Recovery Plan (BCP) File Reference: F10/943
Transcript of Recovery Plan (BCP) File Reference: F10/943
PLAN:-
Plan Title:
Business Continuity and Disaster Recovery Plan (BCP)
File Reference:
F10/943
Date Plan was adopted by Council initially:
18 December 2008
Resolution Number:
411/08
Other Review Dates:
16 July 2009, 17 October 2013
Resolution Number:
294/09, 332/13
Current Plan adopted by Council:
16 April 2015
Resolution Number:
95/15
Next Review Date:
2018
PROCEDURES/GUIDELINES:-
Date procedure/guideline was developed:
N/A
Procedure/guideline reference number:
N/A
RESPONSIBILITY:-
Draft Plan developed by:
Assets and Risks Coordinator and Director of Finance and Administration
Committee/s (if any) consulted in the development of this Plan:
Audit and Investment Committee
Responsibility for implementation:
General Manager
Responsibility for review of Plan:
Assets and Risks Coordinator and Director of Finance and Administration
Business Continuity and Disaster Recovery Plan Adopted:16 April 2015
1. BACKGROUND Council provides essential services to the Upper Lachlan Shire community. Disruptions to services may conceivably be caused by individual incidents, outages, or by natural disasters of such a nature as fire, storm, flood, snow, earthquake or explosion. Business continuity management is to ensure timely resumption of essential business activities in the event of a major disruption. The Business Continuity Plan (BCP) is a plan for mitigating risks. The BCP is initiated when a risk event occurs that has a business interruption consequence. The business interruptions that are of concern from a continuity viewpoint are referred to as ‘outages’. Outages are distinct from system glitches and processing errors, these events will cause a significant disruption to, or loss of, key business activities over a prolonged period of time. The BCP provides a strategy for response, management and recovery from an incident, outage or disaster. The BCP is a living document which will be updated to reflect changing circumstances or information. 2. OBJECTIVES OF THE PLAN
The objective of this Business Continuity Plan (BCP) is to provide a readily accessible, useable and thorough document which enables Council and its Officers to:- • Follow an agreed, tried and systematic approach for the management of any
incident, outage, or declared disaster; • Implement procedures to maintain core business services, wherever possible,
through the disaster recovery period(s); • Re-establish services and operations as quickly and efficiently as possible; and • Minimise the impact and affects of business interruptions on the public, staff
and Council. 3. SCOPE OF THE BUSINESS CONTINUITY PLAN The scope of the BCP is limited to the services provided by Upper Lachlan Shire Council at the three Council Administration Offices located in Crookwell, Gunning and Taralga, and services to its stakeholders and the orderly management of staff during an incident and the coordinated communication of any impact to the rest of the organisation and the public. The BCP has been developed to respond to three categories of incident:- • Denial of Access: Loss of access to a critical asset, including damage; • IT Services: Extended disruption to information technology (IT) services and
telecommunications; and • People Threats: Sudden loss of staff, Work Health and Safety, industrial
relations, and transport network.
V4 16-04-2015 2
Business Continuity and Disaster Recovery Plan Adopted:16 April 2015
4. INCIDENT GOVERNANCE
The Upper Lachlan Shire Council BCP defines a three-tier management structure to respond to an incident and disasters with the potential to cause a significant disruption to organisational operations and crucial support services. Management of an internal incident is escalated up and an Emergency / Disaster response is driven down.
Upper Lachlan Shire Council is a relatively small Council this may result in the Director and Managers taking on various roles on the ERC, BCT and DIT. The emergency response structure allows the General Manager to lead at a high level with assistance from Manex and Public Relations. With an appointed Departmental Director making the strategic business decisions with assistance from the LEMO and other staff specialists.
V4 16-04-2015 3
Business Continuity and Disaster Recovery Plan Adopted:16 April 2015
5. INCIDENT RESPONSE GUIDE
The Incident Response Guide is split into three major phases:- A. Alert and Invocation Phase: The problem is recognised, evaluated and a
decision made on whether to invoke a business continuity response. The following documents are attached in Appendix A:-
1. Alert and Invocation flowchart 2. A-1 Check Sheet – Assess impact on Council office functions 3. A-2 Check Sheet – Emergency Response 4. A-3 Check Sheet – Incident Assessment
B. Invocation and Recovery Phase: Execute the necessary recovery actions to
provide the minimum service for continued business operations. The following documents are attached in Appendix B:-
1. Invocation and Recovery Flowchart 2. B-1 Check Sheet – Business Continuity Invocation 3. B-2 Check Sheet – Plan incident Response 4. B-3 Check Sheet – On-site Recovery Response
C. Return to Normal Phase: Planning and implementation of necessary tasks to
return business activities to normal operations. The following document is attached in Appendix C:-
1. Return To Normal Flowchart 2. C-1 Check Sheet – Return to Normal
6. BUSINESS IMPACT ANALYSIS
6.1 Business Impact Analysis for the Council Office Function area A business impact analysis shall be completed, minimum of annually or after a BCP event or training as determined. A risk assessment for each area should be completed to determine:-
• Importance’s of office functions to continued operations; • Business As Usual Tolerance (BAU); and • Maximum Tolerable Outage (MTO).
Disruption factors that should be considered:-
• Loss or damage to Facility where the function is preformed; • Lost or damage to Systems / tools use; and • Unavailable or missing suitable Council staff.
