BUSINESS CONTINUITY TOOLKIT

Similar documents
Below are a few questions you should be asking when planning your communication strategy for potential employee threats:

Guidance for IT staff on priorities to be used when logging incidents.

Candidate Exam Briefing

Walmart Resiliency NCEM ECU Hurricane Conference May 2016

St Gregory the Great Catholic School

Emergency Management BCERMS Orientation

Emergency Support Function #12 Energy Annex. ESF Coordinator: Support Agencies:

Contents. Back to Contents

iseries Failover 5/28/2010 Revised 6/10/2010

EX0-101_ITIL V3. Number: Passing Score: 800 Time Limit: 120 min File Version: 1.0. Exin EX0-101

Data Handling Security Policy

INFORMATION SECURITY- DISASTER RECOVERY

Business Continuity Policy

BCP At Bangkok Bank, Thailand

Overview. Network Fault Restoration v

EPRO. Electric Infrastructure Protection Initiative EPRO BLACK SKY SYSTEMS ENGINEERING PROCESS

2 ESF 2 Communications

Manager, Infrastructure Services. Position Number Community Division/Region Yellowknife Technology Service Centre

SECTION 9 POLICY AND PROCEDURES

Information and Rules for Candidates taking IFE Examinations in March 2019

Transport Exchange Group Ltd Complaints procedure 2018

Introduction to Business continuity Planning

MHCC Emergency Notification System (ENS) Protocols

Making a Family Emergency Communications Plan

ESSENTIAL, QUALITY IT SUPPORT FOR SMALL AND MEDIUM BUSINESSES

Business Continuity and Disaster Recovery

STRATEGY ATIONAL. National Strategy. for Critical Infrastructure. Government

Energy Assurance Energy Assurance and Interdependency Workshop Fairmont Hotel, Washington D.C. December 2 3, 2013

How Agility Enhances Your Business Continuity Plan

Gigamon Service Offering Overview

Information Technology Access Control Policy & Procedure

PROTECT YOUR DATA FROM MALWARE AND ENSURE BUSINESS CONTINUITY ON THE CLOUD WITH NAVLINK MANAGED AMAZON WEB SERVICES MANAGED AWS

HAMILTON COUNTY EMERGENCY OPERATIONS PLAN ANNEX L - EMERGENCY SUPPORT FUNCTION #12 ENERGY

STAUNING Credit Application Internet Sales Process with /Voic Templates to Non-Responsive Prospects 2018 Edition

OUR CUSTOMER TERMS CLOUD SERVICES SEARCH ENGINE OPTIMISATION MANAGED SERVICES

Regional Resilience: Prerequisite for Defense Industry Base Resilience

Disaster Planning and Business Continuity

Configuration Management Databases (CMDBs) and Configuration Management System (CMS) are both elements of what larger entity?

ON SCHEDULE TERMS AND CONDITIONS (September 23rd 2018)

Business continuity management and cyber resiliency

Bring Your Own Device (BYOD)

Emergency Management Update. June 2018

Cyber security tips and self-assessment for business

MassMutual Business Continuity Disclosure Statement

RM & CWU: February 2017_Final

THE LINK BETWEEN ENTERPRISE RISK MANAGEMENT AND DISASTER MANAGEMENT

BEST SECURITY PRACTICES FOR PROTECTING SURFACE TRANSPORTATION AGAINST TERRORISM AND SERIOUS CRIME. Brian Michael Jenkins Research Associate

CYBER INCIDENT REPORTING GUIDANCE. Industry Reporting Arrangements for Incident Response

SAFECOM SECUREWEB - CUSTOM PRODUCT SPECIFICATION 1. INTRODUCTION 2. SERVICE DEFINITION. 2.1 Service Overview. 2.2 Standard Service Features APPENDIX 2

CONDITIONS OF ENROLMENT FOR CAMBRIDGE ENGLISH EXAMINATIONS. Payment of exam registration fees

Alternative Fuel Vehicles in State Energy Assurance Planning

Web Hosting: Mason Home Page Server (Jiju) Service Level Agreement 2012

BUSINESS DISASTER & TERRORISM PREPAREDNESS

Emergency Response for Demand Response Transportation Systems

BCS Professional Certification BCS Professional Certification Guidelines for Candidates Remote Proctor Guidelines for Candidates August 2016 January

Local Government Disaster Planning and what can be learned from it.

Directive on security of network and information systems (NIS): State of Play

INFORMATION AND COMMUNICATIONS TECHNOLOGY (ICT) DISASTER RECOVERY POLICY AND PROCEDURES

Industry Competency Examination Proctor Guide

Customer Support Procedures Sage X3 North America

Getting Results from Regional Traffic Incident Management Teams

The UNEX survey: Panellist instructions Panellist instructions

Double Your Affiliate Commissions with this VERY Simple Strategy

Masada College Student Bring Your Own Device (BYOD) Policy Guidelines Years 7-12

10 FOCUS AREAS FOR BREACH PREVENTION

IT Services.

