Contact your Parish Council
Business Continuity Arrangements 2009 – 10: Appendix 2
Maidstone Borough Council
BUSINESS CONTINUITY MANAGEMENT
STRATEGY & GUIDELINES
Reference: BS 25999-1: 2006 4.1-4.4
UPDATED |
September2009 |
AUTHOR |
Dave Lindsay |
DOCUMENT OWNER |
P H Taylor |
VERSION No |
Draft |
NEXT REVIEW |
July 2010 |
BACKGROUND
The BCM Strategy and Guidance documents set the framework for the Council’s BCM Programme. It is vital to have top management buy-in to the implementation of the BCM programme and to make a public statement of intent, endorsed by the Chief Executive.
The main elements and purpose of the BCM Strategy & Policy are to;
- Appoint an executive with overall responsibility and accountability for BCM
- Gain buy-in to and get a strategic statement of support for BCM
- Identify other key roles & responsibilities
- Gain assurance that the BCM programme is aligned with the organisational strategic objectives
The key outcomes
· Gain strategic, top level management support for the whole BCM programme; signed off by the Chief Executive
· Set the framework for compliance with best practice guidelines, produced by the British Standards Institute (BS 25999)
This document is structured as follows
Section 1: Business Continuity Management Strategy & Guidance
Appendix A: Business Continuity Management Policy Statement
Section 1: BUSINESS CONTINUITY MANAGEMENT STRATEGY AND GUIDANCE
Introduction
1. This Business Continuity Strategy provides the framework within which Maidstone BC can comply with best practice guidelines, produced by the British Standards Institute (BS 25999), and which is consistent with corporate governance best practice. Business Continuity plans will ensure that the Council can continue to deliver a minimum level of service in its critical functions in the event of any disruption.
2. The strategy requires Senior Managers to demonstrate that they have considered the need for business continuity planning to cover each functional process within their area of responsibility. The focal point for the production, coordination, validation and review of the Organisation’s business continuity activity strategy will be the Assistant Director of Customer Services.
3. Corporate business continuity is closely linked to corporate risk management and this Strategy should be read in conjunction with the Organisation’s Risk Management Strategy.
4. The basic principles[1] of the Business Continuity Management Strategy have already been accepted by Central Management Team.
Scope
5. This strategy applies to all parts of the Council. All areas play a key role in maintaining service delivery. The requirement to plan applies to activities identified as critical through the organisation’s business continuity methodology and agreed by the Executive and Management Team. This includes the management of outsourced contracts, and requires those responsible for negotiating and managing them to ensure appropriate business continuity standards are included in contracts so that the service provider is able to deliver acceptable standards of service following a disruption to the Council or the supplying company.
Definition of Business Continuity Management (BCM)
6. Business Continuity Management (BCM) can be defined as:
‘A holistic management process that identifies potential threats to an organization and the impacts to business operations that those threats, if realized, might cause, and which provides a framework for building organisational resilience with the capability for an effective response that safeguards the interests of its key stakeholders, reputation, brand and value creating activities.’
BS 25999 Business continuity management – Part 1: Code of Practice
British Standards Institute
It is therefore about the Council preparing for a disaster, incident or event that could affect the delivery of services. The aim being that at all times key elements of service are maintained at an emergency level, and brought back up to an acceptable level as soon as possible.
Benefits of Business Continuity Management
7. Effective Business Continuity Management delivers a number of tangible and intangible benefits to individual services and to the Council as a whole, including:
a. Develops a clearer understanding of how the Council works (business process analysis).
b. Protects the organisation, ensuring that it can help others in an emergency (facilitated by the BCP).
c. Protects the reputation of the Council(facilitated by the BCP).
d. Produces clear cost benefits (business impact analysis).
e. Facilitates legislative compliance and good corporate governance (implementation of BCP and subsequent management).
Delivering the Strategy – Methodology
8. The process being used within the Council is based on the BCM model outlined in BS 25999 Business continuity management – Part 1: Code of practice published by British Standards Institute, see below.
This process involves the following activities:
a. BCM programme management
· Assigning responsibilities for implementing and maintaining the BCM programme within the organisation
· Implementing business continuity in the Council– including the design, build and implementation of the programme
· The ongoing management of business continuity – including regular review and updates of business continuity arrangements and plans.
b. Understanding the Council
The use of business impact and risk assessments to identify critical deliverables, evaluate priorities and assess risks to service delivery.
· Business Impact Analysis (BIA) – identifying the critical processes and functions and assessing the impacts on the Council if these were disrupted or lost. BIA is the crucial first stage in implementing BCM, and helps measure the impact of disruptions on the organisation.
