Business Continuity Policy
|
|
- Karen Davidson
- 6 years ago
- Views:
Transcription
1 Business Continuity Policy Version Number: 3.6 Page 1 of 14
2 Business Continuity Policy First published: Amendment record Version Date Reviewer Comment /01/2014 Debbie Campbell /07/2014 Vicky Ryan Updated to include reference to linked documents /01/2015 Vicky Ryan Minor change /12/2015 Laura Davey / Debbie Campbell Full review of document and changes including, adding reference to Pandemic Flu Framework Version number 3.6 Status Final Author Laura Davey / Debbie Campbell Approver Mary Backhouse Date approved Version Number: 3 Page 2 of 14
3 NS CCG Business Continuity Policy Contents Contents Introduction Policy statement Roles & responsibilities North Somerset Accountable Emergency Officer Head of Planning and Business Support North Somerset CCG staff Business continuity incident Financial arrangements Communications strategy Exercising, maintaining and reviewing Distribution & Implementation Distribution Plan Implementation plan Compliance Monitoring Compliance Approval Associated & reference documentation Associated documents Reference documents Appendix 1 Glossary Version Number: 3.6 Page 3 of 14
4 1 Introduction Business Continuity is a key part of North Somerset Clinical Commissioning Group s (CCG) requirements as a Category 2 responder for Emergency Preparedness, Resilience & Response (EPRR) requirements. In addition, the CCG and external providers must comply with the Civil Contingencies Act (2004) in developing robust business continuity plans. The CCG must deliver effective Business Continuity Management (BCM) in order to secure the best possible outcomes for patients in the event of an incident. The CCG recognises the potential operational and financial losses associated with a major service disruption, and the importance of maintaining viable recovery strategies. A key element of a successful BCM is embedding a strong business continuity culture throughout the CCG, and this is endorsed by NHS England. The Business Continuity Policy document defines how the CCG will implement BCM to minimise the impact of incidents. It is supplemented by the Business Continuity Plan and Business Impact Assessments for each business area in the CCG. The CCG will have accountability at Accountable Emergency Officer level and responsibility at Head of EPRR level. North Somerset CCG business continuity objectives are to: Provide robust and consistent BCM throughout North Somerset CCG Identify and mitigate business continuity risk Ensure that BCM incorporates, planning, training and continuous improvement to manage operational incidents. Enable the successful delivery of the CCGs Business Continuity Plan. Promote and maintain the reputational integrity of the CCG. Meet the requirements of the Civil Contingencies Act (2004) and align to ISO business continuity requirements and guidelines. Assure the Governing Body that Business Continuity plans are fit for purpose and meet the necessary requirements as outlined in Section 2 below. This policy should be read in conjunction with the following EPRR documents: Version Number: 3 Page 4 of 14
5 NS CCG Business Continuity Policy LHRP Health Community Response plan Severe Weather Plan Fuel Shortage Response Plan Communicable Diseases Plan Incident Response Plan Pandemic Flu Framework 2 Policy statement North Somerset CCG is committed to ensuring robust and effective BCM as a key mechanism to restore and deliver continuity of key services in the event of an incident. The CCG also has a Business Continuity Plan in place and this will be based on the following standards: NHS England Commissioning Board Core Standards for Emergency Preparedness, Resilience and Response (EPRR). ISO 22301: Business Continuity Management Systems -Requirements. ISO / PAS 22399: Guideline for Incident Preparedness and Operational Continuity Management. Recognised standards of corporate governance. All CCG Officers and Managers will ensure that BCM is maintained throughout the organisation and that within their areas of responsibility Business Continuity Impact Assessments (BIA), which detail the prioritised activities within each department, are completed by all teams. All staff must be aware of the Business Continuity Plan and associated BIA that affects their business areas and their individual role following invocation. The CCG will implement a programme of training, exercise, maintenance and review. In addition, the CCG will provide assurance to NHS England on BCM progress. Version Number: 3.6 Page 5 of 14
6 The management of business continuity at the CCG aims to accommodate the needs and expectations of interested parties. Version Number: 3 Page 6 of 14
7 NS CCG Business Continuity Policy 3 Roles & responsibilities 3.1 North Somerset Accountable Emergency Officer North Somerset Chief Operating Officer or delegated deputy, has accountability, as the Accountable Emergency Officer for: Promoting the embodiment of the business continuity culture within North Somerset CCG Provision of appropriate levels of resource and budget to achieve the required level of business continuity in response to incidents Ensuring information governance standards continue to be applied to data and information during an incident Providing assurance to NHS England via the EPRR Core standards Self-Assessment, regular assurance meetings and engagement with LHRP Ensure the CCG supports NHS England Local Area Team (LAT) in discharging its EPRR functions and duties 3.2 Head of Planning and Business Support North Somerset CCG Head of Planning and Business Support will be responsible for: Implementation of the Business Continuity Policy and Plan The development, exercise and maintenance of the CCGs Business Continuity Plan and Business Impact Assessments The testing, exercising, updating and subsequent communications of the CCGs Business Continuity Plan and Business Impact Assessments on a minimum of an annual basis Ensuring training is carried out and attendance records are maintained Producing a report of any incident that leads to the invoking of Business Continuity Plans and sharing the learning from any incident with any relevant parties Version Number: 3.6 Page 7 of 14