Memorandum APPENDIX 2. April 3, Audit Committee

Policing Great Britain s Rail Network B Division: TfL

Disaster Recovery and Business Continuity Planning (Mile2)

The Age of Heightened Security

Information and Rules for Candidates taking IFE Examinations in October 2018

CANVAS DISASTER RECOVERY PLAN AND PROCEDURES

Your Smart energy display. See your energy use in pounds and pence

Fighting Hunger Worldwide. WFP Field Security Keeping you safe & secure

Our Bethel, Connecticut facility is on-line and functioning normally. We experienced no infrastructure damage due to the storm.

Security Awareness Training Courses

Information for Local Resilience Partners and Emergency Responders

Senior Manager Information Technology (India) Duration of job

Automating IT Asset Visualisation

Audit & Advisory Services. IT Disaster Recovery Audit 2015 Report Date January 28, 2015

I VE BEEN INFECTED! Ellen Freedman, CLM 2016 Freedman Consulting, Inc.


Implementing a Global Business

About Issues in Building the National Strategy for Cybersecurity in Vietnam

Continuity of Business

EMS Managing Availability 24/7

Global Crisis Management at Target

Prepare your Emergency respons, continuity plan, recovery plan

BUSINESS CONTINUITY. Topics covered in this checklist include: General Planning

Public Safety Canada. Audit of the Business Continuity Planning Program

Unit 2 Essentials of cyber security

People Assets Reputation

In this policy, whenever you see the words we, us, our, it refers to Ashby Concert Band Registered Charity Number

BUSINESS CONTINUITY MANAGEMENT PROGRAM OVERVIEW

Request for Proposal Technology Services, Maintenance and Support

Configuring Twitter for a More Secure Social Networking Experience

Asset Bank - Shared Hosting. Service Description

Chapter 18 SaskPower Managing the Risk of Cyber Incidents 1.0 MAIN POINTS

Facilities Management and Business Continuity. 10 May 2017

Participant Tips ORB 2.0

Transcription:

BUSINESS CONTINUITY TOOLKIT 8. BUSINESS CONTINUITY EXERCISES SAMPLE SCENARIOS Page 1 of 9

1 LOSS OF WORKPLACE BUILDING DEFECT A structural defect has been found in your building. BBC Workplace advise that the issue is significant and must be rectified. In 6 weeks, the entire building must be powered down and emptied of people. After that there will be no re-entry to the building for between 3-6 weeks. Your Divisional Director has called an emergency meeting for your Divisional Incident Management Team and their Business Continuity Planholders. He wants to know what the plan is for your area. What are your critical activities that must continue during this time What activities can be kept on hold Where you intend to work from while the building is unavailable What resources you need to be able to carry on working (e.g. technology, people, space, etc.) How you will communicate Page 2 of 9

2 LOSS OF WORKPLACE FIRE At home at 7am this morning you heard the news reporting that a BBC building was on fire and that it was being reported as arson. You established that the building was your building, and the fire started in the early hours of this morning. There is fire damage in some areas and smoke and water damage in others. Your area is known to be affected, but you will not find out until later today how badly it is affected. At 7.30am the Silver Lead (Business Continuity and Disaster Recovery Team rep) for your area contacts the relevant heads of department. He advises that your building is closed today and that your business continuity plans should be activated. He says the best information at present is that the entire building will be out for at least 3 days, and some areas will take between 2 and 6 weeks to restore. How could you have established which building was on fire? How will your teams/colleagues be contacted and what is the message that they will be given? What critical activities must you continue despite any disruption to business as usual. Might this have any impact on services to BBC audiences? Are there any important work items still inside the building? What is the plan for this week What is the plan for the next few weeks? Page 3 of 9

3 LOSS OF INFRASTRUCTURE NETWORK FAILURE Around 11.00 this morning your team noticed that the IT network wasn t available. There were no connections to the servers, no access to email exchange servers and no VOIP telephones were functioning. It quickly became clear this was a BBC-wide network failure. Via your Silver rep (Business Continuity and Disaster Recovery Team rep), you learn that there is a very serious issue. You are told that the problem is going to take several days to resolve. Critical areas will be restored first. This may be achieved in 3-4 days. Other areas may take up to 2 weeks to restore. Please confirm what your priorities are. Your Divisional Director wants to know what the plan is for the next 3-14 days. What are your critical activities that must continue during this time Are there any workarounds so that you can continue these activities? What activities you would like permission to stop until the IT is restored Agreement on which areas have to go on the critical list to be restored within 3 days Headline plan on how your area will manage over the next 3-14 days How will you communicate What will you tell your teams? Other headline issues to be considered Page 4 of 9

