Add to collection(s) Add to saved
  1. Business
  2. Management
  3. Project Management

(Attachment: 5)BUSINESS CONTINUITY PLANNING

advertisement 
BOROUGH OF POOLE
REPORT TO EMERGENCY PLANNING COMMITTEE
14th APRIL 2008
7
BUSINESS CONTINUITY PLANNING
PART OF PUBLISHED FORWARD PLAN: YES
STATUS – GENERAL
1.
PURPOSE AND POLICY CONTEXT
1.1
To update committee on current progress, in line with the original draft timetable agreed at the
meeting of 4th June 2007, and the detailed action plan/policy/strategy agreed at the meeting of
5th November 2007.
2.
DECISION REQUIRED
2.1
Members are asked to note the current progress.
3.
BACKGROUND
3.1
In 2006 a review of the Council’s existing Business Continuity arrangements was undertaken
by independent advisors Zurich Municipal.
3.2
Following on from this health-check, 18 recommendations were made for the Council to
consider and develop a business continuity strategy (see attached Appendix A).
3.3
The Council’s Management Team endorsed the recommendations of the health–check and
requested that implementation begin.
4.
IMPLEMENTATION – PROGRESS TO DATE
4.1
The post of Business Continuity Project Administrator was filled on the 13th August 2007.
4.2
In conjunction with the Council’s appointed consultants, a detailed action plan/policy/strategy
was subsequently developed; endorsed by the Council’s Management Team; and agreed at
the Committee meeting on 5th November 2007.
4.3
A Business Impact Analysis (BIA) was undertaken during September/November 2007. The
outcome was detailed in a report prepared by the Council’s Consultants, dated 23rd November
2007. After a process of sense checking, the outcome was endorsed by the Council’s
Management Team on 18th December 2007.
4.4
Committee Members attended a business continuity training session on 7th January 2008, and
were provided both with an update on implementation and with a copy of the aforementioned
BIA report.
1
5
IMPLEMENTATION TIMETABLE
5.1
Implementation continues to track the agreed business continuity strategy. Headline activity for
the coming quarter is set out under 5.2, 5.3, and 5.4 below.
5.2
Corporate planning workshop, 13th March. Recovery strategies were reviewed for each of the
key corporate mission critical services, as identified within the aforementioned BIA report. The
adequacy or otherwise of current risk mitigation resources will be assessed, and draft business
continuity plans prepared, for each of these mission critical services. Draft plans are due to be
completed by June, and will then be submitted to Management Team and Committee for
approval.
5.3
Service Unit planning workshop, scheduled for 15th April. Not all Service Units have key
corporate mission critical services. Nevertheless, we wish to disseminate best practice, and
ensure that all Service Units have an opportunity to develop business continuity plans at
Service Unit level. Appropriate training will be provided through this workshop, and subsequent
support will be available from the Business Continuity Project Administrator.
5.4
Corporate Incident Management workshop, to be held in June/July (firm date to be finalised).
6
RECOMMENDATIONS
6.1
That this report is accepted.
6.2
That further progress reports continue to be submitted to this committee at six monthly
intervals, until completion of the project in July 2009.
Ian Milner
Acting Head of Financial Services
Consultant Reports:
Business Continuity Management Healthcheck, October 2006.
BIA, 23rd November 2007.
Name and Telephone Number of Officer to Contact:
Paul Smith
Business Continuity Project Administrator
Tel: 01202 633177
SPSACmarch2006- Activity
2
7
APPENDIX A
Recommendations
1. A Business Continuity Management (BCM) Policy must be agreed, documented and
Priority
High
approved, outlining the people who are accountable for BCM and emergency
planning, their responsibilities and authority. This policy must have visible senior
sponsorship and support and should be accompanied by an action plan of activity to
roll out a programme of work on BCM.
2. Senior management must champion and support BCM, ensuring that their buy in to
High
the process is understood by all. Without this support any BCM programme is
unlikely to succeed.
3. The BCM programme must have a budget and resources allocated to it as part of
High
the normal budgeting and management processes. BCM takes significant time and
commitment to implement and this must not be underestimated by the Authority.
4. An exercise must be carried out at a corporate level to identify and prioritise
High
the council’s critical activities. This then informs the identification of the
resources required to perform those activities so that the most important
can be recovered after an emergency situation. This forms the basis of the
corporate level of the Business Continuity Planning (BCP). The exercise
must be done against criteria such as priority of activity, duration able to
continue without activity and extent of alternative provision in place.
5. The next step after the identification of the Management Consultancy
High
Agents (MCA) is to analyse the impact of a range of emergency situations
on them. A structured process for business impact analysis that identifies
risks and their potential impact on services, critical activities and
dependencies must be developed and used consistently at both corporate
and then service level.
This must include the identification of high-risk concentration, such as
several MCA in one building.
6. The Council must ensure that it has an up to date risk assessment
considering the likelihood and impact of business continuity risks. Risk
mitigation activity must be evidenced where possible to show that activities
to reduce or prevent the risks occurring are taking place, as well as
business continuity plans compiled. This risk assessment must include
internal as well as external emergencies as there may be a tendency to
3
High
focus on traditional external threats, such as fire, floods or terror and to
miss internal disruptions such as an interruption to a key supplier or
industrial action.
7. Once the MCA for the Council has been identified the corporate level
High
strategy must be compiled, drawing on the work already in the Incident
Response Plan regarding team structures and such like.
8. Once the corporate level strategy has been set, work can be done on
High
reviewing and completing the process and recovery level strategies.
9. A communication strategy as to how the Council will communicate with
Medium
stakeholders in the event of an incident must be drawn up.
10. All agreed strategies must be signed off at the appropriate level and
Medium
communicated effectively to those impacted or involved in their
implementation.
11. A template for the BCP must be agreed, rolled out and completed
High
corporately and then for all service units in which MCA have been identified
initially and then other service units as deemed necessary going forward.
This should be done in a phased way with consideration given as to how to
keep the process manageable. The Council will not need 21 service unit
plans, it must use the MCA process to identify priority areas.
A generic template is being submitted along with this report however it is
vital that any document used going forward fits the organisation so the
adoption of an existing internal plan may be the best course of action. The
one thing missing from the organisation is the corporate planning parts of
the generic template, elements of which may be found in the Incident
Response Plan.
12. One area that appears to be missing from existing plans is reference to a
High
communication strategy/plan, as previously highlighted.
13. It must be regularly checked that all key individuals with roles and
High
responsibilities in the Incident Response Plan fully understand those roles,
know how to access the Plan and keep their contact information up to date.
14. A Plan for a “4 hours out” scenario for the Civic Centre has been proposed
and, once the template has been agreed we would recommend the
drawing up of this plan – co-ordinated and informed at a corporate level.
The issue of priority access should be resolved by the previously
recommended work of a corporate identification of MCAs.
4
Medium
15. All those with responsibility for completing BCM exercises going forward
Medium
must receive sufficient training and support to enable them to do this
effectively, including the senior management team and members.
16. A programme of awareness raising of BCM issues and plans must be rolled
Medium
out to all employees once the Council’s arrangements are more robust in
terms of direction. All employees may potentially be impacted by BCM so
all should be aware. This programme can be through briefs at team
meetings or through a more structure programme of workshops.
17. Any arrangements in plans must be fully procured and agreed before
High
inclusion in plans. Otherwise, the plans are sure to fail under scrutiny.
18. Once the BCM programme is agreed, rolled out and BCP(s) produced a
programme of testing, maintenance and review must be established. Each
plan should contain it’s own arrangements but this should be co-ordinated
centrally and corporate testing also carried out.
5
Medium
Related documents
Business Continuity Management
Business Continuity Management
Unit 10: Course Summary and Final Exam
Unit 10: Course Summary and Final Exam
Scientific abstract
Scientific abstract
Business Continuity Management for SMEs Dr. L. Marinos, ENISA
Business Continuity Management for SMEs Dr. L. Marinos, ENISA
Battle Box - ABC Solutions
Battle Box - ABC Solutions
Continuity Formal Approach
Continuity Formal Approach
Presentation to TRs Changes and Potential Impact 21 August 2014
Presentation to TRs Changes and Potential Impact 21 August 2014
Business Continuity Management (BCM) Strategy
Business Continuity Management (BCM) Strategy
Lecture 7 - mh-lectures.co.uk
Lecture 7 - mh-lectures.co.uk
Continuity of Operations Planning Training Recommendations Lee
Continuity of Operations Planning Training Recommendations Lee
it-Business-Continuity-Management-Policy
it-Business-Continuity-Management-Policy
BCM Programme Plan
BCM Programme Plan
Download
advertisement