Radio New Zealand Te Reo Irirangi O Aotearoa

Transcription

1 Radio New Zealand Te Reo Irirangi O Aotearoa Business Continuity Management Document Set 02 Incident Management Framework

2 03 Business Continuity Plan Version 0.1 **Doc Released** Valid until February 2011 New Zealand Food Safety Authority 03 - Business Continuity Plan THIS DOCUMENT IS UNCONTROLLED IN HARD COPY FORM Page 2

3 This document was developed in consultation with Radio New Zealand by BCM International Limited

4 CONTENTS PREFACE A DOCUMENT CONTROL... A-1 Issue and amendment... A-1 Document Security... A-1 Revision Record... A-1 Distribution List... A-1 Associated Documents... A-1 PREFACE B ABBREVIATIONS & ACRONYMS...B-1 Abbreviations...B-1 PREFACE C TERMS & DEFINITIONS... C-1 1 INCIDENT MANAGEMENT FRAMEWORK Purpose of this document Overall strategies IMF RESILIENCE MODEL ESCALATION & EVOCATION Escalation Incident Levels Evocation INCIDENT ACTIVATION CHART INCIDENT MANAGEMENT TEAM IMT MEMBERS ROLES & RESPONSIBILITIES...6 THIS DOCUMENT IS UNCONTROLLED IN HARD COPY FORM Page I

5 PREFACE A DOCUMENT CONTROL Issue and amendment This Plan is a Controlled Document. The Deputy Chief Executive (DCE) is the owner of the Business Continuity Plan (BCP) and is responsible for ensuring that the Plan is regularly reviewed and updated. Managers are responsible for ensuring that their business continuity action plans are reviewed and updated regularly. Document Security The careful management of information contained in this and other management plans of Radio NZ s Incident Management System (IMS) is paramount to avoid any compromise in security or privacy. In this regard, all RNZ personnel must exercise due care when passing and storing information pertaining to the IMS. This document is classified CONFIDENTIAL and is to be treated accordingly. BCP documents are not to be shared with anyone outside Radio NZ, including insurers and auditors, without the approval of the CE or DCE. If approval is given a summary document may be prepared for them. Revision Record Rev Date Revision Author Approved by Distribution List Rev Date Issued to: Approved by Associated Documents Document Name Reference Owner THIS DOCUMENT IS UNCONTROLLED IN HARD COPY FORM Page A-1

6 PREFACE B ABBREVIATIONS & ACRONYMS Abbreviations BC BCM BCP DCE ERT IMT Business Continuity Business Continuity Management Business Continuity Plan Deputy Chief Executive Emergency Response Team Incident Management Team THIS DOCUMENT IS UNCONTROLLED IN HARD COPY FORM Page B-1

7 PREFACE C TERMS & DEFINITIONS The Incident Management System (IMS) and its component response and recovery plans have the following definitions: Business Continuity Plan Business Continuity Planning Crisis Disaster Emergency Incident Management Team The documented methodology for addressing significant business interruption incidents (disasters / emergencies) impacting business critical resources and systems. Business Continuity Planning is the process utilised to ensure the uninterrupted availability of all key resources to support essential business processes. It involves identifying and documenting preventative treatments for continuity risks that can be routinely managed and developing response continuity and recovery plans to deal with the consequences, should the preventative treatments fail. A Crisis can generally be interpreted as a major negative incident that has the potential to significantly impact or destabilise the business. The incident could affect personnel, operations and business continuity, attract intense scrutiny from various stakeholders and jeopardise the organisation s image. Due to their size and impact, crisis incidents fall outside the normal business contingency and emergency response arrangements. A generic term used to describe: An incident that makes it difficult or impossible for an organisation to conduct normal business activities for an extended period An unexpected unplanned incident or incident that causes serious damage or loss to the business A point in time when management decides to divert from normal operations and exercises the emergency management and business continuity plans In the Incident Management System (IMS), a disaster encompasses crisis, emergency and business continuity incidents. An Emergency is a sudden, abnormal incident requiring precise and timely operational action to control, retain and restore to normal conditions. It may relate to people, property or any business activities. Depending on the size and impact, an emergency can become a crisis though the vast majority do not. Once the situation is controlled and rendered safe, the emergency is over. Incident Management Team comprises staff responsible for managing recovery and continuity actions arising from interruptions to business critical resources and systems in accordance with the provisions of the BCP. THIS DOCUMENT IS UNCONTROLLED IN HARD COPY FORM Page C-1

8 1 INCIDENT MANAGEMENT FRAMEWORK 1.1 Purpose of this document This document describes how the Incident Management Framework provides Radio New Zealand with an integrated suite of Emergency Response, Crisis Management and Business Continuity plans, to enable Radio New Zealand to act quickly, decisively and intelligently in any disaster or emergency situation, ensuring an appropriately-measured level of response and recovery actions, depending on the nature, location and potential gravity of any given incident. 1.2 Overall strategies Business continuity and recovery actions for any significant disruptive incident follow on from the emergency response phase of a disruption. The Incident Management Team takes responsibility for coordinating the continuity and recovery actions of those affected, assisting them to reestablish firstly the most critical business functions, then with the actions for recovery and return to normal operations. THIS DOCUMENT IS UNCONTROLLED IN HARD COPY FORM Page 1

9 2 IMF RESILIENCE MODEL The IMF model shows the framework for Emergency Response, Business Continuity and Crisis Management Plans. The model demonstrates how, through pre-planning, Radio New Zealand will build a capability to successfully manage a significant disruptive incident through the stages outlined in the model. The model highlights key areas for consideration in planning the strategic approach to each phase of the incident from commencement through recovery to conclusion. THIS DOCUMENT IS UNCONTROLLED IN HARD COPY FORM Page 2

10 3 ESCALATION & EVOCATION 3.1 Escalation The requirements of any given situation will vary. Notification and escalation of significant disruptive incidents occurs through normal management reporting lines. RNZ staff are required to immediately report incidents to their Manager or Supervisor, who will decide on the appropriate emergency response requirements. As soon as it is practicable to do so, the Incident Management Team (IMT) Leader will be contacted. 3.1 Incident Levels The three levels of business continuity incidents are as follows: Level 1. (Minor) A disruptive incident that can be handled by the business emergency response standard operating procedures. It is not likely to last more than 72 hours. The IMT leader will be notified and monitors incident. Level 2. (Major) A disruptive incident that may last up to two weeks. It may involve all or part of the Incident Management Team. Level 3. (Severe) A disruptive incident that by its nature is likely to last longer than 2 weeks causing a significant disruption to the business. It results in a full activation of the Incident Management Team. 3.2 Evocation Confirmation of the incident level and responsibility for managing the incident will be made by the Incident Management Team (IMT) leader (Pilot) in conjunction with the DCE who will implement callout of the IMT members. Once the IMT has been activated the Incident Directors will structure the response according to the location and type of incident using the guidelines set out in the Business Continuity Plan (BCP). Once the direction for managing the incident is established, major focus will transfer to those responsible for managing and implementing the necessary operational actions in accordance with the directions in their Action Plans which are part of the BCP document. RNZ s approach to managing disasters / emergencies is prudent over-reaction, assessment and de-escalation. All relevant personnel are notified and made ready to be mobilised when an Incident Level is declared. Incidents will be managed at the lowest practical level. THIS DOCUMENT IS UNCONTROLLED IN HARD COPY FORM Page 3

11 4 INCIDENT ACTIVATION CHART EVENT EMERGENCY REPONSE IMT Recovery Director Notified. Incident Assessed Activation Level Agreed Level 1 Minor 0-72 Hours Level 2 Major 72 Hours 2 Weeks Level 3 Severe > 2 Weeks Emergency response team handles incident IMT activated. Strategy Team on standby. Immediate activation Emergency Response, IMT, Strategy Teams Incident managed as required. IMT Leader monitors IMT Leader activates Command Centre Establish IMT Command Centre IMT Leader escalates if necessary to next level IMT undertakes continuity & recovery actions. Reports to Strategy Team IMT undertake continuity & recovery actions. Strategy Team handles strategic issues No escalation. Incident managed to conclusion IMT manages incident to conclusion All manage incident to conclusion On conclusion IMT Leader conducts a formal review & reports to Leadership Team with recommendations THIS DOCUMENT IS UNCONTROLLED IN HARD COPY FORM Page 4

12 5 INCIDENT MANAGEMENT TEAM Radio NZ - Incident Management Team Legal External Communications John Barr DCE Ken Laws Secretariat Heather Abbott Strategy Layer Tactical Layer Incident Directors Recovery Coordinator Helen Galbraith Pilot John Howson Co Pilot Simon Dickinson Mathew Finn Secretariat Operational Layer Operations Support Emergency Liaison Command Centre News Don Rood Finance Richard Young Affected Site Recovery Liaison Recovery Site Networks Hewitt Humphrey Broadcast Infrastructure Ian Bull Gary Fowles Computer Services Alex Mitchell Auckland Office Linda Ellen Whittaker HR Jann Sampson Communications John Barr Administration Matt Taylor Lifelines & CDEM Pandemic THIS DOCUMENT IS UNCONTROLLED IN HARD COPY FORM Page 5

13 6 IMT MEMBERS ROLES & RESPONSIBILITIES Deputy Chief Executive (DCE) Declare Emergency & activate IMT Liaison point for RNZ Crisis Management Team Media Spokesperson (if required) Assist in significant decision making Assist with negotiations / troubleshoot major problems Explore all strategic options Consider international / industry-wide view Provide final call on all policy issues Recovery Coordinator Activate Command Centre & supervise set up Liaise with on site liaison requests / information Support / assist the Recovery Directors Project manage delegated task implementation Arrange IMT meetings / attendees / agenda Chart useful information / task summaries / facts Ensure issues are addressed not overlooked Assist enforce Command Centre discipline HR Team Communicate with staff Account for staff, contractors & visitors Supply HR information Notify family of staff injury / death Identify, monitor progress of & visit casualties Counsel staff suffering shock Rehabilitate staff back into workplace Monitor temporary work environment Communications Team Control all internal & external stakeholder communications Control all media contact Gather relevant facts / updates Develop media strategy Develop the set of key messages Draft / script consistent detailed key messages Coordinate & quality control all formal communications Liaise with media monitoring company Determine communications risks Prepare media spokesperson Chair media forums, CEO introduction & questions Recovery Director Pilot Declare Emergency & activate IMT absence Activate the Command Centre Chair IMT meetings Project manage the response & recovery activities Gather information, formulate options, make decisions & delegate tasks Seek support from the DCE if away from IMT Escalate significant decisions to RNZ CEO DCE Secretariat Assist the CEO as instructed Minute CEO actions & decisions outside IMT meetings Provide CEO minutes to IMT Secretariat Legal Team Ensure compliance with laws & regulations Advise IMT on legal issues Coordinate activities with external specialist legal expert advisers as required Suggest ways to minimise legal exposure Legal vetting of formal communications Establish & supervise IMT Secretariat system Monitor & review the appropriateness of IMT minutes Finance Team Streamline / fast track emergency procurement Optimise procurement value for money Communicate preferred supplier details to buyers Continue salary payments Provide expenditure estimates Process expense expenditures & receipts Organise transportation of resources Book personnel transport & accommodation Communicate insurance cover & deductibles to IMT Establish petty cash float & expenditure system Process insurance claims Recovery Director - Co-Pilot Support the Recovery Director - Pilot Stand in for Recovery Director Pilot if absent Assist in activating IMT members Co-chair IMT meetings Assist with complex problem solving Research options time permitting Solicit input to complex decisions IMT Secretariat Record actions & decisions at all meetings as official minutes Record details of all Recovery Director discussions outside formal meetings Log all significant events Produce typed minutes IT Team Assess damage / identify nature of problems Specify technology environment restoration needs Restore IT hardware, communications, system software, applications, security & data Redirect / restore telephony fixed & mobile Maintain working from home user support Maintain / develop new IT backup site Emergency Site Liaison Account for staff & identify casualties Track casualty details & where taken to Liaise with Emergency Services Provide regular updates to IMT Recovery Coordinator Request information from IMT via Recovery Coordinator Conduct street level building damage assessment physical damage, power, AC, lifts, windows etc. Report to IMT any media interest at the scene THIS DOCUMENT IS UNCONTROLLED IN HARD COPY FORM Page 6