4 LOSS OF WEBMAIL PHISHING ATTACK Some users in your department have noticed the same suspicious email in their inboxes. There is a link in the email which some users have clicked on which takes them to the BBC Webmail logon page. When they enter their logon details in this page it does not take them to their email inbox. You have just been informed from BBC Information Security that the BBC is the target of an email phishing attack. The email that your users have seen has been identified as the phishing email. A group calling itself the Syrian Electronic Army has subsequently taken over some BBC Twitter accounts. They are posting messages on Twitter boasting that they have taken over these accounts. It is suspected that the phishing email is the tool that they used to gain access to the Twitter accounts and that they now may have the bbc logon account details and passwords of any users that have clicked on the attachment and entered their logon details in the fake BBC Webmail logon page. The advice from Info Sec is not to click on any attachments or links within emails and to raise a call with the ATOS service desk if you have received an email with the link which takes you to the BBC Webmail logon page. Page 5 of 9

The BBC Webmail service has been taken down as a precaution. This means that only users who have a BBC Remote Access Token can logon to the BBC network from outside the BBC. How does this impact your ability to continue critical business which activities are affected? Might this have any impact on services to BBC audiences? How will you communicate? Are there any other workaround options available to you? 5 LOSS OF PEOPLE ADVERSE WEATHER It s 10am on a Monday morning. It s been raining very hard in the UK since yesterday afternoon and the Met Office says that it s set to continue for the next few days. Public transport is suffering, visibility is low and roads are hazardous. National and local news bulletins have just started saying that the official advice is now that people should not travel unless it s absolutely necessary. Across your Division, and indeed the BBC and its Service Partners, 50% of expected staff are at work as usual. You have little or no information on the other 50%. You have just been told the following: (1) A train has caught fire in a tunnel near your building. Breaking news coverage is suggesting that fatalities are inevitable. Roads around the area are also closed so traffic is at a standstill. There is a high probability that some BBC staff are on the trains, so every Division has been instructed to account for the safety of all staff. Your team is already reporting getting a lot of calls from worried family and friends and asking you how they should respond. (2) Your building has experienced two power dips in the past half an hour, each time just for a couple of minutes. You are told that there are serious concerns about maintaining mains power in the area. National Grid is advising the BBC to be ready to deal with a loss of mains at any time today, and possibly for a prolonged period. Every Division has been asked to report possible impacts on critical business and output today, considering where you do and do not have back up power. Page 6 of 9

How will you account for the safety of your staff? How and what will you communicate? What HR support is available to you? How would the absence of up to 50% of your staff impact your ability to do critical business? Might this have any impact on services to BBC audiences? What demands do your continuity arrangements place on remote access to technology services? Page 7 of 9

6 LOSS OF PEOPLE PANDEMIC Over a couple of months, despite serious precautions such as border closures, a pandemic swept through Asia and mainland Europe. It s now hit the UK and North America. The first wave is expected to last about 12 weeks. The Government has asked for things to continue as normal as far as is possible. Schools are only closing where there are too few teaching staff available to cope, and this is in the minority. However, non-essential major public gatherings such as concerts and sporting events have been told events can only go ahead without audiences. The DG has asked that the BBC follows the Government guidelines and continues to operate as normally as possible. The BBC Pandemic Plan has been activated centrally: increased cleaning is visible across the estate and bacterial wipes are available for wiping down hot-desks and so on. Only 60% of your staff expected at work today are here. 15% have called in sick; 25% say they are taking care of someone who is sick. A couple more have told you they are too scared to use public transport and sit in an office with other people. Lots of people are at home watching television during the daytime and in the evenings so viewing figures are extremely high. All sports fixtures are continuing. Concerts are also going ahead without audiences and the BBC is planning to broadcast as many as possible across the various channels. What are your key concerns and priorities? What is the impact of losing 40% of your staff? What activities can continue and what will stop? Are there any key individuals for whom there are not sufficient alternates if you lose them temporarily or permanently? How and what would you communicate? Is it possible for your staff to work from home effectively over a sustained period? Page 8 of 9

7 CHOOSE YOUR OWN? Participants should come up with their own scenario to discuss. The scenario be anything that reasonably requires a significant response by/within your business area or Division Please consider what you think the response should be to this incident Ideas: Loss of supplier No access to office Loss of IT Not enough people Loss of expertise Flu pandemic No transport Terrorism Participants should consider the following How would the incident affect your ability to do business as usual? What work do you need to continue? Are there any workarounds? What are your key concerns and priorities? Who would manage the incident? What and how would you communicate? Do your plans help you? Page 9 of 9

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback