Business Continuity – Management Recovery Plan 2010
advertisement
Business Continuity – Management Recovery Plan 2010 - 2015 Overview The plan has been developed to ensure an orderly and effective response to any incident that significantly disrupts business operations. It is to be used to facilitate continuity of the NSW Rural Assistance Authority’s (the Authority) business and includes recovery of infrastructure in the event of a disaster or pandemic over a period of up to 30 days. Background The NSW Rural Assistance Authority Business Continuity Plan was originally prepared in consultation with IAB Services and was released in June 2005. This plan has been reviewed and revised to meet the Authority’s changing needs. Objectives The objectives of this plan are: y y y To ensure that maximum possible service levels are maintained To ensure that the Authority recovers from interruptions as quickly as possible To minimise the likelihood and impact (risk) of interruptions Principles The principles behind this plan are: y y y Disaster Recovery is just part of Business Continuity Risks are assessed for both probability and business impact Business continuity plans must be reasonable, practical and achievable In other words, we are not planning for every possibility. Diminishing returns affect the benefits of planning for extreme cases. Structure There are two levels of written Recovery Plans: I. Management Recovery Plan (this Plan), which: a. b. c. declares the disaster; invokes the business unit recovery plans; and monitors recovery at the highest level. II. Business Unit Recovery Plans, which: a. recovers the essential business operations belonging to business units. NSW Rural Assistance Authority Page 1 of 31 Definitions Disaster - any event which prevents the Authority from carrying on its usual operations at the normal place of work for more than the predefined Maximum Acceptable Outage (MAO) periods. A disaster may include one, or a combination of any of the following: a. b. c. d. e. f. g. h. i. Natural disasters (e.g. earthquake, storm, tsunami, flood). Accidental hazards (e.g. fire, gas leak, vehicle collision). Hostile acts (e.g. war, terrorism, sabotage, vandalism). Wilful/malicious damage (e.g. security breach, theft, media leak). System/equipment failure (e.g. IT or communications infrastructure, electronic security systems, electrical equipment). Loss or destruction of vital records or information. Loss or lack of critical resources (e.g. power, water, office facilities). Loss of critical support functions (e.g. payroll, finance, administration). Loss of key personnel. Disaster Recovery - Activities and procedures designed to return the organisation to an acceptable condition following a disaster. Business Continuity - The uninterrupted availability of all key resources supporting essential business functions. Business Continuity Management - Provides for the availability of processes and resources in order to ensure the continued achievement of critical objectives. Business Continuity Planning - A process developed to ensure continuation of essential business operations at an acceptable level during and following a disaster. Maximum Acceptable Outage (MAO) - The maximum period of time that critical business processes can operate before the loss of critical resources affects their operations. Pandemic - epidemic of disease that occur on a worldwide scale. They are traditionally caused by infectious diseases such as influenza which have had devastating effects on people. An influenza pandemic occurs when a new influenza virus emerges which is markedly different from recently circulating seasonal influenza viruses and is able to: a. b. c. infect people and cause disease (rather than, or in addition to, other mammals or birds); spread readily from person to person; and spread widely because most people will have little or no immunity. The likely consequences of a pandemic include: a. b. c. d. e. f. Many people may become unwell and some will die; People who are sick with pandemic influenza, or who have been in close contact with sick people, may be asked to stay at home; There may be workplace modification and/or closure: many people (up to 50%) will be unable to go to work – because they have been asked to stay at home, they are sick or they are caring for others; There may be disruption to utilities, transport and other services; There may be closure of schools, businesses and entertainment venues; and Health care will be delivered differently and health care resources may be stretched. NSW Rural Assistance Authority Page 2 of 31 System Failure - When the delivered service no longer complies with the specifications, the latter being an agreed description of the system's expected function and/or service. This definition applies to both hardware and software system failures. Faults or bugs in a hardware or a software component cause errors. System Error is defined as that part of the system which is liable to lead to subsequent failure, and an error affecting the service is an indication that a failure occurs or has occurred. If the system comprises of multiple components, errors can lead to a component failure. As