Business Continuity Framework

Similar documents
Citizens Property Insurance Corporation Business Continuity Framework

BCP Methodology Benefits realisation

Business Continuity & IT Disaster Recovery

Tier I assesses an institution's process for identifying and managing risks. Tier II provides additional verification where risk is eviden

Yale University Business Continuity Planning Quick Start Guide

ISO 28002: RESILIENCE IN THE SUPPLY CHAIN: REQUIREMENTS WITH GUIDANCE FOR USE

Security Guideline for the Electricity Sector: Business Processes and Operations Continuity

Business Continuity Guide 2017

Building and Maintaining a Business Continuity Program

US Business Continuity Safeguarding Your Business from a Disaster

Protecting Information Assets - Week 9 - Business Continuity and Disaster Recovery Planning. MIS 5206 Protecting Information Assets

BUSINESS CONTINUITY PLANNING WORKPROGRAM

Business Continuity Planning and Disaster Recovery Planning

Introducing ISO 22301

Business Continuity. Building a Program Fit for Purpose

Agenda. Enterprise Risk Management Defined. The Intersection of Enterprise-wide Risk Management (ERM) and Business Continuity Management (BCM)

Head of Security and Business Continuity

Presentation on Crisis Management and Business Continuity. ISCA Breakfast Talk 13 September See Hong Pek, Partner, PwC

NOT PROTECTIVELY MARKED BUSINESS CONTINUITY. Head of Protective Services Specialist Operations. Business Continuity Manager

Disaster Preparedness & Your Supply Chain

SOLUTION BRIEF EU GENERAL DATA PROTECTION REGULATION COMPLIANCE WITH RSA ARCHER

Essential Concepts. For Effective. Business Continuity Planning

WIC 104 RISK MANAGEMENT AND BUSINESS CONTINUITY PLANNING FOR LOCAL WIC AGENCIES. Peg Jackson, DPA, CPCU National WIC Association

Navigating the Intersection of Vendor Management and Business Continuity

Global Crises: What We Really Need to Do to Be Prepared. Day One / Session C5

Building a Standard for Business Continuity Planning

University of Houston Business Continuity Planning Office of Emergency Management

Business Continuity Management Policy. Guidance

Business Continuity Management for Singapore s Logistics Sector. By Singapore Business Federation and Singapore Logistics Association

Emergency Management Plan

Version manage enterprise risk, compliance, and resiliency. The Framework for Process Improvement. History

An Overview of the AWS Cloud Adoption Framework

DISCUSSION BASED TABLETOP EXERCISE: DESIGN TEMPLATE & DOCUMENTATION

The Sector Skills Council for the Financial Services Industry. National Occupational Standards. Risk Management for the Financial Sector

Book A : REFERENCE DOCUMENTS

Business Continuity Policy. Interim Governance Consultant. October Greenwich Executive Group

Business Loans Network Limited ("ThinCats", the Firm ) Business Continuity Policy ( BCP ) v.2

Third Party Risk Management ( TPRM ) Transformation

BUSINESS CONTINUITY AS A SERVICE

ISO INTERNATIONAL STANDARD. Risk management Principles and guidelines. Management du risque Principes et lignes directrices

Evaluating Your Business Continuity Plan: Beyond Checklists and Walkthroughs. Troy Harris, Director McGladrey LLP. All Rights Reserved.

CLICNET TELECOMMUNICATIONS INC. Business Continuity Plan

2016 Business Continuity / Disaster Recovery Internal Audit Report

An introduction to business continuity planning

12.0 Business Continuity Management

(ISC)2 CISSP EXAM BUNDLE

The Six Stages of a Crisis. Stage Five: Resolution

bizsafe Level 2 Ver. 1.0 by MOM/WSH Council. For Authorised Use Only. All Rights Reserved.

Information Technology Division Service Level Agreement (SLA) Description and Process

JCU Business Continuity Management Plan

Memorandum of Understanding

Strategic Business Continuity Management

Business Resilience: Equipping the FM for Success

Solution Track 5. Managing Vendor Risk and Contingency Plans. March 26, Strategic BCP, Inc. All rights reserved. strategicbcp.

Business Continuity Planning: As A Business Owner, What Do I Need to Consider? David Sutton Manager, Environment, Safety and Health.

