Background
23
Page 1 of 23
description
Transcript of Background
Page 1 of 17
Wiltshire Fire & Rescue Service
Business Continuity Policy
If found please return to
Corporate Risk ManagerWiltshire Fire & Rescue Service Headquarters,Manor House, Potterne,Devizes,Wiltshire, SN10 5PP
Document ControlVersion Date Editor Comments
1.0 DRAFT for Comment, Circulated to Management Board and Local Resilience Forum Members
1.1 14-06-06 S Carpenter Endorsed by Management Board
1.2 14-07-06 S Carpenter Minor Amendments to text
1.3 03-04-07 D Nixon Minor Amendments to text
Page 2 of 17
Wiltshire Fire & Rescue Service.......................................................................1Wiltshire Fire & Rescue Service.......................................................................2Business Continuity Policy...............................................................................2Foreword from the Chief Fire Officer................................................................4Background......................................................................................................5
Purpose........................................................................................................5Scope...........................................................................................................5Assumptions.................................................................................................6Ownership.....................................................................................................6
Roles, accountabilities and responsibilities......................................................7Corporate Risk & Performance Manager......................................................8
Governance......................................................................................................9Meetings.......................................................................................................9Sign Off.........................................................................................................9Key Performance Indicators.........................................................................9Monitoring and Evaluation..........................................................................10
Policy..............................................................................................................10Aim.................................................................................................................10
Overview of Activities..................................................................................10Business Impact Analysis (BIA)..................................................................10Risk Assessment........................................................................................11Business Continuity Strategy......................................................................11Planning......................................................................................................12Training & Awareness.................................................................................13Establishing and Sustaining the Continuity Culture....................................13Exercising / Rehearsals..............................................................................14Maintenance...............................................................................................14Audit............................................................................................................15
Incident Management Framework..................................................................15Incident Management Structure..................................................................15RED - Emergency Management Team ......................................................15ORANGE - Business Recovery Team .......................................................16BLUE - Event Control Team ......................................................................16
Implementation of the Business Continuity Plan.....................................16Initial Activation.......................................................................................16The Evaluation Stage..............................................................................16Full Activation..........................................................................................17
Page 3 of 17
Foreword from the Chief Fire OfficerThank you for taking the time to read this document. Most Fire & Rescue Services only deal with incidents that affect other organisations and/or individuals. This policy details how we will prepare for an event that may affect our organisation.
We have an obligation both in law and in our tradition to protect the public in times of crisis. Should an incident disrupt our own operations we need to have first-rate arrangements in place to recover them. This document outlines how we will do this. A key component to our success in making appropriate preparations is to ensure our employees are familiar with the contents of this document. Please read it thoroughly, comment and contribute where you can and encourage all members of Wiltshire Fire & Rescue Service (Wiltshire FRS) to support this important initiative. I am asking you to make it your responsibility to familiarise yourself with this policy.
Page 4 of 17
Background
PurposeThe purpose of this policy is to provide a clearly defined, documented mandatory course of action to be implemented by the Authority in respect of Business Continuity Management (BCM) and to ensure that the following objectives are achieved:
Ensure the ability to respond to events that threaten our services
Protect the organisation from a serious interruption
Recover the organisation in a planned and controlled manner
should an unexpected interruption occur
The Authority’s BCM activities will focus on the following critical functions that enable it to achieve its vision, strategic aims and comply with statutory requirements.
Responding to 999 emergencies
Delivering statutory fire safety
Supporting national resilience
All support functions that enable the above
The BCM process adopted by the Authority is based on standards defined by the British Standards Institute1 and will ensure that the Authority:
Meets public expectations, and continues to provide a service in the
event of a disruption or emergency
Meets its statutory requirements
Demonstrates good management practice
Scope
This policy, being directly linked to corporate governance and establishing good management practice, applies to all activities of the Authority. In particular, it is concerned with the mitigation and management of contingencies and preparation of plans, ensuring the welfare of staff and continuance of business.
1 PAS 56 Guide to Business Continuity Management
Page 5 of 17
Assumptions
Departments within Wiltshire FRS, and employees in key roles within them, will be responsible for the creation and maintenance of plans and arrangements outlined in this policy.
The budget for Business Continuity will contain limited funds for specialist consultancy when required (e.g. annual crisis management testing and auditing of Business Impact Analysis (BIA) and Business Continuity plans).
The Business Continuity programme will be allocated a budget sufficient to conduct and maintain the work detailed in this policy. This budget will be reviewed annually and will be subject to the sign off by the policy owner.
OwnershipThe owner of this policy is the Deputy Chief Fire Officer (DCFO) of the Wiltshire FRS.
Senior managers within Wiltshire FRS will implement this policy, and are also responsible for ensuring all personnel know of the existence and requirements of the policy.
Policy Owner: Deputy Chief Fire Officer
Contact Details:
Wiltshire Fire & Rescue Service,Wiltshire Fire & Rescue Service Headquarters, Manor House, Potterne, Devizes, Wiltshire, SN 10 5PPTel: 01380 731102
.
Page 6 of 17
Roles, accountabilities and responsibilities
RoleResponsibl
eAccountable Consulted Informed
Chair CFA √ √ √
CFO √ √ √
DCFO √ √ √
ACO √ √ √
Head of
Corporate
Services
√ √ √
Area Manager
Technical
Services
√ √ √
Area Manager
Risk√ √ √
Health and
Safety Advisor√ √ √
Head of Human
Resources√ √ √
Communications
and IT Manager √ √ √
Wiltshire Fire &
Rescue Service
Accountant
√ √ √
Corporate Risk
& Performance
Manager
√ √ √
Suppliers of
business
services or
products
√ √
Local Resilience
Forum (LRF) √ √
CFOA BCM
Group√ √
Page 7 of 17
Corporate Risk & Performance Manager The Corporate Risk & Performance Manager will be responsible for co-ordinating all BCM activities of the Authority, with specific responsibility for:
Development of the corporate Business Continuity policy in liaison
with the Wiltshire FRS Management Board
Development, review and monitoring of the Authority’s Business
Continuity plan in liaison with the Wiltshire FRS Management Board
Conducting an annual review of risks threatening the Authority and
identifying their impact on the business critical functions of the
Authority
To promote and support the implementation of BCM across the
Authority
To identify any dedicated inputs and resources required to support
the work
To monitor and review the effectiveness of the Authority’s Business
Continuity policy
To identify and communicate Business Continuity issues to all
departments as necessary
To assist departments in undertaking BCM activity through training
and/or direct support
Organising and/or reviewing Business Continuity exercises at Red,
Orange and Blue level
Production of quarterly reports on progress and status to Wiltshire
FRS Management Board and an annual summary for the Combined
Fire Authority
Liaison with other Fire Services through the Chief Fire Officer’s
Association (CFOA) Business Continuity group, and ALARM fire
sub group
Page 8 of 17
Governance
MeetingsBusiness Continuity will be addressed by the Authority’s Finance and Performance Management Board. This group will manage the progress of Business Continuity work and will address any issues that arise. The Corporate Risk & Performance Manager will be responsible for managing actions arising from Business Continuity agenda items.At other meetings in the organisation involving new processes or organisational changes, consideration will be given to Business Continuity to ensure plans are maintained and contingency provision is considered from the outset.
Sign OffThe Corporate Risk & Performance Manager and the identified plan owner will sign off Business Continuity plans.
Key Performance IndicatorsPerformance in business continuity will be measured by viewing outputs in the following areas:
Production of an annually reviewed Business Impact Analysis (BIA)
Production of an annual Risk Assessment (or earlier if new risks have
been identified), to include documented evidence of sharing this
information with the Local Resilience Forum and the Community Risk
Register
Production of a statement (signed by the Chief Fire Officer and the
Head of Corporate Services) of what is included and excluded from the
Business Continuity strategies employed by the Wiltshire FRS
Annually reviewed Business Continuity plans
A documented record of all Business Continuity training
A post exercise report for each Business Continuity exercise carried
out
Action plans to address any shortcomings identified by external audits
The standard for these outputs are contained within this policy.
Page 9 of 17
Monitoring and EvaluationTo encourage strong corporate governance, the Business Continuity process will include the following monitoring activity:
Progress reports for each Authority Risk Management Group Meeting
Senior management review
Chief Fire Officer and Head of Corporate Services sign-off on the
strategy statement and testing work
Periodic external audit by suitably qualified professionals
Policy
AimThe aim of this policy is to outline the process by which Wiltshire FRS discharges its governance and other obligations under the Civil Contingencies Act 2004.
Overview of ActivitiesBusiness Continuity activity will centre on identifying and protecting Mission Critical Activities (MCA’s). A Mission Critical Activity is determined as a critical operation that enables the Wiltshire Fire & Rescue Service to protect the public, and are those related to:
Responding to 999 emergencies;
Delivering community fire safety;
Supporting national resilience;
All support functions that enable the above.
Business Impact Analysis (BIA)A Business Impact Analysis (BIA) will be carried out and maintained annually. Where there is a significant change to the Wiltshire FRS or its operations, the BIA will be reviewed and amended at the time of the change.
The BIA will be used to:
Identify, quantify and qualify the impacts on Wiltshire FRS of a loss of, interruption to or disruption of a Mission Critical Activity
Identify the acceptable standard and time (Recovery Time Objectives) to which the Mission Critical Activities need to be recovered
Page 10 of 17
Identify the minimum level of resources needed to enable Wiltshire FRS to meet its Recovery Time Objectives
Assist in defining the risk appetite of Wiltshire FRS.
The BIA will, for each operation, identify and document the following:
Aims, objectives and service delivery
Mission Critical Activities
Impacts (on service delivery, reputation, financial etc) resulting from disruption, interruption, or loss of Mission Critical Activities over a period of time;
Critical records and data, storage, location and back up strategy
Authority contacts, key suppliers and relevant regulatory bodies
Senior managers within Wiltshire FRS will sign off the following, each of the areas they are responsible for:
The identified Recovery Time Objectives
An outline plan of the recovery activities and resources needed to restore the Mission Critical Activities
The impacts associated with a loss or disruption to the Mission Critical Activity
Risk Assessment
The Risk Assessment will evaluate the exposures faced by Wiltshire FRS to specific threats such as, flooding, fire, sabotage, utility failure etc. Threats will be considered for both inside premises and in the surrounding environment.
The Risk Assessment will be carried out annually or when a new threat has been identified (e.g. the nearby construction of a hazardous facility) and will require sign-off by the Chief Fire Officer. The Risk Assessment should document the mitigating steps that have been taken by Wiltshire FRS to address the identified threats. Missing or inadequate mitigating steps or precautionary measures will be documented and recommendations sought from the relevant professional area.
Business Continuity Strategy
The Business Continuity Strategy will determine and select means for enabling Wiltshire FRS to recover their Mission Critical Activities. Each strategy will:
Be justified against the potential impact of the loss of service
Involve measures to support Wiltshire FRS, the business process and
the resources required to recover the activity;
Page 11 of 17
Form the basis of the Business Continuity plans;
Cover arrangements that may have been outsourced.
A written statement will document each Business Continuity strategy. This statement, requiring sign-off by the Chief Fire Officer and the Head of Corporate Services, will detail what is included and excluded from the strategy.
Planning
The Corporate Risk & Performance Manager will be responsible for managing the Business Continuity plans.
The Business Continuity function will manage two types of plans, the Departmental Recovery Plans and the Incident Management Plans. The Incident Management Plans coordinate the activities of the Departmental Recovery Plans.
Plans will:
Be in place at all times
Have rigorous version and distribution controls
Have a Wiltshire FRS owner who will sign to confirm the plan is fit for purpose
Identify the Recovery Time Objectives and the tasks and resources required to achieve them
Protect Wiltshire FRS’ reputation and brand image
Demonstrate effective Business Continuity Management and Corporate Governance
Contain current and relevant contact information
Have controlled copies held and maintained offsite
Additionally, they will be written:
Detailing who does what, when, where and how
Together with the business unit concerned
To address a ‘worst-case’ scenario, thereby being able to cater for less likely events
With the aim of keeping extraordinary expenditure to a minimum
With reference to functions rather than persons
Training & Awareness
All Wiltshire FRS personnel will familiarise themselves with this policy and its requirements. Training will be used to communicate Business Continuity strategies and planning to all personnel. Training will seek to increase
Page 12 of 17
awareness, skills and competence in Business Continuity. New personnel will be provided with an overview of Business Continuity as part of their induction.
A Training Needs Analysis (TNA) will be drawn up and maintained for all personnel in Wiltshire FRS by the Corporate Risk & Performance Manager (with assistance from the Training and Development Department). This TNA will identify what training and rehearsals are required for which personnel. All training will have a clear purpose and objectives, and will seek to make the best use of time available and minimize disruption to normal operational activity. See additional guidelines in the section entitled Test Programme
Establishing and sustaining the continuity cultureThe following activities will be conducted to raise awareness of plans and
arrangements and assist with the required culture change:
Let everyone have access to Business Continuity plans via
Wiltshire FRS’ internal intranet and external website
Talk through plans with staff regularly so they know what can be
expected should a disaster occur, and understand what they
themselves need to do
Inform all staff of their BCM status
Update induction material to include details of departmental and
Authority Business Continuity arrangements
Produce a small information card, for all staff to carry detailing basic
emergency numbers and other relevant information
Publicise any exercises that we have and the learning outcomes
Take advantage of any BCM awareness initiatives, either locally or
nationally, to help promote our own BCM arrangements.
Include the embedding of BCM as one of the terms of reference of
the risk management group
Disseminate information via the intranet, newsletter’s, E-mails and
bulletins to raise awareness
Wiltshire FRS will also participate nationally and regionally in the Chief Fire Officers Association BCM Sub group, with particular emphasis on the sharing of best practice ideas and the co-ordination of planning arrangements
Page 13 of 17
Exercising / Rehearsals
The terms ‘exercising’ and ‘rehearsals’ will be used interchangeably as both are intended to measure and improve the Business Continuity performance of Wiltshire FRS. All Wiltshire FRS personnel will demonstrate positive professional commitment to testing work.
Rehearsals will be seen as an opportunity for learning and development. They will be designed to promote continuous improvement. The terms ‘pass’ or ‘fail’ will not be used. Tests will utilise the strategies and planning that currently exists rather than create manufactured environments where a ‘positive’ outcome is almost guaranteed. Business Continuity testing will rehearse the ability of teams to recover mission critical activities within the Recovery Time Objectives defined in the Business Impact Analysis.
Rehearsals will validate planning assumptions and as such will be carried out in a robust fashion. Wiltshire FRS will critically rehearse strategies, plans, teams and systems annually. If a major change is made to Wiltshire FRS’ structure, it will be reflected in the Business Continuity plans and tested within six months of the change being made.
Maintenance
Wiltshire FRS recognise that Business Impact Analysis, Risk Assessments, Strategies and written plans need to be maintained to reflect changes in personnel, systems, vendors and general business strategy.
The Corporate Risk & Performance Manager will develop a maintenance schedule annually. This maintenance schedule will detail activities to maintain Business Impact Analysis, Risks Assessments, Strategies and written plans. The Corporate Risk & Performance Manager will provide reports on these activities for review at the Authority Risk Management Group meetings.
The Maintenance schedule will also include:
Distribution of plans and Business Continuity documentation;
Costs incurred, budget remaining;
Work carried out;
Changes made to documents;
Risks and Issues;
A list of personnel with Business Continuity responsibilities
Human Resources will notify the Corporate Risk & Performance Manager when a person decides to leave the company. The Corporate Risk & Performance Manager will then remove their contact information from documentation held within ten days of this notice.
Plans must be reviewed in advance of and/or after:
Major re-structure of the organisation or department
Page 14 of 17
An incident
An exercise or drill
The Corporate Risk Manager, under the direction of the Chief Fire Officer, is responsible for ensuring this is done.
Audit
Audits will be carried out against this policy and the standards detailed in Appendix B of PAS56 or current equivalent
Incident Management Framework
Incident Management Structure
Wiltshire FRS will use an incident management structure based on three levels of response designed to avoid duplication of effort and provide a streamlined decision making process: In order to manage an event impacting the business;
Red - Emergency Management Team
Orange - Business Recovery Team
Blue - Event Control Team
RED- Emergency Management Team (EMT)Will assess the impact on the Authority as a whole and provide support from Service Headquarters (SHQ) or the Training & Development Centre (TDC) in the event of a disaster at SHQ. The EMT:
Is the highest level of management in the recovery organisation
Is responsible for deciding:
o Whether or not an incident situation exists
o Whether or not to invoke the Business Continuity Plan; and
the conduct of the recovery
Comprises all management board members
Will have a Leader and Deputy Leader
ORANGE- Business Recovery Team (BRT)Will coordinate and manage the internal recovery effort. The Business Recovery Team will carry out the recovery of the critical functions. This team will operate out of SHQ or TDC in the event of a disaster at SHQ.
Page 15 of 17
The BRT will report to the EMT. It will consist of key people from the relevant areas and have assigned Leaders and Deputy Leaders. Leaders could be members of the EMT, provided the two roles do not conflict
BLUE –Event control team (ECT) The objectives of this team in order of importance are:
To protect lives, prevent injury, provide shelter; and evacuate
premises, if necessary
To prevent the incident from escalating to a disastrous level
To contain any damage and reduce the impact
To make sure salvage and emergency repairs are started
The ECT should check that other emergency procedures have
been followed if required
Implementation of the Business Continuity PlanImplementation of the plan will be broken down into three phases:
Initial activation
The evaluation stage
Full activation
Initial ActivationOut of hours the Red team leader, who will be the duty Principal Manager, will activate the plan on receipt of information from the Orange team leader, who will be the duty Senior Manager.
During normal office hours, normal emergency procedures will be followed and the department manager affected, acting as the Blue team leader will manage the immediate situation. He/she will then contact Wiltshire FRS Control and notify them of the event or disruption asking them to inform the duty Senior Manager.
The evaluation stageIf not already on site the Red team leader contacted will instruct the Orange team leader to detail the duty officer, or nearest available officer to the scene in order that an initial evaluation of the extent of damage can be made. The other members of the Red team will be placed on standby at this stage. Depending on the extent of damage the Red team leader will either take no further action or will initiate full activation.
Page 16 of 17
Full activationIf the plan is fully activated the Red team leader will carry out the following actions:
Instruct Wiltshire FRS Control to contact all Red team members and instruct them to rendezvous at SHQ or TDC
Instruct Wiltshire FRS Control to contact Orange team members and put them on standby
Open a log of events
Prepare a preliminary verbal report for principal management and the Authority
Page 17 of 17
![1. [Group] Slide01 2. background - Friendship Church · 1. [Group] Slide01 2. background 3. background 4. background!!"!!";&$ 5. Minnesota Miracle Reactio… 6. background!Make a](https://static.fdocuments.in/doc/165x107/5f29a750c10e4376fe0a71c0/1-group-slide01-2-background-friendship-church-1-group-slide01-2-background.jpg)