8 3.3 North Somerset CCG staff All North Somerset CCG Senior Managers and staff are responsible for: Developing an awareness of BCM within their area of responsibility. Escalating any business continuity incident in line with the process detailed in the Business continuity plan Developing and updating business continuity assessments within their own area of responsibility 4 Business continuity incident 4.1 Robust procedures should be detailed within the Business Impact Assessments for the following priority incidents as a minimum. Unavailability of premises for a period that significantly impacts prioritised activities caused by fire, flood or other incidents; Significant numbers of staff prevented from reaching North Somerset CCG premises, or getting home due to severe weather or transport issues; Major electronic attacks or severe disruption to the IT network, systems and mobile telephony; Terrorist attack or threat affecting transport networks or office locations; Denial of access to key resources, assets, utilities and fuel supply; Theft or criminal damage severely compromising the organisation s physical assets; Significant chemical contamination of the working environment; Serious injury to, or death of, staff whilst in the offices; Illness/epidemic striking the population and affecting a significant number of staff; Outbreak of a serious disease or illness in the working environment; Simultaneous resignation or loss of a number of key staff; Widespread industrial action; Significant fraud, sabotage or other malicious acts; Version Number: 3 Page 8 of 14
9 NS CCG Business Continuity Policy Violent incidents affecting staff. 4.2 Incident Response Structure. The structure for responding to incidents will be detailed in the Business Continuity Plan and will include details of incident analysis, management and recovery. 5 Financial arrangements The finance representative for Business Continuity within the CCG is the Deputy Chief Finance Officer. The funding required to cover any Business Continuity eventualities will be made available from the CCG financial allocation from the Department of Health. A unique cost centre for Emergency Planning exists within the CCG coding structure to record any unexpected costs related to a business continuity issue. The budget allocated against this cost centre will be made available from the CCG financial allocation from the Department of Health. 6 Communications strategy Business continuity awareness will be developed through communications and training. Business Continuity will be discussed at the Senior Management Team meetings. Effective communication is essential at a time of crisis. Communications in relation to an incident will be defined within the BCP. New or variations to legal, regulatory and other business continuity requirements shall be communicated to affected staff and areas. All staff shall be set up with an nhs.net account when they join the CCG which will be used in the event of an incident 7 Exercising, maintaining and reviewing 8.1 The BCP and BIAs will be exercised, reviewed and updated annually and after any actual incident, to determine whether any changes are required to procedures or responsibilities. Version Number: 3.6 Page 9 of 14
10 The EPRR Work Programme details a timetable of exercise and review. 8 Distribution & Implementation 8.1 Distribution Plan This document will be made available to all interested parties including partners, providers and staff via the North Somerset CCG website. 8.2 Implementation plan To implement the CCG business continuity plan or any of the CCGs business continuity impact assessments in the event of an incident staff will require appropriate training. Required levels of training for key staff and appropriate awareness training for all CCG staff will be identified and training will be undertaken. This will improve the organisation s resilience to the effects of incidents and ensure all staff will be able to respond appropriately in the event of an incident. 9 Compliance Monitoring 9.1 Compliance Compliance with this policy and the associated documents and procedures will be monitored by the NHS England through the annual self-assessment assurance process, together with independent reviews. 10 Approval 10.1 The Quality and Assurance Group (QAG) has approved this policy and the business continuity plan and has delegated to the Chief Clinical Officer to sign off any updates/amendments. 11 Associated & reference documentation Version Number: 3 Page 10 of 14
11 NS CCG Business Continuity Policy Associated documents North Somerset CCG Business Continuity Plan Business Impact Assessments Business Continuity Training Schedule and Exercise Programme LHRP Health Community Response plan Severe Weather Plan Fuel Shortage Response Plan Communicable Disease Plan Incident Response Plan Pandemic Flu Framework Reference documents Civil Contingencies Act ISO 22301:2012 Business Continuity Management Systems Requirements. ISO 22313:2012 Business Continuity Management Systems Guidance. ISO / PAS 22399:2007 Guideline for Incident Preparedness and Operational Continuity Management. NHS England Commissioning Board Business Continuity Framework. NHS England Commissioning Board Core Standards for Emergency Preparedness, Resilience and Response (EPRR) NHS England Emergency Preparedness Resilience and Response Framework NHS England Business Continuity Management Toolkit. NHS England Risk Management Policy and Procedure. PAS 2015:2010 Framework for Health Services Resilience. Version Number: 3.6 Page 11 of 14
12 Version Number: 3 Page 12 of 14
13 NHS Commissioning Board Business Continuity Policy Appendix 1 Glossary Board Budget Business Continuity Business Continuity Management (BCM) means the Chair, Executive Members and Non-executive Members of North Somerset CCG collectively as a body. means a resource, expressed in financial terms, proposed by the Board for the purpose of carrying out, for a specific period, any or all of the functions of NHS England. Means capability of the organization to continue delivery of products or services at acceptable predefined levels following a disruptive incident. The overall management system that establishes, implements, operates, monitors, reviews, maintains and improves business continuity. BCM ensures a robust process is in place that identifies potential threats to an organisation and, the potential impacts to business operations from those threats. BCM provides a framework for building organisational resilience that safeguards the interests of its key stakeholders, reputation, brand and value-creating activities. Business Continuity Plan (BCP) The documented procedures that guide organizations to respond, recover, resume, and restore to a pre-defined level of operation following disruption. NOTE Typically this covers resources, services and activities required to ensure the continuity of critical business functions. Business Impact Analysis (BIA) Incident National Director NHS England Prioritised Activities The document that details the analysis of activities and the effect that a business disruption might have upon them. means a situation that might be, or could lead to, a disruption, loss, emergency or crisis. means an Executive Member or other Officer of NHS England who reports directly to the Chief Executive. means NHS Commissioning Board. activities to which priority must be given following an incident in order to mitigate impacts. NOTE Terms in common use to describe activities within this group include: critical, essential, vital, urgent and key. Risk Assessment overall process of risk identification, risk analysis and risk evaluation. Version Number: 3.6 Page 13 of 14
14 Version Number: 3 Page 14 of 14
NHS Gloucestershire Clinical Commissioning Group. Business Continuity Strategy
NHS Gloucestershire Clinical Commissioning Group 1 Document Control Title of Document Gloucestershire CCG Author A Ewens (Emergency Planning and Business Continuity Officer) Review Date February 2017 Classification
More informationPolicy. Business Resilience MB2010.P.119
MB.P.119 Business Resilience Policy This policy been prepared by the Bi-Cameral Business Risk and Resilience Group and endorsed by the Management Boards of both Houses. It is effective from December to
More informationPolicy Title; Business Continuity Management Policy. Date Published/Reviewed; February 2018
Policy Title; Business Continuity Management Policy Date Published/Reviewed; February 2018 Business Lead; Head of Strategic Governance CCMT sponsor; Deputy Chief Constable Thames Valley Police ensures
More informationTo be an active partner, always ready to improve by working with others
Title of Report: Prepared By: Sponsor: Action Required: Statement of Assurance/Readiness Preparedness to Major Incidents Ben Cockerill, Emergency Planning Officer Kevin O Leary, Deputy Director of Operations
More informationBusiness Continuity and Disaster Recovery
Business Continuity and Disaster Recovery Index Section Title 1. Executive Summary 2. Policy Statement 3. Strategy 4. Governance 5. Key Documentation 6. Testing 1 Executive Summary Business Continuity
More informationHow ISO helps organisation to achieve operational readiness Ong Liong Chuan 26 Apr 2016
How ISO 22301 helps organisation to achieve operational readiness Ong Liong Chuan 26 Apr 2016 Copyright SP PowerGrid Ltd Threat Threat 1 Threat 2 Organisation Threat 3 2 Threat - Terrorist actions ST 19Mar16
More informationBirmingham Community Healthcare NHS Foundation Trust. 2017/17 Data Security and Protection Requirements March 2018
1.0 Executive Summary Birmingham Community Healthcare NHS Foundation Trust 2017/17 Data Security and Protection Requirements March 2018 The Trust has received a request from NHS Improvement (NHSI) to self-assess
More informationBusiness Continuity Management: How to get started. Presented by: Tony Drewitt, Managing Director IT Governance Ltd 19 April 2018
Business Continuity Management: How to get started Presented by: Tony Drewitt, Managing Director IT Governance Ltd 19 April 2018 Introduction Tony Drewitt - Managing Director: IT Governance UK and EU One
More informationGlobal Statement of Business Continuity
Business Continuity Management Version 1.0-2017 Date January 25, 2017 Status Author Business Continuity Management (BCM) Table of Contents 1. Credit Suisse Business Continuity Statement 3 2. BCM Program
More informationIntroduction to Business Continuity Management
Introduction to Business Continuity Management Audio Presented by ABD s Occupational Health and Safety Team Featuring The Cross Connection JULY 24, 2018 Speaker Panel ABD Insurance & Financial Services
More informationInformation Security Policy
Information Security Policy Author: Responsible Lead Executive Director: Endorsing Body: Governance or Assurance Committee Alan Ashforth Colin Sloey Implementation Date: September 2010 Version Number:
More informationInformation Security Strategy
