Business Continuity Management Policy and Procedure · Business Continuity Management Policy and Procedure P29:2006 v2.5 termed ‘critical activities’”. Whether an activity is

Reference No. P29:2006

Implementation date 30 April 2007

Version Number 2.5

Linked documents

Reference No: Name.

Emergency Preparedness (Chapter 6), Guidance on Part 1 of the Civil Contingencies Act 2004, its associated Regulations and non-statutory arrangements (HMG 2005),

International Requirements Standard BS ISO 22301:2012

P27:2005 Risk Management Policy

Suitable for Publication Policy Section Yes Procedure Section Yes

Protective Marking Not Protectively Marked

PRINTED VERSIONS SHOULD NOT BE RELIED UPON. THE MOST UP TO DATE VERSION CAN BE FOUND ON THE FORCE INTRANET POLICIES SITE.

Business Continuity Management

Policy and Procedure

Not Protectively Marked

Business Continuity Management Policy and Procedure P29:2006 v2.5

Table of Contents

1 Policy Section ............................................................................................................. 4

1.1 Statement of Intent – Aim and Rationale ............................................................... 4

1.2 Our Visions and Values ......................................................................................... 4

1.3 People, Confidence and Equality ........................................................................... 5

2 Standards .................................................................................................................... 5

2.1 Legal Basis ............................................................................................................ 5

2.2 People, Confidence and Equality Impact Assessment .......................................... 5

2.3 Any Other Standards ............................................................................................. 6

2.4 Monitoring / Feedback ........................................................................................... 6

3 Procedure Section ...................................................................................................... 7

3.1 Roles and Responsibilities .................................................................................... 7

3.2 Critical Functions/Activity and Business Impact Analysis ...................................... 8

3.3 Business Continuity Plans (BCPs) ......................................................................... 9

3.4 Training, Writing, Testing and Maintenance of BCPs ............................................ 9

3.5 Locations for keeping BCPs ................................................................................ 10

3.6 Emergencies and Disruptions .............................................................................. 10

3.7 Recovery ............................................................................................................. 12

3.8 General Issues .................................................................................................... 12

4 Consultation and Authorisation .............................................................................. 14

4.1 Consultation......................................................................................................... 14

4.2 Authorisation of this version ................................................................................ 14

5 Version Control ......................................................................................................... 14

5.1 Review ................................................................................................................. 14

5.2 Version History .................................................................................................... 14

5.3 Related Forms ..................................................................................................... 14

5.4 Document History ................................................................................................ 14

Dorset Police - Business Continuity Management Template ....................................... 15

Section 2 - Invocation ...................................................................................................... 17

Section 3 – Activity Summary ......................................................................................... 19

Section 4 - Resources required for each activity with Risk Category 3, 4 or 5 .......... 20

Section 5 - Further Actions ............................................................................................. 25

Section 6 – Recovery Plan for all activities identified .................................................. 26



Appendix 1 - Key Contacts ........................................................................................... 277

Appendix 2 – Incident Log ............................................................................................ 288



1 Policy Section

1.1 Statement of Intent – Aim and Rationale

Dorset Police has a statutory duty to deliver effective and efficient policing. Failure to deliver any of these functions could have a catastrophic effect on the communities of Dorset.

Business Continuity Management (BCM) will ensure continued provision of the force’s core functions and to enhance its ability to withstand any form of disruption.

The potential for disruption to these core functions has been identified by Government and is addressed in the Civil Contingencies Act (2004) (Part 1.Para 2(1) (C). The Act requires Category 1 Responders to maintain plans to ensure that they can continue to perform their functions in the event of an emergency, so far as is reasonably practical.

BCM supports emergency planning and is underpinned by the Force Risk Management policy, providing the framework within which the Force can comply with the Civil Contingencies Act.

Aims

The Business Continuity Management (BCM) policy aims to:

• Ensure that critical functions are maintained or reinstated on a risk based

approach, as soon as reasonably possible, to meet the force strategic objectives while full restoration of service delivery is planned and implemented.

