Business Recovery & Continuity Plan

Transcription

1 Page 1 of 22 Business Recovery & Continuity Plan Document Control Responsible Person Review Frequency Reviewed by Chief Executive 3-Yearly (Strategic Review) Board Date Approved November 2017 Next Review Due November 2020 Responsible Person Review Frequency Reviewed by Chief Executive Annually (Yearly Update) Crisis Management Team Thereafter Update Report to AICC Date Approved November 2017 Next Review Due November 2018 Consultation Required Yes No Equalities Impact Assessment Yes No Added to Company Website Yes No

2 Page 2 of 22 Associated Documents This document should be read in conjunction with the following documents: Appendices as detailed on the last page 1 Purpose 1.1 The purpose of this plan is to ensure that, in the event of an unforeseen incident which interrupts its business; Waverley Housing has procedures in place to ensure that it can resume core business activities as soon as possible, with as little disruption as possible to the services it provides. 1.2 This plan sets out the responsibilities and systems for business recovery and continuity planning and is structured to deal with the worst case scenario of a completely destroyed building or major loss of staff. However, various elements can be adjusted to accommodate the different levels of severity and impact. 1.3 The plan will be reviewed at least once a year. It is the responsibility of the Crisis Management Team to review the plan and report to Audit and Internal Control Committee (AICC) of any material changes to the plan. 2 Objectives 2.1 Take all necessary steps to protect and preserve the health and lives of employees and others on Waverley premises. 2.2 Take all necessary steps to secure the premises and protect Waverley s assets. Direct all activities necessary for the maximum recovery of assets. 2.3 Prioritise business service needs and direct the restoration efforts based on risk to the company and its stakeholders. Restoration efforts can include restoring business functions at an alternate operating environment and resuming business at the original site. 2.4 Provide timely information to management and stakeholders regarding the status of restoration efforts. 3 Location of Business Recovery & Continuity Plan 3.1 A hard copy of the plan, in a sealed envelope, is held at each of the following locations: 4 Responsibilities Cullen Kilshaw 55 High Street Hawick Tel: Carole Yallop, Property Services Manager Margaret Hogg (Business Support Manager) - Retained at home address The safe in premises at 51 North Bridge Street, Hawick The Crisis Management Team hold an electronic version.

3 Page 3 of Board Ultimate responsibility lies with the Board of Directors to ensure good procedures and policies are in place and that lines of communication are clear. They have delegated this responsibility to the Audit & Internal Control Committee. 4.2 Crisis Management Team () The Crisis Management Team consists of key individuals and is responsible for managing and directing the response and recovery of Waverley Housing following an unforeseen event or disaster. The team will work to ensure that business functions are recovered in order of priority, that services to customers continue at acceptable levels and that reputation is maintained. The Crisis Management Team will consist of: Chief Executive Operations Director Business Support Manager Finance Manager 5 Definition of Interruptions to Business Recovery & Continuity 5.1 The Business Recovery & Continuity Plan covers service delivery, office accommodation and information technology systems. 5.2 Emergency planning for the housing stock is not covered. 5.3 Business interruption can range in its severity and impact on the company. Here are a few examples: Loss of Utilities Flood/Fire Damage Viral Epidemic Loss of critical IT systems Transport Problems Loss of Key Staff 5.4 These events would cause different levels of disruption and a plan has to be in place to ensure that any of these events can be dealt with as speedily as possible. 6 Critical Operations 6.1 The plan encompasses activities associated with identifying and quantifying any damage to the organisation, including staff, premises, equipment, data, records etc. at the earliest opportunity. 6.2 Restoration focuses on re-establishing the working environment. 7 Key Staff 7.1 The plan aims to provide guidance on identifying key personnel required to ensure critical services and tasks continue during the disruptive event. (Matrix of Critical Functions and Key Staff