various components in the system interact, failure of one component might introduce one or more faults in another. Acronyms The following acronyms are used throughout this document: BCP Business Continuity Plan MRT Management Recovery Team BURT Business Unit Recovery Team Authority NSW Rural Assistance Authority I&I NSW NSW Department of Industry and Investment MAO Maximum Acceptable Outage Roles and Responsibilities The following diagram depicts the inter-relationship between the various BCP entities: The MRT is an executive level team responsible for the overall coordination of the Authority’s business continuity in the event of a disaster. In an emergency, it manages the Authority’s response to any significant interruption. It is the primary point of liaison with the State Crisis Centre (State Crisis Management Team), other Agency Crisis Management Teams and Emergency Services, should they be active. It reports directly to the Chief Executive. The MRT is responsible for: a) declaring a disaster; b) initiating the BCP; c) coordinating individual BURTs; and d) restoring normal operation. NSW Rural Assistance Authority Page 3 of 31 MRT Members MRT Coordinator MRT Member MRT Member MRT Member Position Manager Policy General Manager Manager Administration Manager Records The BURTs are responsible for the timely and controlled restoration of key business processes within pre-identified MAOs. In an emergency, these teams employ predefined and rehearsed recovery procedures as defined within individual Business Unit Recovery Plans. BURTs are responsible for: a) complete and timely recovery of the essential operations; and b) safety and welfare of public and staff during the disaster and its aftermath. BURT Members Business Unit Administration Coordinator Team Member Team Member Coordinator Loans Administration Team Member Team Member Team Member Coordinator Grants Administration Team Member Position Manager Administration Manager Policy Manager Records Manager Loans Administration Assessment Manager – Loans Loan Securities Clerk Client Loans Accounting Officer Manager Grants Administration Assessment Manager/s, Grants Management Recovery Plan In the event of a disaster that stops the Authority from operating in its normal business premises the MRT will relocate to a Disaster Recovery Centre, where they will oversee resumption of the Authority’s operations and if necessary setting up of new/temporary premises. The recovery centre can be located at any I&I NSW office such as the Orange Agricultural Institute or at any other location suitable to the Authority providing IT services can be arranged within a reasonable period of time. All other disasters that do not affect the Authority’s occupation of its business premises will not result in relocation of the MRT to the Disaster Recovery Centre or the setting up of new/temporary premises. There may be a period of time following the disaster when the Authority is unable to maintain its normal operations. The Manager Administration, as part of the MRT and in consultation with individual Business Unit managers will advise staff of if, when and where they are required to report to work. Permanent staff members may also be required to take special disaster leave during this period, while temporary and contract staff may be stood down pending the resumption of normal operations. NSW Rural Assistance Authority Page 4 of 31 Recovery Procedures Task What Who 1 Receive notice of disaster/pandemic or potential MRT Coordinator disaster/pandemic. This notice may come from any source at any time. Obtain as clear a picture as the informant can give. Determine whether to invoke the BCP. MRT Coordinator 2 Contact MRT Members, advise them of the MRT Members situation and arrange to meet. Determine whether: (a) disaster or pandemic exists; (b) the BCP should be invoked. When Immediately Immediately (a) Determine whether a disaster or pandemic exists. If the event is one of the following and the impact will last longer than 72 hours 1 , immediately declare that a disaster exists: • destruction of, or severe damage to, premises making use impossible, for example fire, flood, collapse, contamination; • external event preventing access to premises, for example police cordon, emergency evacuation, weather conditions; • loss of essential services, eg. power, phone, computing; • an event which prevents one or more predefined key business processes from continuing within the identified MAOs. 3 1 (b) Determine whether the BCP should be invoked • Make the decision: either declare a disaster and invoke the BCP, or stand down. Remember that the declaration can be cancelled. • If the BCP is to be activated, proceed to the next step. Invoke the BCP • Notify the Chief Executive and advise: the nature, impact and time of incident; whether there are casualties; where you can be reached; what support you need; whether the Recovery Centre is required and located; agreed frequency of further updates. • Contact BURT Coordinators and brief them on the situation. Advise whether they are to invoke their individual Business Unit Recovery Plans. • Contact I&I NSW and brief them on the MRT Coordinator Immediately This is because