Security Strategy Document Owner : Chief Officer Version : 1.1 Date : May 2011 We will on request produce this Strategy, or particular parts of it, in other languages and formats, in order that everyone
More informationFacilities Management and Business Continuity. 10 May 2017
Facilities Management and Business Continuity 10 May 2017 1 Introductions Business Continuity Institute BCI SADC Chapter The Caridon Group 2 The BCI 3 The Caridon Group Consulting Group of select experienced
More informationGMSS Information Governance & Cyber Security Incident Reporting Procedure. February 2017
GMSS Information Governance & Cyber Security Incident Reporting Procedure February 2017 Review Date; April 2018 1 Version Control: VERSION DATE DETAIL D1.0 20/04/2015 First Draft (SC) D 2.0 28/04/2015
More informationTSC Business Continuity & Disaster Recovery Session
TSC Business Continuity & Disaster Recovery Session Mohamed Ashmawy Infrastructure Consulting Pursuit Hewlett-Packard Enterprise Saudi Arabia Mohamed.ashmawy@hpe.com Session Objectives and Outcomes Objectives
More informationBusiness Continuity: How to Keep City Departments in Business after a Disaster
Business Continuity: How to Keep City Departments in Business after a Disaster Shannon Spence, PE Red Oak Consulting, an ARCADIS group Agenda Security, Resilience and All Hazards The Hazards Cycle and
More informationDirector, Major Projects and Resilience. To: Planning and Performance Committee 6 November 2014
Item Number: B1 By: Director, Major Projects and Resilience To: Planning and Performance Committee 6 November 2014 Subject: Classification: KENT RESILIENCE TEAM Unrestricted FOR DECISION SUMMARY This report
More informationINFORMATION SECURITY AND RISK POLICY
INFORMATION SECURITY AND RISK POLICY 1 of 12 POLICY REFERENCE INFORMATION SHEET Document Title Document Reference Number Information Security and Risk Policy P/096/CO/03/11 Version Number V02.00 Status:
More informationCyber Security Strategy
Cyber Security Strategy Committee for Home Affairs Introduction Cyber security describes the technology, processes and safeguards that are used to protect our networks, computers, programs and data from
More informationRisk Management. Continuity Management
Risk Management vs Continuity Management Marie Hélène Primeau, CA, MBCI President Premier Continuum DRJ Fall World September 12, 2011 Marie-Hélène Primeau, CA, MBCI Chartered Accountant and Member of the
More informationThe Metropolitan Police Service Approach to Corporate Resiliency
The Metropolitan Police Service Approach to Corporate Resiliency Chief Inspector Tim Marjason Metropolitan Police Service Emergency Preparedness OCU CO3 - Central Operations New Scotland Yard, London Central
More informationIntroduction to Business continuity Planning
Week - 06 Introduction to Business continuity Planning 1 Introduction The purpose of this lecture is to give an overview of what is Business Continuity Planning and provide some guidance and resources
More informationBCM s Role in Effective Risk Management: A Risk Manager s Point of View
BCM s Role in Effective Risk Management: A Risk Manager s Point of View Date: March 24, 2015 Presenter: Randall Davis, MBA, IBD, CPCU, ERM, ARM, ARM E, ABCP Agenda for this session Explore the case for
More informationSecurity Director - VisionFund International
Security Director - VisionFund International Location: [Europe & the Middle East] [United Kingdom] Category: Security Job Type: Open-ended, Full-time *Preferred location: United Kingdom/Eastern Time Zone
More informationInformation Governance Incident Reporting Policy
Information Governance Incident Reporting Policy Version: 4.0 Ratified by: NHS Bury Clinical Commissioning Group Information Governance Operational Group Date ratified: 29 th November 2017 Name of originator
More informationNumber: USF System Emergency Management Responsible Office: Administrative Services
POLICY USF System USF USFSP USFSM Number: 6-010 Title: USF System Emergency Management Responsible Office: Administrative Services Date of Origin: 2-7-12 Date Last Amended: 8-24-16 (technical) Date Last
More informationInformation Governance Incident Reporting Procedure
Information Governance Incident Reporting Procedure : 3.0 Ratified by: NHS Bury CCG Quality and Risk Committee Date ratified: 15 th February 2016 Name of originator /author (s): Responsible Committee /
More informationBuilding resilience. Delivering assurance.
Building resilience. Delivering assurance. Strengthening and improving the way organisations operate, creating robust and resilient cultures. 01 02 RiskLogic Building resilience. Delivering assurance.
More informationExam contingency plan 2017/18
Exam contingency plan 2017/18 This plan is reviewed annually to ensure compliance with current regulations Approved/reviewed by Date of next review Key staff involved in contingency planning Role Head
More informationPrinciples for BCM requirements for the Dutch financial sector and its providers.
Principles for BCM requirements for the Dutch financial sector and its providers. Platform Business Continuity Vitale Infrastructuur Financiële sector (BC VIF) Werkgroep BCM requirements 21 September 2011
More informationImplementing a Global Business
GLOBAL OPERATIONS Implementing a Global Business Continuity Management Program Disaster Recovery Journal Spring World 2010 Conference Pfizer Inc. Managing Business Continuity on a Global Scale This presentation
More informationBOARD OF DIRECTORS (OPEN) Meeting Date: 14 th November 2018
BORD OF DIRECTORS (OPEN) Meeting Date: 14 th November 2018 Open BoD 14.11.18 Item 14 TITLE OF PPER TO BE PRESENTED BY CTION REQUIRED Senior Information Risk Owner (SIRO) nnual Report Phillip Easthope,
More informationCCS NHS Trust EPRR Core Standards Work Plan & Schedule (attached below).