• Set out the roles and responsibilities for implementing and maintaining a BCM system that is compliant with the Civil Contingencies Act and is ‘fit for purpose’

• Promote and maintain an awareness of BCM within the force

The implementation and maintenance of the BCM system will be based on the following guidelines and standards:

• HM Government Emergency Preparedness Manual (Chapter 6) • International Requirements Standard BS ISO 22301:2012

1.2 Our Visions and Values

Dorset Police is committed to the principles of “One Team, One Vision – A Safer Dorset for You” Our strategic priority is to achieve two clear objectives:

To make Dorset safer

To make Dorset feel safer



In doing this we will act in accordance with our values of:

Integrity

Professionalism

Fairness and

Respect

1.3 People, Confidence and Equality

This document seeks to achieve the priority to make Dorset feel safer by securing trust and confidence. Research identifies that this is achieved through delivering services which: 1. Address individual needs and expectations

2. Improve perceptions of order and community cohesion

3. Focus on community priorities

4. Demonstrate professionalism

5. Express Force values

6. Instil confidence in staff

This document also recognises that some people will be part of many communities defined by different characteristics. It is probable that all people share common needs and expectations whilst at the same time everyone is different. Comprehensive consultation and surveying has identified a common need and expectation for communities in Dorset to be:-

- Listened to - Kept informed - Protected, and - Supported.

2 Standards

2.1 Legal Basis

The Civil Contingencies Act 2004 (CCA) requires the Police Service, (as a Category 1 responder) to maintain plans to ensure that they can continue to exercise their functions in the event of an emergency so far as is reasonably practicable. The duty relates to all functions, not just their emergency response functions.

2.2 People, Confidence and Equality Impact Assessment

During the creation of this document, this business area is subject to an assessment process entitled “People, Confidence and Equality Impact Assessment (EIA)”. Its aim is to establish the impact of the business area on all people and to also ensure that it complies with the requirements imposed by a range of legislation.



2.3 Any Other Standards

The Business Continuity Management International Requirements Standard (BS ISO 22301:2012)

BS ISO 22301:2012 is a standard that specifies the requirements for setting up and managing an effective Business Continuity Management System (BCMS). It establishes the process, principles and terminology of BCM, providing a basis for understanding, developing and implementing business continuity within an organisation and to provide confidence in business-to-business and business-to-supplier dealings.

BCM is defined in BS ISO 22301:2012 as 'a holistic management process that identifies potential threats to an organisation and the impacts to operations that those threats, if realised, might cause, and which provides a framework for building organizational resilience with the capability for an effective response that safeguards the interests of its key stakeholders, reputation, brand and value creating activities.’

2.4 Monitoring / Feedback

The Business Continuity Programme Board and the Business Continuity Co-ordinator have specific roles in monitoring this process, the details of which can be found below in section 3.1 of this document.

The role of BC Co-ordinator is held by a Planning Officer in the Operational and Contingency Planning Section (OCPS). The monitoring will be ongoing.

Feedback relating to this policy can be made in writing or by e-mail to:

OCPS, Poole Police Station

E-mail: [email protected]

Telephone: 01202 223153

mailto:[email protected]



3 Procedure Section

3.1 Roles and Responsibilities

3.1.1 The Police and Crime Commissioner (PCC) and Chief Constable

The PCC and Chief Constable are accountable to the public and central government for ensuring that the Force consistently follows the principles of good corporate governance and internal control. They will ensure that a BCM framework is in place to ensure the public receive an efficient and effective policing service in the event of an emergency.

3.1.2 Assistant Chief Constable (Operations)

ACC (Ops) is responsible to the Chief Constable for the BCM programme.

3.1.3 Business Continuity Co-ordinator (OCPS)

Business Continuity Co-ordinator (OCPS) is responsible for the development and implementation of the BCM programme, compliance with the Civil Contingencies Act and ensuring that Emergency Planning and information Systems resilience are co-ordinated in conjunction with the BCM strategy. OCPS will also –

Provide specialist advice and guidance in respect of BCM issues including the co-ordination, development, implementation and review of business continuity policies, plans and procedures. The Sharepoint BC site will provide a focal point.