4 Page 4 of 22 Appendix 6) 8 ICT and Office Equipment 8.1 The Company will have systems and equipment in place to ensure: There is back-up of data to enable the recovery of rent accounts, financial ledgers, HR and payroll. That staff and systems can be operable within a reasonable time, if for any reason computer systems are unavailable, manual recording of data will be carried out. 9 Insurance (Appendix 7) 9.1 The Company insurance (combined office policy business interruption) for each year will include a contingency for Business Recovery & Continuity and will be reviewed annually to ensure the level of cover is adequate. This should take into account: Second rent on office space, if required Expenses that might arise which are not covered by normal insurances 9.2 Normal insurance cover should also be in place to: Ensure that the Company can afford to take on temporary staff in the event that a member of staff is injured Cover replacement of all equipment, office furniture and stationery 10 Training 10.1 To ensure that the plan meets the needs of the Company, an annual training day will be arranged by the Crisis Management Team. This training day will take place in August. Training will be determined on what is deemed most relevant and appropriate at the time. Example Training Exercises: Paper based exercises Read through the plan as a group, questioning each action, determining whether the plan states the correct order in which actions have to take place and then testing the plan using a what if? scenario. New pieces of information can be added as the scenario unfolds. Telephone cascading Without warning, a test message will be sent out to everyone at the top of the cascade list in the plan. The message is cascaded, with the last person in each cascade contacting a nominated person, who records when the calls come in. This will allow us to check our communications structure and will highlight any difficulties encountered in contacting individuals (see appendix 14). Full rehearsal A full rehearsal of likely small-scale scenarios e.g. loss of phones, adverse weather conditions etc. will show how well different elements of our plan work together. 11 Monitoring and Review

5 Page 5 of The plan will be reviewed and updated following the annual training day and will be put before the Audit & Internal Control Committee (AICC) as soon as possible thereafter. 12 Publicity & Communications 12.1 The Company will have procedures in place to meet the requirement of internal and external communications in relation to notification to: Employees Board Tenants Scottish Housing Regulator Funders Internal Auditors 12.2 The Crisis Management Team leader will decide how, when and who to contact depending on the scale of the incident. A standard press release will be issued and a sample statement is included in this plan (see appendix 13).

6 Page 6 of Key Business Priorities 13.1 Business Recovery Speed Business Activity 4 Hours 24 Hours 48 Hours 3 Days Notes ICT systems Disaster recovery actions only Repairs Control & Admin Emergencies Ability to take emergency repair requests, recovery of main function 24 hours Contact Centre Answering calls Housing Officers (incl. estate management) In contact and communication with tenants. Allocations & Lettings In contact and communication with relevant parties. Finance Accounts & Ledgers Ability to make payments via BACs Finance Payroll Ability to pay monthly salaries Rent Collection Ability to collect direct debits Human Resources Restore Data Central Administration Operational

7 Page 7 of Key Resource Requirements 14.1 To respond to our business requirements, the following minimum resources need to be made available within the stated timescales. Resource 4 Hours 24 Hours 48 Hours 3-5 Days Notes Phone Divert & numbers IT servers and CAPITA database See ICT Disaster Recovery Plan Staffing Agency Staff Partnership Working/Resilient Communities Overtime etc. Workspace (4 max) Repairs (emergencies) Call centre (calls) Workspaces Relevant staff with external access to company server work from home Temporary accommodation (if required) Office furniture & stationery

8 Page 8 of 22 STAGE 1 CRISIS MANAGEMENT LOSS OF BUILDING

9 Page 9 of Crisis Management No. Action Who? Phase 1 Immediate Done () 1 Assessment Appraise situation and confirm a disaster has occurred. Most senior manager present will assume the role of Leader and will delegate tasks accordingly Crisis Mgt. Team() Leader 2 Call Emergency Services Leader 3 Evacuate or Shelter in Building Take advice from emergency services Leader 4 Identify Employees who are Injured or Missing 5 Administer First Aid First Aider 6 Retrieve Business Recovery and Continuity Plan Assign a member of staff to go to the nearest location to retrieve a copy of the Business Recovery & Continuity Plan Leader 7 Arrange for Next of Kin to be Contacted Leader 8 Invoke Plan Advise Crisis Management Team () members of situation and agree assembly point and time for meeting Leader

10 Page 10 of 22 No. Action Who? Phase 1 Immediate Done () 9 Initiate Team Log Once are together, allocate task of completing Team Log (Appendix 8) 10 Assess situation Make initial risk assessment of risk associated with the incident and take appropriate actions to minimise these, including (if safe to do so): Leader evacuation of area securing the building turn off utilities 11 Emergency Control Room Source location for emergency control room 12 Initial Damage Assessment If emergency services in attendance, no one will re-enter building until permission is given. A Damage Assessment Report should be compiled (Appendix 10), detailing: Extent of damage Key activities affected Key staff affected Systems affected Building work required Estimated length of time for reinstatement Office space which can still be utilised (Refer to Floor Plan Appendix

11 Page 11 of 22 No. Action Who? 15) Phase 1 Immediate Done () 13 Situation Review As soon as possible, hold a regroup meeting in order to establish the best way to get the office up and running. Review Damage Assessment Report Determine to what extent the Business Recovery and Continuity Action Plan is to be implemented 14 Internal Communication Agree message to be conveyed to all employees and Board Members and assign two people to contact them and complete record sheet (Appendix 9) 15 External Communication Once the situation has been considered and the likely impact upon clients (e.g. tenants) determined, decide upon the appropriate contact that should be made. In some instances it may be appropriate to make no contact at all. Using the contact list (Appendix 11) contact stakeholders etc. as appropriate ensuring uniformity of message conveyed. Manage media contact assess and deliver clear and concise message (See Appendix 13) Co-ordinate the contact with all relevant parties Chief Executive &

12 Page 12 of 22 STAGE 2 BUSINESS RECOVERY LOSS OF BUILDING

13 Page 13 of Business Recovery Action Plan RECOVERY ACTION PLAN: GENERAL RESOURCES No. Action Who? Phase 1 Day 1 Phase 2 Day 2 on Done () 1 Assess availability of resources Obtain information to confirm level of availability of each resource Determine time period that resource will be out of action Decide upon priorities for resource recovery 2 Decide upon recovery location Consider scale of incident/disruption Decide office accommodation Arrange appropriate facilities/equipment for key staff 3 Review staffing Identify key staff required Decide what must happen to staff Home working - if staff are sent home, contact must be maintained on a daily basis Chief Executive/ Operational Managers 4 Contact insurance brokers Insurance contact details (Appendix 7) Finance Manager

14 Page 14 of 22 5 Make good the building (if it can be re-entered) Ensure that actions are being taken to restore the site Salvage usable resources Record movement of resources Operations Director RECOVERY ACTION PLAN: REPAIRS CONTROL & ADMINISTRATION No. Action Day 2 Day 3 1 Identify tradesman on standby and recover emergency phone for repairs team to man 2 Contact tradesmen and advise of situation 3 Re-locate repairs team 4 Take calls as normal, once workspace and phone available. Communicate with customers as required

15 Page 15 of 22 RECOVERY ACTION PLAN: CUSTOMER SERVICES & HOUSING OFFICERS No. Action Day 2 Day 3 1 Ensure phones are transferred 2 Re-locate customer services staff 3 Re-locate housing officers 4 Communicate with tenants, if required, using an agreed method e.g. Radio Borders, website, social media, leaflets, letters etc. 5 Decide what work can be carried out with limited resources 6 Housing Officers to advise key contacts of situation, e.g. TC Young, court cases) 7 Once systems recovered respond to work in order of priority 8 Communicate with tenants, if required, using an agreed method e.g. Radio Borders, website, social media, leaflets, letters etc.

16 Page 16 of 22 RECOVERY ACTION PLAN: FINANCE, HR & ADMINISTRATION No. Action Day 2 Day 3 1 Assist front line staff, in order that key activities are maintained or resumed as quickly as possible 2 HR to provide support to Chief Executive & Operations Director 3 Communicate with key contacts (e.g. suppliers/contractors), if required, using an agreed method e.g. phone, letters 4 Arrangements for rent collection 5 Decide what work can be carried out with limited resources, and identify location 6 Once systems recovered respond to work in order of priority

17 Page 17 of 22 STAGE 1 CRISIS MANAGEMENT LOSS OF STAFF (E.G. FLU PANDEMIC)

18 Page 18 of Crisis Management No. Action Who? Phase 1 Immediate Done () 1 Assessment Appraise situation and confirm substantial disturbance to normal business has or is likely to occur due to nature of pandemic. Most senior manager present will assume the role of leader and will delegate tasks accordingly 2 Invoke Plan Advise members of the situation and agree assembly point and time of meeting. 3 Identify Critical Functions and Key Staff Required Identify business critical services and key staff required Matrix of Critical Functions and Key Staff - Appendix Initiate Team Log Once are together, allocate tasks of completing Team Log (Appendix 8) Assess Situation Consider best means of cover for staffing levels required: Identify staff from non-critical areas who can act as temporary support to assist in critical task areas Resilient Communities contact other RSLs, SBC for assistance Consider overtime for unaffected employees Employ Agency Staff Seek clarification from Chair of the Board when senior executives and members of the management team are not available for guidance Minimise Impact Leader Leader Leader

19 Page 19 of 22 No. Action Who? 6 Consider home working for staff who have external access to servers Liaise with IT to ensure systems are fully operational to allow home working Identify those at high risk, i.e. vulnerable people and isolate them where possible Consider infection control measures, e.g. wearing of masks, any other additional hygiene measures as relevant 7 Internal Communication Agree message to be conveyed to all employees and Board Members and assign two people to contact them and complete record sheet (Appendix 9) Phase 1 Immediate Done () 8 External Communication Once the situation has been considered and the likely impact upon clients (e.g. tenants) determined, decide upon the appropriate contact that should be made. In some instances it may be appropriate to make no contact at all. Using the contact list (Appendix 11) contact stakeholders etc. as appropriate ensuring uniformity of message conveyed. Senior Executive Team to manage media contact and assess and deliver clear and concise message (See Appendix 13 for sample press statement) Co-ordinate the contact with all relevant parties 9 Review Meetings Hold regular review meetings to monitor progress until normal business resumes Chief Executive &

20 Page 20 of 22 STAGE 2 BUSINESS RECOVERY LOSS OF STAFF

21 Page 21 of Business Recovery Action Plan RECOVERY ACTION PLAN: STAFFING No. Action Day 2 Day 3 1 IT systems up and running 2 Phones operational 3 Standby up and running 4 Housing staff in place to deal with emergency housing situation 5 Payments/Payroll facility in place/collection of Direct Debits 6 HR Co-ordination/Point of Contact in place 19 Once the incident has been resolved or sufficiently minimised to allow for the resumption of normal day-to-day work, the will hold a final closing meeting to stand-down and conduct a review of the response to the incident. The review should include obtaining views from tenants/service users and other stakeholders who were affected. Any lessons learned from the review will be incorporated into the plan and reported to the Board.

22 Page 22 of List of Appendices 20.1 This document should be read in conjunction with the following appendices saved on the server at: W:\Waverley1\1 Live Files\Company Information\(5) Plans & Strategies\Business Recovery & Continuity Plan Folder\Appendices to Business Recovery & Continuity Plan Appendix 1 Emergency Services Contact Numbers and Health & Safety Contact Details Appendix 2 Fire Procedure Appendix 3 Key Holders (51 North Bridge Street) Appendix 4 Employee & Board Members Contact Details Appendix 5 List of Certified First Aiders Appendix 6 Matrix of Critical Functions and Key Staff Appendix 7 Insurance Company Information Appendix 8 Crisis Management Team () - Incident Log Sheet Appendix 9 Contact Log Sheet Appendix 10 Damage assessment Report Appendix 11 Service Provider Appendix 11 (PDF) Supplier File Print Appendix 12 Risk Assessment Appendix 13 Sample Press Release & Public Notice Appendix 14 Call Cascade List Appendix 15 Building Plans Fire/Water/Gas/Structure etc Appendix 16 Bank Account Information Appendix 17 ICT Disaster Recovery Plan