Upload
others
View
65
Download
0
Embed Size (px)
Citation preview
Financial Services Authority
Business ContinuityManagement Practice Guide
November 2006
Business Continuity Management Practice Guide
Introduction 1
How to use the Guide 2
How the FSA will use the Guide 4
Table of contents 5
A. Corporate Continuity 6
B. Corporate Crisis Management 13
C. Corporate Systems 18
D. Corporate Facilities 26
E. Corporate People 29
Contents
© The Financial Services Authority 2006
Business ContinuityManagement Practice Guide
1
Introduction Background
During 2005, the Tripartite Authorities (FSA, Bank of England and HMTreasury) carried out the Resilience Benchmarking Project1. The project wasdesigned to assess the resilience and recovery capability of the UK financialservices sector in the event of major operational disruption such as a terroristattack or natural disaster. We define major operational disruption as an incidenthaving widespeard impact on more than one organisation, that has a severeimpact on firms, and that requires the implementation of special arrangementsfor continued operations of critical business functions.
The project provided us with a valuable insight into the overall businesscontinuity preparedness of more than 60 firms that took part in theBenchmarking exercise, answering more than 1,000 questions on theirbusiness continuity arrangements. With their agreement we have producedthis Business Continuity Management Practice Guide in the spirit of sharinglessons learned from the project so that firms that did not participate can alsobenefit from it. The Guide is based on real examples of standard and leadingpractices we observed in the firms that participated. It reflects the collectivebusiness continuity planning and crisis management expertise of the UK’smost significant firms and financial infrastructure providers.
Purpose
The Business Continuity Management Practice Guide is not general guidancefrom the Tripartite Authorities, nor is it guidance on FSA rules. Rather, it aimsto help regulated firms in their business continuity planning by identifying and
1 For more information see www.fsc.gov.uk/upload/public/Files/9/Web%20-%20Res%20Bench%20Report%2020051214.pdf.
sharing examples of business continuity practice observed in firms thatparticipated in the benchmarking exercise. We hope that these observationsmay be useful for firms when reviewing their own business continuity andcrisis management arrangements. Firms should not view the Guide as adefinitive checklist of steps to take, but rather as a flexible tool to stimulatetheir thinking and provide a framework for the development of their ownplans. Above all else, firms should continue to be mindful of their individualcircumstances and risk profiles when considering what may – or may not – beappropriate for their business.
Examples of observed practice are grouped by topic and organised by themeinto modules:
Corporate Continuity
Corporate Crisis Management
Corporate Systems
Corporate Facilities
Corporate People
The modules capture the various components of business continuity planningand testing and provide a framework for building resilience and recoverycapability. By defining clearly elements of processes like risk identification orcrisis team activation, the Guide may help firms improve their businesscontinuity planning.
How to use the GuideObserved standard practice – observed leading practice
Two levels of observed practice are identified within the Guide:
• Observed standard practice generally reflects the practicesadopted by most of the 60 benchmarking participants.
• Observed leading practice generally reflects the practicesadopted by the highest scoring 20% of the 60 benchmarkingparticipants, and tends to denote more robust or sophisticatedpractices.
In a handful of cases we exercised discretion and included examples of observedstandard practice which did not meet the above criteria, but which we consideredhelpful or important to include nonetheless. These instances represent fewer than7% of all of the examples of sound practice contained in this Guide.
2
Risk based approach
This Guide is not intended to be a comprehensive list of all the businesscontinuity practices relevant to a financial firm. Therefore, the FSA does notexpect firms to take a tick-box approach to using the Guide. Instead, firms areencouraged to take a pragmatic and sensible view of which aspects of theGuide are most useful and relevant for them. For example, firms may wish to:
• ‘Mix and match’ across observed standard and leadingpractices as they see fit, adapting their plans to reflect theirindividual risk profile and the complexity of their activities.
• Exercise common sense when deciding which aspects of theGuide are most relevant to them. For instance, variousexamples of observed leading practice may be more relevant tovery large firms or firms with very large exposure to specificmarkets, whereas smaller or less complex firms may notnecessarily need to have such sophisticated plans.
• Adopt more sophisticated arrangements than the examplesprovided as observed leading practice.
Differentiating between observed standard practice and observed leading practice
• Observed standard practice sets out the general practiceobserved in each area. The corresponding observed leadingpractice either supplements or completely replaces the observedstandard practice. For an example of where observed leadingpractice replaces observed standard practice, refer to Module ASection 3.3.1.
• Where observed standard and leading practice appear to bevery similar, the key differences are shown in italics. For anexample of this, refer to Module A Section 3.3.3.
• In some cases we have set out observed standard practice only.This is because we have either not observed a higher standard,or because only a very small number of benchmarkingparticipants met a higher standard. For an example of this,refer to Module A Section 3.2.2.
• In other cases, we have set out observed leading practice only.This is because there were insufficient responses to justify itsinclusion as standard practice; however, we considered it
3
sufficiently important to merit inclusion as a positive exampleof good business continuity practice. Consequently, theseexamples have been included as observed leading practice, withno corresponding standard example. For an example of this,please refer to Module A Section 2.2.1.