Interpret the requirements of the Civil Contingencies Act 2004 (CCA) and associated guidance to support business areas and to ensure that these are met.

Conduct risk assessments based on current and future threats identified through environmental scanning.

Review and develop the template to enable production of the individual plans to a consistent format and structure.

Encourage a Business Continuity culture through marketing and the provision of awareness sessions and training to appropriate staff.

Liaise with other police forces and external agencies as appropriate in respect of the CCA and in particular with regard to it’s overall effect on Business Continuity.

Audit compliance with business continuity plans, facilitating tests and providing recommendations and other management feedback as appropriate

3.1.4 Operations Board

The Operations Board is responsible for setting and monitoring the strategic direction, and management of the BCM implementation. The board is chaired by the ACC (Ops)



3.1.5 Commanders, Department Managers and Team Leaders

BC plans should be owned by a Supt (or above) (or police staff equivalent). It is the plan owners responsibility to embed Business Continuity Plans (BCPs) into the workplace and ensure exercises are undertaken to develop understanding of the plan and ensure it is fit for purpose.

Commanders, department managers and team leaders are responsible for implementing and supporting the BCM policy, developing and maintaining their own BCPs, ensuring sufficient training is given and running exercises where appropriate.

3.1.6 Police Officers, Police Staff, Extended Police Family, Volunteers and Contractors

Police officers, police staff, extended police family, volunteers and contractors are required to maintain all relevant operational business continuity plans as developed ensuring that change management is reflected in the “living documents” and understand all requirements and responsibilities as detailed in the plans.

3.2 Critical Functions/Activity and Business Impact Analysis

3.2.1 Critical functions/activities defined by National Police Chiefs Council (NPCC) are:

Call Handling

Command and Control

Response Policing

Community Policing

Crime investigation

Major Incident Response

Public Order

Custody

Security and Protection

Health Safety and Welfare of Staff (including training)

Criminal Case Progression and Management

Communications (internal and external) and Media Handling

3.2.2 What are Dorset Police’s Critical Activities?

Dorset Police will adopt those functions/activities as defined by NPCC (see above)

BS ISO 22301:2012 defines Critical Activity as:- “those activities whose loss, as identified during the Business Impact Assessment, would have the greatest impact in the shortest time and which need to be recovered most rapidly may be



termed ‘critical activities’”. Whether an activity is “critical” will be established by conducting a Business Impact Assessment (BIA).

3.2.3 Business Impact Assessment (BIA) and Business Continuity Plan (BCP)

All areas of police business will conduct a Business Impact Assessment (BIA) and subsequently develop a Business Continuity Plan (BCP). This is achieved by each Command Area/Department:

Identifying all its activities.

Categorising these activities in terms of criticality

Developing and maintaining plans for the purposes of ensuring, so far as reasonably practicable, that the Force is able to continue to exercise its functions in the event of an emergency or disruption.

3.3 Business Continuity Plans (BCPs)

3.3.1 “Peel” Template1

In order to conduct a BIA and develop a BCP, the “Peel” template found at Appendix A will be used. Correct completion of this template amount to a BIA and forms the basis of a BCP. The Peel template includes a standardised process by which each activity’s criticality can be measured. Furthermore, this template is designed to facilitate an ongoing programme of review, development and recording of exercises. It enables compliance with current good practice, guidance and legislation.

3.3.2 Generic and Specific Plans

A generic plan is a core plan which provides a response to a wide range of possible scenarios and disruptions. These generic plans can form part of specific plans for dealing with particular risks, sites or services.

3.4 Training, Writing, Testing and Maintenance of BCPs

3.4.1 Maintenance

The Force Operational and Contingency Planning Section (OCPS) is responsible for the policy, guidance and the Force BCP template and will review and update it on an annual basis. Command areas and departments are responsible for the writing, training and exercising of their own plans and any changes to these plans must be notified to the OCPS. Distribution of the completed plans will be by intranet only and classified as restricted.