RC & CRISIS MANAGEMENT. risk compliance RISK & COMPLIANCE MAGAZINE. risk & compliance REPRINTED FROM: JUL-SEP 2015 ISSUE

Disaster Recovery Planning

Corporate Risk Management Services. Pinkerton is a leading provider of risk management services and solutions for organizations around the globe.

When Recognition Matters TRAINING AND CERTIFICATION CATALOGUE

Disaster Preparedness. Solutions for Response & Resiliency

LB35: Verifying IT and Business Continuity. Lucas G. Aimes & Terry DiVittorio, Project Performance Corporation (PPC)

IT Assurance Services And Role Of CA In BPO-KPO. IT Enabled Services And Emerging Technologies

INSIDE. 2 Introduction 12 Conclusion 4 6. How Prepared Are Corporate Law Departments?

ERP contingency planning (IASC, IDP situations, natural disasters)

Building A Holistic and Risk-Based Insider Threat Program

Improving the RFP and Contracts Process With COBIT 5

Concept of Operations. Disaster Cycle Services Program Essentials DCS WC OPS PE

Business Continuity: Can Orange County Stay Open for Business After a Disaster?

Disaster Preparedness & Your Supply Chain

Fraud Risk Management

Moving from BS to ISO The new international standard for business continuity management systems

GUIDANCE NOTE FOR DEPOSIT TAKERS (Class 1(1) and Class 1(2))

General Guidance for Developing, Documenting, Implementing, Maintaining, and Auditing an SQF Quality System. Quality Code. SQF Quality Code, Edition 8

Business Continuity & Disaster Recovery

Extended Enterprise Risk Management

WHO Guidance for business continuity planning World Health Organization

CSA Z1600 Emergency Management and Business Continuity Programs. IAPA Conference April 23, 2008 Ron Meyers, Canadian Standards Association

Hazard Mitigation as an Economic Development Strategy

Both water contamination threats and

Market System Evaluation. June 2017

FERRIBY MARINE SHIP SECURITY ASSESSMENT AUDIT CHECKLIST

Business Continuity & Risk Management

Business Resilience: Proactive measures for forward-looking enterprises

Managing Natural Disasters - Dr. Naveed Anwar 1

GUIDELINES FOR IMPLEMENTING A PRIVACY MANAGEMENT PROGRAM For Privacy Accountability in Manitoba s Public Sector

Business Continuity and Natural Disaster Resilience: Where Are We Heading? Adopting best practices for weather safety based on new science

GOVERNANCE AES 2012 INFORMATION TECHNOLOGY GENERAL COMPUTING CONTROLS (ITGC) CATALOG. Aut. / Man. Control ID # Key SOX Control. Prev. / Det.

Developing an Environmental Compliance Plan

ENTERPRISE RISK SERVICES Managing Risk, Driving Results

The importance of the right reporting, analytics and information delivery

Business Continuity/ Disaster Recovery. Sean Gunasekera

Emergency Management, Business Continuity, & Crisis Management Self-Assessment Checklist

ISO Business Continuity Management. Your implementation guide

SAMPLE SECURITY PLAN

Emergency Operations Plan

Adaptive Business Continuity Manifesto

Coastal Equities, Inc.

Defending the Fortress Women in FM 15 th July Samantha Bowman Senior Facilities Manager

2008 BUSINESS RESILIENCY SURVEY RESULTS:

Leading financial institutions are transforming the way they manage IT risk

Transcription:

Business Continuity Framework A definition to the Components of Resiliency March, 1

Business Continuity Framework 1. INTRODUCTION... 3 2. PURPOSE... 3 3. THE FRAMEWORK... 4 4. STEERING COMMITTEE... 5 5. POLICY AND SCOPE... 6 6. OBJECTIVES AND ASSUMPTIONS... 7 7. RISK EVALUATION... 8 8. CORPORATE CRISIS COMMUNICATION PLANNING... 8 9. PANDEMIC PLANNING... 8 10. EMERGENCY RESPONSE PLANNING... 9 11. BUSINESS UNIT PLANNING... 9 12. SUPPLIER/VENDOR/CLIENT CONSIDERATIONS... 10 13. RECORDS INFORMATION MANAGEMENT... 10 14. TRAINING, EXERCISE AND TESTING... 11 15. BUSINESS INTERRUPTION TRACKING... 11 16. REVIEW AND APPROVAL... 12 2