V4 16-04-2015 4
Business Continuity and Disaster Recovery Plan Adopted:16 April 2015
V4 16-04-2015 5
Business Continuity and Disaster Recovery Plan Adopted:16 April 2015
Refer to Appendix D for the Sample Business Impact Analysis Risk Reference Table and Template. If a risk assessment has not been undertaken by Council, it is recommended that this is done before proceeding with the Business Impact Analysis. The completed Business Impact Analysis is recorded in Appendix C – Check Sheet A-1. The Council Office Functions by Council Department are listed below:- General Manager’s Office Office Function Location Executive Assistance / Secretariat
Crookwell
Public Relations / Media Crookwell Governance Crookwell Strategy Crookwell Councillors / Chambers Crookwell Councillors / Chambers Gunning
Finance and Administration Department Office Function Location Finance and Administration Directorate
Crookwell
Finance Management Crookwell Payroll Crookwell Switchboard / Telephones Crookwell Human Resources Crookwell Rates and Charges Crookwell Web Page/ Facebook/ Internet Crookwell RMS Motor Registry Crookwell Customer Service Crookwell Customer Service Taralga Customer Service Gunning Record Management Crookwell Record Management Gunning Information (IT) Services Crookwell Information (IT) Services Gunning Creditors and Debtors Crookwell Creditors and Debtors Gunning Purchasing Gunning Post Office Taralga Environment and Planning Department Office Function Location Environment and Planning Directorate
Crookwell
Building Control / Surveyor Crookwell Rangers Crookwell Noxious Weed Management Crookwell Noxious Weed Management Taralga Noxious Weed Management Gunning Development Control / Planning Crookwell Regulatory Functions Crookwell Building Management Crookwell Economic Development Crookwell Customer Service Crookwell
V4 16-04-2015 6
Business Continuity and Disaster Recovery Plan Adopted:16 April 2015
Customer Service Gunning Environmental Services Crookwell Addressing Management Crookwell Works and Operations Department Office Function Location Works and Operations Directorate
Crookwell
Operations Management Crookwell Operations Engineering Assistance
Crookwell
Works Management Crookwell Asset Surveillance Crookwell RMS - RMCC Contract Management
Crookwell
Contractor Management Crookwell Purchasing Crookwell Design Management Crookwell Asset and Risk Management, Work Health and Safety
Crookwell
Asset and Risk Management, Work Health and Safety
Gunning
Customer Service Crookwell Customer Service Gunning 6.2 Impact Time Line The Upper Lachlan Shire Council Business Continuity Plan recognises three stages of business continuity activation:-
• Business as Usual recovery only Green • Monitor and limited Invocation Amber • Full Business Continuity Invocation Red
The incident should be referred to the BCT if the recovery times are likely to exceed half of the Maximum Tolerable Outage. The following diagram presents an incident time-line and its relationship with the BCP stages of BAU (Business As Usual) Tolerance and MTO (Maximum Tolerable Outage):-
V4 16-04-2015 7
Business Continuity and Disaster Recovery Plan Adopted:16 April 2015
Important: It is the expected recovery time that governs the response, not the time that has actually passed since the incident. 6.3 Emergency Response Emergency Response and Evacuation procedures are adopted by the Work Health and Safety Committee of Council (WH&S). Refer to WH&S section for Administration Office Emergency Plans, evacuation procedures and emergency response documentation. The purpose to emergency response is to ensure the safety of visitors, contractors and staff from the impact of the incident and the provision of prompt assistance to anyone affected by the incident. The initial evacuation response should be directed by the Emergency Response Team located at each occupied site e.g. Fire Wardens.
V4 16-04-2015 8
Business Continuity and Disaster Recovery Plan Adopted:16 April 2015
7. DISASTER ADMINSITRATION
7.1 Emergency Response Committee (ERC) The General Manager will automatically become the Chairperson of the Emergency Response Committee (ERC). If, under extreme circumstances, the General Manager is unable to fulfil this role, the Director of Finance and Administration will assume the role. This hierarchy becomes the Policy of Council effective from the date of the disaster. The Executive Assistant will provide secretariat support to ERC and the Mayor will be the consulted directly by the General Manager. The following senior management hierarchy shall be employed in the event of an emergency:-
V4 16-04-2015 9
Business Continuity and Disaster Recovery Plan Adopted:16 April 2015
7.2 Contact Details
Council’s response to any disasters affecting Council operations and the implementation of this disaster recovery and contingency plan will be administered by the Emergency Response Committee (ERC). The ERC will comprise the following permanent members. The emergency contact numbers are presented below. Other members may be inducted as required.
POSITION NAME NUMBER
GENERAL MANAGER John Bell (02) 4830-1010, 0418 417 005
DIRECTOR OF FINANCE AND ADMINISTRATION
Andrew Croke (02) 4830-1008, 0417 068 766
DIRECTOR OF ENVIRONMENT AND PLANNING
Tina Dodson (02) 4830-1027, 0408 664 671
DIRECTOR OF WORKS AND OPERATIONS
Phil Newham (02) 4830-1063, 0409 050 451
INFORMATION SERVICES COORDINATOR
Marianne Laws (02) 4830-1004
ASSETS AND RISK COORDINATOR
John Levien (02) 4830 1014
7.3 Crisis Centre – off site recovery response The ERC will act as Council’s immediate response and disaster recovery group, establishing priorities, organising and directing Council’s resources and providing information to staff and members of the public. The ERC will assemble upon the instructions of the General Manager or the nominated Chairperson. The ERC will assemble at the nominated premises and be known as the Crisis Centre: Library building, Denison Street, Crookwell, or Library building, Yass Street, Gunning The existing Council telephone number (02) 4830-1000 and facsimile number (02) 4832-2066 are to be redirected immediately to the Crisis Centre. Appendix E should be signed by the General Manager or Chairperson and sent to Telstra within 24 hours. The Executive Assistant should be assigned to the Crisis Centre effective the next working day, to assist the ERC with all communication and correspondence. The Manager of Finance and Administration should be assigned to the Crisis Centre immediately, to assist with all purchases, rentals and property agreements required for the immediate establishment of the Crisis Centre and has the delegated authority to purchase individual items as required.
V4 16-04-2015 10
Business Continuity and Disaster Recovery Plan Adopted:16 April 2015
7.4 Crisis Centre Facilities Immediately upon occupation of the Crisis Centre, the Storeperson and Information Services Coordinator must arrange for the following items to be available within 24 hours and delivered to the Crisis Centre:
FACILITY NUMBER CONTACT NAME AND NUMBER
TELEPHONES Mobiles as required.
Source from field staff. If more required: * Telstra Shop (02) 4828-6888 * Goulburn Mobile Solutions (02) 4822-8288 Use existing Library telephones
FAX 02 4832 1048 Use existing Library Fax
COMPUTERS Dell Computers
1800-812-393
DESKS Seven initially
CHAIRS Seven initially
STATIONARY To be determined Council Depot. If more required: * Crookwell Newsagency (02) 4832-1061 * Corporate Express 132644, www.ce.com.au
REFRESHMENTS To be determined
To be determined
7.5 Emergency Response Committee Meeting The General Manager will contact the Director of Finance and Administration who will set up the Crisis Centre at Crookwell, Gunning or Taralga, and notify all members of the ERC. If possible, the General Manager and/or nominated members of the ERC will perform a visual inspection of the disaster area prior to the meeting of the ERC to determine the extent of the damage. The Mayor, Councillors and designated employees maybe requested to attend the first meeting of the ERC. The Agenda for this meeting is attached as Appendix F. The Executive Assistant will contact the following people and place them on notice for assistance during the next few days:-
V4 16-04-2015 11
Business Continuity and Disaster Recovery Plan Adopted:16 April 2015
SERVICE CONTACT NAME CONTACT NUMBER
NSW FIRE BRIGADE Crookwell Goulburn
(02) 4832-1601 (02) 4822-1608
NSW POLICE Goulburn Crookwell Gunning Taralga
(02) 4824-0799 (02) 4824-0777 (02) 4845-1244 (02) 4840-2044
RURAL FIRE SERVICE Crookwell (02) 4832-0268 INSURANCE BROKER Jardine Lloyd
Thompson (JLT) (02) 6251-9843 or 9320-2746
SOLICITORS Pikes Lawyers R.J. McCarthy & Co
(02) 9262-6188 (02) 4832-1055
CIVICA Account Manager (02) 5310-2348 or 0407613505
TELSTRA Account Manager (02) 6129-4678 or 0418927294
LOCAL MEDIA Crookwell Gazette Goulburn Post
(02) 4832-1077 (02) 4827-3500
RADIO CONTACT 1368, 2GN FM 93.5 FM 103
(02) 4821-3377 (02) 4821-7777 (02) 4822-1103
ELECTRICITY COMPANY Essential Energy 13-23-56
PORTABLE GENERATORS Crookwell Hire Kennards Hire
(02) 4832-1609 (02) 4822-1068
ELECTRONIC EQUIPMENT RECLAMATION
Council IT Staff
DOCUMENT RECOVERY SPECIALIST
Council IT Staff
STATIONERY AND OFFICE SUPPLIERS
To be determined Depot Store, or * Crookwell Newsagency (02) 4832-1061 * Corporate Express 132644, www.ce.com.au * Q-Stores 1800-424-613, www.qstores.com.au
PRINTERS ENIGMA Business Products
(02) 9453-1900
OFFICE FURNITURE Corporate Express (02) 6269-1190 REMOVALISTS Council Staff (02) 4830-1039 LOCKSMITHS Goulburn
Locksmithing (02) 4821-3893
ELECTRICAL CONTRACTORS
Steve Ward Electrical 0428-280-877
V4 16-04-2015 12
Business Continuity and Disaster Recovery Plan Adopted:16 April 2015
TELEPHONE EQUIPMENT SUPPLIERS
Boomerang Communications
0409-203-355
SOFTWARE SUPPLIERS Lagan Spatial Harris Technology
(02) 9527-9592 1300-13-9999
7.6 Role of the Emergency Response Committee 7.6.1 Determining Priorities 1. All Council’s priorities will be determined by the ERC and will be communicated
to the Council, the public and any other organisation required. In order to do this each Director will provide the ERC with the following information updated as required.
Staff, plant and equipment available, Property and communication systems available, Summary of operations temporarily and permanently effected by the disaster, Estimate of resources needed to restore the effected operations, Timeframe for recovery to partial and full operations, Location of operations not affected by the disaster, List of operations needing relocation. The ERC will determine the best allocation of available resources to meet the Council’s service priorities. 2. The overall coordination of the recovery will be the responsibility of the General
Manager or the Chairperson of the ERC. Specific tasks must not be assigned to them. The General Manager or Chairperson should remain highly visible and accessible to all staff and others needing assistance with their problems. The success of this plan revolves around the leadership of the General Manager or the Chairperson.
7.6.2 Communications It is important to reiterate that only the General Manger or Mayor is permitted to speak with the press. Council should release a statement to the press immediately. Appendix G is an example of such a release. All communications will be coordinated through the ERC who will be responsible for:- The allocation of communication resources, All news releases to the media, Communications to employees, assisted by the Human Resources Coordinator, All communications to insurance companies, All communications regarding recovery strategies. The ERC will hold scheduled major briefings twice daily in the Crisis Centre. These meetings will be open to all employees, members of the public and the media. The frequency of these meetings can be scaled down as recovery progresses.
V4 16-04-2015 13
Business Continuity and Disaster Recovery Plan Adopted:16 April 2015
The ERC and the Executive Assistant will establish a status data bank which will keep a chronological diary of events, scheduled meetings, minutes, telephone logs etc. The data base should include; An up to date employee phone directory listing mobile and landline telephone
numbers, A list of radio frequencies used during the emergency, A full account of assignments given to sections and employees, A schedule and minutes of all meetings held.
7.6.3 Disaster Declaration Criteria A work environment can experience a wide range of operational disruptions on a daily basis. The vast majority of such disruptions would be handled with business-as-usual incident response process. An extreme incident will clearly be recognised as being an Emergency / Disaster, warranting the formal invocation of the Council Business Continuity Plan for the site of the emergency. However, there is likely to be a grey area of moderate disruptions where it is unclear where to declare a disaster or use business-as-usual processes to respond to the incident. A set of high-level guidelines are provided to identify the circumstances for declaring a disaster at an Upper Lachlan Shire Council site. A disaster may be declared if one of the following is true:- • A significant or fatal accident has occurred that requires the immediate
involvement of WorkCover, Police and/or Emergency Services. The incident or accident requires site management active involvement or has been caused by a continuing and imminent threat to staff safety.
• Any sudden incident that has the potential to undermine the ongoing effective
operation of Upper Lachlan Shire Council. • Any sudden incident that could result in a disruption to one or more critical
Council activities for longer than the maximum tolerable outage. Actions 1. Broadly assess the situation against the above criteria. If there is a reasonable
prospect that any of the above criteria will be met: DECLARE A EMERGENCY / DISASTER
2. If there is a possibility that one or more of the above criteria will be met, but the current response is expected to keep the impact within acceptable levels: MONITOR SITUATION and consider selective activation of the business continuity response.