QUALITY IMPROVEMENT AND SAFETY COMMITTEE Title: EPRR CORE STANDARDS ASSURANCE 2018-2019 Action: FOR NOTING Meeting: 29 August 2018 Purpose: The Emergency Preparedness Resilience and Response (EPRR) Core
More informationGUIDANCE NOTE ON CYBERSECURITY
GUIDANCE NOTE ON CYBERSECURITY AUGUST 2017 GUIDANCE NOTE ON CYBERSECURITY PART I Preliminary 1.1 Title 1.2 Authorization 1.3 Application 1.4 Definitions PART II Statement of Policy 2.1 Purpose 2.2 Scope
More informationCanada Life Cyber Security Statement 2018
Canada Life Cyber Security Statement 2018 Governance Canada Life has implemented an Information Security framework which supports standards designed to establish a system of internal controls and accountability
More informationInformation Security Incident
Good Practice Guide Author: A Heathcote Date: 22/05/2017 Version: 1.0 Copyright 2017 Health and Social Care Information Centre. The Health and Social Care Information Centre is a non-departmental body
More informationBuilding a BC/DR Control Library and Regulatory Response Program
Building a BC/DR Control Library and Regulatory Response Program David Garland, Senior Director, Disaster Recovery & Regulatory Compliance, Business Continuity Management CME Group Regulatory Compliance
More informationExternal Supplier Control Obligations. Cyber Security
External Supplier Control Obligations Cyber Security Control Title Control Description Why this is important 1. Cyber Security Governance The Supplier must have cyber risk governance processes in place
More informationSecurity Guideline for the Electricity Sector: Business Processes and Operations Continuity
Security Guideline for the Electricity Sector: Business Processes and Operations Continuity Preamble: It is in the public interest for NERC to develop guidelines that are useful for improving the reliability
More informationInformation Security Controls Policy
Information Security Controls Policy Classification: Policy Version Number: 1-00 Status: Published Approved by (Board): University Leadership Team Approval Date: 30 January 2018 Effective from: 30 January
More informationTHE LINK BETWEEN ENTERPRISE RISK MANAGEMENT AND DISASTER MANAGEMENT
THE LINK BETWEEN ENTERPRISE RISK MANAGEMENT AND DISASTER MANAGEMENT International Recovery Forum 2014 ~ The Role of Private Sector in Disaster Recovery ~ 21 January 2014 Kobe, Japan Dr Janet L. Asherson
More informationINTERNAL AUDIT DIVISION REPORT 2017/138
INTERNAL AUDIT DIVISION REPORT 2017/138 Audit of business continuity in the United Nations Organization Stabilization Mission in the Democratic Republic of the Congo There was a need to implement the business
More informationBusiness Continuity Management Program Overview
Business Continuity Management Program Overview Improving the lives of our customers by connecting them to the power of the digital world CenturyLink Key Objective CenturyLink may modify or terminate this
More information7 th BICSI Southeast Asia Conference 2009 Building the Next Generation Broadband Network
7 th BICSI Southeast Asia Conference 2009 Building the Next Generation Broadband Network Business Impact Analysis A Regional Perspective Presented by Lim Sek Seong Vice President Sek_Seong@BCM-Institute.org
More informationTARGET2-SECURITIES INFORMATION SECURITY REQUIREMENTS
Target2-Securities Project Team TARGET2-SECURITIES INFORMATION SECURITY REQUIREMENTS Reference: T2S-07-0270 Date: 09 October 2007 Version: 0.1 Status: Draft Target2-Securities - User s TABLE OF CONTENTS
More informationIncident Response. Tony Drewitt Head of Consultancy IT Governance Ltd
Incident Response Tony Drewitt Head of Consultancy IT Governance Ltd www.itgovernance.co.uk IT Governance Ltd: GRC One-Stop-Shop Thought Leaders Specialist publisher Implementation toolkits ATO Consultants
More informationEmergency Preparedness, Resilience and Response Quarter 1&2 Report: April - September 2014
Preparedness Resilience and Response Quarterly Report Q1&Q2 Preparedness, Resilience and Response Quarter 1&2 Report: il - September 2014 1. Introduction The NHS needs to be able to plan for, and respond
More informationINFORMATION AND COMMUNICATIONS TECHNOLOGY (ICT) DISASTER RECOVERY POLICY AND PROCEDURES
INFORMATION AND COMMUNICATIONS TECHNOLOGY (ICT) DISASTER RECOVERY POLICY AND PROCEDURES Document Control Panel File Reference Number File Name Owner Approver ICT Disaster Recovery-PP-01 ICT Disaster Recovery
