Business Continuity Policy
>
Statement of Policy
Amongst GKN’s Values is a commitment to continuously improving products and services
in order to exceed customers’ expectations and to treat suppliers fairly. An integral part
of this is the mitigation and management of all accidental risk.
>
General Principles
Where risk cannot be eliminated, and a threat to GKN assets, employees, production or
the environment in which they operate materialises, GKN companies must have a
Business Continuity Plan (BCP) to minimise disruption and ensure the earliest resumption
of business, with least inconvenience to customers.
Risk assessment is the key to formulating a picture of the overall vulnerabilities to each
operation. Risks assessed in each of the key policy areas defined by the Group Risk
Management Council (Health and Safety, Environment, Supplier Management, Plant and
Process Design and Risk Management) are compiled to produce a risk profile for the site.
The principal risks identified by the risk profile must be addressed in the BCP.
>
Practice
In practice, a BCP will be produced using some or all of the elements in the guidelines set
out below. In the preparation of the plan all key internal stakeholders and local
community leaders, emergency services and utilities providers should be consulted.
The BCP will be published with a copy being retained by each member of key personnel
internally, as identified in the plan. Consideration should also be given to providing
copies to the emergency services.
There must be a description of the allocation of responsibilities and how the process will
be initiated should an incident occur. There must also be arrangements to rehearse or
test the plan periodically and to update it accordingly.
>
Guidelines
The overall contents of a plan should include, but need not be limited to:
Procedure:
Index
Aim and objectives
Note of key personnel
Call out arrangements and contact particulars
Liaison with local emergency services
Identity of key personnel who may effect the plan
Actions on triggering the plan
Chronological response
•
•
•
•
•
•
•
•
v1 – June 2006
-1-
What contingencies will be dealt with:
• List of key vulnerabilities identified by Risk Assessment and Risk Profile
o Health and safety
o Environment
o Business interruption
o Supply and supplier management and logistics
o External incidents
o Public liability
o Product liability
o IT/IS
o Terrorism, civil disorder
How the plan will be put into action:
• Incident checklist
• Incident centre – including alternative accommodation
• Emergency centre equipment list
• Services
• Press and dealing with the media
• Human resources
• IT/IS alternative arrangements and recovery plan
• Security
• Alternative providers of key production activities
Appendices to a plan should include:
• Website of source for political and counterterrorist information, for example,
http://www.crg-online.com/
• Contact numbers for
o Key personnel
o Emergency services
o Internal GKN emergency responders
o Hospitals
o Contractors
o Utilities
• Sample log book for use in cataloguing incident
>
Measures and Metrics
Suitable measures must be chosen to assess the timeliness and completeness of the
deployment of the plan and should be used in rehearsals to confirm the effectiveness of
the plan.
The metrics should also take account of critical response times, for example, to ensure
that customers are not starved of product in a “just in time” environment.
>
Assurance
Internal review of the plan should be effected by way of suitable practice or rehearsal of
the plan.
v1 – June 2006
-2-
External specialists in this field may also be contracted to provide an objective
assessment of the plan and response times, along with recommendations for
improvements.
In any event the plan must be reviewed at each risk profiling exercise.
This Policy must be read in conjunction with the GKN Code, the other GKN Policies and
the requirements regarding their implementation.
v1 – June 2006
-3-