INTRODUCTION Business Continuity Planning (BCP) details how an organization would perform its critical functions should a disruptive event occur. BCP is an organized structure of key business units and their recovery functions should an event occur. Plans are developed based off of organizational structure and uniquely detail risks and recovery procedures with the intention of mitigating loss to personnel, critical functioning, and financial impact. PURPOSE Having a Business Continuity Framework creates security and resiliency for the continuation of vital business processes, personnel safety, IT & administrative operations, and financial outlooks. It identifies the impact of potential risks/threats and details viable recovery strategies through detailed resumption planning. Business Continuity assists individual business units in prioritizing recovery tasks during events, ranging from natural disasters to targeted attacks. It reduces liability and assists in decision making during states of vulnerability. The Framework details and defines the key elements of the Business Continuity, Crisis Communication, and Emergency Response planning. 3

THE FRAMEWORK Business Continuity Planning consists of the following key components: 1. Steering Committee 2. The Policy and Scope Statements 3. Objectives and Assumptions 4. Risk Evaluation 5. Corporate Crisis Communication Planning 6. Pandemic Planning 7. Emergency Response Planning 8. Business Unit Specific Considerations 9. Third Party Supplier/Client/Vendor Considerations 10. Records Information Management 11. Training, Exercise, and Testing 12. Interruption Tracking 4

STEERING COMMITTEE Member Role Craig Jansen Charles Forner Jessica Check William Channing Chris Tenton Tony Peterson Michael Peterson Business Ops Program Management Legal Risk IT HR Business Continuity 5

POLICY AND SCOPE Policy Statement MCP is dedicated to protecting its promise to its clients, business vendors, and employees through Business Continuity Planning. For this reason MCP has established an enterprise-wide crisis communication and recovery strategy that encompasses all critical services and functions. Its development is intended to mitigate or prevent direct loss of organizational assets including (but not limited to) personnel, facilities, critical functions, and financial standing due to internal or external threats. MCP has established and ongoing process to identify the impact of business disruptions and maintain viable recovery strategies. These strategies are to be continuously tested and updated throughout the year and approved by a designated Steering Committee annually. Scope The above policy applies to all MCP entities, facilities, business units, personnel, and functions. This policy is intended to cover all requirements for continuity of business operations. Key aspects of this policy include requirements for Critical Function recovery, Business Impact Analysis (BIA), Site Risk Assessments, Incident Response, Crisis Communication/Management, Plan Testing, and BC Reporting. 6

OBJECTIVES AND ASSUMPTIONS Objectives Business Continuity Planning: Maintain an effective Business Continuity and Resumption plan encompassing the entire enterprise and its functions. Develop individual unit plans aimed at effectively recovering specific critical functions and their dependencies. Ensure the safety of personnel and mitigate site risks. Individual Plans include: Unit Team Leaders Communication procedures Critical Function recovery procedures Site Recovery procedures Activity Tracking Crisis Response Plan: The primary purpose of the crisis response plan is to manage recovery operations at a company-wide level. Individuals responsible for crisis response include the BC steering committee and representatives from each business unit. This plan is exercised and maintained as needed. Responsibilities of crisis response include: Disaster declaration Notifications Communications Management of crisis information Assumptions Key Personnel will be available during an event Individual Business Units will maintain their own BC plans that align with the organizations defined framework Enterprise Technologies will maintain Disaster Recovery plans separate from the BC Framework Plans will mitigate risks to the best of their abilities given the resources available and the severity of the occurring events. Plan development is intended to follow any and all applicable legal and regulatory requirements. The program follows a defined scope, objectives, and assumptions as defined by established Steering Committee. Activation and deactivation of the Business Continuity Plans shall be established only by designated personnel as defined in the Crisis Communication Plan. Ownership of the Business Continuity plans will be held by the Program Manager of Business Continuity and maintained by the individual business units. 7

RISK EVALUATION The practice of Risk Evaluation identifies potential risks/threats and vulnerabilities inherent and acquired that could adversely affect the integrity of the entity s critical functioning. Risks/threats, once identified, are evaluated and rated for likelihood of occurrence and severity of potential impact on the organization. Once identified, these potential risks/threats will dictate the direction of the Business Continuity Program. Mitigating factors will be developed and implemented to assist in the recovery process and build organizational resiliency. CORPORATE CRISIS COMMUNICATION PLANNING A Crisis Communication Plan is a vital part of emergency preparedness and response to a given priority issue. A company s success is dependent, in part, upon its reputation. Having a solid Crisis Communication Plan can save a company s reputation. A Crisis Communication Plan: Defines and assigns a crisis team Outlines roles and responsibilities Details resources and procedures during a crisis Provides a platform for training, testing, and improvement MCP will maintain a plan for navigating effective communications in a crisis event. It will define structure for the communications and maintain the ability of effective communication among its personnel, clients/vendors, and suppliers. PANDEMIC PLANNING The Pandemic Plan addresses the vulnerabilities to MCP during a pandemic outbreak affecting organization personnel or operations. Pandemic planning follows strategies as they are defined by nationally recognized health organizations including the World Health Organization (WHO), Federal Emergency Management Agency (FEMA), and the Centers for Disease Control (CDC). MCP will maintain a Pandemic Plan that defines the expectations and procedures for all personnel during a pandemic event. 8

EMERGENCY RESPONSE PLANNING The Emergency Response Plans (ERP) includes all emergency instructions in direct response to an imminent or occurring danger. This includes immediate danger to health and welfare of personnel, visitors, or infrastructure. Additionally, the ERP s will include site specific risks and considerations for all MCP facilities. The plans are meant to be a quick response tool and all personnel should become familiar with its contents prior to an event to increase effectiveness of its strategies. MCP will maintain detailed Emergency Response plans and instructions and review them on a regular basis. BUSINESS UNIT PLANNING The Business Unit Plans consist of the unit specific tasks to resiliency and recovery. These plans contain detailed specifics of individual unit functions. Resiliencies and contingencies are detailed based off of a Business Impact Analysis (BIA) that is performed for each unit. These plans consist of: Team Leaders and Roles Business Unit Descriptions and Assumptions Unit contact information Unit communications and plan triggers Unit Required Resource Page Unit Business Impact Analysis of Critical Functions Strategies for Critical Function resiliencies and contingencies General Recovery Tasks Unit Facility considerations Vendor/Client/Supplier considerations and contacts MCP is dedicated to maintaining detailed, effective Business Unit Plans that are aimed at building resiliency to any hazard or threat to both inward and outward facing business unit functions. 9

SUPPLIER/VENDOR/CLIENT CONSIDERATIONS The supplier/vendor/client considerations consist of any requirements MCP might hold, as well as any requirement s MCP might have. This includes all Service Level Agreements (SLA). These considerations are not created through the Business Continuity process but are referenced within the Framework to utilize as a guide to ensure compliance with any outstanding SLA s or other agreements. Inclusion of these agreements is for reference use only. Availability of any agreements or contracts is subject to any regulations of the documentation, including legal or confidentiality requirements that may inhibit their use within the BC Framework. RECORDS INFORMATION MANAGEMENT The company s file Records Information Management program gives employees the opportunity and time to review their work areas on an annual basis to: (a) transfer inactive records from on-site to off-site storage and (b) destroy records and non-records that are eligible for destruction according to the records retention schedules and in-force records preservation orders (legal/tax holds). File fitness benefits include: Free up valuable file drawer, cabinet, desk and floor space Organize your important business records for efficient use Maintain a more professional work environment Comply with the corporate records management program 10

TRAINING, EXERCISE AND TESTING Training Training involves the material and strategies of informing all required personnel of the Business Continuity components and their direct responsibilities in regard to any resiliency or resumption strategies. All key personnel are to be trained and familiarized with the detailed components of the Business Continuity Framework and their expected responsibilities. Exercise and Testing Exercising and testing of the business unit plans ensures all key members understand their roles and responsibilities, the plans are effective and efficient, and acts as a key Gap Analysis. Exercising and testing of the plans will be conducted through tabletop and simulations. These will be tailored to efficiently test real-life scenarios that may adversely affect the business units. A defined schedule for testing the plans will be followed by each business unit. BUSINESS INTERRUPTION TRACKING Business Interruption Tracking will be performed to track all events require an activation of any part of the Business Continuity Program. Purpose of Tracking: Understand your past threats and events and the gaps in the BC plans discovered during the events Determine if certain threats are more likely to reoccur Compliance tracking of emergency events 11

REVIEW AND APPROVAL This document is to be reviewed and approved annually by the Steering Committee Chair. Name of Reviewer/Approver: Signature of Reviewer/Approver: Date Approved: 12

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback