Policy Title; Business Continuity Management Policy. Date Published/Reviewed; February 2018
|
|
- Kellie Bernadette Tucker
- 5 years ago
- Views:
Transcription
1 Policy Title; Business Continuity Management Policy Date Published/Reviewed; February 2018 Business Lead; Head of Strategic Governance CCMT sponsor; Deputy Chief Constable Thames Valley Police ensures that all policies have been assessed and comply with MoPI Guidance, and the Data Protection In addition this Policy has been reviewed by The Force Head of Health, Safety and Environment and has undergone an Equality Impact Assessment. About this Policy Rationale Thames Valley Police (TVP), as a Category One responder, is required by the Civil Contingencies Act 2004 to have business continuity management arrangements in place. TVP must be able to continue to exercise its civil protection functions as well as, where possible, continuing to perform its ordinary functions in the event of an emergency or a disruption. Business Continuity is defined in the International Standard Organisation (ISO) 22301:2012 as the capability of the organisation to continue delivery of products and services at acceptable redefined levels following a disruptive incident (paragraph. 3.3) Intention This policy, along with the supporting documents, will provide details of the business continuity management process. This process aims to deliver the following outcomes: Ensure that TVP can continue to deliver critical services to the public in the event of a disruption Improve organisational resilience by developing strategies and adaptable and usable plans to minimise the impact of any emergency or disruption from identified threats and risks Ensure resources are used more effectively in order to ensure that duties to the public are met, particularly when resources are diminished Protect against reputational damage and increase public confidence Support the organisation s recovery following a disruption.
2 General Principles This policy defines the methodology by which TVP will meet its statutory duties. The continuity management lifecycle (see diagram below) for British Standard (BS) has been taken into account. However, Thames Valley Police will align with ISO where possible and therefore will use the Plan, Do, Check, Act (PDCA) structure. The business continuity management process is a continual cycle of activity that is maintained and reviewed to reflect changes in Force priorities and lessons learned from incidents and exercises. Continual improvement in business continuity management pro-actively aims to embed it into the organisation s culture. TVP business continuity management process activity aligns and includes: Identification of critical functions and prioritisation of all associated activities Conducting threat and risk assessments Conducting a Business Impact Analysis Development and maintenance of business continuity plans and network of points of contact / plan owners Exercising business continuity plans to validate and ensure effectiveness Audit, maintenance and review of business continuity arrangements Training and awareness of business continuity plans and requirements Learning from incidents, disruptions and exercises Monitoring standards and compliance with all related legislation, standards, policies and good practice.
3 Statement of Policy Business Continuity is a force-wide responsibility. All staff and officers have a role to play in the effective embedding of BCM into the culture of Thames Valley Police. The Civil Contingency Act 2004 (CCA) provides that Category 1 responders may use generic plans, specific plans or a combination of the two. The guidance for TVP is this Policy. Procedures and Tactics are contained in the Force Business Continuity Plan / Management Framework and a set of specific Local Policing Area (LPA), Operational Command Unit (OCU), and Departmental Business Continuity Plans complement this. The TVP business continuity strategy provides strategic actions planned for the next three years. A strategic business continuity plan will also be in place for the large non-operational / limited operational sites. This will set out the Force response to any disruption, including activation procedures and action checklists for the command structure. These plans will be supported by the more detailed plans in place within the Local Policing Areas, Operational Command Units and Departments. The Civil Contingencies Act 2004 requires that arrangements are to be reviewed regularly to ensure validity in the event of any changes. All plans will be developed, maintained and exercised in accordance with the CCA All Business Continuity Plans should be based on a Business Impact Analysis (BIA) and will be coordinated centrally, to manage interdependencies and ensure a common approach. This Policy, the TVP Business Continuity Strategy and the supporting documents and the Local Policing Area/Operational Command Units/Departmental Business Continuity Plans, as well as Business Impact Analyses, exercises, training and all related activity, form the overall arrangements for Thames Valley Police to fulfil its statutory duty. The requirements of the Civil Contingencies Act 2004 are that Category 1 responders may enter into collaborative arrangements with other responders but Business Continuity Management must be owned and driven within the organisation itself in order to be effective. All employees need to understand their responsibilities in a disruption and this should be encapsulated within the activity to embed the process into the organisation. The knowledge to provide this understanding to staff as well as training and support for those with specific responsibilities around writing plans will be developed. This will be disseminated via a network of business continuity contacts. Critical activities As category 1 responders Thames Valley Police will continue to deliver our civil protection functions. These functions and supporting activities are prioritised according to statutory requirements and by force objectives determined by the Strategic Planning Process. The Business Impact Analysis process requires all activities to be prioritised based on a threat and risk assessment. Each critical activity identified in this process requires a recovery time to be set and resources and interdependencies to be recorded. The Force s critical activities, endorsed by the Chief Constable are:
4 Emergency Response Crime Investigation Custody Management Managing High Risk Threats to service delivery BCM arrangements take into account the threat and risks identified at a national, regional and community level. They will also take into account those risks identified through the internal Business Impact Analysis process and the organisational Risk Management process. The National Decision Model (NDM) is a key part of the approach to the management of risk within TVP, and in particular recognises the need to take account of the Code of Ethics BCM in TVP aims to address the impact of any incident in the following four areas: People: Loss of Staff/Officers (severe weather, disease pandemic, industrial action, abstractions) Premises: Denial of access or damage to premises (due to fire, flooding, police cordon/operational activity, power failure etc) ICT/Communications: Loss of critical systems (Local Area Network/Telephony failure, power or system failure or essential maintenance disruption) Suppliers/Stakeholders: Loss or failure of internal or external stakeholders/suppliers (LPAs / OCUs /departments, partner agencies, utilities, etc) In most circumstances the identification of a disruption is clear, such as denial of access to a building due to a fire or flood, but any incident identified as having an impact on service delivery or the potential to impact on service delivery should be notified according to the procedure set out in the Force Business Continuity Plan. Some disruptions may be more difficult to identify, such as the impact of a failure of a key supplier, system failure, lack of key staff.
5 Incident classification The BCM arrangements in place for TVP should be considered in the planning, response and recovery to any incident or emergency. When an incident is identified by any officer or staff member or stakeholder, that could adversely affect the capability of TVP to maintain normal service delivery, BCM plans should be activated in support of any operational response. In a similar way to when a Critical Incident is identified, any incident which requires a Business Continuity response can be categorised as defined in the Force Business Continuity Plan. Plan activation LPA / OCU / department BCPs should be activated by the Commander or Head of Department in consultation with the Gold Commander following identification of a High or Medium impact incident. The following incident grid follows the APP Tier 1 to 3 High Impact (Tier 3) A tier three incident is when any incident, or preplanned event, has significantly impacted or has the potential to significantly impact on the force as a whole, across forces, or nationally, and Thames Valley Police s ability to perform its critical activities. This is managed at a GOLD level Medium Impact (Tier 2) A tier two incident is when any incident, or pre-planned event, has impacted or has the potential to impact Thames Valley Police s ability to deliver its critical functions across multiple LPAs or Departments. This is managed by an LPA Commander or Department Head nominated by GOLD Low Impact (Tier1) Potential A tier one incident is when any incident, or pre-planned event, has impacted the Force s ability to deliver its critical activities across a single LPA or Department. This is managed by an LPA Commander or Department Head An issue is identified that it is believed could potentially impact on critical activities the issue requires assessing and monitoring (e.g. industrial action, severe weather, a major event, building work etc) The activation process is detailed in the Business Continuity Management Framework. This activation process is compatible with the process used by Hampshire Constabulary ensuring ease of use within Collaborated areas such as the Joint Operations Unit.
6 Roles and Responsibilities The ultimate responsibility of ensuring Thames Valley Police complies with the Business Continuity requirements of the Civil Contingencies Act 2004 remains with the Chief Constable. All staff, officers and volunteers are responsible for being aware of the Business Continuity arrangements for their area in the event of a disruption. Specific roles are identified in the table below: Role Deputy Chief Constable (DCC) Responsibility Overall Force lead on Business Continuity Head of Strategic Governance Unit Corporate Governance Manager Corporate Governance Officer Senior Management Teams / Business Continuity single points of contact (and Deputies) Senior Information Risk Owner (SIRO) Human Rights Articles Engaged Responsible at strategic level for Business Continuity Responsible for all business continuity management activity in the Force. Support/advise in a disruption when required. Must ensure a tactical log of decisions and actions during any disruption is captured. Responsible for implementation, coordination and support of all business continuity activity at a tactical force level. Support/advisor in a disruption when required. Must ensure a log of any disruption is captured and debriefed. Responsible for the LPA / OCU / Departmental business continuity activity at an operational / departmental level. Support / advise in a disruption when required. Must ensure a log of any disruption is captured and reported to the Strategic Governance Unit. In the event of a disruption, there may be a requirement to work outside normal information security policies and procedures. The SIRO should be responsible for authorisation. The policy does not invoke Human Rights Articles. Health and Safety at Work The Health and Safety at Work Act imposes a duty of care upon the Chief Constable to ensure, as far as is reasonably practicable, the health, safety and welfare of all staff. There is a legal requirement to conduct a risk assessment based on the individual s role and capabilities, which should include
7 consideration of assessments under specific legislation e.g. Manual Handling Regulations. Communications, Challenges and Representations - Communication Deputy Chief Constable Thames Valley Police Oxford Road Kidlington Oxon OX5 2NX - Review This policy document will be reviewed as and when necessary (e.g. following a tier 3 incident) and in any event every 12 months following the sign off of this review. The review will be carried out by the Strategic Governance Unit and will examine: Changes in legislation Court rulings Domestic, European and Human Rights Examples of good practice from other Forces or other organisations Changes in Home Office Circulars NPCC policy and Authorised Professional Practice Representations made by individuals and relevant organisations Relevant Equality data The policy will next be reviewed in February FOI status and protective marking This policy is suitable to be made available to the public and can be published on the Thames Valley Police Freedom of Information Publication Scheme. Government Security Classification Policy (GSCP) This policy has been assessed as OFFICIAL however the supporting documents have been assessed as OFFICIAL SENSITIVE and will therefore not be published as above. All policies will be published on the Policy Management Unit Intranet site. New and reviewed policies will be promoted in Managers Briefing Related Legislation and guidance Civil Contingencies Act 2004 Human Rights Act 1998 Equality Act 2010 (section 149) Freedom of Information Act 2000
8 Health and Safety at Work Act Government Classification Scheme ISO 22301:2012 Societal Security Business Continuity Management Systems BS Business Continuity Management Part Code of Practice and Part 2 Specification 2007 BS 65000: 2014 Guidance on Organisation Resilience Business Continuity Institutes (BCI) Good Practice Guidelines 2013 National Decision Making Model (NDM) Code of Ethics MOPI: Code of Practice For use by the Policy Management Unit Only Chief Officer Policy Authorisation Policy signed off by: Name of relevant ACC Date Version Date Author Reason Reviewed 2.0 June 2018 Sarah Holland Updated to new policy template and low level contextual and grammatical changes.
NHS Gloucestershire Clinical Commissioning Group. Business Continuity Strategy
NHS Gloucestershire Clinical Commissioning Group 1 Document Control Title of Document Gloucestershire CCG Author A Ewens (Emergency Planning and Business Continuity Officer) Review Date February 2017 Classification
More informationBusiness Continuity Policy
Business Continuity Policy Version Number: 3.6 Page 1 of 14 Business Continuity Policy First published: 07-01-2014 Amendment record Version Date Reviewer Comment 1.0 07/01/2014 Debbie Campbell 2.0 11/07/2014
More informationPolicy. Business Resilience MB2010.P.119
MB.P.119 Business Resilience Policy This policy been prepared by the Bi-Cameral Business Risk and Resilience Group and endorsed by the Management Boards of both Houses. It is effective from December to
More informationGlobal Statement of Business Continuity
Business Continuity Management Version 1.0-2017 Date January 25, 2017 Status Author Business Continuity Management (BCM) Table of Contents 1. Credit Suisse Business Continuity Statement 3 2. BCM Program
More informationThe Metropolitan Police Service Approach to Corporate Resiliency
The Metropolitan Police Service Approach to Corporate Resiliency Chief Inspector Tim Marjason Metropolitan Police Service Emergency Preparedness OCU CO3 - Central Operations New Scotland Yard, London Central
More informationBusiness Continuity and Disaster Recovery
Business Continuity and Disaster Recovery Index Section Title 1. Executive Summary 2. Policy Statement 3. Strategy 4. Governance 5. Key Documentation 6. Testing 1 Executive Summary Business Continuity
More informationBUSINESS CONTINUITY MANAGEMENT PROGRAM OVERVIEW
BUSINESS CONTINUITY MANAGEMENT PROGRAM OVERVIEW EXECUTIVE SUMMARY CenturyLink is committed to ensuring business resiliency and survivability during an incident or business disruption. Our Corporate Business
More informationBusiness Continuity Management: How to get started. Presented by: Tony Drewitt, Managing Director IT Governance Ltd 19 April 2018
Business Continuity Management: How to get started Presented by: Tony Drewitt, Managing Director IT Governance Ltd 19 April 2018 Introduction Tony Drewitt - Managing Director: IT Governance UK and EU One
More informationInformation Security Policy
Information Security Policy Author: Responsible Lead Executive Director: Endorsing Body: Governance or Assurance Committee Alan Ashforth Colin Sloey Implementation Date: September 2010 Version Number:
More informationDirector, Major Projects and Resilience. To: Planning and Performance Committee 6 November 2014
Item Number: B1 By: Director, Major Projects and Resilience To: Planning and Performance Committee 6 November 2014 Subject: Classification: KENT RESILIENCE TEAM Unrestricted FOR DECISION SUMMARY This report
More informationInformation Security Strategy
Security Strategy Document Owner : Chief Officer Version : 1.1 Date : May 2011 We will on request produce this Strategy, or particular parts of it, in other languages and formats, in order that everyone
More informationBusiness Continuity Management Program Overview
Business Continuity Management Program Overview Improving the lives of our customers by connecting them to the power of the digital world CenturyLink Key Objective CenturyLink may modify or terminate this
More informationUse of Personal Mobile Phone Whilst on Duty
Use of Personal Mobile Phone Whilst on Duty (Incorporating Smartphones and Hand Held Devices) Standard Operating Procedure Notice: This document has been made available through the Police Service of Scotland
More informationRisk Management. Continuity Management
Risk Management vs Continuity Management Marie Hélène Primeau, CA, MBCI President Premier Continuum DRJ Fall World September 12, 2011 Marie-Hélène Primeau, CA, MBCI Chartered Accountant and Member of the
More informationPOWER AND WATER CORPORATION POLICY MANAGEMENT OF EXTERNAL SERVICE PROVIDERS
POWER AND WATER CORPORATION POLICY MANAGEMENT OF EXTERNAL SERVICE PROVIDERS Prepared by: Approved by: Chief Procurement Officer John Baskerville Chief Executive File number: D2015/65737 June 2015 MANAGEMENT
More informationSAMPLE REPORT. Business Continuity Gap Analysis Report. Prepared for XYZ Business by CSC Business Continuity Services Date: xx/xx/xxxx
SAMPLE REPORT Business Continuity Gap Analysis Report Prepared for XYZ Business by CSC Business Continuity Services Date: xx/xx/xxxx COMMERCIAL-IN-CONFIDENCE PAGE 1 OF 11 Contact Details CSC Contacts CSC
More informationINFORMATION SECURITY AND RISK POLICY
INFORMATION SECURITY AND RISK POLICY 1 of 12 POLICY REFERENCE INFORMATION SHEET Document Title Document Reference Number Information Security and Risk Policy P/096/CO/03/11 Version Number V02.00 Status:
More informationBusiness continuity management and cyber resiliency
Baker Tilly refers to Baker Tilly Virchow Krause, LLP, an independently owned and managed member of Baker Tilly International. Business continuity management and cyber resiliency Introductions Eric Wunderlich,
More informationCanada Life Cyber Security Statement 2018
Canada Life Cyber Security Statement 2018 Governance Canada Life has implemented an Information Security framework which supports standards designed to establish a system of internal controls and accountability
More informationPOSITION DESCRIPTION
UNCLASSIFIED IT Security Certification Assessor POSITION DESCRIPTION Unit, Directorate: Location: IT & Physical Security, Protective Security Wellington Salary range: H $77,711 - $116,567 Purpose of position:
More informationINTERNAL AUDIT DIVISION REPORT 2017/138
INTERNAL AUDIT DIVISION REPORT 2017/138 Audit of business continuity in the United Nations Organization Stabilization Mission in the Democratic Republic of the Congo There was a need to implement the business
More informationDriving Global Resilience
Driving Global Resilience Steve Mellish FBCI Chairman, The Business Continuity Institute Monday December 2nd, 2013 Business & IT Resilience Summit New Delhi, India Chairman of the Business Continuity Institute
More informationDATA PROTECTION SELF-ASSESSMENT TOOL. Protecture:
DATA PROTECTION SELF-ASSESSMENT TOOL Protecture: 0203 691 5731 Instructions for use touches many varied aspects of an organisation. Across six key areas, the self-assessment notes where a decision should
More informationNational Policing Community Security Policy
Document Name File Name National Policing Community Security Policy Community_Security_Policy_FINAL v4_3.doc Authorisation Information Management Business Area Signed version held by National Police Information
More informationInformation Security Incident
Good Practice Guide Author: A Heathcote Date: 22/05/2017 Version: 1.0 Copyright 2017 Health and Social Care Information Centre. The Health and Social Care Information Centre is a non-departmental body
More informationINFORMATION SECURITY. One line heading. > One line subheading. A briefing on the information security controls at Computershare
INFORMATION SECURITY A briefing on the information security controls at Computershare One line heading > One line subheading INTRODUCTION Information is critical to all of our clients and is therefore
More informationCYBER INCIDENT REPORTING GUIDANCE. Industry Reporting Arrangements for Incident Response
CYBER INCIDENT REPORTING GUIDANCE Industry Reporting Arrangements for Incident Response DfT Cyber Security Team CYBER@DFT.GSI.GOV.UK Introduction The Department for Transport (DfT) has produced this cyber
More informationPolicing our Roads Together
Policing our Roads Together A 3 year strategy 2018 2021 Our Vision Policing Together for, Secure and Efficient roads Our Objectives Working together to achieve: roads, free from harm Secure roads free
More informationSecurity Director - VisionFund International
Security Director - VisionFund International Location: [Europe & the Middle East] [United Kingdom] Category: Security Job Type: Open-ended, Full-time *Preferred location: United Kingdom/Eastern Time Zone
More informationBuilding resilience. Delivering assurance.
Building resilience. Delivering assurance. Strengthening and improving the way organisations operate, creating robust and resilient cultures. 01 02 RiskLogic Building resilience. Delivering assurance.
More informationSample Exam Privacy & Data Protection Foundation
Sample Exam Sample Exam Privacy & Data Protection Foundation SECO-Institute issues the official Business Continuity courseware to accredited training centres where students are trained by accredited instructors.