More informationSTAFF REPORT. January 26, Audit Committee. Information Security Framework. Purpose:
STAFF REPORT January 26, 2001 To: From: Subject: Audit Committee City Auditor Information Security Framework Purpose: To review the adequacy of the Information Security Framework governing the security
More informationBUSINESS CONTINUITY MANAGEMENT PROGRAM OVERVIEW
BUSINESS CONTINUITY MANAGEMENT PROGRAM OVERVIEW EXECUTIVE SUMMARY CenturyLink is committed to ensuring business resiliency and survivability during an incident or business disruption. Our Corporate Business
More informationPOSITION DESCRIPTION
UNCLASSIFIED IT Security Certification Assessor POSITION DESCRIPTION Unit, Directorate: Location: IT & Physical Security, Protective Security Wellington Salary range: H $77,711 - $116,567 Purpose of position:
More informationApex Information Security Policy
Apex Information Security Policy Table of Contents Sr.No Contents Page No 1. Objective 4 2. Policy 4 3. Scope 4 4. Approval Authority 5 5. Purpose 5 6. General Guidelines 7 7. Sub policies exist for 8
More informationSecurity and Privacy Governance Program Guidelines
Security and Privacy Governance Program Guidelines Effective Security and Privacy Programs start with attention to Governance. Governance refers to the roles and responsibilities that are established by
More informationINFORMATION TECHNOLOGY ( IT ) GOVERNANCE FRAMEWORK
INFORMATION TECHNOLOGY ( IT ) GOVERNANCE FRAMEWORK 1. INTRODUCTION The Board of Directors of the Bidvest Group Limited ( the Company ) acknowledges the need for an IT Governance Framework as recommended
More informationBUSINESS CONTINUITY MANAGEMENT. A short guide 2017
BUSINESS CONTINUITY MANAGEMENT A short guide 2017 Acknowledgements Business Continuity Institute Founded in 1994, the BCI defined a set of practices for individuals to be able to demonstrate their individual
More informationBusiness continuity management and cyber resiliency
Baker Tilly refers to Baker Tilly Virchow Krause, LLP, an independently owned and managed member of Baker Tilly International. Business continuity management and cyber resiliency Introductions Eric Wunderlich,
More informationINTERNAL AUDIT DIVISION REPORT 2017/151. Audit of business continuity in the United Nations Interim Force in Lebanon
INTERNAL AUDIT DIVISION REPORT 2017/151 Audit of business continuity in the United Nations Interim Force in Lebanon The Mission needed to develop and implement a mission-wide business continuity plan,
More informationData Encryption Policy
Data Encryption Policy Document Control Sheet Q Pulse Reference Number Version Number Document Author Lead Executive Director Sponsor Ratifying Committee POL-F-IMT-2 V02 Information Governance Manager
More informationPublic Safety Canada. Audit of the Business Continuity Planning Program
Public Safety Canada Audit of the Business Continuity Planning Program October 2016 Her Majesty the Queen in Right of Canada, 2016 Cat: PS4-208/2016E-PDF ISBN: 978-0-660-06766-7 This material may be freely
More informationLeveraging ITIL to improve Business Continuity and Availability. itsmf Conference 2009
Leveraging ITIL to improve Business Continuity and Availability Samuel Lo MBA, MSc, CDCP, PMP, CISSP, CISA Data Centre Services Manager COL Limited Strictly Business itsmf Conference 2009 25 February 2009
More informationManchester Metropolitan University Information Security Strategy
Manchester Metropolitan University Information Security Strategy 2017-2019 Document Information Document owner Tom Stoddart, Information Security Manager Version: 1.0 Release Date: 01/02/2017 Change History
More informationTURNING STRATEGIES INTO ACTION DISASTER MANAGEMENT BUREAU STRATEGIC PLAN
DISASTER MANAGEMENT BUREAU STRATEGIC PLAN 2005-2006 PREFACE Historical statistics would suggest that Bangladesh is one of the most disaster prone countries in the world with the greatest negative consequences
More information01.0 Policy Responsibilities and Oversight
Number 1.0 Policy Owner Information Security and Technology Policy Policy Responsibility & Oversight Effective 01/01/2014 Last Revision 12/30/2013 Department of Innovation and Technology 1. Policy Responsibilities
More informationTable of Contents. Sample
TABLE OF CONTENTS... 1 CHAPTER 1 INTRODUCTION... 4 1.1 GOALS AND OBJECTIVES... 5 1.2 REQUIRED REVIEW... 5 1.3 APPLICABILITY... 5 1.4 ROLES AND RESPONSIBILITIES SENIOR MANAGEMENT AND BOARD OF DIRECTORS...
More informationUniversity of Sunderland Business Assurance PCI Security Policy
University of Sunderland Business Assurance PCI Security Policy Document Classification: Public Policy Reference Central Register IG008 Policy Reference Faculty / Service IG 008 Policy Owner Interim Director
More informationGuidelines. on the security measures for operational and security risks of payment services under Directive (EU) 2015/2366 (PSD2) EBA/GL/2017/17
GUIDELINES ON SECURITY MEASURES FOR OPERATIONAL AND SECURITY RISKS UNDER EBA/GL/2017/17 12/01/2018 Guidelines on the security measures for operational and security risks of payment services under Directive
More informationAndrew Durant/Ellen Sullivan
AGENDA ITEM: 3.5 INFORMATION MANAGEMENT, TECHNOLOGY AND GOVERNANCE COMMITTEE DATE OF MEETING: 2 OCTOBER 2018 Subject : Approved and Presented by: Prepared by: Other Committees and meetings considered at:
More informationInfocomm Professional Development Forum 2011
Infocomm Professional Development Forum 2011 1 Agenda Brief Introduction to CITBCM Certification Business & Technology Impact Analysis (BTIA) Workshop 2 Integrated end-to-end approach in increasing resilience
More informationBuild a viable plan for disaster recovery and crisis management.
Disaster recovery and crisis management solutions To support your IT objectives Build a viable plan for disaster recovery and crisis management. Highlights Build a plan to help respond to and recover from
More informationISO Business Continuity Management System
ISO 22301 Business Continuity Management System Ensure continuity of critical business functions in the event of disruptions White paper Abstract This white paper provides an overview of ISO 22301, and
More informationCybersecurity for Health Care Providers
Cybersecurity for Health Care Providers Montgomery County Medical Society Provider Meeting February 28, 2017 T h e MARYLAND HEALTH CARE COMMISSION Overview Cybersecurity defined Cyber-Threats Today Impact
More informationPreparing your C-Suite for a Cyber Crisis
Preparing your C-Suite for a Cyber Crisis Andrew Sheves Regester Larkin Orlando, September 12, 2016 3 Introduction Aim and objectives 4 Aim:» To help your business reduce its exposure to strategic cyber
More informationMANUAL OF UNIVERSITY POLICIES PROCEDURES AND GUIDELINES. Applies to: faculty staff students student employees visitors contractors
Page 1 of 6 Applies to: faculty staff students student employees visitors contractors Effective Date of This Revision: June 1, 2018 Contact for More Information: HIPAA Privacy Officer Board Policy Administrative
More informationIan Speller CISM PCIP MBCS. Head of Corporate Security at Sopra Steria
Ian Speller CISM PCIP MBCS Head of Corporate Security at Sopra Steria Information Risk in the Real World Realistic security management on a tight budget Or some things I have done to make the security
More informationWhen Recognition Matters WHITEPAPER ISO SUPPLY CHAIN SECURITY MANAGEMENT SYSTEMS.
When Recognition Matters WHITEPAPER ISO 28000 SUPPLY CHAIN SECURITY MANAGEMENT SYSTEMS www.pecb.com CONTENT 3 4 4 4 4 5 6 6 7 7 7 8 9 10 11 12 Introduction An overview of ISO 28000:2007 Key clauses of
More informationSAMPLE REPORT. Business Continuity Gap Analysis Report. Prepared for XYZ Business by CSC Business Continuity Services Date: xx/xx/xxxx
SAMPLE REPORT Business Continuity Gap Analysis Report Prepared for XYZ Business by CSC Business Continuity Services Date: xx/xx/xxxx COMMERCIAL-IN-CONFIDENCE PAGE 1 OF 11 Contact Details CSC Contacts CSC
More informationResilience in London
Resilience in London A Resilient City The ability of London to detect, prevent and if necessary to withstand, handle and recover from disruptive challenges Objectives London- complexity and risk London
More informationDriving Global Resilience
Driving Global Resilience Steve Mellish FBCI Chairman, The Business Continuity Institute Monday December 2nd, 2013 Business & IT Resilience Summit New Delhi, India Chairman of the Business Continuity Institute
More informationCYBER INCIDENT REPORTING GUIDANCE. Industry Reporting Arrangements for Incident Response
CYBER INCIDENT REPORTING GUIDANCE Industry Reporting Arrangements for Incident Response DfT Cyber Security Team CYBER@DFT.GSI.GOV.UK Introduction The Department for Transport (DfT) has produced this cyber
More informationEQUINIX BUSINESS CONTINUITY ADVANCED SERVICES KEEP YOUR BUSINESS UP AND RUNNING
EQUINIX BUSINESS CONTINUITY ADVANCED SERVICES KEEP YOUR BUSINESS UP AND RUNNING BUSINESS CONTINUITY EQUINIX BUSINESS CONTINUITY ADVANCED SERVICES The key to every successful Business Continuity Solution
More informationTemplate. IT Disaster Recovery Planning: A Template
Template IT Disaster Recovery Planning: A Template When disaster strikes, business suffers. A goal of business planning is to mitigate disruption of product and services delivery to the greatest degree
More informationDISASTER RECOVERY PRIMER
DISASTER RECOVERY PRIMER 1 Site Faliure Occurs Power Faliure / Virus Outbreak / ISP / Ransomware / Multiple Servers Sample Disaster Recovery Process Site Faliure Data Centre 1: Primary Data Centre Data
