective and becomes embedded as part of good management practice. The strategy identifies the measures that should be taken over the next three years to ensure that Oxford Brookes develops a resilience in terms of preventing or minimising the effects of a major incident, whatever the cause, and ensuring the swift recovery from it. The strategy starts by defining business continuity in an operational framework followed by 6 key aims. It then moves on to identify 5 key objectives and methodologies for obtaining the objectives stated. Business Continuity Management Framework Business Continuity Management is defined as an operational framework that seeks to: Aim 1. Understand its critical activities and maintaining the capability to resume operations within agreed timeframes, following the deployment of a contingency planning response. 2. Increase resilience by protecting critical assets and data (electronic and otherwise) through a co-ordinated approach to management and recovery. 3. Minimise impacts using a focused, well-managed response activity. OBU Business Continuity Policy Statement 2012 To improve organisational resilience through robust plans to respond to, manage and recover from any sudden disruption of business. Specifically: 1. Ensure the safety of students, staff, visitors and the local community. 2. Ensure as far as practicable that critical processes and resources are recovered in the event of major incident before their non-performance threatens the long term performance of part, or all, of the University. 3. Maintain the reputation of the organisation. 4. Complement the university s Risk Management framework by identifying and planning for high impact scenarios where BCM is the appropriate risk mitigation strategy. 5. Provide a framework of management and decision making that will result in an agreed recovery program that has minimised the impact of the event. 6. Comply with good practice and sector standards. Key Objectives 1. Maintain, develop and review directorate and faculty BCPs and BIAs and IT DR plan.

2. Ensure that we have knowledgeable, experienced and effective BC teams within faculties and directorates through BCP exercises and testing, including the Information Technology Disaster Recovery Plan (IT DR). 3. Embed BCM within the organisation and create an ethos whereby building resilience and mitigating vulnerability should be regarded as an aspect of normal business under strategic direction (BCPs). 4. Increase risk awareness and horizon scanning. ISO22301:12 follows on from BS25999

Key Objective 1 Maintain, develop and review directorate and faculty BCPs and BIAs and IT DR plan 1.1 BCPs will be reviewed annually as a whole and individual plans as required following the occurrence of an incident or following recommendations from an exercise /BCP owners Review dates in diaries and staff tasked publication 1.2 BCPs will have 6 monthly updates to contact details /BCP Review dates in owners diaries and staff 1.3 BIAs will be reviewed annually as a whole and individual plans as required following the occurrence of an incident or following recommendations from an exercise 1.4 Review faculty and directorate BCP and BIA plans annually to ensure that they are current and meet the needs of the University /BCP owner tasked Review dates in diaries and staff tasked Completion of annual updates Annually on anniversary of Annually in vember and May Annually on anniversary of publication Annually (July) and report to MIWG 1.5 BCP and BIAs to be updated within 6 months of any organisational change / BCP owner Diaried time Within 6 month of change 1.6 Ensure up to date BC and BIA plans are available to relevant staff via the University Updates received Diaried 6 monthly MIBC Google Site from plan owners 1.7 Review IT DR plan annually to ensure that they are current and meet the needs of the University Updates received from OBIS Annually (August) 1.8 Review, update and publish Campus Closure Plan Updates received Annually (December) 1.9 Ensure up to date copy of University Flu Pandemic Plan and Meningitis Plan is available on the MIBC Google Site Updates received Annually (December) 1.10 Maintain and update contact lists for MIT Receiving updates from MIT 1.11 Following incidents, workshops, exercises or audits, follow up and implement any recommended actions with those listed for actions Diaried time Twice yearly December and July and on staff changes Within 3 months Oxford Brookes University Business Continuity Strategy Version 0.3 Page 6

Key Objective 2 Ensure that we have knowledgeable, experienced and effective BC teams within faculties and directorates through BCP exercises and testing, including the Information Technology Disaster Recovery Plan (IT DR) 2.1 Run a rolling of exercises for faculty and directorates so as to validate plans are complete and accurate and to familiarise staff with the contents and their Participation by faculty and roles within BC plans directorate staff. Diaried time 2.2 Post BCP exercise, produce a report and recommended actions. Follow up and implement any recommendations. Ensure documents updated and re-published Diaried time Within 3 months of test 2.3 Run a IT DR plan exercise so as to validate plans are complete and accurate and to /CIO Diaried time Annually familiarise staff with the contents and their roles 2.4 Post IT DR exercise, produce a report and recommended actions. Follow up and Diaried time Within 3 months implement any recommendations. Ensure documents updated and re-published 2.5 Biennial exercise of the MIP with the MIT Agreed aim of exercise and MIT participation Bi-annually in October 2.6 Ensure that all first responders receive regular training on correct response and procedures with EFM Diaried time Annual training in July Key Objective 3 Embed BCM within the organisation and create an ethos whereby building resilience and mitigating vulnerability should be regarded as an aspect of normal business under strategic direction (BCPs) 3.1 Regular training and exercises throughout the organisation to continuously develop responders knowledge and capability Participation by faculty and directorate staff. Diaried time 3.2 Provide new members of University, Faculty and Directorate SMT with an introduction to MIP, BC and BIA plans within first 3 months service 3.3 Work with Corporate Affairs to ensure effective communication policy / strategy is maintained and updated 3.4 Review BC capability of key suppliers of services and goods as per agreed policy and report back results to MIWG 3.5 Ensure MIT Command Centre locations are ready for operations by testing telephones, data points and battle boxes 3.6 Maintain and develop the Google Site for Major Incident and Business Continuity Management so that key documents and contact lists are available on and off-campus Participation by new staff and diaried time On going C/A Availability of CA staff Review January and June FLS applying policy Diaries dates December and August Ongoing

Key Objective 4 Increase risk awareness and horizon scanning 4.1 Increase risk awareness through training and exercises. Participation by University SMT, faculty, directorate staff. Diaried time 4.2 Liaise with Police, Oxfordshire Resilience Group, HE Business Continuity Network. Diaried meetings Attend meetings, courses and conferences. and E-mail updates Annual conference, quarterly meetings Key Objective 5 Roles and responsibilities 5.1 The Board of Governors has responsibility for overseeing the Major Incident and Business Continuity Management within the University as a whole. Registrar 5.2 The Registrar is responsible for development specific s and procedures for establishing and maintaining major incident and business continuity development and Registrar testing activities 5.3 The Registrar is responsible for co-ordinating the University s response to a major Registrar incident in line with the Major Incident Plan 5.4 The Registrar is the Chair of the Major Incident Working Group which meets quarterly and oversees the development of formal incident and business continuity procedures Registrar

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information