More informationGRAMPIAN SCG PUBLIC COMMUNICATIONS PLAN
Page 1 of 11 Page 1 of 11 Communications Plan GRAMPIAN SCG PUBLIC COMMUNICATIONS PLAN Version: Communications Liaison Group Approval Planned Review Chair SCG Plans Workstream Protective Marking: Planned
More informationManchester Metropolitan University Information Security Strategy
Manchester Metropolitan University Information Security Strategy 2017-2019 Document Information Document owner Tom Stoddart, Information Security Manager Version: 1.0 Release Date: 01/02/2017 Change History
More informationTSC Business Continuity & Disaster Recovery Session
TSC Business Continuity & Disaster Recovery Session Mohamed Ashmawy Infrastructure Consulting Pursuit Hewlett-Packard Enterprise Saudi Arabia Mohamed.ashmawy@hpe.com Session Objectives and Outcomes Objectives
More information1. To provide an update on the development of the SPA Assurance Map.
Meeting SPA Date and Time 9 June 2014 1015hrs Location Britannia Building, Room B024, Glasgow Caledonian University Title of Paper Assurance Map Item Number 8.2 Presented By Graham Stickle For Approval
More informationTHE STRATEGIC POLICING REQUIREMENT. July 2012
THE STRATEGIC POLICING REQUIREMENT July 2012 Contents Foreward by the Home Secretary...3 1. Introduction...5 2. National Threats...8 3. Capacity and contribution...9 4. Capability...11 5. Consistency...12
More informationPublic Safety Canada. Audit of the Business Continuity Planning Program
Public Safety Canada Audit of the Business Continuity Planning Program October 2016 Her Majesty the Queen in Right of Canada, 2016 Cat: PS4-208/2016E-PDF ISBN: 978-0-660-06766-7 This material may be freely
More informationFacilities Management and Business Continuity. 10 May 2017
Facilities Management and Business Continuity 10 May 2017 1 Introductions Business Continuity Institute BCI SADC Chapter The Caridon Group 2 The BCI 3 The Caridon Group Consulting Group of select experienced
More informationInformation Governance Incident Reporting Policy
Information Governance Incident Reporting Policy Version: 4.0 Ratified by: NHS Bury Clinical Commissioning Group Information Governance Operational Group Date ratified: 29 th November 2017 Name of originator
More informationVersion 1/2018. GDPR Processor Security Controls
Version 1/2018 GDPR Processor Security Controls Guidance Purpose of this document This document describes the information security controls that are in place by an organisation acting as a processor in
More informationSTRATEGY ATIONAL. National Strategy. for Critical Infrastructure. Government
ATIONAL STRATEGY National Strategy for Critical Infrastructure Government Her Majesty the Queen in Right of Canada, 2009 Cat. No.: PS4-65/2009E-PDF ISBN: 978-1-100-11248-0 Printed in Canada Table of contents
More informationSecurity Management Models And Practices Feb 5, 2008
TEL2813/IS2820 Security Management Security Management Models And Practices Feb 5, 2008 Objectives Overview basic standards and best practices Overview of ISO 17799 Overview of NIST SP documents related
More informationINFORMATION SECURITY PRINCIPLES OF THE UNIVERSITY OF JYVÄSKYLÄ
INFORMATION SECURITY PRINCIPLES OF THE UNIVERSITY OF JYVÄSKYLÄ JYVÄSKYLÄN YLIOPISTO Introduction With the principles described in this document, the management of the University of Jyväskylä further specifies
More informationFIRE REDUCTION STRATEGY. Fire & Emergency Services Authority GOVERNMENT OF SAMOA April 2017
FIRE REDUCTION STRATEGY Fire & Emergency Services Authority GOVERNMENT OF SAMOA April 2017 FIRE REDUCTION STRATEGY Fire & Emergency Services Authority GOVERNMENT OF SAMOA April 2017 2 1. Introduction The
More informationPractitioner Certificate in Business Continuity Management (PCBCM) Course Description. 10 th December, 2015 Version 2.0
Practitioner Certificate in Business Continuity Management (PCBCM) Course Description 10 th December, 2015 Version 2.0 Course The Practitioner Certificate in Business Continuity Management (PCBCM) course
More informationMember of the County or municipal emergency management organization
EMERGENCY OPERATIONS PLAN SUUPPORT ANNEX B PRIVATE-SECTOR COORDINATION Coordinating Agency: Cooperating Agencies: Chatham Emergency Management Agency All Introduction Purpose This annex describes the policies,
More informationUnclassified. Date Monday 24 September Business Continuity Plan Review - Mission Critical Activities
Meeting Paper title Executive Team Date Monday 24 September Business Continuity Plan Review - Mission Critical Activities Agenda item 5 Discussion time Purpose of paper Decision [If a decision you must
More informationGlobal Security Advisor
Global Security Advisor Location: [North America] [United States] Category: Security *Preferred location: USA. Other locations will be considered globally where WVI is registered to operate. PURPOSE OF
More informationC106: DEMO OF THE INFORMATION SECURITY MANAGEMENT SYSTEM - ISO: 27001:2005 AWARENESS TRAINING PRESENTATION KIT
C106: DEMO OF THE INFORMATION SECURITY MANAGEMENT SYSTEM - ISO: 27001:2005 AWARENESS TRAINING PRESENTATION KIT Buy: http://www.globalmanagergroup.com/iso27001training.htm Chapter-1.0 CONTENTS OF ISO 27001-2005
More informationTEL2813/IS2820 Security Management
TEL2813/IS2820 Security Management Security Management Models And Practices Lecture 6 Jan 27, 2005 Introduction To create or maintain a secure environment 1. Design working security plan 2. Implement management
More informationVirginia State University Policies Manual. Title: Information Security Program Policy: 6110
Purpose Virginia State University (VSU) uses information to perform the business services and functions necessary to fulfill its mission. VSU information is contained in many different mediums including
More informationBUSINESS CONTINUITY MANAGEMENT. A short guide 2017
BUSINESS CONTINUITY MANAGEMENT A short guide 2017 Acknowledgements Business Continuity Institute Founded in 1994, the BCI defined a set of practices for individuals to be able to demonstrate their individual
More informationAon Service Corporation Law Global Privacy Office. Aon Client Data Privacy Summary
Aon Client Data Privacy Summary Table of Contents Our Commitment to Data Privacy 3 Our Data Privacy Principles 4 Aon Client Data Privacy Summary 2 Our Commitment to Data Privacy Data Privacy Backdrop As
More informationPS 176 Removable Media Policy
PS 176 Removable Media Policy December 2013 Version 2.0 Statement of legislative compliance This document has been drafted to comply with the general and specific duties in the Equality Act 2010; Data
More informationCYBER RESILIENCE & INCIDENT RESPONSE
CYBER RESILIENCE & INCIDENT RESPONSE www.nccgroup.trust Introduction The threat landscape has changed dramatically over the last decade. Once the biggest threats came from opportunist attacks and preventable
More informationHow to Conduct a Business Impact Analysis and Risk Assessment
How to Conduct a Business Impact Analysis and Risk Assessment By Larry Pedrazoli Business Recovery Analyst Miller Brewing Company February 2006 Project Management Institute, La Crosse, WI Chapter Agenda
More informationIntroduction to ISO/IEC 27001:2005
Introduction to ISO/IEC 27001:2005 For ISACA Melbourne Chapter Technical Session 18 th of July 2006 AD Prepared by Endre P. Bihari JP of Performance Resources What is ISO/IEC 17799? 2/20 Aim: Creating
More informationWhy you should adopt the NIST Cybersecurity Framework
Why you should adopt the NIST Cybersecurity Framework It s important to note that the Framework casts the discussion of cybersecurity in the vocabulary of risk management Stating it in terms Executive
More informationISO / IEC 27001:2005. A brief introduction. Dimitris Petropoulos Managing Director ENCODE Middle East September 2006
ISO / IEC 27001:2005 A brief introduction Dimitris Petropoulos Managing Director ENCODE Middle East September 2006 Information Information is an asset which, like other important business assets, has value
More informationEnterprise resilience and the role of Standards
www.pwc.co.uk Enterprise resilience and the role of Standards Why do we have Standards? Globalisation Consistency Quality Supply chain and outsourcing Marketing value Slide 2 Stakeholder value Ultimately,
More informationSussex Police Business Crime Strategy
Sussex Police Business Crime Strategy 2014-2016 Sussex Police Serving Sussex www.sussex.police.uk Foreword Sussex Police recognise that businesses are a vital part of our local communities and are essential
More informationSTAFF REPORT. January 26, Audit Committee. Information Security Framework. Purpose:
STAFF REPORT January 26, 2001 To: From: Subject: Audit Committee City Auditor Information Security Framework Purpose: To review the adequacy of the Information Security Framework governing the security
More informationAccess to personal accounts and lawful business monitoring
Access to personal email accounts and lawful business monitoring Contents Policy statement... 2 Access to personal emails... 2 Manager suspects misuse... 3 Lawful business monitoring... 4 Additional information...
More informationBCM s Role in Effective Risk Management: A Risk Manager s Point of View
BCM s Role in Effective Risk Management: A Risk Manager s Point of View Date: March 24, 2015 Presenter: Randall Davis, MBA, IBD, CPCU, ERM, ARM, ARM E, ABCP Agenda for this session Explore the case for
More informationMRC Information Security Policy (IT_pg_003)
() Contents Policy statement... 3 1. Key principles... 3 2. Scope... 4 3. Purpose... 5 4. General considerations... 5 5. Accessing information and information assets... 5 6. Technical aspects... 6 7. Use
More informationUsing International Standards to Implement a Business Continuity Management System (BCMS)
Using International Standards to Implement a Business Continuity Management System (BCMS) Dr. Abdulrahman AlEnezi Dr. Fawaz AlEnezi Eng. Maryam AlRadhwan Dr. Sultan AlEnezi Agenda Introduction Business
More informationTARGET2-SECURITIES INFORMATION SECURITY REQUIREMENTS
Target2-Securities Project Team TARGET2-SECURITIES INFORMATION SECURITY REQUIREMENTS Reference: T2S-07-0270 Date: 09 October 2007 Version: 0.1 Status: Draft Target2-Securities - User s TABLE OF CONTENTS
More informationBuilding a BC/DR Control Library and Regulatory Response Program
Building a BC/DR Control Library and Regulatory Response Program David Garland, Senior Director, Disaster Recovery & Regulatory Compliance, Business Continuity Management CME Group Regulatory Compliance
More informationMobile Communication Policy
Mobile Communication Policy Document Type Author Owner (Dept) Mobile Communication Policy Chief Executive Health & Safety Date of Review June 2015 List of Contents Page No 1. Summary of Duties... 3 2.
More informationENISA s Position on the NIS Directive
ENISA s Position on the NIS Directive 1 Introduction This note briefly summarises ENISA s position on the NIS Directive. It provides the background to the Directive, explains its significance, provides
More informationMNsure Privacy Program Strategic Plan FY
MNsure Privacy Program Strategic Plan FY 2018-2019 July 2018 Table of Contents Introduction... 3 Privacy Program Mission... 4 Strategic Goals of the Privacy Office... 4 Short-Term Goals... 4 Long-Term
More informationSOLUTION BRIEF RSA ARCHER BUSINESS RESILIENCY
RSA ARCHER BUSINESS RESILIENCY INTRODUCTION Organizations are becoming a complex tapestry of products and services, processes, technologies, third parties, employees and more. Each element adds another
More informationBCP At Bangkok Bank, Thailand
BCP At Bangkok Bank, Thailand Bhakorn Vanuptikul, BCCE Executive Vice President Bangkok Bank Public Company Limited 10 May 2012 1 Agenda Business Continuity Management at Bangkok Bank Success Factors in
More informationInformation Security Controls Policy
Information Security Controls Policy Classification: Policy Version Number: 1-00 Status: Published Approved by (Board): University Leadership Team Approval Date: 30 January 2018 Effective from: 30 January
More informationImplementing a Global Business
GLOBAL OPERATIONS Implementing a Global Business Continuity Management Program Disaster Recovery Journal Spring World 2010 Conference Pfizer Inc. Managing Business Continuity on a Global Scale This presentation
More informationInformation Security Management System
Information Security Management System Based on ISO/IEC 17799 Houman Sadeghi Kaji Spread Spectrum Communication System PhD., Cisco Certified Network Professional Security Specialist BS7799 LA info@houmankaji.net
More informationPlanning and Implementing ITIL in ICT Organisations
CCPM Solutions Experts in ICT Performance Supporting Your Business Planning and Implementing ITIL in ICT Organisations June 2012, Addis Ababa Content 1. Quick ITIL (Overview) 2. Case study (How not to
More informationWhen Recognition Matters WHITEPAPER ISO SUPPLY CHAIN SECURITY MANAGEMENT SYSTEMS.
When Recognition Matters WHITEPAPER ISO 28000 SUPPLY CHAIN SECURITY MANAGEMENT SYSTEMS www.pecb.com CONTENT 3 4 4 4 4 5 6 6 7 7 7 8 9 10 11 12 Introduction An overview of ISO 28000:2007 Key clauses of
More informationInformation Security Data Classification Procedure
Information Security Data Classification Procedure A. Procedure 1. Audience 1.1 All University staff, vendors, students, volunteers, and members of advisory and governing bodies, in all campuses and locations
More informationISAO SO Product Outline
Draft Document Request For Comment ISAO SO 2016 v0.2 ISAO Standards Organization Dr. Greg White, Executive Director Rick Lipsey, Deputy Director May 2, 2016 Copyright 2016, ISAO SO (Information Sharing
More informationMalpractice and Maladministration Policy
Malpractice and Maladministration Policy Introduction This policy is aimed at our customers, including learners, who are delivering/registered on BCS approved qualifications or units within or outside
More informationPrivacy Impact Assessment
Automatic Number Plate Recognition (ANPR) Deployments Review Of ANPR infrastructure February 2018 Contents 1. Overview.. 3 2. Identifying the need for a (PIA).. 3 3. Screening Questions.. 4 4. Provisions
More informationBirmingham Community Healthcare NHS Foundation Trust. 2017/17 Data Security and Protection Requirements March 2018
1.0 Executive Summary Birmingham Community Healthcare NHS Foundation Trust 2017/17 Data Security and Protection Requirements March 2018 The Trust has received a request from NHS Improvement (NHSI) to self-assess
More informationPromoting the Art and Science of Business Continuity Management Worldwide. Partner of the DRJ
Promoting the Art and Science of Business Continuity Management Worldwide Official Certification and Education Partner of the DRJ Doug Weldon President, BCI-USA Chapter douglas.weldon@thomsonreuters.com
More informationTHE LINK BETWEEN ENTERPRISE RISK MANAGEMENT AND DISASTER MANAGEMENT
THE LINK BETWEEN ENTERPRISE RISK MANAGEMENT AND DISASTER MANAGEMENT International Recovery Forum 2014 ~ The Role of Private Sector in Disaster Recovery ~ 21 January 2014 Kobe, Japan Dr Janet L. Asherson
More informationResilience in London
Resilience in London A Resilient City The ability of London to detect, prevent and if necessary to withstand, handle and recover from disruptive challenges Objectives London- complexity and risk London
More informationCyber Risks in the Boardroom Conference
Cyber Risks in the Boardroom Conference Managing Business, Legal and Reputational Risks Perspectives for Directors and Executive Officers Preparing Your Company to Identify, Mitigate and Respond to Risks
More informationNEW DATA REGULATIONS: IS YOUR BUSINESS COMPLIANT?
NEW DATA REGULATIONS: IS YOUR BUSINESS COMPLIANT? What the new data regulations mean for your business, and how Brennan IT and Microsoft 365 can help. THE REGULATIONS: WHAT YOU NEED TO KNOW Australia:
More informationCorporate Information Security Policy
Overview Sets out the high-level controls that the BBC will put in place to protect BBC staff, audiences and information. Audience Anyone who has access to BBC Information Systems however they are employed
More informationGeneral Data Protection Regulation
General Data Protection Regulation Workshare Ltd ( Workshare ) is a service provider with customers in many countries and takes the protection of customers data very seriously. In order to provide an enhanced
More informationTUFTS HEALTH PLAN CORPORATE CONTINUITY STRATEGY
JUNE 2017 TUFTS HEALTH PLAN CORPORATE CONTINUITY STRATEGY OVERVIEW The intent of this document is to provide external customers and auditors with a high-level overview of the Tufts Health Plan Corporate
More informationData Processor Agreement
Data Processor Agreement Data Controller: Customer located within the EU (the Data Controller ) and Data Processor: European Representative Company: ONE.COM (B-one FZ-LLC) One.com A/S Reg.no. Reg.no. 19.958
More informationDirective on Security of Network and Information Systems
European Commission - Fact Sheet Directive on Security of Network and Information Systems Brussels, 6 July 2016 Questions and Answers The European Parliament's plenary adopted today the Directive on Security
More informationPrinciples for BCM requirements for the Dutch financial sector and its providers.
Principles for BCM requirements for the Dutch financial sector and its providers. Platform Business Continuity Vitale Infrastructuur Financiële sector (BC VIF) Werkgroep BCM requirements 21 September 2011
More informationGDPR: Get Prepared! A Checklist for Implementing a Security and Event Management Tool. Contact. Ashley House, Ashley Road London N17 9LZ
GDPR: Get Prepared! A Checklist for Implementing a Security and Event Management Tool Contact Ashley House, Ashley Road London N17 9LZ 0333 234 4288 info@networkiq.co.uk The General Data Privacy Regulation
More informationDelivery Plan Working together to make our communities safer. transform. innovate. efficient. police. public. effective
Working together to make our communities safer transform innovate public effective efficient police Delivery Plan 2018 19 Foreword The Delivery Plan outlined in this document is in line with Thames Valley
More informationThe Science and Technology Roadmap to Support the Implementation of the Sendai Framework for Disaster Risk Reduction
29 February 2016 The Science and Technology Roadmap to Support the Implementation of the Sendai Framework for Disaster Risk Reduction 2015-2030 The Sendai Framework for Disaster Risk Reduction 2015-2030
More informationBT Business Continuity Quick Start Service
BT Business Continuity Quick Start Service Business continuity management, service availability and the ongoing assessment of business risk are essential activities for organisations. The BT Business Continuity
More informationPOSITION DESCRIPTION
Network Security Consultant POSITION DESCRIPTION Unit/Branch, Directorate: Location: Regulatory Unit Information Assurance and Cyber Security Directorate Auckland Salary range: I $90,366 - $135,548 Purpose
More informationThe General Data Protection Regulation
PRIVACY NOTICE INFORMATION FOR (a) APPLICANTS TO AND USERS OF CHS COMMUNITY SUPPORT SERVICES; (b) OTHER STAKEHOLDERS CHS is committed to protecting your personal data. This privacy notice sets out how
More information