3.4.2 Exercising and Maintaining of Department Plans

All plans will be exercised annually followed by a de-brief. (Real incidents amount to an exercise and may obviate the need to conduct an exercise). OCPS will be informed prior to any planned exercise in order to assist and monitor where necessary. All learning points raised during debriefs relevant to other departments will be published on SharePoint and it is the manager’s

1 Template based upon that devised by George Cooper of Northamptonshire Police / Vista Training.



responsibility to update their plans if the learning points are relevant to their department. All plans will be reviewed annually by the plan owner unless due to their role it is required to be reviewed six monthly.

3.4.3 Debriefing

After any plan invocation, whether local or Force level, a debrief will be held. The manager responsible for the invocation will be responsible for arranging a debrief. A ‘hot debrief’ may occur during and will occur immediately after normality has been returned. A formal structured debrief will be held where the invocation has Force wide / national implications

3.5 Locations for keeping BCPs

3.5.1 Storage

Plans will be kept in the following locations

Hardcopy:

Appropriate locally arranged sites, available to those who will need access (individual plans only)

Force Command Centre

Electronically:

SharePoint BC site

W-drive under the folder “BusinessContinuityPlans” (W:\BusinessContinuityPlans)

Local Police station drives, (precise addresses advised by IS)

3.6 Emergencies and Disruptions

3.6.1 Invocation

Invocation will proceed in accordance with the flow chart found within the Peel Template (appendix A)

3.6.2 Initial Response Phase

If there is a significant risk to the continuance of critical and essential police functions, the Gold, Silver and Bronze command structure will be invoked.

Gold should consider assigning a Silver commander dedicated to Business Continuity. This would be in addition to the Silver commander dealing with the incident giving rise to the disruption.

Gold should also consider invocation of the Business Continuity Team (BCT), reporting to the dedicated BC Silver.



3.6.3 Business Continuity Team (BCT)

The BCT will comprise representatives of each affected department who are familiar with the daily functions of the respective area of business. This would ideally be a supervisor in the team and the BCP writer or manager. Using their BCPs, members of the BCT will be able to quickly identify the critical activities affected by the emergency or disruption and the contingencies in place.

3.6.4 The BCT’s overall responsibilities are:

Evaluating the extent of the situation and the potential consequences.

Providing the Force with reports of the scale / impact on normal service of the incident.

Logging the decisions made.

Authorising recovery procedures in order to maintain its strategic critical functions.

Liaising with users and stakeholders.

Disseminating information through the media

Ordering and acquiring new or replacement equipment.

Maintaining financial information i.e. costs incurred.

Organising the return to normality (or new normality) after the incident response phase has concluded.

3.6.5 Command and Control

The invocation of a BCP is likely to run in tandem with a major incident. The Incident Commander and the Business Continuity Manager must agree their respective roles and responsibilities. These will depend upon the nature of the incident. The agreed responsibilities should be appropriately communicated to the force, (e.g. Intranet) to ensure all staff are aware of the individuals involved in the various processes.

3.6.6 Recording of Information/Decision Logs

For the purposes of debrief, inquiry or legal proceedings all teams should ensure:

Their decision/actions are recorded / logged.

Where mobile phones are used and not recorded, the content of the conversations should be recorded where possible or use alternative means of communication i.e. airwave point to point.

The completed forms and any original documentation should be kept securely.



3.7 Recovery

3.7.1 Recovery

It is important in the planning stage and during the invocation process to identify the implications for the departments, following the rectification of the problem that led to the invocation of the plan. Part of this will include –

Identifying that all the department’s systems are fully functioning again

Communicating the restoration to stakeholders / agencies,

Identifying the potential for corrupted data in the dept’s processes as a result of the incident and the process for overcoming this

Inputting the backlog of information that has been recorded on paper during any outage.

Identifying the financial implications on the department(s)

Taking part in relevant debriefing processes to identify any learning points and update the plans

3.8 General Issues

3.8.1 Finance

Auditable records of all additional expenses incurred during the incident or recovery phase will be kept.

3.8.2 Welfare, Health and Safety, Crisis Care Management, Staff Associations

Managers should carefully monitor staff for signs of stress and arrange periods of rest and counselling if necessary. An incident of this magnitude is likely to put increased demands on staff involved or who are asked to work long hours in difficult conditions with the resulting disruption to their personal routines. Similarly regard must be had for the working hours of commanders, whose decision making capability cannot be seen to be compromised by fatigue. Close liaison must be maintained with the force Welfare Support Dept concerning the additional psychological support that may be required by those involved. Staff associations and UNISON should be kept informed.

3.8.3 Health and Safety

Care should be taken to manage any additional risks created by staff performing roles they do not normally do during the incident or its aftermath.

3.8.4 Special Constabulary

Departments who have special constabulary officers who are also police staff are requested to release them where possible to support the force in the critical functions unless they are already performing such a role.



4 Consultation and Authorisation

4.1 Consultation

4.2 Authorisation of this version

Version No: 2.5 Name Signature Date

Prepared: T Taylor-Habgood (8880) 14/04/16

Quality assured:

Authorised: ACC Lewis 18/4/16

Approved:

5 Version Control

5.1 Review

Date of next scheduled review Date: 17 May 2017

5.2 Version History

Version No: Name Signature Date

Police & Crime Commissioner

Police Federation

Superintendents Association

UNISON

Other Relevant Partners (if applicable)

Version Date Reason for Change Created / Amended by

1.0 Initial Document Mr G Brazier

2.0 1/6/11 Review of policy and implementation of new template

Sgt 713 R Niemier

2.1 16/9/13 Interim Review. Review and update of policy due to change in standard from BS 25999 to BS ISO 22301:2012

T Taylor-Habgood (8880)

2.2 17/03/14 Review of policy and minor template change within Invocation of Plan including new diagram




5.3 Related Forms

Force Ref. No. Title / Name Version No.

Review Date

5.4 Document History

Present Portfolio Holder ACC Lewis

Present Document Owner Tanya Taylor-Habgood 8880

Present Owning Department OCPS

Details only required for version 1.0 and any major amendment ie 2.0 or 3.0:

Name of Board: Operational Commanders Board

Date Approved: 18.11.11

Chief Officer Approving: ACC Glanville chair of Operations Board

Template version January

2013

2.3 04/03/15 Review of policy. No changes required.


2.4 09/03/15 The policy has been reviewed in preparation for NICHE (RMS) implementation (April 2015) no changes necessary

Policy Co-ordinator (6362)

2.5 14/04/16 Review of Policy. Changed ACPO reference to NPCC


Dorset Police - Business Continuity Management Template

Critical Functions

1. Call Handling 2. Command & Control 3. Response Policing 4. Community Policing 5. Criminal Investigation 6. Major Incident Response 7. Public Order

8. Custody 9. Security & Protection 10. Health, Safety & Welfare of Staff 11. Criminal Case Progression &

Mgmt 12. Communication & Media

Handling

Plan details

Area

Department

Plan Owner

Plan Manager

Plan Writer

Version No.

Version Date

Plan review details

Date of next review

Version Control

Version Date Author Reason for change

The document signatory is responsible for informing all staff of its content, exercising this plan to confirm that it is still fit for purpose and maintaining it in relation to contact details. Records of where business continuity has been embedded into the department will be required during an audit process including minutes of meetings and the risk management process. It is expected the plan will be discussed at management meetings on a regular basis. The BC co-ordinator shall be informed of any invocation and lessons identified, planned exercises and any BC risks that may become organisational issues. OCPS reserves the right to exercise the plan without warning.

Signature

Plan Owner

Date

Based on Template designed by George Cooper of VistaTraining



Contents Section 1 page 2 Introduction Section 2 page 3 Invocation Procedure and Risk Assessment Criteria Section 3 page 5 Activity Summary (including any contingency arrangements) Section 4 page 6 Resource Summary

Section 4.1 page 6 People

Section 4.2 page 7 Equipment / Facilities

Section 4.3 page 8 Documentation

Section 4.4 page 9 Suppliers Section 5 page 10 Further Action Section 6 page 11 Recovery Plan Appendix 1 page 12 Contact Details Appendix 2 page 13 Example Incident Log

Section 1 - Introduction

Department role

Please provide a brief description of what the department does:

Staff resources day to day

Police Officers Police Staff

Chief Inspector & above Managers

Inspector Staff

Sergeant PCSO

Constable

Department core hours

24hour Mon-Fri 0830-1700 Other

If other, please give details



Section 2 - Invocation

Invocation of plan

The plan will be implemented in accordance with the Force Overarching Business Continuity Guide.

The level of invocation will be determined by assessing the potential impact of the incident using the criteria defined in the Risk Assessment as described in the following diagram.

Who is responsible for invoking the plan, and who should be consulted?

Where the expected impact of the disruption is likely to fall into category 1 or 2 invocation of the plan and management of the incident will be the responsibility of **(insert title of senior departmental manager)** or in their absence **(insert title of deputy manager)**. If no departmental manager is available the Force Incident Commander (FIC) will be informed.

If the expected impact is likely to fall into category 3 the FIC will be informed who will be responsible for the invocation of the plan and management of the incident, referring upwards and / or invoking a separate command structure as appropriate.

What procedure is required to invoke the plan?

Once the plan is invoked the staff that work in the area affected will be contacted, if not already aware, and asked to either remain on standby and be contactable by mobile phone or other means, or to report to an identified place.

The managers of the department will have the current contact details of the staff with them as point of reference in case of IT failure.

The manager of the department should also ensure that, where appropriate, any key stakeholders, as listed in section 3, are informed of the incident in order to minimise any impact on them.



Risk Assessment

Category Potential or real impact assessment Consequence of Non Delivery

Insignificant (1)

No impact on the performance of any department Minor internal disruption to the department No specialist personnel issues Activity recovered within 30 days

Insignificant

Useful (2)

No impact on the organisation’s service delivery Minor impact on the performance of the department Minor specialist personnel issues, but easily resolved Activity to be recovered within 14 days Potential for complaints from individuals

Minor

Significant (3)

Potential limited impact on the organisation’s service delivery

Internal performance disruption on one or more departments; department may require assistance from one another

Activity must be fully recovered within 2-3 days Potential financial loss in excess of £50,000 Potential for adverse local publicity in an ongoing

nature or effecting local opinion Potential for significant injuries or ill health

Moderate

Essential (4)

Significant impact on the organisation’s service delivery in one or more areas

Significant impact on the performance of several departments

Activity would require in force mutual aid assistance Full recovery must occur within 12 hours Potential loss in up to £2 million Potential for adverse national publicity or local

publicity on a persistence nature affecting the local community

Potential for fatality or serious injury to an individual Potential for major claims which would be outside the

insurance cover

Significant

Critical (5)

Major impact on the organisation’s service delivery in one or more areas

Inability to effectively integrate with other key stakeholders

Inability to meet critical service level demands Activity would rely on external mutual aid Major specialist personnel issues – no resources/no

resilience Recovery must occur within 1 hour Potential loss in excess of £2 million Will attract adverse national publicity or local publicity

on a persistence nature affecting the local community Potential for fatality of one or more or serious injury

to several people Potential for major claims which would be outside the

insurance cover

Catastrophic

Location Codes

A copy of the most recent Property List and Location Codes as maintained by Dorset Police Estates and Building Services can be found on the Business Continuity Management SharePoint site under Documents. A hard copy of this list should be printed and retained with BCP at each BCP review.

Section 3 – Activity Summary

Activ

ity N

o

Ris

k

Cate

go

ry 1

Activity 2

Critic

al

fun

ctio

ns

it su

pp

orts

3

5.4

.1.1

.1.1

.1 RTO 4

Does the activity depend on, or influence the activities of other departments within the force or external agencies?

