Business continuity plan



Similar documents
BUSINESS IMPACT ANALYSIS.5

NORTH HAMPSHIRE CLINICAL COMMISSIONING GROUP BUSINESS CONTINUITY MANAGEMENT POLICY AND PLAN (COR/017/V1.00)

Creating a Business Continuity Plan for your Health Center

Disaster Recovery Plan (DRP) / Business Continuity Plan (BCP)

Business Continuity Planning Guide

Business Continuity Planning Toolkit. (For Deployment of BCP to Campus Departments in Phase 2)

BUSINESS CONTINUITY POLICY

BUSINESS CONTINUITY PLAN

PAPER-6 PART-1 OF 5 CA A.RAFEQ, FCA

Unit Guide to Business Continuity/Resumption Planning

Ohio Supercomputer Center

Emergency Response and Business Continuity Management Policy

Business Continuity Management Policy

Clinic Business Continuity Plan Guidelines

All-Hazard Continuity of Operations Plan. [Department/College Name] [Date]

Coping with a major business disruption. Some practical advice

Building and Maintaining a Business Continuity Program

Business Continuity Plan

Business Continuity Planning and Disaster Recovery Planning

University of Nottingham Emergency Procedures and Recovery Policy

BUSINESS CONTINUITY PLAN

CENTRAL BANK OF KENYA (CBK) PRUDENTIAL GUIDELINE ON BUSINESS CONTINUITY MANAGEMENT (BCM) FOR INSTITUTIONS LICENSED UNDER THE BANKING ACT

Business Continuity Policy & Plans

It s the Business! Business continuity considerations for all organisations

Table of Contents... 1

South West Lincolnshire NHS Clinical Commissioning Group Business Continuity Policy

Interagency Statement on Pandemic Planning

Business Continuity & Disaster Recovery

Joint Universities Computer Centre Limited ( JUCC ) Information Security Awareness Training- Session Three

FORMULATING YOUR BUSINESS CONTINUITY PLAN

Guideline on Business Continuity Management

Federal Financial Institutions Examination Council FFIEC BCP. Business Continuity Planning FEBRUARY 2015 IT EXAMINATION H ANDBOOK

ASX CLEAR (FUTURES) OPERATING RULES Guidance Note 10

Clinic Business Continuity Plan Guidelines

Information Services IT Security Policies B. Business continuity management and planning

BUSINESS CONTINUITY PLAN

Best Practices in Business Continuity Planning in Higher Education

NHS 24 - Business Continuity Strategy

PROCEDURES BUSINESS CONTINUITY MANAGEMENT FRAMEWORK PURPOSE INTRODUCTION. 1 What is Business Continuity Management? 2 Link to Risk Management

ASX SETTLEMENT OPERATING RULES Guidance Note 10

Critical Incident Management Policy

AUSTRACLEAR REGULATIONS Guidance Note 10

Assessment of natural hazards, man made hazards, technical and societal related risks and associated impact.

University of Sunderland Business Assurance Information Security Policy

Business Continuity Planning and Disaster Recovery Planning. Ed Crowley IAM/IEM

Business Continuity. Is your Business Prepared for the worse? What is Business Continuity? Why use a Business Continuity Plan?

Statement of Guidance

Bus incident management planning: Guidelines

Business Impact Analysis (BIA) and Risk Mitigation

How to write a DISASTER RECOVERY PLAN. To print to A4, print at 75%.

Federal Financial Institutions Examination Council FFIEC. Business Continuity Planning BCP MARCH 2003 MARCH 2008 IT EXAMINATION

DASTA Guide to Business Continuity (BC) and Disaster Recovery (DR) Planning

[INSERT NAME OF SCHOOL] BUSINESS CONTINUITY PLAN

RISK AND DISASTER MANAGEMENT: SOME USEFUL TOOLS AND RESOURCES FOR BUSINESSES AND ORGANISATIONS

November 2007 Recommendations for Business Continuity Management (BCM)

CONTINUITY OF OPERATIONS PLAN TEMPLATE

Business Continuity Planning

Business Continuity Management For Small to Medium-Sized Businesses

Business Continuity Management

Guideline - Business Continuity Plan

Desktop Scenario Self Assessment Exercise Page 1

Operational Risk Publication Date: May Operational Risk... 3

Guidance Note XGN XXX.1

Disaster Recovery and Business Continuity Plan

Disaster Recovery Plan Checklist

BUSINESS CONTINUITY PLANNING

IT Disaster Recovery Plan Template

Assessing Your Disaster. Andrews Hooper Pavlik PLC. Andrews Hooper Pavlik PLC

Performance Indicators for Disaster Recovery

Charities & Not for Profit Protecting your organisation, supporting its success. Risk Management Insurance Employee Benefits Investment Management

Business Continuity. Introduction. Safer Business - Better Health. Issue date - December 2007

Community Emergency Planning Guide

Chapter I: Fundamentals of Business Continuity Management

Business Continuity Plan

Information Security Policy. Chapter 11. Business Continuity

Business Continuity (Policy & Procedure)

Disaster Recovery Plan

Joint Universities Computer Centre Limited ( JUCC ) Information Security Awareness Training- Session Four

BUSINESS CONTINUITY MANAGEMENT FRAMEWORK

Preparing a Disaster Recovery Plan (Church)

Temple university. Auditing a business continuity management BCM. November, 2015

How To Manage A Disruption Event

Care Providers Protecting your organisation, supporting its success. Risk Management Insurance Employee Benefits Investment Management

BUSINESS CONTINUITY PLANNING

Business Continuity Planning Manual. Version 1

Western Washington University Basic Plan A part of Western s Comprehensive Emergency Management Plan

<Client Name> IT Disaster Recovery Plan Template. By Paul Kirvan, CISA, CISSP, FBCI, CBCP

Update from the Business Continuity Working Group

BUSINESS CONTINUITY MANAGEMENT GUIDELINES FOR BANKS AND FINANCIAL INSTITUTIONS

Information Security Management System. Business Continuity and Disaster Recovery Plan Policy. The Smart Cube. Description Change

Shankar Gawade VP IT INFRASTRUCTURE ENAM SECURITIES PVT. LTD.

Version: 3.0. Effective From: 19/06/2014

Disaster Recovery Plan Documentation for Agencies Instructions

Transcription:

Business continuity plan CONTENTS INTRODUCTION 2 - Scope - Components BUSINESS IMPACT ANALYSIS 3 - Business Affairs - Information Technology RISK ASSESSMENT 5 - Broad Categories of Hazards - Hazard Table RISK MANAGEMENT / CONTINUITY PLANNING 6 - Policy - Department Plans DEPARTMENT / UNIT PLAN TESTING & MAINTENANCE 8 - Testing - Training - Plan Maintenance APPENDIX 1 Guide for recovery planning 9

INTRODUCTION Business continuity planning is the process whereby organisations ensure the maintenance of critical operations when confronted with adverse events such as natural disasters, technology failures, human errors or terrorism. The objectives of our business continuity plan is to minimise loss to the organisation, continue to serve clients, and maintain administrative operations. DRYRIGHT has an obligation to protect and maintain our agreed level of service to clients in the event of a major interruption to our operation. These obligations extend to a responsibility for each area of the business to be able to meet its individual obligations. This includes the ability to provide the services expected of us and to carry out functions critical to our business should an event occur that interrupts the normal course of operations. Failure to have an adequate continuity plan could lead to financial disaster and interruptions of critical services. SCOPE Our disaster plan addresses health, life and safety issues. As a minimum, the our business continuity plan (BCP) assumes the following have been restored: - Police, Fire and Ambulance services. - Electricity, water, reasonable climate control, and adequate lighting. - Access to and egress from the office and administrative facilities. Business continuity planning encompasses maintaining and recovering the business, not just the recovery of technology. Business continuity planning requires both a business-wide plan and individual plans for operating units and sub contractors that are responsible for critical functions. Mission critical functions are processes that are essential to ensure loss to the organisation is minimised, clients continue to be served, and administrative operations are resumed safely and effectively. COMPONENTS The commonly accepted components of a Business Continuity Plan are: Business Impact Analysis identifies critical business processes, assigns estimates of maximum allowable downtime, and designates priorities for restoration. Risk Assessment identifies specific threats, assesses vulnerability to those threats, and assigns degree of risk associated with each threat. 2

