Business
Continuity Plan
October 2021
1
Contents
Contents
2
Document Details
3
Ownership & Location
3
Document History
3
Document Approvals
4
Introduction and Purpose
5
What situations should be dealt with under the BC Plan?
5
Roles & Responsibilities
6
Incident Management Process
7
Phase 1: General Incident
8
Phase 2: Potential BC Incident
11
Phase 3: BC Incident
12
Appendix 1 – Business Continuity Policy
17
Appendix 2 – Crisis Management Team
17
Appendix 3 – Senior Executive
19
Appendix 4 – Red/Yellow Alert guidance
20
Appendix 5 – Key Stakeholders and communication methods
21
Senior Managers’ contact information
23
Institute and Awarding bodies contact information
25
Government bodies contact information
25
Critical clients
26
Critical Supplier and Vendor Contact Information
27
Appendix 6 – Example Scenarios and Proposed Recovery Strategy
27
Appendix 7 – Business Process and Location Risk Assessment
43
Appendix 8 – Alternate Site Information
43
Appendix 9 – Building Contacts - Internal and External
44
Appendix 10 - Pearson UK Insurance Cover
44
Appendix 11 - Pearson UK IT Service Continuity Plan
44
Appendix 12 – Incident Management - BC Escalation Chart
45
Appendix 13 – Pearson UK Incident Report Template
49
Pearson TQ Business Continuity Plan
Author: Garrie Owens
Approver: PTQ VP, Martyn Leader
DCL3 Confidential
Version 2.0
October 2021
Page 2 of 50
Document Details
Ownership & Location
The Business Continuity Crisis Management Team (CMT) is the owner of this document. The current
version of this document is available to specified members of staff in the Pearson TQ Business
Development directory
Document History
Version
Revision Date
Author(s)
1.0
April 2019
GO
2.0
Oct 2021
GO
Summary of Change(s)
•
•
•
•
•
•
•
•
•
•
Signature added P2
Table Page 2 updated
Page 3 update cycle added
P12 BCP incident apprenticeship communication
methods updated
P14 BCP Plan learner contact plan updated
P25 Government bodies contact information table
update
P26 Critical Clients updated
Appendix 1 updated
Appendix 7 updated
Appendix 8 updated
Note: Prior to version 4.1 the Business Continuity Policy was incorporated into the Business Continuity
Plan. Pearson took the decision to separate the policy from the plan during the 2017 revision process in
order to simplify the plan and provide clarity and focus on resolution in the event of an emergency.
Pearson TQ Business Continuity Plan
Author: Garrie Owens
Approver: PTQ VP, Martyn Leader
DCL3 Confidential
Version 2.0
October 2021
Page 3 of 50
Document Approvals
Overall Responsible Officer
VP Pearson TQ Martyn Leader.......................... Date......................................
The Business Continuity Crisis Management Team (CMT) are the approvers of this document.
Role
Name
Date of Issue
Version
VP
Martyn Leader
20 Oct 21
Operations Manager UK
Mike McHale
2.0
Head of Apprenticeships
Poppy Carter Mills
2.0
Senior Quality Manager
Neil Saunders
2.0
MIS and Funding Compliance
Manager
Rhys Ling
2.0
Health & Safety, Compliance and
Quality Manager
Daniel McGlynn
2.0
Head of Business Development
Garrie Owens
2.0
Head of Business Development
Fay Granville
2.0
HR Business Partner
Victoria Hayden
2.0
Operations Manager and BCC
secretary
Tina Hutchinson
2.0
Head of IT
TBC
2.0
Health & Safety, Compliance and
Quality Manager
Daniel McGlynn
2.0
Graphics and Social Media Manager
Jenny Stratford
2.0
Head of Finance
Giorgio Puzzella
2.0
General Counsel
Suzanne KingChristopher
2.0
Signature
2.0
Signed off at
SMG
meeting 19th
Oct 21
Pearson TQ Business Continuity Plan
Author: Garrie Owens
Approver: PTQ VP, Martyn Leader
DCL3 Confidential
Version 2.0
October 2021
Page 4 of 50
Introduction and Purpose
This plan has been created in accordance with the Pearson Global Business Resilience Policy, see
Appendix 1 (Global Business Resilience Policy). It is for use by the Crisis Management Team, Senior
Leadership and Senior Management within PTQ s to manage escalated incidents that impact or have
the potential to impact Business Continuity of apprenticeship delivery. It has 2 key purposes:
●
To give guidance to management as to when an issue is considered severe enough to escalate
●
To give Pearson UK Crisis Management Team (CMT) guidance and support in dealing with these
issues to ensure that the business can continue to operate with minimal impact on students,
clients, employees and suppliers.
The document is to be reviewed every three years or after a significant business continuity event.
Changes in key contacts should be emailed to daniel.mcglynn@pearson.com
Note:
1.
All Pearson UK staff will be aware of incidents that should be managed locally and be provided with
guidance for escalating incidents to the CMT.
2. Pearson Global policies have precedence if issues impact across other lines of business
What situations should be dealt with under
the BC Plan?
Situations that represent a significant risk to the security, health or safety to our learners, our
customers, the public or our employees, or which represent a significant threat to our ability to deliver
our products and services are potential BC events. For guidance on when incidents should be escalated
(from Local Management / Helpdesk Channel to a CMT Member as a potential BC Incident, or to the
CMT Leader to declare a BC event), see Appendix 12 (Incident Management - BC Escalation Chart).
Pearson TQ Business Continuity Plan
Author: Garrie Owens
Approver: PTQ VP, Martyn Leader
DCL3 Confidential
Version 2.0
October 2021
Page 5 of 50
Roles & Responsibilities
Role
Responsibilities
Pearson UK staff (including
Freelancers & Contractors)
●
Identify and report events that might disrupt delivery of
Pearson UK services
●
Support the CMT or Senior Managers as instructed during a
BC event
●
Initial assessment of incidents
●
Where possible, resolve incidents locally
●
Where appropriate, incident escalation to a CMT member
●
Support the CMT or Senior Managers as instructed during a
BC event
●
Detailed assessment of escalated incidents
●
Where possible, resolve incidents locally
●
Where appropriate, incident escalation to the CMT Leader
●
Where appropriate, declare a Business Continuity event
●
Where a Business Continuity event has been declared, chair
CMT meetings
Crisis Management Team
●
Enact the Business Continuity Plan during a potential or
confirmed BC event
Business Continuity Secretary
●
Mobilise the CMT, arranging meetings, documenting details as
per the BCP Incident Tracking sheet during a BC event.
Local Management or
designated Helpdesk Channel
Crisis Management Team
Member
Crisis Management Team
Leader
Pearson TQ Business Continuity Plan
Author: Garrie Owens
Approver: PTQ VP, Martyn Leader
DCL3 Confidential
Version 2.0
October 2021
Page 6 of 50
Incident Management Process
Pearson TQ Business Continuity Plan
Author: Garrie Owens
Approver: PTQ VP, Martyn Leader
DCL3 Confidential
Version 2.0
October 2021
Page 7 of 50
Phase 1: General Incident
General Incident - DETECT
1.01 Escalate
incident
●
Where an incident has an established Helpdesk Channel, the Pearson Staff
Member will follow the defined process. For example, IT issues are to be raised via
the IT Helpdesk.
●
Where no established escalation channel exists, the Pearson Staff Member will
raise the incident to their Line Manager, or department head for Local
Management.
NEXT STEP
1.02 Assess Incident
General Incident - ANALYSE
1.02 Assess
Incident
●
Local Management or Helpdesk Channel will perform an initial assessment or
update an existing assessment of the incident to determine:
a. What has happened?
b. Where?
c.
When?
d. Why?
e. What/who is it affected? Any injuries/fatalities?
f.
Impact? What can’t we do and what problems will that cause?
g. How long is this issue likely to last?
h. What expert advice is available? i.e. police guidance, government advice,
institutes/awarding bodies
i.