· Risk assessment – once those critical processes and functions have been identified, a risk assessment can be conducted to identify the potential threats to these processes.
c. Determining BCM strategy
The identification of alternative strategies to mitigate loss, and the assessment of the potential effectiveness in maintaining the organisation’s ability to deliver critical service functions.
The Council’s approach to determining BCM strategies involves:
· Implementing appropriate measures to reduce the likelihood of incidents occurring and/or reduce the effects of those incidents
· Taking account of mitigation measures in place
· Providing continuity for critical services during/following an incident
· Taking account of services that have not been identified as critical
d. Developing and implementing a BCM Response
Developing individual service responses to business continuity challenges and an overarching Business Continuity Plan to underpin this. This Business Continuity Plan ensures that actions are considered for:
· The immediate response to the incident
· Interim solutions or maintaining an emergency level of service, leading on to reinstating full services
e. Exercising, maintaining and reviewing
Ensuring that the Business Continuity Plan is fit for purpose, kept up to date and quality assured. An exercise programme will enable the Council to:
· Demonstrate the extent to which strategies and plans are complete, current and accurate and
· Identify opportunities for involvement
f. Embedding BCM in the Council’s culture
The embedding of a continuity culture by raising awareness throughout the Council and offering training and support to key staff on BCM issues, including:
· Incorporating BCM in the staff induction process
· Items in staff newspapers – Wakey Wakey
· E-mail bulletins
· Intranet pages - http://pandora/sites/BCM/default.aspx
9. BCP Actions 2008 - 2010 Programme Timetable
Date |
Meeting / Workshop/Training/Exercise |
Action |
Attendees / Responsibility for action |
Outcomes / next steps |
April 08
|
Training |
Arrange formal training for staff responsible for preparing service BCPs |
P H Taylor |
Completed July 08 |
July 08
|
Workshop |
Arrange meeting to start process of services renewing their individual BCPs in new offices. |
P H Taylor |
Actioned July 08 |
November 08
|
Meeting |
Submission of BCPs of key services for the new offices |
P H Taylor D Harrison
|
Desk top simulation to test plans |
December 08
|
Desk top simulations |
Arrange practical test of new plans. |
P H Taylor D Harrison
|
Revised BCPs. |
May 09 |
Review Plans |
Priority services review BCP plans, particularly in light of Pandemic implications |
All Managers of priority services |
Consider all plans to use the corporate template |
June 09 |
Review Plans |
Remaining services review BCP plans, particularly in light of Pandemic implications |
All managers |
Consider all plans to use the corporate template |
October 09 |
Review Corporate BCP |
Split current plan into: 1) Action Plan 2) Strategy & guidelines 3) BCP plan template |
BCP work group |
Take revised documents to COMT |
January 10 |
Phased plan testing |
Real-time testing of BCP plans |
BCP work group |
Report back to COMT with results of test. |
Roles and Responsibilities
10. Responsibility for the business continuity management within the Council rests as follows:
a. The Council is responsible for maintaining plans to ensure that it can continue to perform its critical functions in the event of an emergency so far as reasonably practicable.
b. Responsibility for the effective delivery of services remains with the respective managers who appoint a staff member to carry out regular and systematic reviews of their respective Business Continuity Plans. Such reviews are to be carried out annually.
c. The Assistant Director of Customer Services is the lead for business continuity within the Council and is responsible for:
(1) Review and development of the Council’s Business Continuity Policy in line with industry best practice and the Council’s priorities.
(2) Monitoring standards and compliance with policy.
(3) Provision of support and guidance to senior managers.
(4) Production of the Council’s overarching BCP using analysis and assessment work completed within individual service level Business Continuity Plans.
APPENDIX A: BUSINESS CONTINUITY MANAGEMENT POLICY STATEMENT
1 The Council is committed to ensuring robust and effective Business Continuity Management as a key mechanism to restore and deliver continuity of key services in the event of a disruption or emergency.
2 The Business Continuity Plan is based on BS 25999 Business continuity management – Part 1:
a) Code of Practice
b) Recognised standards of corporate governance.
3 Each service delivery process within the Council is owned by a respective manager who will ensure that their part of the overall BCP meets a minimum acceptable standard of service delivery for critical processes.
4 Each senior manager will contribute to an annual review of the BCP with the assistance of the Assistant Director of Customer Services.
5 Contracts for goods and/or services deemed critical to business continuity will include a requirement for each nominated supplier to provide, for evaluation, a business continuity plan covering the goods and/or services provided. Every tender for business continuity critical goods and/or services will include business continuity as an element of the tender evaluation model.
6 Managers must ensure that staff are made aware of the plans that affect their service delivery areas and their role following invocation.
7 The Council will implement a programme of BCP testing exercises including crisis management and workspace recovery tests.
Signed |
|
|
David Petford |
|
Chief Executive |