the soonest period where the MAO reaches a value of 4 is 3-5 days. NSW Rural Assistance Authority Page 5 of 31 Task 4 What situation. Advise whether they are to invoke their Recovery Plans in relation to the services they provide to the Authority. Activate the Recovery Centre (if necessary) • Alert the nominated Recovery Centre (if premises are being provided by I&I NSW) that the Authority’s BCP has been invoked and to activate the Recovery Centre. Who When MRT Members Immediately or • 5 6 Arrange for temporary office space and equipment at a location suitable to the Authority together with IT access though I&I NSW. • Relocate the MRT to the Recovery Centre. • Make arrangements for the transportation of all recovery material to the Recovery Centre for the relocating staff. • On arrival at the Recovery Centre, check that each MRT member: has arrived safely; has moved into its allocated space; has its recovery material; has access to telephones, is able to access its systems on the PCs provided; has started its recovery. • Coordinate the acquisition of ICT for various BURTs. This may include either purchase of equipment or sourcing of equipment from I&I NSW. • Liaise with individual BURT Coordinators to ensure that all staff have been accounted for. • Notify insurer within 48 hours of any injured persons. MRT Members Monitor interim operation • Liaise with the I&I NSW Premises Manager over the restoration or replacement of the premises. • Liaise with relevant salvage teams. MRT Coordinator Return to normal operations • If Recovery Centre has been activated plan MRT Members arrangements for return back to premises once the I&I NSW Premises Manager advises that the premises are ready for reoccupation. • Coordinate staff to: save all data for transfer to original premises; delete the Authority’s data from the Recovery Centre's PCs and file servers; remove the Authority’s and personal property from the Recovery Centre. • Arrange for: MRT logs to be collected; and expenses and insurance loss details to be passed to the MRT Coordinator. • With the Team Leaders and Management and using the Team logs for input, hold a review of: NSW Rural Assistance Authority From time of relocating to Recovery Centre. On advice from Premises Manager. Page 6 of 31 Task What the disaster; the recovery; the performance of the BCP. Who When In addition to the above the following should also be undertaken a) Develop Manual Processes In the event of a disaster, manual processes may need to be developed to allow continuation of the Authority’s operations. These may include the following however development of other processes should not be discounted. y Manual tracking of File Movements y Payment of Grants and Loans from lists b) Return to Normal Operations y Plan arrangements for return back to primary site once the MRT has advised the BURTS that the primary premises are ready for reoccupation. y Coordinate staff to: save all data for transfer to original premises; remove Authority and personal property from the Temporary Premises. y Arrange for BURT logs to be collected; and expenses and insurance loss details to be passed to the MRT. y Collaborate with the BURTS to review processes surrounding: the disaster; the recovery; the performance of the BCP. c) During Each Incident At all stages keep any affected business unit or person closely advised of progress – even negative progress. This is especially important for missing documents. Do not hesitate to advise the Manager, Administration of the incident and of progress. If any incident could possibly involve the press or public, immediately contact the Manager, Policy so that the General Manager and if necessary the Chief Executive may be briefed if required. d) After Each Incident After every incident, a standard set of tasks must be done. These have not been repeated under each risk, but they must still be done: y Return all operations and services to their original form y Contact all affected business units and suppliers, to advise them that the incident is over and things are back to normal y Thank everyone involved, preferably by personal phone call or email y Review the way we managed the incident, and consider if we need to change anything – if so, change it in this document too. Pandemics Unless staff are on approved leave they are to remain working and attend their normal workplace. Where recommended measures for providing a safe workplace are in place, employees are to undertake their normal duties. NSW Rural Assistance Authority Page 7 of 31 Any employee who then chooses not to work should (after the appropriate process has been followed) be placed on leave without pay. The Authority may apply any or all of the following flexible working arrangements: a) Attend Normal Place of Work – All staff are to attend the workplace as usual, except where working from home (or elsewhere) as part of the Authority’s business continuity and workforce management plan aimed at ensuring ongoing service delivery. b) Staff Working Remotely from Home - If necessary and practical, staff, following receipt of approval from the Chief Executive may work remotely from home should: y There be a recommendation from NSW Health to increase social distancing and remote working allows this to be implemented. y Schools and caring facilities have been closed requiring staff to stay at home to provide care. y Public transport is closed and some staff cannot reasonably get in to work, or the risk of staff being infected through the use of public transport cannot be reasonably managed. y The workplace itself has been isolated / quarantined by NSW Health. y The staff member is caring for a sick family member. c) Alternate Duties – Where possible staff may be utilised in other areas of the Authority so that all areas of the Authority remain open at all stages during the pandemic. Staff may be: y Required to undertake different work functions (most likely for essential work) as directed within their competencies but outside the scope of their normal duties. y Redeployed to other government agencies to assist priority service delivery. Staff who perform duties for another agency will remain employed by the Authority but will be under the control and direction of the host agency. The Authority will continue to pay employees at their normal rate of pay. d) Transport or Other Major Disruptions – Where employees are unable to get to work due to transport or other major disruptions, employees may be directed to do their usual job remotely at another government agency or from home. e) Workplace Closure – During a pandemic NSW Health may close premises either as a preventative measure or because those premises have been isolated or quarantined. In particular: y Closing premises to the public by NSW Health does not necessarily exclude employees from continuing to work in such premises (unless the directive is for the premises themselves to be isolated or quarantined). y Where the workplace has been closed to the public as part of preventative measures appropriate workplace safety measures as recommended by NSW Health should still be implemented and employees in that workplace should still attend work unless the premises themselves have been closed. y Where staff are directed to stay at home, the employee will: i. remain on pay for the period, and ii. remain at home until directed to return to work; iii. failure to return to work in the absence of illness, caring for family or authorised absences may result in disciplinary action. y In the event of workplace closure the Authority may activate the Recovery Centre. Employees may also be required to do their job remotely at another government agency or at home. NSW Rural Assistance Authority Page 8 of 31 y Employees may be deployed to another government agency to undertake other duties as directed within their competencies. The Authority will manage the absence and return to work of staff during a pandemic. Some issues to consider are: a) advice to the employee on how long to stay away from work (the NSW Health website will have advice on this once the characteristics of a pandemic are known); b) checking on the staff member during their absence from work; and c) ensure staff are healthy before allowing them to return to work (NSW Health advice will assist the Authority is this regard). Pandemic Special Leave up to a maximum of 20 days may apply when employees are sick or caring for other family members and may be used in conjunction with other leave available to staff. Employees are not required to provide a medical certificate when absent due to sickness or to provide care for others but will need to provide a copy of their record of attendance, or for the person for whom they are providing care, from a NSW Health Fever Clinic, or such other document(s) which satisfy the Authority’s requirements. Maximum Acceptable Outages The most critical business process undertaken by the Authority is the provision of IT and communications. This function is currently outsourced to I&I NSW. The next most critical business processes undertaken by the Authority are: a) Provision of payroll; b) Accommodation management; and c) Records management. Each of these are also outsourced to I&I NSW. All other identified business processes never reach an impact ranking of “major”. The following table lists each business process undertaken by the Authority along with the maximum impact ever reached and when that maximum is reached. Max impact reached 2 When max is reached >30 Reporting and information dissemination. 3 >30 Internal education of staff on policy. 2 16-30 Public relations including outside events and website. 1 N/A Reporting to Board and management 3 >30 Loan securities documentation 3 >30 Process applications (deferment, inter-generational transfers, and security variations) 3 >30 Debt recovery 1 N/A Process applications for assistance. 3 16-30 Assistance appeals 2 >30 Business process Prepare Annual Report. NSW Rural Assistance Authority Page 9 of 31 Max impact reached 1 When max is reached N/A Preparation and dissemination of mediation kits 2 16-30 Processing of Section 11 applications 2 16-30 Maintenance of mediation panel. 1 N/A Education and awareness of farming sector and lending institutions and mediators. 1 N/A Provide awareness and education to farming sector and training sector. 1 N/A Policy implementation, oversight and management including appeal process. 3 16-30 Business process Awareness and education relating to schemes. Provide corporate services to Authority including: • HR 3 >30 • Finance & budgeting 3 >30 • Payroll 4 >30 • IT and Communications 5 3-5 • Transport 1 N/A • Asset management 1 N/A • Accommodation 4 >30 • Reception services 1 N/A • Maintain SLA 1 N/A • Internal audit 1 N/A Provide records management 4 >30 Draw-down and maintain history of all loans and grants, and receive repayments. 3 >30 Supporting Information Contacts a) Staff Welfare Adviser N/A b) Premises Manager (I&I NSW staff) Building Manager - Kite Street Premises Institute Manager – Orange Agricultural Institute c) Other Internal Site Contacts Mailroom Switchboard NSW Rural Assistance Authority Page 10 of 31 d) External Contacts – I&I NSW Media Advisor e) External Contacts – Non Departmental Emergency Services Who Fire Brigade Police Ambulance Hospital State Emergency Services 000 000 000 02 6393 3000 132 500 Utilities Who Electricity (Country Energy) Gas (Country Energy) Water (Orange City Council) Phone 132 080 132 080 02 6393 8500 Phone Fax 02 6393 3593 Fax 02 6393 8512 Couriers N/A Related Legislation State Emergency and Rescue Management Act, 1989 Public Heath Act 1991 Public Sector Employment and Management Act 2002 Related Delegations Nil. Related Documents Business Continuity Plan – Administration Unit Business Continuity Plan – Grants Administration Business Continuity Plan – Loans Administration NSW Human Influenza Pandemic Plan – August 2010 C2010-32 – NSW Human Influenza Pandemic Plan – NSW Department of Premier & Cabinet Memorandum of Understanding (MoU) – Arrangements for Public Sector Employees in the event of an Influenza Pandemic NSW State Disaster Plan (Displan) Revision History VERSION 1.0 2.0 DATE JUNE 2005 10/03/2010 BY WHOM IAB SERVICES POLICY OFFICER DATE OF NEXT REVIEW 31/03/2014 Authorised by Manager Administration, Manager Policy NSW Rural Assistance Authority Page 11 of 31 Attachment ‘A’ Risks Risk Building Loss – NSW RAA Work area Probability Low Impact High Likely Scenario Fire; Bomb threat Functions Affected All Action Contact I&I NSW Building Manager to assess damage and availability and timing of alternate locations Move MRT and Authority operations to the Disaster Recovery Centre Advise all business units, and suppliers if affected Stand down other Authority staff members until relocation to new premises is completed or until able to return to Authority work area If documents have been destroyed, see Paper Documents Lost If documents have been damaged, see Fire and Water Damage Responsibilities MRT Coordinator Mitigation Constraints The Authority’s and I&I NSW Emergency Procedures override these instructions if there are any conflicts Resources See Point 12 NSW Rural Assistance Authority Page 12 of 31 Risk Building Loss – I&I NSW Head Office Building Probability Low Impact High Likely Scenario Fire Functions Affected All Action Contact I&I NSW Building Manager to assess damage and availability and timing of alternate locations Move MRT and Authority operations to the Disaster Recovery Centre Contact all Authority staff and suppliers to arrange alternate locations and contact details Stand down other Authority staff members until relocation to new premises is completed or until able to return to Authority work area If documents have been destroyed, see Paper Documents Lost If documents have been damaged, see Fire and Water Damage Responsibilities MRT Coordinator to contact I&I NSW Building Manager Manager Administration to coordinate contacting all Authority staff and suppliers Authority staff to contact Manager Administration If MRT Coordinator is unavailable, members of MRT to deputise Mitigation Constraints The Authority’s and I&I NSW Emergency Procedures override these instructions if there are any conflicts Resources See Point 12 NSW Rural Assistance Authority Page 13 of 31 Risk Building Loss – I&I NSW Head Office Building Basement Probability Low Impact Medium Likely Scenario Fire; Bomb threat Functions Affected Garage access for scheduled courier services/deliveries; offsite storage services Action Contact courier and storage company and Reception immediately to arrange deliveries via main reception If documents have been destroyed, see Paper Documents Lost If documents have been damaged, see Fire and Water Damage Responsibilities Manager Records to coordinate and escalate if required Mitigation Constraints The Authority’s and I&I NSW Emergency Procedures override these instructions if there are any conflicts Resources Email, phone NSW Rural Assistance Authority Page 14 of 31 Risk Building Loss – Site other than NSW RAA work area Probability Low Impact Medium Likely Scenario Fire, Bomb threat Functions Affected Scheduled courier services/deliveries Action Contact affected business unit and couriers immediately to arrange alternate pickup and delivery points; hold all parcels/files etc at RAA work area Responsibilities Manager to coordinate and escalate if required Mitigation Constraints The Authority’s and I&I NSW Emergency Procedures override these instructions if there are any conflicts Resources Email, phone NSW Rural Assistance Authority Page 15 of 31 Risk Mail Item Missing Probability Impact Likely Scenario Functions Affected Action Medium Responsibilities Mitigation Constraints Resources Manager Records to coordinate and escalate if required Varies – can be high Incoming or outgoing mail item reported missing Incoming and outgoing mail, couriers; potentially any business operation Contact affected business unit and/or sender to get full description of missing item, delivery method, addressee, times and dates Check Records area, I&I NSW Mail Room, Reception area, look in all satchels, empty mailbags and trolleys Incoming Check Authority and I&I NSW Reception areas Check Records area Check with Courier companies if necessary Outgoing Check Records area Check with Courier companies if necessary If still not found Broadcast email to advise staff of missing item and to request they check their desks Repeat some of these actions over two or three days if necessary – most missing mail items turn up the next day at the correct destination Email, phone NSW Rural Assistance Authority Page 16 of 31 Risk Couriers – Services Unavailable Probability Low Impact Medium – if longer than half a day Likely Scenario Courier driver’s strike Functions Affected Delivery of items to/from the Authority Action Advise all business units of problem Business units can use fax, email, express post, personal hand to hand delivery Some courier drivers may do local work Responsibilities Manager Records to coordinate and escalate if necessary Mitigation Contract specifies alternate, trained drivers available to cover sickness etc Constraints Widespread industrial disputes may include other courier companies and express post deliveries Resources Email, phone NSW Rural Assistance Authority Page 17 of 31 Risk Documents lost – Electronic (in large numbers) Probability Low Impact High Likely Scenario Network problem (Eg. TRIM failure) Functions Affected All electronic and paper-based document related activities Action Immediately (Manager Records): y Contact the Help Desk to log problem and establish nature and duration of problem. If necessary request recreation from backup y Contact TRIM coordinator to ensure problem is treated with urgency y Advise Manager Administration y Advise all affected business units If problem cannot be fixed within one day by recreation from backup, discuss with all stakeholders how to manage current operations and any ad hoc document recreations so that a later full restoration does not create more problems – involve all stakeholders, particularly the I&I NSW IT area and all affected business units. If problem cannot be fixed by recreation from backup, investigate ways and need to recreate from paper files, or from individual staff members files – involve all stakeholders Responsibilities Manager Records to coordinate and escalate if necessary Mitigation Backups by I&I NSW IT area; some documents saved to CD (EG – SAP reports) with copies held by business units; original paper documents retained on physical files Constraints Backups by I&I NSW IT area – it may take some time to organise a recovery I&I NSW IT area; CDs; physical files Resources NSW Rural Assistance Authority Page 18 of 31 Risk Documents Lost – Electronic (specific documents) Probability Low Impact Varies Likely Scenario Document accidentally deleted; recorded/saved incorrectly Functions Affected All electronic and paper-based document related activities Action Immediately (Manager Records): y Contact the Help Desk to log problem and if necessary request recreation from backup y Contact TRIM support area to ensure problem is treated with urgency y Advise all affected business units If problem cannot be fixed by recreation from backup, investigate ways and need to recreate from paper files, or from individual staff members files – involve all stakeholders Responsibilities Manager Records to coordinate and escalate if necessary Mitigation Backups by I&I NSW IT area; some documents saved to CD (EG – SAP reports) with copies held by business units; original paper documents retained on physical files Constraints Backups by I&I NSW IT area – it may take some time to organise a recovery Resources I&I NSW IT area; CDs; physical files NSW Rural Assistance Authority Page 19 of 31 Risk Documents Lost – Hardcopy (in large numbers) Probability Low Impact High Likely Scenario Authority work area in I&I NSW Head Office building lost; loss of other Authority work area; offsite document storage site lost; fire or storm damage Functions Affected File and document retrievals; all document/file based activities Action Immediately: y Advise Manager Administration y Advise all affected business units and discuss both short and long term implications Investigate ways and need to recreate from other paper or electronic files, or from individual staff members files – involve all stakeholders Responsibilities Manager Records to coordinate and escalate if necessary Mitigation Scanning of some documents to CD, TRIM etc, copy documents held by business areas Constraints Resources NSW Rural Assistance Authority Page 20 of 31 Risk Documents Lost – Hardcopy (specific document, file or box) Probability Medium Impact Varies, potentially high Likely Scenario It’s always urgent – a subpoena, FOI or Privacy request Functions Affected Document retrieval; any document-based activity Action Check SAP File Tracking/Records Archived Files records for possible locations Ask last known person with document Ask business unit – most lost documents are elsewhere in the requestor’s business unit Records staff to check at likely sites Broadcast email to all staff Contact individual staff members who may have knowledge of the documents concerned If document is irrevocably lost, discuss impact with stakeholders, issue statement of search and loss signed by Records Manager. Responsibilities Manager Records to coordinate and escalate if necessary Mitigation Scanning of some documents to CD, TRIM etc, copy documents held by business areas Constraints Resources NSW Rural Assistance Authority Page 21 of 31 Risk Email or Network down Probability Medium Impact High Likely Scenario A malfunction in the computer system or on the LAN Functions Affected Business units requesting files and boxes (excludes interruptions to the File Tracking system, for which see Software – SAP System Down Action Contact Business Units by phone and ask that all communications be by phone, on paper or in person Records Area to records all file requests manually When the system is available again, arrange data entry of all movements recorded manually Responsibilities Manager Records to coordinate and escalate if required Mitigation Constraints Resources Phone, Fax, File Request forms NSW Rural Assistance Authority Page 22 of 31 Risk Fire or Water Damage to Documents Probability Low Impact Medium Likely Scenario False alarm setting off sprinklers; or fire damage plus water damage from sprinklers and hoses; or stormwater damage. Water damage is usually the most serious outcome of a fire Functions Affected Business Units using files; Records Area issuing and returning files Action The document compactus has been designed to reduce fire and water damage to documents stored therein. The compactus is to be closed and locked during non business hours. Should the building alarm sound during business hours Records Area staff are, if safe to do so, immediately close and lock the compactus prior to evacuating the building. URGENT: Assess damage – if more than is manageable in house, contact BMS Catastrophe or Munters to get quotes on removal, drying and cleaning. Critical files have been colour coded to aid in identification – these files would be the only files where recovery would be attempted. Drying should begin within 24 hours to minimise damage. Advise all Business Units of extent of problem and likely delays If documents are lost, see Documents Lost – Hardcopy (in large numbers) Responsibilities Manager Records to coordinate and escalate if required Mitigation Constraints Cost for use of commercial recovery specialists (Eg BMS Catastrophe) Resources Email, phones NSW Rural Assistance Authority Page 23 of 31 Risk Franking Machine Fault Probability Low Impact High Likely Scenario Franking machine develops a fault and fails to operate Functions Affected Outgoing mail Action Contact supplier immediately to arrange service/replacement Contact Australia Post to arrange for them to do the franking Contact couriers to arrange any urgent deliveries Advise all Business units if earlier cut-off deadline is required Count and bundle outgoing mail ready to go to Australia Post unfranked Purchase stamps Responsibilities Manager Records to coordinate and escalate if necessary Mitigation Australia Post account; service arrangement with franking machine supplier Constraints Nature and volume of outgoing mail does not warrant cost of fast response service contract with machine vendor Resources Phone; Australia Post account NSW Rural Assistance Authority Page 24 of 31 Risk Hardware Problems Probability Low Impact Low Likely Scenario Malfunctioning PCs, printer, scanner etc For more widespread hardware or IT problems, see Software - XXXX System Down, Email or Network Down Functions Affected Any Action For PC’s printers, contact the Help Desk; switch to another PC or printer in the meantime. For other equipment contact the supplier or manufacturer Responsibilities Senior Authority staff member to coordinate and escalate if required Mitigation iPrint function on PC’s allows printer drivers to be installed and switching of printers; service agreements for mission-critical equipment Constraints Resources Phone NSW Rural Assistance Authority Page 25 of 31 Risk Offsite Archive Services Unavailable Probability Low Impact Medium Likely Scenario Industrial dispute Functions Affected Archive box pickups and deliveries Action Advise all Business Units In some cases identifiable documents can be selected and faxed by the storage company Responsibilities Manager Records to coordinate and escalate if required Mitigation Constraints Industrial action may prevent faxing or site access; faxing expensive and only possible for clearly identifiable documents Resources Email, phone, fax NSW Rural Assistance Authority Page 26 of 31 Risk Phone System Unavailable Probability Low Impact Medium Likely Scenario Phone system or phone line problems Functions Affected Client enquiries Enquiries from Rural Counsellors Business Units requesting files, advice Action Contact all Business Units by email or mobile phone and ask that all communications be by email or mobile phone Responsibilities Manager Administration to coordinate and escalate if required Mitigation Mobile phone Constraints Problems may also affect mobile phone and email use Resources Email; mobile phone NSW Rural Assistance Authority Page 27 of 31 Risk Power Unavailable Probability Low Impact High Likely Scenario Lights or power points only or all 240v power failure Functions Affected All Action Total power outage means no lifts, lights, phones or computers Use rechargeable flashlights supplied to the Building Warden for essential movement Find out extent of the problem – contact I&I NSW Building Manager who will contact power suppliers and repairers if there are no broadcast messages Responsibilities Manager Administration to coordinate and escalate if required Mitigation I&I NSW Emergency Procedures Constraints The Authority’s and I&I NSW Emergency Procedures override these instructions if there are any conflicts Phone, mobile phones, rechargeable flashlights Resources NSW Rural Assistance Authority Page 28 of 31 Risk Software – SAP System Down Probability Low Impact Medium Likely Scenario SAP itself playing up, the network having problems, or the database corrupted and being restored or rebuilt. This Risk only covers the SAP system itself: for network and email problems see Email or Network Down; for hardware problems see Hardware Problems Functions Affected All – assessment and payment of loans and grants file tracking accounts payable general ledger reporting On realising that system has problem Investigate – IT Help Desk, SAP Support – determine if problem is widespread Advise all Business Units – this will be done by either I&I NSW ITC or the SAP Support area Log all file movements on paper or an Excel spreadsheet If system is expected to be down for an extended period of time Accounts Payable, Loan and Grant disbursements to be paid manually – either through payment from lists at the bank or issuing of cheques Once problem is resolved, arrange data entry of all payments and file movements processed manually. End of month processing/reporting, if affected, to also be completed prior to all staff being allowed access to the system and normal processing being resumed Action Responsibilities Mitigation Manager Administration, Client Loans Accounting Officer, Manager Records, I&I NSW ITC area. I&I NSW SAP Support For overall system availability and database integrity we rely on normal IT backups and offsite storage arrangements Development of manual processes Constraints Email, phone It can be difficult to decide whether the problem lies with the SAP system, the network or hardware Resources Broadcast email (preferred); phone system; paper forms; excel NSW Rural Assistance Authority Page 29 of 31 Risk Software – TRIM System Down Probability Low Impact Medium Likely Scenario TRIM itself playing up, the network having problems, or the database corrupted and being restored or rebuilt. This Risk only covers the TRIM system itself: for network and email problems see Email or Network Down; for hardware problems see Hardware Problems Functions Affected Administration Responses to Ministerial and Departmental correspondence Some reporting On realising that system has problem Investigate – determine if problem is widespread – discuss with I&I NSW TRIM Support Advise all Business Units affected Log all file movements on paper or an Excel spreadsheet Saving of documents to local drives (Eg. ‘H’) until system is restored Once problem is resolved, arrange data entry of all file movements processed manually. Documents saved to local drives to be saved to TRIM Action Responsibilities Manager Records, Manager Policy, I&I NSW ITC (TRIM) area Mitigation For overall system availability and database integrity we rely on normal IT backups and offsite storage arrangements Scanning of documents Use of local drives (Eg. ‘H’) Use of copy documents/templates saved to local drives Development of manual processes Constraints Email, phone It can be difficult to decide whether the problem lies with the TRIM system, the network or hardware Resources Broadcast email (preferred); phone system; scanners; paper forms; excel NSW Rural Assistance Authority Page 30 of 31 Risk Vehicle Unavailable Probability Medium Impact Low Likely Scenario Vehicle booked with I&I NSW vehicle fleet, unavailable at last minute due to breakdown, required by senior management, disaster response Local deliveries/pick-ups Attendance at meetings and other events Functions Affected Action Walk (short distances only) Use of taxis Use of private vehicles – staff to be reimbursed cost Air travel – attendance at meetings and training in capital cities Use of hire vehicles (to be authorised by senior management for attendance at important meetings only) Responsibilities Manager Administration, I&I NSW Fleet Management Mitigation Constraints Cost Security Resources Phone, staff, Cabcharge account NSW Rural Assistance Authority Page 31 of 31