If YES, list the departments 5

Contingency Arrangements 6

(To cover people, facilities, systems, suppliers, or any other arrangements)

1

2

3

4

5

6

7

8

9

10

11

12

1 all activities should be risk assessed using the criteria in Section

2 list activities with highest scorings first in descending order

3 Any activity directly supporting a critical function should be scored 5

4 Recovery Time Objectives (RTO) should indicate the priority/timescale to restore a process to minimum service levels (for category 3, 4 or 5 activities only – the remainder can be left blank).

5 the Risk Assessment should take into consideration the effect on any interlinked departments or outside agencies

6 contingency arrangements should include any actions that can be implemented locally - i.e. relocation to other premises, transfer of work to other department, manual workarounds - whether agreed or identified as the potential for good practice.



Section 4 - Resources required for each activity with Risk Category 3, 4 or 5

4.1 People

Activ

ity N

o

Minimum number of staff required to

start/maintain activity and rank if necessary Specialist skills/

training required by staff

Can staff from outside the department support this activity and if yes, where from

SPOF1

Police Officers

Police Staff Dept / Organisation

1 are any of these people regarded as a Single Points of Failure (SPOF)



4.2 Equipment

Activ

ity N

o

Lo

catio

n C

od

e (s

) 2

Standard Equipment3 Specialist Equipment

4

IT Software5

Vehicles required6 SPOF

1

1 is any of this equipment regarded as a Single Points of Failure (SPOF)

2 location codes are listed in Section 2

3 identify number of workstations, phones, faxes, desktop or laptop computers, printers and any other standard IT hardware required

4 identify any specialist equipment required i.e. scanner, A3 printer etc

5 identify any software required over and above Generic Force Systems (Microsoft Word and Excel, e-mail, Forcenet, H drive and W drive)

6 identify liveried or unmarked and any specialist vehicle required





4.3 Activity Documentation

Activ

ity N

o

Essential Documents/Records2 Where are these stored?

3 How are they accessed?

SPOF1

1 is any of this documentation regarded as a Single Points of Failure (SPOF)

2 technical manuals, emergency plans etc

3 identify locations of physical documentation/records and locations on Force IT systems



4.4 Supplier Details

Activ

ity N

o

Supplier Services Provided Essential Supplier

Documents/Records2

Where are these stored? 3

SPOF1

1 are any of these suppliers regarded as Single Points of Failure (SPOF)

2 technical manuals, emergency plans, maintenance contracts etc

3 identify locations of physical documentation/records and locations on Force IT systems

Section 5 - Further Actions

Actions arising as a result of any of the above

Activity No

Action Owner Timescale

Have any Single Points of Failure (SPOF) been identified?

Activity No

What is the nature of the SPOF?

Logged on Departmental Risk Register?

Logged on Force Risk Register?

Date to be reviewed?

Exercises

List any exercising of the plan with appropriate debrief information. This information should also be added to the Testing & Exercising page which can be found on the Business Continuity Management site on SharePoint

Date Exercise Description Debrief Information

Any other information that will assist in the implementation of this plan



Section 6 – Recovery Plan for all activities identified Identify and develop a plan for dealing with any additional work that may be required once the cause of the invocation of the plan has been rectified in order to minimise any adverse effect on the restoration of day-to-day operations.

Areas for consideration might include: -

Inputting paper based information created as a result of the loss of I.T.

Testing of systems to ensure that they are functioning normally

Verifying information held on systems to identify any lost or corrupted data.

Correction of any errors discovered

Prioritised clearance of any backlogs of work that was suspended during the incident

Notification of dependent departments, external agencies, suppliers etc.



Appendix 1 - Key Contacts

Single Point of Contact

These details are required in case of Forcewide IT failure and must be staffed during the normal working hours of the department.

Extension No. or full mobile phone number and

mobex Fax No.

Department Airwave No. (if applicable)

Key Departmental Contacts

Name Title Telephone No. /

Extension Mobile Mobex Airwave

Other Key Contacts

This should include any stakeholders, dependent departments or suppliers identified in Section 3.

Name Stakeholder /

Supplier Telephone No. Mobile Mobex Airwave

Appendix 2 – Incident Log

Department: Date:

Item No

Time Details of Issue Action Taken / Decision Made Signature