Risk Management / Continuity planning utilises the Risk Assessment to determine which risks should be managed; and provides a written, widely disseminated, and exercised plan on actions necessary to get the business up and running in the event of disruption associated with those risks. Testing and Updating establishes mechanisms to exercise the plan and keep it current. 3

BUSINESS IMPACT ANALYSIS The first step in business continuity planning is determining critical mission processes and the interdependencies between processes that must continue to exist for DRYRIGHT to function. Critical processes generally fall into one of three general categories; Safety and Security Activities needed to sustain a safe and secure environment for staff, the visiting public and surrounding community. While the Disaster Recovery Plan addresses restoring safety and security, the Business Continuity plan may be concerned with sustaining those functions for an extended period. Business Support Services Activities that allow DRYRIGHT to maintain necessary business operations, safeguard assets, and ensure the financial viability of the business. Examples include payroll, revenue collection, accounts payable, and financial reporting. INFORMATION TECHNOLOGY The core services provided by Information Technology (e.g. telephone, network, administrative software applications) are considered basic to the recovery of most if not all of our business processes. Critical documents are backed up both locally and via cloud storage (on-line backup). 4

RISK ASSESSMENT The second step of business continuity planning is to determine the potential hazards or threats that could affect DRYRIGHT, assess the likelihood of their occurrence, and analyse our vulnerability. This analysis then forms the basis for preparing the continuity plan. More time and resources are spent planning for and, where possible, preventing disasters that are judged to have both a high likelihood or occurrence and a high level of severity. BROAD CATEGORIES OF HAZARDS DRYRIGHT recognises that the planning process must address each hazard that threatens the business. DRYRIGHT are vulnerable to a wide range of threats ranging from negatives impacts from natural and technological hazards. The natural hazards and technological or man-made hazards that confront DRYRIGHT include: Natural Hazards Floods Fires Extreme weather / Storm Technological / Man-made Hazards Utility / telecom failure Hazardous Materials Major Vehicle Accident Aeroplane Crash Terrorism A hazard matrix that depicts the likelihood of occurrence and severity level of each of these hazards is listed below:- Hazard Table Hazard Likelihood of Severity Occurrence Likely Unlikely High Moderate Low Flood X X Air Crash X X Structural Collapse X X Disease Outbreak X X Utility Failure X X Power Failure X X Telecom Failure X X Major Fire X X Extreme Weather X X Terrorist Threat X X 5

RISK MANAGEMENT / CONTINUITY PLANNING POLICY Each department of DRYRIGHT has appointed a person responsible for continuity planning. This person will be the department s focal point for determining which of its area operates processes that are critical and ensuring those processes are identified and protected. Each department will ensure that any person or area of the business responsible for critical business processes develop a Business Continuity Plan that enables them to continue to perform those critical functions and services in the event of disaster. Specifically, units have been set up at external premises which will be fully operational in the event of a major disruption to the critical business or premises. Staff are provided with homebased technology enabling them to service clients from their home base, if required. Managements will provide central coordination of the continuity planning process to assist departments in determining space, equipment, and services that might be available within the current premises and to make the planning process coherent across the business. DEPARTMENT PLANS The plan for operational continuity shall contain clear strategies and procedures needed to continue operations and execute a recovery in the event of an interruption that compromises the ability of the operating unit to carry out its critical functions. The determination that an interruption has occurred may be made by the individual department manager/director. Department/Unit plans will follow business continuity planning principles described in this document. The Department/Unit BCP should be developed by completing and documenting these steps: Determine which subset of critical business process(s) are being addressed by the department/unit plan. Develop a unit risk analysis that uses this document as a guide and identifies risks and / or hazards that might reasonably pose a threat to the operating unit s ability to function. The unit risk analysis should examine threats as they apply to the operating unit. Identifying existing and easily implemented controls to avoid these risks and hazards. 6

Develop and document procedures for recovering all or part of the highest priority functions, given specific failure scenarios and time horizons. Determine whether each process could be suspended or degraded or whether it must be fully operational immediately. In many cases, service levels may be considerably less than existed prior to interruption, but nevertheless sufficient to sustain the critical mission function for some time. Determine the time frame for full recovery of critical functions if a degraded service level is deemed initially acceptable. Identify alternate work sites or other temporary facilities for the most critical functions. Provide for the ongoing back up of critical data and protection of critical equipment. Assign local recovery roles, responsibilities, and authority. Develop procedures for recovering impacted operations quickly, and strategies for providing programs and services under various emergency conditions. Determine when the plan needs to be activated and identify who within the department/unit is authorised to implement the plan. Identify all persons with copies of the plan. Store at least one current copy in an off-site facility with immediate availability. Maintain the list of resources, suppliers etc, with which the unit has agreements for the provision of services, supplies, or equipment to be used in the event of an interruption of operations. Establish procedures for contacting appropriate departments, senior personnel and suppliers in the event of an interruption of operations. Establish procedures for return to full, normal operations of the operating unit, including that of non-critical functions. 7

DEPARTMENT / UNIT PLAN TESTING AND MAINTENANCE TESTING Unit Business Continuity Plans must be exercised no less frequently than once every two years. This exercise will include the following: Identifying exercise objectives. Conducting exercise to validate the viability of the plan. Documenting results and the steps proposed to correct any problems. Making appropriate changes to the plan. TRAINING Departments/Units will ensure that training on the use of the plan is provided to enable all staff to be adequately trained to fulfil their responsibility in support of the recovery process. Training for new employees should be carried out within 60 days of their start date. Plans should be reviewed by the Department / Unit head once per year. In particular, the unit head should ensure that: Critical functions have been identified. Continuity and recovery strategies are in place. Documentation for the plan is current. Minimum levels of required operation and recovery time frames have been set. Exercising of the plan has been completed during the last 24 months. PLAN MAINTENANCE Department / Unit heads must evaluate the impact of changes within the department/unit, make appropriate plan updates, and communicate changes to persons holding copies of the plan. 8

APPENDIX ONE The following questions will aid DRYRIGHT, their operating companies, and departments/units in providing specific guidance for recovery planning in their constituent departments: What are your department s business interdependencies? What do you need from other departments to perform critical functions? What departments depend on you to perform critical functions? Are there days of the week or month, or months of the year, when a major emergency would be even more disruptive than at other times? Is your essential data backed up regularly? Would the information be accessible if your building was closed, or if your network was down? Does your Department/Unit have planning documents for continuing operations in the event of disaster? Is there a process for tracking the cost of business recovery (including funds spent on overtime, special materials / supplies, temporary personnel, etc) and a mechanism for distinguishing emergency recovery costs from other business expenditures? - Are special supplier / contractor arrangements necessary for your department to ensure continuity of services? - Does your Department / Unit have a method to make emergency purchases? What human resources would you need to restore your most critical functions? - Do your employees have personal emergency preparedness plans for their households? - If only 50% of your staff could return to work, could you open? - Can some employees telecommute during a disaster? What can you do now to plan for that? What equipment is necessary for the department/unit to perform its functions? Have precautions been taken to secure essential equipment in the event of most likely emergencies? How would you replace equipment within hours or days to be able to resume normal business? If your department couldn t use its office space to operate, how much space would you need to relocate? What kinds of equipment are essential for performing your unit s critical functions? 9

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information