3. It the incident impact is firmly under control and is highly unlikely to meet any of the above criteria: STAND-DOWN THE ERC AND BCT
V4 16-04-2015 14
Business Continuity and Disaster Recovery Plan Adopted:16 April 2015
The three levels of action are in line with the definitions of GREEN, AMBER and RED stages of business continuity activation given in the Invocation phase. 8 ROLES AND RESPONSIBILITIES
8.1 Role of Director of Finance and Administration The Director of Finance and Administration will:- • Be a member of the ERC. • Be responsible for insurance related issues resulting from the disaster. These
duties will include:-
- Notification of the insurance broker, - Relay of instructions from insurance broker and underwriter to the ERC - Appointment of the loss adjuster, - Accept, dispute or negotiate loss adjuster decisions, - Preparation of the statement of claim with the help of the insurance broker.
• Be responsible for all documentation generated by the ERC. The
documentation will be filed in accordance with the current Records Management Policy adopted by Council.
• Oversee the activities of Manager of Finance and Administration, Human
Resources and Information Technology Services. 8.2 Role of Manager of Finance and Administration The Manager of Finance and Administration will:- • Coordinate the assessment, salvage and restoration of Financial Services for
Council and work with the ERC through the Director of Finance and Administration to minimise the effect of the disaster on Council operations.
• Supervise the Information Services Coordinator and Storemen in the emergency procurement of materials, items of plant, equipment and services until otherwise directed by the Director of Finance and Administration. This will include all rental and leasing of items.
• Establish a manual purchase requisition system until all computer systems are
operational. • Be responsible for generating all forms used to record Council’s financial
transactions and will provide forms to staff via the ERC with written rules and procedures regarding cost accounting.
• Designate the Management Accountant the authority to maintain a register of
all disaster related expenditures for purpose of cost accounting and reimbursement of expenses by the insurance company.
V4 16-04-2015 15
Business Continuity and Disaster Recovery Plan Adopted:16 April 2015
• Establish a special account code which will identify any financial transaction,
both internal and external as well as overtime charges to the special cost collection account code.
• Work closely with Information Services Coordinator to assist in the recovery of
IT functions. • Prepare a summary report of the extent of the damage and disruption to the
Finance Department with any recommendations to the Director of Finance and Administration.
• Assist the Director of Finance and Administration in the preparation of the
claims documentation for insurance purposes. • Establish the temporary finance centre in the Crisis Centre, and establish the
financial services in the following order: Payroll, Cashier, Rates, Stores, Others. • Establish the temporary administration centre in the Crisis Centre.
• Establish the local computer network with the help of the Information Services
Co-ordinator for inquiries into the system. • Source and replace all Personnel Records and all Workers Compensation
Records (Appendix K may assist in the recovery of workers compensation records) currently held by Council.
8.3 Role of the Information Services Co-ordinator The Information Services Coordinator will:- • Coordinate the assessment, salvage and restoration of IT services for Council
departments effected by the disaster and work with the Manager of Finance and Administration through the ERC to minimise the effect of the disaster on Council operations and to assist in the swift recovery of information services to user departments and to the public. This will be in accordance with the Upper Lachlan Shire Council Business Continuity and Disaster Recovery Plan – Information Technology Services Sub-Plan, attached as Appendix L.
• Notify current suppliers of hardware and software to Council and place them on
stand-by for assistance. • Assist the ERC to conduct a survey of the disaster site when cleared for
inspection by the Authorities answering the following questions:-
- Which operating functions of the Information Services section are operational? - Are there any steps that can be taken immediately to maintain operating
functions?
V4 16-04-2015 16
Business Continuity and Disaster Recovery Plan Adopted:16 April 2015
- Should the equipment be removed from the site to prevent further damage? - What resources are required to regain functions?
• Address computer security issues such as removal of hard drives from
damaged computers and securing any non damaged system documentation.
• Prepare a summary report of the extent of the damage and recommendations to the Director of Finance and Administration.
• Assist the Director of Finance and Administration in the preparation of the
claims documentation for insurance purposes. • Set up the Crisis Centre’s PC and peripherals when they become available. • Establish the temporary computer centre in the Crisis Centre. Temporary
computer centres will be established in the following order; Crisis Centre, Works and Operations, Payroll, Cashier, Finance, Environment and Planning Department, Administration, and others.
8.4 Telecommunications Telephone communications will be vital for the organisation of Council’s recovery efforts. It will be the responsibility of the Information Services Co-ordinator to coordinate for the duration of the disaster all telecommunications activities. Appendix L should assist Council and Telstra determine the needs and priorities. The Information Services Co-ordinator will contact Telstra to inform them of the disaster and to request emergency services including:- • Redirecting of Council’s telephone and facsimile numbers to the Crisis Centre,
• Immediate installation of additional serviceable phone lines to the Crisis Centre,
• The disconnecting of services to Council’s PABX system and establishing the
required number of lines to each of the temporary buildings as per the contingency plans attached to this plan;
CRISIS CENTRE Crookwell Library or Gunning Library COMPUTER CENTRE Crisis Centre FINANCE Crisis Centre ADMINISTRATION Crisis Centre TECHNICAL SERVICE Crisis Centre
• Coordinate efforts to salvage existing telecommunications equipment with the
nominated electronic equipment reclamation specialist. • Report to the ERC the status of all telecommunication equipment including
telephones, facsimiles, PABX, file servers and mobile phones.
V4 16-04-2015 17
Business Continuity and Disaster Recovery Plan Adopted:16 April 2015
8.5 Role of the Human Resource Coordinator The Human Resource Coordinator will:- • Be the Council appointed designated Chief Warden for the Emergency
Evacuation of the Crookwell Administration Office. • Coordinate the personnel services for employees affected by the disaster and
work with the ERC through the Director of Finance and Administration to minimise the effect of the disaster on Council operations.
• Ensure the safety of all employees working in or around any damaged
buildings. • Contact all administration employees alerting them of the disaster and
requesting them to stay at home near the telephone or within mobile telephone coverage area until requested to return to work.
• Establish the services required by the employees dealing with the psychological
aspects of the disaster and recovery. • Implement the “Management of Traumatic Incidence in the Workplace
“procedure. (Appendix I). • Coordinate the industrial relations issues that may arise out of the disaster,
such as:- - The necessity of alternative duties (working outside of classifications), - Employees working extended hours or shifts, - Changing of lines of supervision as a result of the contingency plan, - Inconvenience associated with temporary accommodation of substandard
condition.
8.6 Role of the Director of Works and Operations The Director of Works and Operations will assist in the assessment, salvage and restoration of services affected by the disaster and work with the ERC to minimise the effect of the disaster on Council operations and services provided to the public. Apart from the normal engineering operations, the Director of Works and Operations will be a member of the ERC Committee and will directly assist the General Manager or ERC Chairman and assist in the establishment of a Crisis Centre. The Director of Works and Operations will coordinate Council motor vehicle and fleet purchases, recovery and allocation of plant fleet resources to assist in the emergency management coordination activities. The Director of Works and Operations will be responsible for ensuring work, health and safety policies and procedures are implemented by the ERC.
V4 16-04-2015 18
Business Continuity and Disaster Recovery Plan Adopted:16 April 2015
8.7 Role of the Assets and Risk Coordinator The Assets and Risk Coordinator will be a member of, and directly assist, the ERC. This position is the Council officer responsible for risk management and compliance duties and will assist all Council Departments in conducting BIA risk assessments and implementing learning from incidents and event testing. 8.8 Engineering Operations The Manager of Works and the Manager of Operations will both work with the ERC to conduct a survey of affected assets within the disaster site when cleared for inspection by the Authorities. The Managers will direct engineering staff in areas where assistance is required as directed by the ERC.
V4 16-04-2015 19
Business Continuity and Disaster Recovery Plan Adopted:16 April 2015
8.9 Role of the Director of Environment and Planning The Director of Environment and Planning will be a member of the ERC and will be responsible for the continuous operation of the ERC and that the activities of the ERC operate smoothly and without interruption. The Director of Environment and Planning will oversee the activities of the Environment and Planning Department. The Director of Environment and Planning will organise contractual services (carpenters, electrical, plumbing and others as needed) for all temporary premises listed below:-
CRISIS CENTRE Crookwell Library or Gunning Library COMPUTER CENTRE Crisis Centre TECHNICAL SERVICE Crisis Centre ENVIRONMENTAL SERVICE
Crisis Centre
8.10 Role of the Manager of Environment and Planning The Manager of Environment and Planning will:- • Assist in the assessment, salvage and restoration of services affected by the
disaster and work with the ERC through the Director of Environment and Planning to minimise the effect of the disaster on Council operations and to the public.
• Contact all Environment and Planning employees alerting them of the disaster
and requesting them to stay at home near the telephone or within mobile telephone coverage area until requested to return to work.
• Work with the ERC to conduct a survey of the disaster site when cleared for
inspection by the Authorities. • Establish Environment and Planning services in Crisis Centre. • Help Information Services Co-ordinator establish the local computer network in
Environment & Planning. • Source and replace all Technical Manuals. • Source and replace all Property files and Development Application files and
registers. • Establish the extent of file damage, recover files if possible and establish new
files.
V4 16-04-2015 20
Business Continuity and Disaster Recovery Plan Adopted:16 April 2015
9. TRAINING AND INCIDENT EVENT EXERCISES For the BCP planning process to be brought to a logical conclusion and to ensure that the plan continues to be relevant to the Council, this involves:- (a) Training Council staff on how and when the BCP is to be used; and (b) Exercising or rehearsing the BCP to ensure that Council staff are indeed able to
execute the plan when there is an outage, incident, or an event. The primary objective of training is to ensure that the importance of the BCP is understood by all Council staff and they are aware of their roles and responsibilities during an emergency or crisis situation. Training will be pitched at different levels of the organisation, depending on what the needs and objectives are. 10. VARIATION That Council reserves the right to vary the terms and conditions of this Plan to ensure it meets the requirements of the relevant legislation. 11. RELEVANT LEGISLATION AND COUNCIL POLICIES
The following legislation and Council policies that are relevant to this Policy include:- • Local Government Act 1993; • Local Government (General) Regulation 2005; • Environmental Planning and Assessment Act 1979; • Independent Commission against Corruption Act 1988; • Government Information (Public Access) Act 2009; • NSW State Records Act 1998; • Work Health and Safety Act 2011 and Regulations; • Privacy and Personal Information Protection Act 1998; • Fair Work Act 2009; • Australian Standards AS5050.2010 – Business Continuity Managing Disruption
Related Risk; • Local Government (State) Award 2014; • Upper Lachlan Shire Council Code of Conduct; • Upper Lachlan Shire Council Code of Meeting Practice; • Information Technology (IT) Strategic Plan; • Emergency Evacuation Administration Building and Council Chambers Policy
and Emergency Plans for Crookwell, Gunning and Taralga Office; • Service Delivery Policy; • Trauma Management Policy; • Risk Management Policy; • First Aid Policy; • Injury Incident Management Procedures; • Protective Clothing and Equipment Policy; and • Delegations of Authority Policy.
V4 16-04-2015 21
Business Continuity and Disaster Recovery Plan Adopted:16 April 2015
12. APPENDIX Appendix - A Alert and Invocation Phase Flowchart and check sheets Appendix - B Recovery Phase Flowchart and check sheets Appendix- C Return to Normal Flowchart and check sheet Appendix - D Business Impact Analysis Template Appendix - E Telephone Redirection Authorisation Appendix - F Emergency Response Committee (ERC) Agenda Appendix - G Press Release Appendix - H Pre- Printed Stationary list Appendix - I Trauma Management Procedure Appendix - J Telecommunications Requirements Appendix - K List of Insurance Companies Appendix - L Information Technology (IT) Sub-Plan
V4 16-04-2015 22
Business Continuity and Disaster Recovery Plan Adopted:16 April 2015
Appendix A: A – Alert and Invocation Phase Flowchart
Assess Impact on Service Levels The initial risk assessment is performed by the responsible Council Department Manager and/or Department Director. The purpose is to establish whether the identified incident can be managed entirely by the Council’s staff within established service levels using Business-As-Usual response mechanisms. The outcomes of the initial risk assessment are decisions on whether to invoke emergency response procedures and utilise the Emergency Response Committee
V4 16-04-2015 23
Business Continuity and Disaster Recovery Plan Adopted:16 April 2015
(ERC) and/or whether to escalate the incident to the Business Continuity Team (BCT). Appendix A: A-1 Check Sheet Alert and Invocation Phase Check Sheets Check Sheet – Incident Description: ______________________________ General Manager’s Office Office Function Location BAU MTO Affected
Yes / No Executive Assistance / Secretariat
Crookwell
Public Relations / Media Crookwell Governance Crookwell Strategy Crookwell Councillors / Chambers Crookwell Councillors / Chambers Gunning
Finance and Administration Department Office Function Location BAU MTO Affected
Yes / No Finance and Administration Directorate
Crookwell
Finance Management Crookwell Payroll Crookwell Switchboard / Telephones Crookwell Human Resources Crookwell Rates and Charges Crookwell Web Page/ Facebook/ Internet Crookwell RMS Motor Registry Crookwell Customer Service Crookwell Customer Service Taralga Customer Service Gunning Record Management Crookwell Record Management Gunning Information (IT) Services Crookwell Information (IT) Services Gunning Creditors and Debtors Crookwell Creditors and Debtors Gunning Purchasing Gunning Post Office Taralga Environment and Planning Department Office Function Location BAU MTO Affected
Yes / No Environment and Planning Directorate
Crookwell
Building Control / Surveyor Crookwell Rangers Crookwell Noxious Weed Management Crookwell Noxious Weed Management Taralga Noxious Weed Management Gunning
V4 16-04-2015 24
Business Continuity and Disaster Recovery Plan Adopted:16 April 2015
Development Control / Planning Crookwell Regulatory Functions Crookwell Building Management Crookwell Economic Development Crookwell Customer Service Crookwell Customer Service Gunning Environmental Services Crookwell Addressing Management Crookwell Appendix A: Works and Operations Department Office Function Location BAU MTO Affected
Yes / No Works and Operations Directorate
Crookwell
Operations Management Crookwell Operations Engineering Assistance
Crookwell
Works Management Crookwell Asset Surveillance Crookwell RMS - RMCC Contract Management
Crookwell
Contractor Management Crookwell Purchasing Crookwell Design Management Crookwell Asset and Risk Management, Work Health and Safety
Crookwell
Asset and Risk Management, Work Health and Safety
Gunning
Customer Service Crookwell Customer Service Gunning Determination of Assessment 1 ( Green – Amber – Red ) Completed by _________________________ Date _________________________ The incident should be referred to the BCT if the recovery times are likely to exceed half of the Maximum Tolerable Outage.
V4 16-04-2015 25
Business Continuity and Disaster Recovery Plan Adopted:16 April 2015
Important: It is the expected recovery time that governs the response, not the time that has actually passed since the incident. A-2 Emergency Response Refer to Administration Office locations’ Emergency Procedures.
V4 16-04-2015 26
Business Continuity and Disaster Recovery Plan Adopted:16 April 2015
Appendix A: A-3 – Incident Assessment The incident assessment is performed by the nominated Incident Manager with information covering the nature of the incident and impact to Council’s operations provided by all relevant parties. The purpose is to evaluate the status of the incident and decide on the incident recovery approach to be taken. The outcome of the incident assessment tasks will be a decision on whether to invoke the Business Continuity Plan or to use Business-As-Usual (BAU) recovery practice. Task Checklist – Incident Description: ____________________________ Task ID
Task Description Required Y/N
Assigned to: Done
A1.1 Determine if there has been a fatality or serious injury ; If yes
Initiation the fatality and serious injury response plan
A1.2 Convene the Business Continuity Team Contact all members not present at site or
delegate if not immediately contactable
Select incident management crisis centre Ensure BCT members bring copy of BCP
and mobile telephone
Obtain incident situation update form All staff involved in the incident Business units whose operations are
affected by any resultant disruption attributed to the incident
Emergency Services 3rd party services providers
Assess impact of incident on staff and business operations
Identify if immediate medical response is required
Identify scope and likely duration of operational disruption
Evaluate the likely outcomes of Business-As-Usual incident response practices
Evaluate expected disruption against service level commitments
Determine if Business continuity response is required; Invoke BCT response if:
An WH&S significant Work Cover incident has occurred
There is a current and continuing threat to staff and visitor safety
Is Council long-term reputation at risk BAU recovery will not meet service level
obligations
Urgent repairs to site will disrupt business operations
BCT monitoring protocol setup if Business Continuity response is not invoked
V4 16-04-2015 27
Business Continuity and Disaster Recovery Plan Adopted:16 April 2015
Appendix B: Recovery Phase Check Sheets
V4 16-04-2015 28
Business Continuity and Disaster Recovery Plan Adopted:16 April 2015
V4 16-04-2015 29
Business Continuity and Disaster Recovery Plan Adopted:16 April 2015
Appendix B: B1 – Business Continuity Invocation
Business Continuity Invocation is performed by the Business Continuity Team (BCT) of Upper Lachlan Shire Council.
The purpose of the activity is to formally activate the Business Continuity Plan and its associated changed work practices. The outcome of the Business Continuity Invocation tasks will be the establishment of the BCT as the operations coordination body of Upper Lachlan Shire Council under the direction of the ERC and revised service availability for the duration of the incident. Task Checklist – Incident Description: _____________________________ Task ID
Task Description Required Y/N
Assigned to: Done
B1.1 Activate the Business Continuity Team (BCT)
Activation should be through the ERC Chairperson or delegate to establish the authority of the Incident Manager of the BCT
B1.2 Notify the Upper Lachlan Shire Council of BC invocation
Notify Council departments through directorate ERC members Record date & time of notification to each department
Highlight role of BCT and ERC and provide contact details to the incident Manger, as the coordinator of all incident response activities
Outline the nature of the incident and specify that future details will be communicated as available
B1.3 Add emergency security Specify assess by authorised personnel
only
Provide security with ERC contact B1.4 Update staff with current status of the
incident
Specify that all statements regarding the incident must be through the ERC
Ensure all staff members know what is expected of them
Staff to take direction from BCT through Business Unit Management
Staff to be on standby to respond to specific instructions
Reassure them that management are in control of the situation.
V4 16-04-2015 30
Business Continuity and Disaster Recovery Plan Adopted:16 April 2015
Appendix B: B2 – Plan Incident Response
Plan Incident Response is performed by the Business Continuity Team (BCT) of Upper Lachlan Shire Council, under the direction of the ERC.
The purpose of the activity is to assess the recovery options available to the business and to plan the recovery activities to be performed. The outcome of the plan incident response task will be an incident recovery plan that aims to establish an acceptable level of business continuity in a timely manner.
Task Checklist – Incident Description: _____________________________ Task ID
Task Description Required Y/N
Assigned to: Done
B2.1 Perform inspection of the asset / location
Ensure building / area has been cleared by emergency Services personnel
Engage Insurance assessor to inspect damage
Note all visible damage Make preliminary estimate of make-
good time (trades will confirm)
B2.2 Review business activity priorities Refer to list of item is Impact on service
levels as a good starting point
Consider business activity cycles, e.g. payroll, and peaks in demand for Council Services, e.g. storm damage repairs
Engage with each Department to confirm disruption impact
Confirm business resumption priorities with ERC
B2.3 Identify Recovery tasks Take note of service level commitments
and service priorities
Sequence & prioritise recovery tasks Options may include 1 or more of Facilities and equipment salvage Facilities repairs or replacement Operations relocation to the Business
Recovery Site or alternate Council premises
B2.4 Identify emergency expenses and communicate to ERC
B2.5 Allocate Recovery Team members Consider all available team members Facilities recovery
V4 16-04-2015 31
Business Continuity and Disaster Recovery Plan Adopted:16 April 2015
IT recovery Records recovery B2.6
Obtain external assistance if local resources are unavailable or specialist assistance is required
Appendix B: B3 – On-Site Recovery Response
On-site recovery response is controlled by the Business Continuity Team (BCT) which coordinates the activities of resources from internal and external response teams. The purpose of the activity is to implement the planned recovery tasks to recover services at the affected Upper Lachlan Shire Council site in a timely manner. The outcome of the On-site recovery response tasks will be a controlled and coordinated recovery of disrupted critical services base on established business priority.
Task checklist – Incident Description: _____________________________ Task ID
Task Description Required Y/N
Assigned to: Done
B3.1 If incident is an infectious disease outbreak, activate Quarantine area with 20m clear zone
B3.2 Perform facilities and equipment salvage Ensure building has been cleared by
emergency Service personnel
Obtain specialist help, if required Obtain access to secure storage Create checklist to note status of all
equipment
B3.3 Telephones redirection if phone services disrupted
B3.4 Has the site electricity supply B3.5 Has the site Water & sewerage B3.6 Do we have the resources internal to
control the disruptions & response
B3.7 Engage facilities repair contractors Building Electrical reticulation Telecommunications carrier PABX
V4 16-04-2015 32
Business Continuity and Disaster Recovery Plan Adopted:16 April 2015
Appendix C: Recovery Phase Check Sheet
V4 16-04-2015 33
Business Continuity and Disaster Recovery Plan Adopted:16 April 2015
Appendix C: C1 – Return to Normal Check Sheet Damage Assessment ACTION DONE 1 The Emergency Response Committee (ERC) will decide
when would be an appropriate time to conduct a detailed damage assessment
2 Assign Council staff to participate on the Department Incident Team (DIT)
3 Carry out damage assessment under the direction of the ERC
Salvage and Restoration ACTION DONE 1 Compile list of items from the Department that can be
salvaged and those that have to be replaced
2 Work with IT and relevant Department Director to identify requirements for new office
Relocation ACTION DONE 1 Following the decision of the ERC to relocate determine
the move requirements
2 Develop plan to relocate processing back to the primary office, ensuring to maintain data integrity through the process
V4 16-04-2015 34
Business Continuity and Disaster Recovery Plan Adopted:16 April 2015
Appendix D: Sample Business Impact Analysis – Risk Reference Table
Risk Level
Rating Injuries 1. Financial Loss Interruption of Service
2. Reputation and Image
Operational Efficiency
3.Stakeholder Impact
4.Regulatory Statutory
1 Insignificant None Less than $10,000
Less than 4 hrs Unsubstantiated, low impact, low profile or
no news item
Little impact Inconvenience & delays to
individuals
No noticeable regulatory/statutory
impacts
2 Minor First Aid treatment
$10,000 to $25,000 4 hours to 2 days Substantiated, low impact, low news
profile
Inconvenient delays Significant impacts on individuals but
no noticeable impact on overall service delivery
Minor and temporary non-compliance with
regulatory requirements
3 Moderate Medical treatment required
$25,000 to $75,000 2 days to 1 week Loss of building or
workspace
Substantiated, public embarrassment, moderate impact,
moderate new profile
Delays in major deliveries
Major impacts on significant numbers
of individuals, resulting in
noticeable impact on overall service
d li
Short-term non compliance with
significant regulatory requirements
4 Major Death or extensive injuries
$75,000 to $250,000 1 week to 1 month Loss of building or
workspace
Substantiated, public embarrassment, high
impact, high news value, Third party
actions
Non achievement of major
deliverables
Major and long term impacts on individuals and
overall delivery of services
Significant non-compliance with
essential regulatory requirements
5 Catastrophic Multiple deaths or several permanent disabilities
More than $250,000 More than 1 month Loss of building or
workspace
Substantiated, public embarrassment, very high multiple impacts, high widespread news
profile, Third Party actions
Non achievement of major key
corporate objections
Permanent or debilitating impact on individuals and overall delivery of
services
Long-term or indefinite non-
compliance with essential regulatory
requirements
The purpose of the above Business Impact Analysis – Risk Reference Table is to provide a common language on how consequences (impacts) are evaluated and measured. The above illustrates 5 consequence categories that will be used in Council’s risk assessment process. A subset of these categories is used for a Business Impact Analysis (BIA). The categories should reflect the Council‘s economic, social and environmental responsibilities in relation to business continuity.
V4 16-04-2015 35
Appendix D – Sample Business Impact Analysis (BIA) Template Council Department: Business Process or Activity: Assess the potential business impact on the Council as a whole should this process / activity suffer an outage of varying durations due to a major incident. Assume that all your normal day to day resources (such as computers, data, office facilities, and business records) are not available. Refer to the Business Impact Reference Table for definitions of the Risk Level Ratings.
1 Financial Loss Could interruption of services lead to financial loss (such as revenues, interest costs, penalties and extra cost of working)?
1 day 3 days 5 days 10 days
2 Reputation and Image Could interruption of services lead to a loss of public confidence, negative publicity and/or damage the image and reputation of the Council?
1 day 3 days 5 days 10 days
3 Stakeholder Impact Could interruption of services suspend or restrict expectations of stakeholders?
1 day 3 days 5 days 10 days
4 Regulatory/Statutory Could interruption of services breach statutes/regulations?
1 day 3 days 5 days 10 days
OVERALL RATING Based on the above impacts, provide an overall impact rating for this process / activity
1 day 3 days 5 days 10 days
Comments: Maximum Tolerable
Outage (MTO)
Completed by: _________________________________ Date: _________________ Position Held: _________________________________
Duration of Outage Risk Rating Impact 1 2 3 4 5
Business Continuity and Disaster Recovery Plan Adopted:16 April 2015
Appendix E: Telephone Redirection Authorisation UUppppeerr LLaacchhllaann SShhiirree CCoouunncciill All correspondence addressed to the General Manager, PO Box 42, GUNNING NSW 2581 Crookwell Office: 44 Spring Street, Crookwell NSW 2583 p: 02 4830 1000 │ f: 02 4830 1045 │ e: [email protected] │ www.upperlachlan.nsw.gov.au Gunning Office: 123 Yass Street, Gunning NSW 2581 p: 02 4845 4100 │ f: 02 4845 1426 │ e: [email protected] Taralga Office: 44 Spring Street, Crookwell NSW 2583 p: 02 4840 2099 │ f: 02 4840 2296 │ e: [email protected]
AABBNN 8811 001111 224411 555522 (DATE) Upper Lachlan Shire Council PO Box 42 GUNNING NSW 2581 The Manager Telstra Australia (INSERT ADDRESS OF TELSTRA OFFICE) To whom it may concern, Re: Telephone Number Change Due to an unforseen event that has occurred to Council, this letter is to request Telstra Australia to redirect the current Upper Lachlan Shire Council telephone number (02) 4830-1000 and facsimile number (02) 4832-2066, to the Crookwell Library, Denison Street, Crookwell. Council will require the change effective immediately and will notify Telstra when the situation changes. Thank you for your co-operation in this matter. Yours faithfully, GENERAL MANAGER
V4 16-04-2015 37
Business Continuity and Disaster Recovery Plan Adopted:16 April 2015
Appendix F: Emergency Response Committee Agenda
EMERGENCY RESPONSE COMMITTEE (ERC)
AGENDA 1. Disaster report from initial site visit 2. Identification of affected Departments 3. Initial plan for operations during the first few days The necessity of alternative duties (working outside of classifications) Appointment of purchasing authority Allocation of temporary work locations Implementation of emergency contact numbers Public notification Implementation of equipment requirements 4. Schedule of staff meetings 5. Staff requirements
V4 16-04-2015 38
Business Continuity and Disaster Recovery Plan Adopted:16 April 2015
Appendix G: Press Release UUppppeerr LLaacchhllaann SShhiirree CCoouunncciill All correspondence addressed to the General Manager, PO Box 42, GUNNING NSW 2581 Crookwell Office: 44 Spring Street, Crookwell NSW 2583 p: 02 4830 1000 │ f: 02 4830 1045 │ e: [email protected] │www.upperlachlan.nsw.gov.au Gunning Office: 123 Yass Street, Gunning NSW 2581 p: 02 4845 4100 │ f: 02 4845 1426 │ e: [email protected] Taralga Office: 44 Spring Street, Crookwell NSW 2583 p: 02 4840 2099 │ f: 02 4840 2296 │ e: [email protected]
AABBNN 8811 001111 224411 555522
PRESS RELEASE On (INSERT DAY AND DATE) at approximately (INSERT TIME) a (INSERT TYPE OF DISASTER) (INSERT EXTENT OF DAMAGE) (INSERT COUNCIL NAME AND BUILDING). The cause of the disaster is unknown and is being investigated by the NSW Fire Department and the NSW Police Department. Council will be open for business with reduced services on (INSERT TIME, DAY AND DATE) at Crisis Centre. The contact number for Council will remain as (02) 4830-1000. Further information will be released concerning the emergency situation as it becomes available. Council thanks the community for their understanding and patience during this difficult time. By Authority GENERAL MANAGER
V4 16-04-2015 39
Business Continuity and Disaster Recovery Plan Adopted:16 April 2015
Appendix H: Pre-Printed Stationary
Document Name of Printer
Address Phone Number
Fax Number
LETTERHEAD Elect Printing P.O. Box 115, Fyshwick, ACT, 2609
(02) 6280-6925 (02) 6280-6820
ENVELOPES Hypercet Printing
34 Clifford St., Goulburn. NSW, 2580
(02) 4822-2970 (02) 4822-2168
CHEQUES, RATE NOTICES, WATER NOTICES, LIBRARY RECEIPTS, PLANT SHEETS.
Forms Express
P.O. Box 318, Belmont, VIC, 3216
(03) 5227-7300 (03) 5223-1588
V4 16-04-2015 40
Business Continuity and Disaster Recovery Plan Adopted:16 April 2015
Appendix I: Trauma Management Procedure Trauma Management shall be carried out in accordance with Upper Lachlan Shire Council’s Trauma Management Policy. Appendix J: Telecommunications Requirements Refer to current “Business Services Agreement” (Director of Finance and Administration). Appendix K: List of Insurance Companies 1. WORKERS COMPENSATION: StateCover Ltd. (02) 8270-6001. 2. PUBLIC LIABILITY: StateWide Mutual Ltd. Managed by Jardine Lloyd
Thompson (02) 6251-9843 or 9320-2746. 3. PROFESSIONAL INDEMNITY: StateWide Mutual Ltd. Managed by Jardine
Lloyd Thompson (02) 6251-9843 or 9320-2746. 4. PROPERTY PROTECTION: StateWide Mutual Ltd. Managed by Jardine Lloyd
Thompson (02) 6251-9843 or 9320-2746. 5. MOTOR VEHICLE FLEET: Zurich, administered through Jardine Lloyd
Thompson (02) 6251-9843 or (02) 9320-2746. Appendix L: Information Technology (IT) Sub-Plan 1. COMPUTER SERVICES
BACK-UP Back-ups are to be performed daily by Information Services Co-ordinator. Daily back-ups include the network “I-Drive”, Authority, TRIM EDM, Email, and MapInfo (GIS) Servers. RECOVERY Back-ups are to be used to reinstate the corporate IT systems as required. OFF SITE STORAGE Back-ups of all programs used by Upper Lachlan Shire Council and data files will be held off site. Refer to Information Technology (IT) Strategic Plan.
V4 16-04-2015 41