What emergency procedures have already been (or planned to be)
implemented (including building evacuation status, civil authority
response, entity currently having building control) and assess whether
anything further is required
j.
Is the issue a Red/Yellow Alert? Review Appendix 4 (Red/Yellow Alert
guidance) and follow guidance if it does.
k.
Is the incident severe enough to be a Business Continuity issue and
require escalation to a CMT member? Review Appendix 12 (Incident
Management - BC Escalation Chart).
NEXT STEP - Is escalation to CMT Member required?
●
YES - 2.01 Escalate incident to CMT Member
●
NO - 1.03 Create / update Response Plan
General Incident - PLAN
1.03 Create /
update
Note - A response plan contains a recovery strategy and a communications plan.
Pearson TQ Business Continuity Plan
Author: Garrie Owens
Approver: PTQ VP, Martyn Leader
DCL3 Confidential
Version 2.0
October 2021
Page 8 of 50
Response
Plan
●
Local Management or Helpdesk Channel will create a Response Plan as
follows:
1. Check whether a recovery strategy exists (for example, local procedures
or disaster recovery plans)
2. Create a new (or review and update an existing) recovery strategy as
follows:
a. Agree what is the best likely resolution to the issue?
b. Identify any decisions or information needed
c.
Document actions, priorities, responsibilities (i.e. owners)
d. Agree deadlines required within the next 24 hours
e. Determine what resources are required
3. Create a new (or review and update an existing) communications
strategy as follows:
a. Put together a communications plan for the next 24 hours.
Consider all relevant stakeholders - a list of these and their
contact details are available in Appendix 5 (Key Stakeholders and
suggested communication methods).
b. For each stakeholder group it should be agreed;
i.
What we need to tell them
ii.
How do we want to do this
iii.
When do we want to do this
iv.
Who will take responsibility
v.
When and how often should we provide updates
vi.
Who approves communications before they are sent out
(should be the Director of Communications)
4. Arrange date, time and location for when the team will reconvene to
discuss progress and next steps.
NEXT STEP
1.04 Execute Response Plan and monitor
General Incident - RESPOND
1.04 Execute
Response
Plan and
monitor
●
Local Management or Helpdesk Channel will follow the steps as per the
Response Plan, issuing out communication updates as per the communication
strategy defined in Step 1.03. They will continue to manage and oversee the
incident until they feel all major risks have been overcome and the situation can
be resolved.
NEXT STEP - Is the incident resolved?
●
YES - 1.05 Declare Incident resolved
●
NO - 1.02 Assess Incident
Pearson TQ Business Continuity Plan
Author: Garrie Owens
Approver: PTQ VP, Martyn Leader
DCL3 Confidential
Version 2.0
October 2021
Page 9 of 50
1.05 Declare
incident
resolved
●
Local Management or Helpdesk Channel will communicate resolution of the
incident in line with Local Management or Helpdesk procedures.
NEXT STEP
1.06 Restore BAU
1.06 Restore
BAU
●
Local Management or Helpdesk Channel will manage the transition to
‘Business as Usual’ operations.
●
BAU may not mean we are operating in the identical way we did previously, and
in such cases, we will have a working solution delivering an acceptable level of
service to our clients which will operate for the foreseeable future.
●
Communications should be issued to all impacted stakeholders with any
necessary information on the incident or transition plans and handing clear full
responsibility back to the responsible person(s).
NEXT STEP
1.07 Document incident
General Incident - REVIEW
1.07
Document
incident
●
Local Management or Helpdesk Channel will ensure that all incidents are
logged using the template in Appendix 13 (Pearson UK Incident Report Template).
NEXT STEP
1.08 Identify lessons learned
1.08 Identify
lessons
learned
●
Local Management or Helpdesk Channel, depending on the severity of the
incident, may meet to perform a post incident review, where the following
should be discussed:
○
What worked well
○
What didn’t work well
○
For each area that worked particularly well, update the Local
Management or Helpdesk Channel response plan to include the relevant
instructions (where appropriate)
○
For each area that didn’t work as well, update the Local Management or
Helpdesk Channel response plan with instructions on how to deal with
this better if it were to happen again
○
Could the risk of this scenario arising have been reduced? If so approve
a cost vs benefit assessment to be performed to decide whether changes
to how Pearson operates should be made
○
Any other proposed changes to how we operate, or the response plan
NEXT STEP
1.09 Update policies and procedures
Pearson TQ Business Continuity Plan
Author: Garrie Owens
Approver: PTQ VP, Martyn Leader
DCL3 Confidential
Version 2.0
October 2021
Page 10 of 50
1.09 Update
policies and
procedures
●
Local Management or Helpdesk Channel will document and implement any
changes to existing processes as a result of the incident and communicate to all
relevant stakeholders
NEXT STEP
Incident marked as closed - END OF PROCESS
Phase 2: Potential BC Incident
2.01 Escalate
to CMT
member
[DETECT]
2.02 CMT
Member
assessment
●
Local Management or Helpdesk Channel will immediately escalate to the
appropriate CMT member, see Appendix 2 (Crisis Management Team).
NEXT STEP
2.02 CMT Member assessment
●
The CMT Member will assess / re-assess the incident to get an up to date view
of:
a. What has happened?
[ANALYSE]
b. Where?
c.
When?
d. Why?
e. What/who is it affected? Any injuries/fatalities?
f.
Impact? What can’t we do and what problems will that cause?
g. How long is this issue likely to last?
h. What expert advice is available? i.e. police guidance, government advice,
institutes/awarding bodies
i.
What emergency procedures have already been (or planned to be)
implemented (including building evacuation status, civil authority
response, entity currently having building control) and assess whether
anything further is required
j.
Is the issue a Red/Yellow Alert? Review Appendix 4 (Red/Yellow Alert
guidance) and follow guidance if it does.
k.
Is the incident severe enough to be a Business Continuity issue and
require escalation to a CMT member? Review Appendix 12 (Incident
Management - BC Escalation Chart).
NEXT STEP - Is escalation to CMT Leader required?
●
YES - 2.03 Escalate incident to CMT Leader
●
NO - 2.05 Handover to / work with Local Management team to resolve
incident
Pearson TQ Business Continuity Plan
Author: Garrie Owens
Approver: PTQ VP, Martyn Leader
DCL3 Confidential
Version 2.0
October 2021
Page 11 of 50
2.03 Escalate
to CMT
Leader
[DETECT]
2.04 CMT
Leader
assessment
[ANALYSE]
2.05
Handover to
LM / HC to
resolve
incident
●
CMT Member will immediately escalate to the CMT Leader, see Appendix 2 (Crisis
Management Team).
NEXT STEP
2.04 CMT Leader assessment
●
The CMT Leader will review the incident with the CMT Member and determine
whether a Business Continuity event should be declared.
NEXT STEP - Is a Business Continuity event to be declared?
●
YES - 3.01 CMT Leader declares BC event
●
NO - 2.05 Handover to / work with Local Management team to resolve
incident
●
CMT Member to handover to, or work with Local management or Helpdesk
Channel to manage the incident locally
NEXT STEP
1.03 - Create / update Response Plan
[PLAN]
Phase 3: BC Incident
BC Incident - DETECT
3.01 CMT
Leader
declares BC
event
3.02 Mobilise
the CMT
●
CMT Leader informs the Business Continuity Secretary (member of the CMT) to
declare a Business Continuity Event and assemble the CMT.
NEXT STEP
3.02 Mobilise the CMT
●
Business Continuity Secretary will mobilise the CMT using the following
procedure:
1. Consider which other members of Senior Management might need to be
included depending on the nature of the issue (to be agreed with CEO/COO)
2. Notify the CMT + those in point 1 via email
(kukcrisismanagementteam@pearson.co.uk)
Note: This email address only contacts the CMT members and NOT their deputies
3. Setup a CMT meeting within 30 mins (see conference details below). In the
event that other communications mechanisms are more suitable e.g. faceto-face, MS Teams, Zoom then these can be utilised as an alternative.
Note: All participants should reply to confirm attendance without delay
4.
Call any participants who have not replied to ensure they are aware
5. Determine and contact any other relevant members of staff if anyone is
Pearson TQ Business Continuity Plan
Author: Garrie Owens
Approver: PTQ VP, Martyn Leader
DCL3 Confidential
Version 2.0
October 2021
Page 12 of 50
unavailable. This is to be set up utilising MS Teams. If the BCP event involves
the use of Pearson systems, then the BC secretary is set up utilizing Zoom
NEXT STEPS
3.03 CMT assessment
3.04 Create / update Response Plan
3.05 Execute Response Plan and monitor
(All steps to be performed at initial meeting of CMT)
BC Incident - ANALYSE
3.03 CMT
Assessment
●
CMT will assess / reassess the incident to get an up to date view of:
a. What has happened?
b. Where?
c.
When?
d. Why?
e. What/who is it affected? Any injuries/fatalities?
f.
Impact? What can’t we do and what problems will that cause?
g. How long is this issue likely to last?
h. What expert advice is available? i.e. police guidance, government advice,
institutes/awarding bodies
i.
What emergency procedures have already been (or planned to be)
implemented (including building evacuation status, civil authority
response, entity currently having building control) and assess whether
anything further is required
j.
Is the issue a Red/Yellow Alert? Review Appendix 4 (Red/Yellow Alert
guidance) and follow guidance if it does.
The BC Secretary should use the BCP Incident Tracking Sheet (template) to record
the event, assessment, response plan, comms plan and decisions/actions
throughout. This should be stored in the BCP incident document repository.
NEXT STEP
3.04 Create / update Response Plan
BC Incident - PLAN
3.04 Create /
update
Response
Plan
Note - A response plan contains a recovery strategy and a communications plan.
●
CMT will create a Response Plan as follows:
1. Check whether a recovery strategy exists. Review the list of BC scenarios in
Appendix 6 (Example Scenarios and Proposed Recovery Strategy).
2. Create a new (or review and update an existing) recovery strategy as follows:
a. Agree what is the best likely resolution to the issue?
b. Identify any decisions or information needed
Pearson TQ Business Continuity Plan
Author: Garrie Owens
Approver: PTQ VP, Martyn Leader
DCL3 Confidential
Version 2.0
October 2021
Page 13 of 50
c.
Document actions, priorities, responsibilities (i.e. owners)
d. Agree deadlines required within the next 24 hours
e. Determine what resources are required
3. Create a new (or review and update an existing) communications plan as
follows:
a. Put together a communications plan for the next 24 hours. Consider
all relevant stakeholders - a list of these and their contact details are
available in Appendix 5 (Key Stakeholders and suggested communication
methods).
b. For each stakeholder group it should be agreed;
c.
i.
What we need to tell them
ii.
How do we want to do this
iii.
When do we want to do this
iv.
Who will take responsibility
v.
When and how often should we provide updates
vi.
Who approves communications before they are sent out
(should be the Director of Communications)
All impacted learners will be contacted as part of the plan:
i.
Military learners will be contacted via the chain of command
initially with follow up contact from the apprentices personal
coach
ii.
Civilian leaners will be contacted via their employer initially
followed up by contact by their individual coach
iii.
All learners will receive a detailed follow up email detailing
any change to their program once agreed with their
employers
iv.
If email services are impacted, learners will be called by their
skills coach
4. Arrange date, time and location for when the team will reconvene to discuss
progress and next steps.
NEXT STEP
3.05 Execute Response Plan and monitor
BC Incident - RESPOND
3.05 Execute
Response
Plan and
monitor
●
CMT will follow the steps as per the Response Plan, issuing out communication
updates as per the communication strategy defined in Step 3.05. They will
continue to manage and oversee the incident until they feel all major risks have
been overcome and the situation can be resolved.
NEXT STEP - Is the incident resolved?
●
YES - 3.06 Declare Incident resolved
Pearson TQ Business Continuity Plan
Author: Garrie Owens
Approver: PTQ VP, Martyn Leader
DCL3 Confidential
Version 2.0
October 2021
Page 14 of 50
●
NO - 3.03 CMT assessment
3.06 Declare
incident
resolved
●
CMT will communicate resolution of the incident
3.07 Restore
BAU
●
CMT will manage the transition to ‘Business as Usual’ operations.
●
BAU may not mean we are operating in the identical way we did previously, and
in such cases, we will have a working solution delivering an acceptable level of
service to our clients which will operate for the foreseeable future.
●
Communications should be issued to all impacted stakeholders with any
necessary information on the incident or transition plans and handing clear full
responsibility back to the responsible person(s).
NEXT STEP
3.07 Restore BAU
NEXT STEP
3.08 Document incident
BC Incident - REVIEW
3.08
Document
incident
●
BC Secretary will ensure that all incidents are formally recorded using the
template in Appendix 13 (Pearson UK Incident Report Template). This should be
stored in the BCP Incident document repository.
NEXT STEP
3.09 Identify lessons learned
3.09 Identify
lessons
learned
●
BCP Secretary will schedule a post incident review for the CMT, chaired by the
CMT Leader
●
CMT will meet, where the following should be discussed:
○
What worked well
○
What didn’t work well
○
For each area that worked particularly well, update the BC Plan to
include the relevant instructions (where appropriate)
○
For each area that didn’t work as well, update the BC Plan with
instructions on how to deal with this better if it were to happen again
○
Retrospectively update the BC Plan to include the scenario, if it does not
already exist
○
Could the risk of this scenario arising have been reduced? If so approve
a cost vs benefit assessment to be performed to decide whether changes
to how Pearson operates should be made
○
Any other proposed changes to how we operate, or the BC Plan
NEXT STEP
3.10 Update policies and procedures
Pearson TQ Business Continuity Plan
Author: Garrie Owens
Approver: PTQ VP, Martyn Leader
DCL3 Confidential
Version 2.0
October 2021
Page 15 of 50
3.10 Update
policies and
procedures
●
CMT will document and implement any changes to existing processes as a result
of the incident and communicate to all relevant stakeholders
NEXT STEP
Incident marked as closed - END OF PROCESS
Pearson TQ Business Continuity Plan
Author: Garrie Owens
Approver: PTQ VP, Martyn Leader
DCL3 Confidential
Version 2.0
October 2021
Page 16 of 50
Appendix 1 – Business Continuity Policy
Pearson Business continuity plan can be found at: https://neo.pearson.com/docs/DOC-710436
These plans provide more detail with regards to Pearson Systems and infrastructure
Pearson Business Continuity Management Policy can be found at: https://neo.pearson.com/docs/DOC-315608
Appendix 2 – Crisis Management Team
Job title
Name
Contact details (Work (W)and
personal (P) email addresses and
phone numbers)
Deputy in case of
absence
VP
Martyn Leader
Mike McHale
Operations Manager UK
Mike McHale
Poppy Carter Mills
Head of Apprenticeships
Poppy Carter Mills
Teresa Povey
Senior Programme
Manager
MIS Funding & Compliance
Manager
Rhys Ling
Christine Shawcross
MIS Supervisor
Contact details (Work (W) and
personal (P) email addresses
and phone numbers)
Pearson TQ Business Continuity Plan
Author: Garrie Owens
Approver: PTQ VP, Martyn Leader
DCL3 Confidential
Version 2.0
October 2021
Page 17 of 50
Job title
Name
Health & Safety, Compliance
and Quality Manager
Daniel McGlynn
Senior Quality Manager
Neil Saunders
Contact details (Work (W)and
personal (P) email addresses and
phone numbers)
Deputy in case of
absence
Contact details (Work (W) and
personal (P) email addresses
and phone numbers)
Neil Saunders
Senior Quality Manager
Alex Scrivens
Quality Officer
Anne Rowlands
Head of Business
Development
Garrie Owens
Head of Business
Development
Fay Granville
HR Business Partner
Victoria Hayden
TBC
Operations Manager and
BCC secretary
Tina Hutchinson
Anne Rowlands
Operations RSME (1)
Wally Gupwell
Bid Manager
Anne Rowlands
Bid Manager
Bid Manager
Paul Roberts
(RSME ISSUES
ONLY)
AFC (Harrogate)
Simon Davies
Mike McHale
(AFC ONLY)
Pearson TQ Business Continuity Plan
Author: Garrie Owens
Approver: PTQ VP, Martyn Leader
DCL3 Confidential
Version 2.0
October 2021
Page 18 of 50
Appendix 3 – Senior Executive
Job title
Name
VP
Martyn Leader
Contact details (Work (W) and
personal (P)email addresses and
phone numbers)
Deputy in case of
absence
Contact details (Work (W) and
personal (P) email addresses and
phone numbers)
Mike McHale
Pearson TQ Business Continuity Plan
Author: Garrie Owens
Approver: PTQ VP, Martyn Leader
DCL3 Confidential
Version 2.0
October 2021
Page 19 of 50
Appendix 4 – Red/Yellow Alert guidance
Source: HR section of the Pearson intranet (NEO) (details available within the HR section of the Pearson intranet)
Pearson TQ Business Continuity Plan
Author: Garrie Owens
Approver: PTQ VP, Martyn Leader
DCL3 Confidential
Version 2.0
October 2021
Page 20 of 50
Appendix 5 – Key Stakeholders and communication methods
PERSONAL CONTACT INFORMATION WITHIN THIS APPENDIX SECTION MUST BE REMOVED FOR EXTERNAL DOCUMENT DISTRIBUTION
Stakeholders
Primary Source of Information
Alternate Source(s) of Information
Suggested communication method
Crisis Management
team
List included in Appendix 2
HR can check Workday (WD) if
numbers are found to be out of date
Email to crisismanagementteam@pearson.com if need
the whole group
Followed by a phone call
Senior Executive
List included in Appendix 3
HR can check Workday (WD) if
numbers are found to be out of date
Email then phone call
Senior Management
Team
List included below
HR can check Workday (WD) if
numbers are found to be out of date
Email to if need the whole group
Pearsonukseniormanagers@Pearson.com
Other key internal
personnel
List included below
HR can check Workday (WD) if
numbers are found to be out of date
Email then phone call
Pearson TQ Business Continuity Plan
Author: Garrie Owens
Approver: PTQ VP, Martyn Leader
DCL3 Confidential
Version 2.0
October 2021
Page 21 of 50
Stakeholders
Primary Source of Information
Alternate Source(s) of Information
Suggested communication method
All staff
Workday holds all personal
contact details for all staff and IT
hold all work contact details.
The correct report to run on
Workday is called ‘RPT Worker
Personal Contact Info’.
Work details are available via Google
contacts and personal details are
available via Fusion
Those staff involved in evacuation would be messaged
as part of the evacuation process.
In all other situations staff will be contacted primarily
via work email (tqenquiries@pearson.com) for whole
business. Use personal email or SMS if email is not
available.
A voicemail can be set up on the Pearson phone
network for key stakeholders to access and receive
updated status of the office status.
The phone number used should be 020 7010 2000.
Messages and forwarding can be arranged by calling
the IT telecoms team whose details are included in
this appendix.
Students
I-learner is used as the source
system to contact students and
clients (for at least the initial
notification of the event).
IT will be able to restore student list
from Navision backup (If Navision is
unavailable) only by request from
CMT Executive or Legal.
Initial communication to be sent via email, Facebook,
twitter and website
List of critical clients is included in
appendix 5 - created from BDM
(Salesforce)
Initial communication to be sent via email, Facebook,
twitter and website
Contacts to set the above up are listed as “Other key
personnel” in appendix 5
A complete list of students and
clients is created from ilearner
Key Clients
Institutes and
awarding bodies
Via Email
A list is included below
Contacts to set the above up are listed as “Other key
internal personnel contact information” in appendix 5
N/R
Pearson TQ Business Continuity Plan
Author: Garrie Owens
Approver: PTQ VP, Martyn Leader
DCL3 Confidential
Version 2.0
October 2021
Page 22 of 50
Stakeholders
Primary Source of Information
Alternate Source(s) of Information
Govt bodies
A list is included below
N/R
Critical suppliers and
vendors
A list is included below
N/R
Media
As required
As required
Suggested communication method
To be decided based on the severity of the issue and
relationships we have with those contacting us
Senior Managers’ contact information
The following table provides emergency contact details for senior managers responsible for a function or business unit (who may be co-opted onto the CMT
depending upon the incident), where the Manager is also a member of the Senior Executive, this is indicated with a *. All senior managers can be contacted
by using TQSMG@pearson.com.
PERSONAL CONTACT INFORMATION MUST BE REMOVED FOR EXTERNAL DOCUMENT DISTRIBUTION
Function /
Business Unit
Main contact
Position title
Contact details (Work (W))
Deputy name
Head Office
Martyn Leader
VP
Mike McHale
Business
Development
Garrie Owens/ Fay
Granville
Head of BD
Anne Rowlands
Contact details (Work (W))
Pearson TQ Business Continuity Plan
Author: Garrie Owens
Approver: PTQ VP, Martyn Leader
DCL3 Confidential
Version 2.0
October 2021
Page 23 of 50
Function /
Business Unit
Main contact
Position title
Contact details (Work (W))
Deputy name
UK Contracts
Mike McHale
UK Ops
Manager
Poppy Carter Mills
MOD WBL
Poppy Carter Mills
Head of MOD
WBL
Neil Saunders
RSME
Wally Gupwell
Head of RSME
Training
Paul Roberts
Harrogate AFC
Mike McHale
UK Ops
Manager
Simon Davies
Finance
Giorgio Puzzella
Finance
Manager
Estina Juknaite
HR
Victoria Hayden
Senior HR
Advisor
TBC
Contact details (Work (W))
Pearson TQ Business Continuity Plan
Author: Garrie Owens
Approver: PTQ VP, Martyn Leader
DCL3 Confidential
Version 2.0
October 2021
Page 24 of 50
Institute and Awarding bodies contact information
PERSONAL CONTACT INFORMATION MUST BE REMOVED FOR EXTERNAL DOCUMENT DISTRIBUTION
Institute
Main Contact
Contact No/ Email
Secondary Contact
Pearson
Centre Support
0344 576 0045
WBLcustomerservices@pearson.com
City &
Guilds
Quality Direct
0844 543 0000
csdirect@cityandguilds.com
EAL
Centre Support
01923 652400
cs.admin@eal.org.uk
Contact No/ Email
Government bodies contact information
PERSONAL CONTACT INFORMATION MUST BE REMOVED FOR EXTERNAL DOCUMENT DISTRIBUTION
Institute
Main Contact
Contact No/ Email
Education and Skills Funding Agency
Central number
Education and Skills Funding Agency
Pearson TQ Business Continuity Plan
Author: Garrie Owens
Approver: PTQ VP, Martyn Leader
DCL3 Confidential
Version 2.0
October 2021
Page 25 of 50
Critical clients
PERSONAL CONTACT INFORMATION MUST BE REMOVED FOR EXTERNAL DOCUMENT DISTRIBUTION
Key client
Main contact
Contact no/Email
Secondary contact
Contact no/Email
Per Pol
Ed Branch
BSS
RE Apps
RLC Apps
AGC Apps
Int Corps Apps
DMS Apps
SLaM St Georges NHS Trust
Thales UK
UK Power Networks
Amey
Pearson TQ Business Continuity Plan
Author: Garrie Owens
Approver: PTQ VP, Martyn Leader
DCL3 Confidential
Version 2.0
October 2021
Page 26 of 50
Critical Supplier and Vendor Contact Information
PERSONAL CONTACT INFORMATION MUST BE REMOVED FOR EXTERNAL DOCUMENT DISTRIBUTION
Vendor
Area
Vendor Contact
Contact Number
Contact Email
Lex Auto
Vehicles
Pearson Technology
IT Systems
Pearson Technology help desk
0207 010 5555 or 5555 on
Pearson phones
pearson@service-now.com
Smart Assessor
IT
TBC
Appendix 6 – Example Scenarios and Proposed Recovery
Strategy
Note: colour indicates that red, yellow or no (blue) alert applies and must be followed.
Assessment of Situation
Recovery Strategy
Core Responsibilities & Lead
TERRORIST EVENT - London (Red Alert, Owner: Martyn Leader)
A terrorist event is serious enough that
the decision has been made to close
the location(s) to all but the most
critical functions for a short period of
time
Staff and students are unable to travel
to access PTQ centres
Communication
● VP or Ops Manager UK: Follow the 60 minute
rule
● Issue communication to personnel hourly on
day 1, then at least once per day until BAU
● Draft & Update Communications –HR (internal) and
PR (external) within 1 hour
● Final Communications approval and media
handling – PR – within 2 hours
● Overall Management of the incident & Restoration
of services – Operations and Delivery teams.
Pearson TQ Business Continuity Plan
Author: Garrie Owens
Approver: PTQ VP, Martyn Leader
DCL3 Confidential
Version 2.0
October 2021
Page 27 of 50
Assessment of Situation
Recovery Strategy
Core Responsibilities & Lead
Mobile phone network may not be
available.
● Issue communication to students and key clients
via messaging methods available
If internet services are impacted, then
office landlines will not be available as
they are VOIP based.
● HR to lead a count of people; monitor
communication from police
Attack on military establishment
● Post messages on the website and social media
to students and staff
Military alert status raised to CRITICAL
● IT re-routes phone lines if landlines are down
● PR keeps in contact with police
Temporary location
● Follow building emergency evacuation plan
● Consider options to staff out of locations to stay
in local
● CMT chooses alternative centres/ locations
● CMT identifies plans for critical business
functions, see Appendix 7.
● Utilise unaffected central Manchester team for
support
● H.R. communicates temporary office/work
locations to management. CMT communicates
the plan to all personnel.
Recovery Plan
● Utilise E-portfolio and App 360 system until
transportation system and services are restored
to operation
Pearson TQ Business Continuity Plan
Author: Garrie Owens
Approver: PTQ VP, Martyn Leader
DCL3 Confidential
Version 2.0
October 2021
Page 28 of 50
Assessment of Situation
Recovery Strategy
Core Responsibilities & Lead
● IT staff will operate remotely from alternate
centres or home
Military Sites:
● Follow local procedures under military chain of
command
● Local manager to report directly to owner
TERRORIST EVENT - REGIONS (Red Alert, Owner: Mike McHale)
A terrorist event is serious enough that
the decision has been made to close
the location(s) to all but the most
critical functions for a short period of
time
Communication
● VP or Ops Manager UK: Follow the 60 minute
rule
● Issue communication to personnel via text
system, email and all other available mediums
Staff and students are unable access a
regional centre.
● Issue communication to students and key clients
Mobile phone network may not be
available.
● Post message on the website to students and
staff
If internet services are impacted, then
office landlines will not be available as
they are VOIP based.
● Issue continuing communications at least once
per day, hourly on day 1
Attack on military establishment
● Account of people; monitor communication
from police
Military alert status raised to CRITICAL
● PR keeps in contact with police
● Draft & Update Communications –HR (internal)
and PR (external) within 1 hour
● Final Communications approval and media
handling – PR – within 2 hours
● Overall Management of the incident & restoration
of services – Operations and Delivery teams.
Temporary location
● Follow building emergency evacuation plan
● CMT chooses alternative centres/locations
Pearson TQ Business Continuity Plan
Author: Garrie Owens
Approver: PTQ VP, Martyn Leader
DCL3 Confidential
Version 2.0
October 2021
Page 29 of 50
Assessment of Situation
Recovery Strategy
Core Responsibilities & Lead
● CMT identifies plans for critical business
functions, see Appendix 7.
● IT re-routes phone lines
● HR communicates temporary office/work
locations to management. CMT communicates
the plan to personnel
Recovery Plan
● Utilise alternative centres and Live Online tuition
until relevant transportation and services are
restored to operation
● Staff who have VPN access will work from home;
staff working from alternate location will have
spare desktop provisioned by IT
Military Sites:
● Follow local procedures under military chain of
command
● Local manager to report directly to owner
PANDEMIC EVENT - CLOSURE (Yellow Alert, Owner: Mike McHale)
A pandemic event is serious enough
that the decision has been made to
close the location(s) to all but the most
critical functions for an unknown
period of time.
● Issue communication to clients and Pearson UK
personnel informing them of the situation
Staff and students are unable to travel
to access training centres and/or
offices
● Issue continuing communications to students,
clients, Pearson UK personnel at least once per
day
Communication
● VP or Ops Manager UK: Follow the 60 minute rule
● Draft & Update Communications –HR (internal) PR
(external) within 1 hour
● Final communications approval & media handling–
PR – within 2 hours
● Overall Management of the incident & Restoration
of services – Full CMT.
Pearson TQ Business Continuity Plan
Author: Garrie Owens
Approver: PTQ VP, Martyn Leader
DCL3 Confidential
Version 2.0
October 2021
Page 30 of 50
Assessment of Situation
Recovery Strategy
Core Responsibilities & Lead
● PR keeps in contact with authorities
Temporary Centre Location & Operations
● CMT identifies temporary centre/location
● CMT identifies functions that can be split
between home/office and advises personnel to
work from home as much as possible
● HR communicates temporary office/work
locations to management. CMT communicates
the plan to personnel.
Recovery Plan
● Switch tuition to Online methodology
● All non-teaching staff to work from home
● Restore key services at centre once the
pandemic event has been downgraded to allow
“normal” or reduced service
● IT will allocate VPN access to all staff working
from home
READING DATA CENTRE DESTROYED OR DISABLED (Red Alert, Owner: Martyn Leader)
● Systems hosted are not available
and will not be available until
replaced.
● ilearner is NOT available.
● Network is NOT available.
Communication
● VP or Ops Manager UK: Follow the 60 minute
rule
● Issue communication to clients and Pearson UK
personnel informing them of the situation
● Client systems are NOT available.
● Draft & Update Communications – CTO within 1
hour
● Final Communications approval & media
handling– PR – within 2 hours
● Overall Management of the incident & restoration
of services – CTO.
Pearson TQ Business Continuity Plan
Author: Garrie Owens
Approver: PTQ VP, Martyn Leader
DCL3 Confidential
Version 2.0
October 2021
Page 31 of 50
Assessment of Situation
Recovery Strategy
Core Responsibilities & Lead
● MyPearson and One Drive are
available but may not be accessible
internally due to network issues.
● Issue continuing communications to students,
clients, Pearson UK personnel at least once per
day.
● CMT advisory
Temporary Data Centre Location
● IT to switch services to operate from 80 Strand.
● CMT communicates plan to Pearson UK
personnel
Disaster Recovery Plan
● Invoke IT Disaster Recovery Plans, Appendix 11
● Take payments and enrolments manually at
centres until Navision is restored
● All non-operational Pearson UK staff advised to
work from home until network is restored
● Reschedule Computer-Based exams which can
be sat at any time when the network is available
● Identify and source alternative locations for any
fixed date CBE exams
DATA CENTRE DESTROYED OR DISABLED (Yellow Alert, Owner: TBC)
Services are unavailable:
Communication
(1) MyPearson
● VP or Ops Manager UKO: Follow the 60 minute
rule
(2) Pearson Financial
(3) Pearson Publishing
(4) eStore
● Issue communication to clients and Pearson UK
personnel informing them of the situation
● Draft & Update Communications – CTO within 1
hour
● Final Communications approval & media
handling– PR – within 2 hours
● Overall Management of the incident & restoration
of services – CTO
Pearson TQ Business Continuity Plan
Author: Garrie Owens
Approver: PTQ VP, Martyn Leader
DCL3 Confidential
Version 2.0
October 2021
Page 32 of 50
Assessment of Situation
Recovery Strategy
Core Responsibilities & Lead
(5) Pearson Financial Knowledge Bank
● Inform Senior managers and staff dealing with
students with message for students and
potential students calling in
● CMT advisory
(6) CIMAStudy (new users and updated
content only)
Google Apps, MS Dynamics NAV and
Client Portal & Reporting services are
unaffected.
● Issue continuing communications to students,
affected clients, Pearson UK personnel at least
once per day.
Disaster Recovery Plan
● Invoke IT service continuity plan, Appendix 11
PEARSON UK BUILDING DESTROYED OR DISABLED (Red Alert, Owner: TBC)
● Systems and email hosted at
Goswell Road or Attenda (Park
Royal) are available.
●
User equipment is not available at
affected centre(s)
● Pearson UK personnel at affected
centre do not have access to it due
to loss of services.
● Students cannot attend scheduled
classes at the affected centre
Communication
● VP or Ops Manager UK Follow the 60 minute
rule
● Issue communication to clients and Pearson UK
personnel informing them of the situation
● Issue continuing communications to students,
clients, Pearson UK personnel at least once per
day
● Draft & Update Communications –
Centre/Regional manager within 1 hour
● Final Communications approval & media
handling– PR – within 2 hours
● Overall Management of the incident & restoration
of services – CTO/Director of
Operations/property/HR.
● Full CMT involvement
Temporary Work Location
● CMT identifies temporary work locations
● HR communicates temporary work locations to
management
● Management communicates plan to Pearson UK
personnel
IT Disaster Recovery Plan
Pearson TQ Business Continuity Plan
Author: Garrie Owens
Approver: PTQ VP, Martyn Leader
DCL3 Confidential
Version 2.0
October 2021
Page 33 of 50
Assessment of Situation
Recovery Strategy
Core Responsibilities & Lead
● Acquire servers/user equipment
● User data will be restored by IT from central
backups
Permanent Work Location
● CMT identifies new permanent work locations
● IT will prepare building for electronic data
processing
● IT will arrange for appropriate
telecommunications in new centre
● Property team will obtain cubicles, furniture,
and supplies for new centre
DATA CENTRE DESTROYED OR DISABLED (Red Alert, Owner: TBC)
Data centres are down (see earlier
impact).
Communication
● VP or Ops Manager UK: Follow the 60 minute
rule
● Issue communication to clients and Pearson UK
personnel informing them of the situation
● Issue continuing communications to students,
clients, Pearson UK personnel at least once per
day
● Draft & Update Communications – CTO within 1
hour
● Final Communications approval & media
handling– PR – within 2 hours
● Overall Management of the incident & restoration
of services – CTO, CMT advisory
● IT communicates plan to Pearson UK personnel.
Disaster Recovery Plan
● IT will prepare 80 Strand as temporary data
centre location
Pearson TQ Business Continuity Plan
Author: Garrie Owens
Approver: PTQ VP, Martyn Leader
DCL3 Confidential
Version 2.0
October 2021
Page 34 of 50
Assessment of Situation
Recovery Strategy
Core Responsibilities & Lead
● IT will invoke IT Disaster Recovery Plan
Permanent Data Centre Location
● IT will identify and set up new permanent data
centre
● IT will identify and commission new equipment
GOOGLE SERVERS ARE DOWN (Red Alert, Owner: TBC)
Email, calendar, and Drive (and all
other Google services) are NOT
available
Communication
● Use website and Facebook/twitter to reach out
to students
● Use Intranet to alert staff and share information
● Use personal email addresses for essential
communications between senior management
(Appendix 5)
● Draft & Update Communications – CTO within 1
hour
● Final Communications approval & media
handling– PR – within 2 hours
● Overall Management of the incident & Restoration
of services – CTO.
● CMT advisory
Disaster Recovery Plan
● Wait until Google fixes its servers
● Source alternative email accounts if Google
problem is long term (more than 1 week)
MASSIVE IT VIRUS/MALWARE OUTBREAK (Yellow Alert, Owner: TBC)
Staff cannot use corporate computers
or operations are severely degraded.
● Contain virus/malware and block
communications
● Draft & Update Communications – CTO within 1
hour
● Ensure IT complies with client notification
requirements
● Final Communications approval & media
handling– PR – within 2 hours
● Ascertain impacted services and/or data
Pearson TQ Business Continuity Plan
Author: Garrie Owens
Approver: PTQ VP, Martyn Leader
DCL3 Confidential
Version 2.0
October 2021
Page 35 of 50
Assessment of Situation
Recovery Strategy
Core Responsibilities & Lead
● Invoke IT Service Continuity Plan for any
irrecoverable critical services, see Appendix 11
● Overall Management of the incident & Restoration
of services – CTO.
● Restore data from backup if required
● Resolve individual user access issues
PANDEMIC EVENT - 50% (Yellow Alert, Owner: TBC)
As a result of a pandemic only 50% of
the normal staff in business unit has
reported to work, and it appears this
may be the situation for the next
several weeks until the full extent of
this influenza outbreak is known
● Issue communication to clients and Pearson UK
personnel informing them of the situation
● Normal cover at centres is
insufficient to cover day to day
operations
● Issue continuing communications to students,
clients, Pearson UK personnel at least once per
day.
● Inability to cover all scheduled
classroom training
● PR keep in contact with health authorities
● Inability to predict the number of
students that may turn up for
classes
● CMT identifies critical functions and processes
that must continue on the day of the incident,
regardless of the situation, and specifies how
Pearson will continue with such functions and
processes
or
Industrial action involving over 25%
of employees
Communication
● VP or Ops Manager UK: Follow the 60 minute
rule
● Draft & Update Communications –HR (internal) PR
(external) within 1 hour
● Final Communications approval & media
handling– PR – within 2 hours
● Overall Management of the incident & Restoration
of services – Full CMT.
Operational decisions
● CMT identifies the critical functions and
processes that must be maintained for the rest
of the week
Pearson TQ Business Continuity Plan
Author: Garrie Owens
Approver: PTQ VP, Martyn Leader
DCL3 Confidential
Version 2.0
October 2021
Page 36 of 50
Assessment of Situation
Recovery Strategy
Core Responsibilities & Lead
● CMT identifies what level of staffing is required
to maintain those processes and functions for
the next week, and 2-6 weeks
● CMT identifies closure candidates at location for
1 day
● CMT identifies functions that can be performed
from home
● CMT identifies alternatives to delivery of
products and services (Live Online for classroom
tuition)
● HR communicates temporary office/work
locations to management.
● Management communicates plan to Pearson UK
personnel.
Recovery Plan
● Restore key services at centre once the
pandemic event has been downgraded to allow
“normal” or reduced services
● All non-teaching staff to work from home
● IT will allocate VPN access to all staff working
from home
SYSTEMS ARE NOT AVAILABLE (Yellow Alert, Owner: TBC)
Due to prolonged loss of power or
internet access, severely limiting staff,
client and student access to systems.
Communication
● VP or Ops Manager UK: Follow the 60 minute
rule
● Draft and Update Communications – CTO within 1
hour
Pearson TQ Business Continuity Plan
Author: Garrie Owens
Approver: PTQ VP, Martyn Leader
DCL3 Confidential
Version 2.0
October 2021
Page 37 of 50
Assessment of Situation
Recovery Strategy
Core Responsibilities & Lead
● Issue communication to clients and personnel,
informing them of current situation and steps
being taken to resolve
● Final Communications approval & media
handling– PR – within 2 hours
● Issue initial and subsequent communications to
clients, critical suppliers and vendors informing
them of situation and expected recovery
timeframe
● Overall Management of the incident & restoration
of services – CTO.
● CMT advisory
Recovery Plan
● Decide service by service to invoke IT service
continuity plan (Appendix 11) or wait for service
restore
● Invoke disaster recovery plan for power
PANDEMIC EVENT - HEAD OFFICE (Yellow Alert, Owner: TBC)
Pandemic occurs resulting in the
closure of Pearson UK Head Office
(Executive, including HR, Finance, IT,
Legal) or Manchester Universal Sq
(Student call centre/Client
service/Marketing/Vocational) – as
advised by Government or Pearson.
Communication
● VP or Ops Manager UK: Follow the 60 minute
rule
● Issue communication to clients and Pearson UK
personnel
● Issue continuing communications to personnel
Temporary Work Location
● Draft and Update Communications –HR (internal)
PR (external) within 1 hour
● Final Communications approval & media
handling– PR – within 2 hours
● Overall Management of the incident and
Restoration of services – Operations and delivery
teams.
● CMT identifies temporary office/work locations
or advises everyone to work from home
Disaster Recovery Plan
● Divert telephone numbers to alternative
locations or home working
Pearson TQ Business Continuity Plan
Author: Garrie Owens
Approver: PTQ VP, Martyn Leader
DCL3 Confidential
Version 2.0
October 2021
Page 38 of 50
Assessment of Situation
Recovery Strategy
Core Responsibilities & Lead
● All key systems are accessible from other offices
or home locations via the intranet; IT will
allocate VPN access to all staff working from
home
PEARSON UK BUILDING PARTIALLY DISABLED (No Alert, Owner: tbc)
Some portion of a Pearson UK building
is unusable due to flood or other
cause; systems are still available.
Communication
● Issue communications to centre personnel
● Inform clients of any changes in method of
communication.
● Draft and Update Communications – Director of
Operations within 1 hour
● Final Communications approval & media
handling– PR – within 2 hours
● Move personnel to other part of building.
● Overall Management of the incident & restoration
of services – CTO/Director of
Operations/property/HR.
● Purchase replacement equipment.
● CMT advisory
Disaster Recovery Plan
● If computer equipment is affected, IT will
replenish from spare stock.
UNAUTHORISED ACCESS TO OR THEFT OF CRITICAL EQUIPMENT (Yellow Alert, Owner: tbc)
Various equipment is missing which
will compromise operations or result in
data loss or compromise relating to
student, clients or other confidential
Pearson information
or
Commercial espionage
Communication
● VP or Ops Manager UK: Follow the 60 minute
rule
● Contact law enforcement to report theft
● Ensure clients and students are notified in
accordance with reporting requirements
● Draft and Update Communications – Director of
Operations within 1 hour
● Final Communications approval & media
handling– PR – within 2 hours
● Overall Management of the incident and
Restoration of services – CTO/Operations.
● CMT advisory
Disaster Recovery Plan
Pearson TQ Business Continuity Plan
Author: Garrie Owens
Approver: PTQ VP, Martyn Leader
DCL3 Confidential
Version 2.0
October 2021
Page 39 of 50
Assessment of Situation
Recovery Strategy
Core Responsibilities & Lead
● Order replacement equipment for individuals
and servers affected
● Invoke IT Service Continuity Plan to restore data
(if servers or IT equipment is missing)
● If the missing servers house client data, issue
communication to clients informing them of
situation and expected recovery timeframe
PHONE SYSTEMS UNAVAILABLE (Yellow Alert, Owner: tbc)
Due to a chronic hardware or services
failure which will result in the
replacement of telecommunications
hardware and services.
Communication
● Issue initial and ongoing communication to
clients and Pearson UK personnel, informing
them of current situation and steps being taken
to resolve.
● Draft and Update Communications – CTO within 1
hour
● Final Communications approval & media
handling– Director of Operations – within 2 hours
Disaster Recovery Plan
● Overall Management of the incident and
Restoration of services – CTO.
● Phone switch replacement will be obtained.
● CMT advisory
● Reroute phone numbers.
SIMULTANEOUS LOSS/RESIGNATION OF KEY STAFF (Alert type tbc, Owner: Victoria Hayden)
Due to death or dismissal of key staff
Communication
●
● Agreement with SVP BTEC & Apps on secondment
support if VP- then via interim
Overall management of the incident and restoration
of services – HR.
● Communication with learners/key clients impacted
by local managers with centrally agreed script
Action
Pearson TQ Business Continuity Plan
Author: Garrie Owens
Approver: PTQ VP, Martyn Leader
DCL3 Confidential
Version 2.0
October 2021
Page 40 of 50
Assessment of Situation
Recovery Strategy
Core Responsibilities & Lead
● Stepping up. managers expected to step up into
role on interim basis
● Recruiting temporary or contract staff on interim
basis
IT NETWORK FAILURE (No Alert, Owner: TBC)
Loss of IT services at a number of
locations
Communication
● Issue communication to clients and Pearson UK
personnel informing them of the situation
● Issue continuing communications to students,
clients, Pearson UK personnel at least once per
day
● HR communicates temporary work locations to
management
● Draft & Update Communications – CTO within 1
hour
● Final Communications approval & media
handling– PR – within 2 hours
● Overall Management of the incident & Restoration
of services – CTO/Director of
Operations/property/HR.
● Full CMT involvement
● Management communicates plan to Pearson UK
personnel
Temporary Work Location
● CMT identifies temporary office/work locations
or advises everyone to work from home
● All non-operational Pearson UK staff advised to
work from home until network is restored
Disaster Recovery Plan
● Divert telephone numbers to alternative
locations
● Alternative technology considered e.g. 4G
routers
Pearson TQ Business Continuity Plan
Author: Garrie Owens
Approver: PTQ VP, Martyn Leader
DCL3 Confidential
Version 2.0
October 2021
Page 41 of 50
Assessment of Situation
Recovery Strategy
Core Responsibilities & Lead
● All key systems are accessible from other offices
or home locations; IT will allocate VPN access to
critical staff working from home
● Reschedule Computer-Based exams which can
be sat at any time when the network is available
● Identify and source alternative locations for any
fixed date CBE exams
Permanent Work Location
● CMT identifies new permanent work locations
● IT will prepare building
● Property team will obtain cubicles, furniture,
and supplies for new centre
STAFF ABSENCE DUE TO SEVERE WEATHER OR TRANSPORT ISSUES (Alert type tbc, Owner: tbc)
TBC
TBC
● Overall Management of the incident and
Restoration of services –Operations.
VIOLENCE AGAINST STAFF (Alert type tbc, Owner: tbc)
TBC
TBC
● Overall Management of the incident and
Restoration of services – HR.
LOSS OF ELECTRONIC RECORDS (Alert type tbc, Owner: tbc)
TBC
TBC
● Overall Management of the incident and
Restoration of services – Operations.
FRAUD, SABOTAGE OR MALICIOUS ACT (Alert type tbc, Owner: tbc)
Pearson TQ Business Continuity Plan
Author: Garrie Owens
Approver: PTQ VP, Martyn Leader
DCL3 Confidential
Version 2.0
October 2021
Page 42 of 50
Assessment of Situation
Recovery Strategy
Core Responsibilities & Lead
TBC
TBC
● Overall Management of the incident and
Restoration of services –HR.
Appendix 7 – Business Process and Location Risk Assessment
Location
BU
Primary products and
services (besides customer
service)
Critical business functions
(besides Training)
Systems used
(besides Google)
Backups/alternatives
London, 80 Strand
Financial
Finance
CBE suite
One Drive
Head Office
HR
Business development
MyPearson
London, One90 High
Holborn
HR, Legal and PR, Executive
Salesforce
Property management
NEO
Finance
Fusion
FM and LPD
Lighthouse
Manchester
FM customer service
Appendix 8 – Alternate Site Information
Centre
First choice relocation
London 80 Strand
London, One90 High Holborn
All Military Locations
One90 High Holborn - if not allocated by Authority
All Civilian Locations
One90 High Holborn if not allocated by client
Pearson TQ Business Continuity Plan
Author: Garrie Owens
Approver: PTQ VP, Martyn Leader
DCL3 Confidential
Version 2.0
October 2021
Page 43 of 50
Appendix 9 – Building Contacts - Internal and External
PERSONAL CONTACT INFORMATION WITHIN THIS APPENDIX SECTION MUST BE REMOVED FOR EXTERNAL DOCUMENT DISTRIBUTION EXAMPLES
Pearson Office
location
Pearson Office address and
normal number
Pearson
Analogue
Number
Landlord or Agent name
People to contact at
the landlord/agent
Phone and email,
work and
emergency
Appendix 10 - Pearson UK Insurance Cover
PERSONAL CONTACT INFORMATION WITHIN THIS APPENDIX SECTION MUST BE REMOVED FOR EXTERNAL DOCUMENT DISTRIBUTION
All details on insurance covers are location on Neo.
Main point of contact is Mike McHale.
Appendix 11 - Pearson UK IT Service Continuity Plan
The ‘Pearson UK IT Service Continuity Plan’ is located in the relevant IT Security & Compliance folder on https://neo.pearson.com/docs/DOC-710436
Pearson TQ Business Continuity Plan
Author: Garrie Owens
Approver: PTQ VP, Martyn Leader
DCL3 Confidential
Version 2.0
October 2021
Page 44 of 50
Appendix 12 – Incident Management - BC Escalation Chart
Local Management / Helpdesk
Channel
CMT Member (Potential BC event)
CMT (BC event declared)
General Incident
Potential BC Incident
BC Incident
↓
↓
↓
Terrorist attack or threat
affecting the transport network
or office locations
• Government threat levels
escalated to "CRITICAL" impacting 1
Pearson location
• Government threat levels
escalated to "CRITICAL" impacting >
1 Pearson locations
Simultaneous resignation or loss
of key staff
• Planned departure of one or more
SMT members
• Unplanned departure of one or more SMT members
Cyber security event e.g.
malware, data breach
• Minor impact on data / IT systems fully operable / recoverable
• Some impact on data / IT systems
(partially inoperable / recoverable)
• Major impact on data / IT systems
(inoperable / irrecoverable)
• No sensitive data compromised
• Sensitive data could be
compromised
• Sensitive data is compromised
• Not a key date
• Key date
• Key date
• Not expected to exceed 15
minutes
• Not expected to exceed 60
minutes
• Expected to exceed 60 minutes
• Single training location
• Any critical service location or
multiple training locations
• All locations impacted
Step 1. What is the severity level
of the incident in progress?
Critical IT applications failure
Telephony failure
• Incident occurring within areas of
Pearson premises or military
establishment where PTQ learners
and staff present
Pearson TQ Business Continuity Plan
Author: Garrie Owens
Approver: PTQ VP, Martyn Leader
DCL3 Confidential
Version 2.0
October 2021
Page 45 of 50
IT network failure
• Single training location
• Any critical service location or
multiple training locations
• All locations impacted
Primary Data centre destroyed or
disabled causing outage
• Non-key date
• Key date
• Key date
• Disruption not expected to exceed
15 minutes
• Disruption not expected to exceed
60 minutes
• Disruption expected to exceed 60
minutes
Google Apps outage
• Disruption not expected to exceed
15 minutes
• Disruption not expected to exceed
60 minutes
• Disruption expected to exceed 60
minutes
Theft or criminal damage
• Isolated incident
• Critical property damage (see "Denial of premises")
Significant staff absence due to
severe weather or transport
issues
• Advance warning or notice of
disruption with provisions for
planning workarounds
• No advance warning or notice of disruption given with no provisions for
workarounds
Violence against staff
• Isolated incident
• Multiple incidents
• Incident resulting in: Minor injury,
Non-reportable injury, Reportable
injury
• Incident resulting in: Major injury, Single, or multiple fatalities
Loss of electronic records
• Data is fully recoverable and there
has been no data breach
• Data is partially recoverable or
there has been a minor data breach
• Data is unrecoverable or there has
been a major data breach
Denial of premises
• Single training location
• One or more teaching locations or
base of one the central support
teams when unsure of length of
time
• One or more teaching locations or
base of one of the central support
teams for long periods of time
• Incident impacting key staff and/or students
Pearson TQ Business Continuity Plan
Author: Garrie Owens
Approver: PTQ VP, Martyn Leader
DCL3 Confidential
Version 2.0
October 2021
Page 46 of 50
Infectious disease outbreak
• Isolated incident
• Multiple incidents
• Incident resulting in: Minor injury,
Non-reportable injury, Reportable
injury
• Incident resulting in: Major injury, Single, or multiple fatalities
Fraud, sabotage or other
malicious acts
• Source established and resolution
manageable with no / minor
disruption
• Source unknown
Fire or flood
• Single location, staff unhurt
• Single location, potential minor
staff injury
• Single location, significant risk to
staff
• Multiple locations, no staff injury
• Multiple locations, no staff injury
Serious injury to, or death of,
staff whilst in the offices
Loss of paper records
• Incident impacting key staff and/or students
• Minor injury
• Major injury
• Reportable and/or non-reportable
injuries
• Single or multiple fatalities
• Electronic / hard copy backups are
available and there has been no
data breach
• Electronic / hard copy backups are
partially available or there has been
a minor data breach
• Electronic / hard copy backups are
unavailable (and critical to business
operations or regulatory
requirements) or there has been a
major data breach
Pearson TQ Business Continuity Plan
Author: Garrie Owens
Approver: PTQ VP, Martyn Leader
DCL3 Confidential
Version 2.0
October 2021
Page 47 of 50
Step 2. What is the severity level
of the business impact?
General Incident
Potential-BC Incident
BC Incident
↓
↓
↓
• Compromises the provisioning of
one or more non-key Value Streams
or
or
• Incident occurs outside of key
calendar date(s) in the year
• Potential impact to key calendar
date(s) in the year
or
• Incident unlikely to persist beyond
acceptable tolerance levels
Step 3. What is the highest
severity level identified from
Steps 1 & 2?
Step 4. Escalate to ->
• Potential compromise to the
provisioning of one or more key
Value Streams
or
• Incident potential to persist
beyond acceptable tolerance levels
• Compromises the provisioning of
one or more key Value Streams
or
• Known impact to key calendar
date(s) in the year
or
• Incident known to persist beyond
acceptable tolerance levels
General Incident
Potential-BC Incident
BC Incident
↓
↓
↓
Local Management / Helpdesk
Channel
CMT Member
CMT Leader (via CMT Member)
Pearson TQ Business Continuity Plan
Author: Garrie Owens
Approver: PTQ VP, Martyn Leader
DCL3 Confidential
Version 2.0
October 2021
Page 48 of 50
Appendix 13 – Pearson UK Incident Report
Template
Pearson UK Incident Report
Status
Open - In Progress / Open - Post Incident / Resolved
Reported by (Name, Position)
Date/Time Reported
Reported to (Name, Position)
Incident Start Date/Time
Incident Location(s)
Incident Type
Red/Yellow Alert?
Business Continuity Incident?
Yes / No
Incident Description
Business Impact
Action Plan
Link to action plan containing actions & decisions here.
Resolution
Root Cause
Remediation / Recommendations
Complete test plan/report for the event and place link here.
Status
Incident Resolved.
Date Closed
Pearson TQ Business Continuity Plan
Author: Garrie Owens
Approver: PTQ VP, Martyn Leader
DCL3 Confidential
Version 2.0
October 2021
Page 49 of 50