More informationVirginia State University Policies Manual. Title: Information Security Program Policy: 6110
Purpose Virginia State University (VSU) uses information to perform the business services and functions necessary to fulfill its mission. VSU information is contained in many different mediums including
More informationInformation Security Controls Policy
Information Security Controls Policy Version 1 Version: 1 Dated: 21 May 2018 Document Owner: Head of IT Security and Compliance Document History and Reviews Version Date Revision Author Summary of Changes
More information112 th Annual Conference May 6-9, 2018 St. Louis, Missouri
8:30 10:30 May 6, 2018 Room 240 Complex 112 th Annual Conference May 6-9, 2018 St. Louis, Missouri Moderator/Speakers: Kevin Wachtel Finance Director/Treasurer, Villa Park, IL Alex Brown Senior Manager,
More informationPractitioner Certificate in Business Continuity Management (PCBCM) Course Description. 10 th December, 2015 Version 2.0
Practitioner Certificate in Business Continuity Management (PCBCM) Course Description 10 th December, 2015 Version 2.0 Course The Practitioner Certificate in Business Continuity Management (PCBCM) course
More informationContinuity of Business
White Paper Continuity of Business SAS Continuity of Business initiative reflects our commitment to our employees, to our customers, and to all of the stakeholders in our global business community to be
More informationUnit 3 Cyber security
2016 Suite Cambridge TECHNICALS LEVEL 3 IT Unit 3 Cyber security Y/507/5001 Guided learning hours: 60 Version 3 - revised September 2016 ocr.org.uk/it LEVEL 3 UNIT 3: Cyber security Y/507/5001 Guided learning
More informationRisk Management in Electronic Banking: Concepts and Best Practices
Risk Management in Electronic Banking: Concepts and Best Practices Jayaram Kondabagil BICENTENNIAL B1CBNTENNIAL John Wiley & Sons (Asia) Pte Ltd. Contents List of Figures xiii List of Tables xv Preface
More informationChecklist: Credit Union Information Security and Privacy Policies
Checklist: Credit Union Information Security and Privacy Policies Acceptable Use Access Control and Password Management Background Check Backup and Recovery Bank Secrecy Act/Anti-Money Laundering/OFAC
More informationBT Business Continuity Quick Start Service
BT Business Continuity Quick Start Service Business continuity management, service availability and the ongoing assessment of business risk are essential activities for organisations. The BT Business Continuity
More informationINFORMATION SECURITY. One line heading. > One line subheading. A briefing on the information security controls at Computershare
INFORMATION SECURITY A briefing on the information security controls at Computershare One line heading > One line subheading INTRODUCTION Information is critical to all of our clients and is therefore
More informationOperational Risk Management: Major Processes and Assignments
Operational Risk Management: Major Processes and Assignments Gabriel Andrade Deputy-Head of the Risk Management Department 19 September 2017 Cambridge Agenda 1. ORM Framework Operational Risk Operational
More informationInformation backup - diagnostic review Abertawe Bro Morgannwg University Health Board. Issued: September 2013 Document reference: 495A2013
Information backup - diagnostic review Abertawe Bro Morgannwg University Health Board Issued: September 2013 Document reference: 495A2013 Status of report This document has been prepared for the internal
More informationBCM Program Development
BCM Program Development Course Description: The BCM Program Development course provides you with knowledge to develop an auditable and actionable business continuity program for your organization. This
More informationAppendix 3 Disaster Recovery Plan
Appendix 3 Disaster Recovery Plan DRAFT March 5, 2007 Revision XX Qwest Government Services, Inc. 4250 North Fairfax Drive Arlington, VA 22203 A3-i RFP: TQC-JTB-05-0002 March 5, 2007 REVISION HISTORY Revision
More informationNATIONAL CAPITAL REGION HOMELAND SECURITY STRATEGIC PLAN SEPTEMBER 2010 WASHINGTON, DC
NATIONAL CAPITAL REGION HOMELAND SECURITY STRATEGIC PLAN SEPTEMBER 2010 WASHINGTON, DC Draft Version incorporating Management Review [MR] Edits and Comments Document Date: July 2013 Goal One: Ensure Interoperable
More informationWhy you should adopt the NIST Cybersecurity Framework
Why you should adopt the NIST Cybersecurity Framework It s important to note that the Framework casts the discussion of cybersecurity in the vocabulary of risk management Stating it in terms Executive
More informationThe Key Principles of Cyber Security for Connected and Automated Vehicles. Government
The Key Principles of Cyber Security for Connected and Automated Vehicles Government Contents Intelligent Transport System (ITS) & Connected and Automated Vehicle (CAV) System Security Principles: 1. Organisational
More informationSFC strengthens internet trading regulatory controls
SFC strengthens internet trading regulatory controls November 2017 Internet trading What needs to be done now? For many investors, online and mobile internet trading is now an everyday interaction with
More information