How the FSA will use the Guide The Guide does not form part of the FSA’s formal rules and guidance. So, justas we would expect firms to exercise their common sense and judgementregarding which aspects of the Guide are likely to be most relevant to them,supervisors will be similarly pragmatic. We anticipate that the Guide willprovide a useful basis around which firms and their supervisors can structuretheir discussions on business continuity planning, while bearing in mind thatindividual firms’ arrangements should be proportionate to the nature andscale of their business and appropriate to their individual risk profile.
4
A. C
orpo
rate
Con
tinu
ity
A.1
Busi
ness
con
tinu
ity
plan
ning
A.1.
1Ri
sk a
sses
smen
tA.
1.2
BCP
stra
tegy
A.2
BCP
desi
gnA.
2.1
Crit
ical
sup
plie
rsA.
2.2
Resp
ondi
ng t
ore
ques
ts f
or B
CPin
form
atio
n from
thi
rdpa
rty
orga
nisa
tion
sA.
2.3
Outs
ourc
ing
cont
ract
prov
ider
sA.
2.4
Crit
ical
pap
er a
sset
s
A.3
Reso
urce
sA.
3.1
BCP
team
A.
3.2
Staf
f an
d BC
PA.
3.3
Third
par
ties
and
BCP
A.4
Plan
revi
ewA.
4.1
BCP
audi
tA.
4.2
BCP
chan
ges
A.4.
3Te
stin
gA.
4.4
Docu
men
tati
onA.
4.5
Reco
very
ser
vice
prov
ider
s
A.5
Reco
very
tim
es fo
rcr
itic
al fu
ncti
ons
A.5.
1Tr
ade
clea
ring
A.5.
2Se
ttle
men
tA.
5.3
Who
lesa
le p
aym
ents
B. C
orpo
rate
Cri
sis
Man
agem
ent
B.1
Cult
ure
B.1.
1St
rate
gyB.
1.2
Audi
t an
d re
view
B.1.
3Ac
cess
ibili
tyB.
1.4
Seni
or m
anag
emen
t
B.2
Team
B.2.
1Cr
isis
m
anag
emen
t te
amB.
2.2
Team
act
ivat
ion
B.2.
3Te
am a
ttri
bute
sB.
2.4
Team
sup
port
B.2.
5Fa
cilit
ies
B.3
Com
mun
icat
ions
B.3.
1Co
mm
unic
atio
nst
rate
gyB.
3.2
Inte
rnal
and
ext
erna
lco
mm
unic
atio
ns
C. C
orpo
rate
Sys
tem
s
C.1
Info
rmat
ion
Tech
nolo
gy (
IT)
C.1.
1Id
enti
ficat
ion
of r
isks
C.1.
2Id
enti
ficat
ion
of
crit
ical
IT
C.1.
3Re
cove
ryC.
1.4
Prov
ider
sC.
1.5
Netw
ork
resi
lienc
eC.
1.6
IT r
esili
ence
C.1.
7Da
taC.
1.8
Secu
rity
C.1.
9Si
teC.
1.10
Alte
rnat
e si
teC.
1.11
Revi
ew,
audi
t an
dch
ange
sC.
1.12
Test
ing
C.2
Tele
phon
yC.
2.1
Reco
very
C.2.
2Si
teC.
2.3
Test
ing
D. C
orpo
rate
Fac
iliti
es
D.1
Plan
ning
D.1.
1Pl
anni
ngD.
1.2
Ener
gyD.
1.3
Wat
erD.
1.4
Secu
rity
D.1.
5Ev
acua
tion
D.1.
6Em
erge
ncy
serv
ices
D.1.
7Te
stin
g
E. C
orpo
rate
Peo
ple
E.1
Staf
fE.
1.1
BCP
awar
enes
sE.
1.2
Trai
ning
E.1.
3St
aff
plan
ning
E.1.
4Ke
y st
aff
E.1.
5Ch
ecks
E.1.
6Te
sts
E.2
Cris
is m
anag
emen
tE.
2.1
Cont
acti
ng s
taff
E.2.
2St
aff
wel
fare
Tabl
e of
con
tent
s
5B
usin
ess
Con
tinu
ity
Man
agem
ent
Prac
tice
Gui
de
6B
usin
ess
Con
tinu
ity
Man
agem
ent
Prac
tice
Gui
de
Busi
ness
Con
tinu
ity
Man
agem
ent
Prac
tice
Guid
e
A. C
orpo
rate
Con
tinu
ity
A.1
Busi
ness
Cont
inui
ty
Plan
ning
(BC
P)Ob
serv
ed s
tand
ard
prac
tice
Obse
rved
lea
ding
pra
ctic
e
A.1.
1 Ri
sk a
sses
smen
tA.
1.1.
1
A.1.
1.2
•De
taile
d ris
k as
sess
men
tsar
e ca
rrie
d ou
t an
nual
ly o
rw
hen
ther
e is
a c
hang
e in
nor
mal
ope
rati
ons.
•Al
l im
pact
ass
essm
ents
are
cur
rent
and
hav
e be
enre
view
ed a
nd u
pdat
ed i
n th
e pa
st y
ear.
A.1.
2 BC
P st
rate
gyA.
1.2.
1
A.1.
2.2
A.1.
2.3
A.1.
2.4
A.1.
2.5
A.1.
2.6
A.1.
2.7
•A
BCP
refle
ctin
g id
enti
fied
risk
s ex
ists
for
all
depa
rtm
ents
.•
Plan
s co
nsid
er t
ime
of t
he d
ay,
year
and
oth
erbu
sine
ss c
ycle
s.•
Plan
s ha
ve id
enti
fied
the
impa
ct t
o bu
sine
ss i
n a
disa
ster
for
all
func
tion
s an
d th
ey s
peci
fy t
imes
cale
san
d pr
iori
ties
for
rec
over
ing
thes
e fu
ncti
ons.
•
Plan
s re
flect
the
im
pact
a m
ajor
ope
rati
onal
disr
upti
on w
ould
hav
e on
the
bus
ines
s.•
Plan
ning
con
side
rs t
otal
des
truc
tive
loss
of
the
site
an
d an
y op
erat
iona
l dis
rupt
ion
incl
udin
g so
me
loss
of
sta
ff.
•Pl
ans
are
wri
tten
and
ow
ned
by d
ecen
tral
ised
pla
now
ners
. Al
tern
ativ
ely,
cen
tral
ised
pla
ns a
re w
ritt
en b
yth
e Bu
sine
ss C
onti
nuit
y fu
ncti
on w
ith
depa
rtm
enta
lpl
ans
mai
ntai
ned
by d
ecen
tral
ised
pla
n ow
ners
. •
Web
-bas
ed p
lans
are
acc
essi
ble
anyw
here
but
all
key
staf
f al
so c
arry
qui
ck r
efer
ence
car
ds.
Alte
rnat
ivel
y, a
mix
of
pape
r, re
fere
nce
card
s an
d/or
ele
ctro
nic
and/
or w
eb-b
ased
is
acce
ssib
le a
t al
l tim
es.
As f
or o
bser
ved
stan
dard
pra
ctic
e bu
t:
•Pl
anni
ng c
onsi
ders
wid
e ar
ea d
estr
uctio
n an
d an
yop
erat
iona
l dis
rupt
ion
invo
lvin
g si
gnifi
cant
loss
of
sta
ff.
7B
usin
ess
Con
tinu
ity
Man
agem
ent
Prac
tice
Gui
de
8B
usin
ess
Con
tinu
ity
Man
agem
ent
Prac
tice
Gui
de
A.2
BCP
desi
gnOb
serv
ed s
tand
ard
prac
tice
Obse
rved
lea
ding
pra
ctic
e
A.2.
1 Cr
itic
al s
uppl
iers
A.2.
1.1
•Fi
rm h
as li
aise
d w
ith
crit
ical
sup
plie
rs r
egar
ding
the
irar
rang
emen
ts.
•Cr
itic
al s
uppl
iers
are
inv
olve
d in
tes
ts o
n an
at
leas
tan
nual
bas
is.
A.2.
2Re
spon
ding
to
requ
ests
for
BCP
info
rmat
ion
from
thi
rd p
arty
orga
nisa
tion
s
A.2.
2.1
•Fi
rm s
uppl
ies
evid
ence
of
its
capa
bilit
y an
d te
stin
g.
A.2.
3Ou
tsou
rcin
gco
ntra
ctpr
ovid
ers
A.2.
3.1
•Re
quire
men
ts o
n pr
ovid
ers
are
incl
uded
in
form
alte
rms
in t
he c
ontr
act.
•Re
quire
men
ts o
n pr
ovid
ers,
incl
udin
g pa
rtic
ipat
ion
or a
uditin
g of
tes
ts,
are
incl
uded
in
form
al t
erm
s in
the
cont
ract
.
A.2.
4 Cr
itic
al p
aper
asse
ts
A.2.
4.1
A.2.
4.2
A.2.
4.3
A.2.
4.4
A.2.
4.5
•Cr
itic
al p
aper
ass
ets
are
man
aged
thr
ough
sys
tem
atic
clas
sific
atio
n ac
cord
ing
to c
riti
calit
y.•
Crit
ical
pap
er a
sset
s ar
e fi
led
on a
man
aged
bas
is a
ndpu
t in
fire
proo
f ca
bine
ts t
o av
oid
dest
ruct
ion.
•Re
plic
ated
pap
er r
ecor
ds c
an b
e ac
cess
ed w
ithi
n on
ew
orki
ng d
ay o
f an
inc
iden
t.•
Scan
ned
data
for
cri
tica
l fun
ctio
ns c
an b
e re
cove
red
and
used
at
reco
very
sit
e im
med
iate
ly.
As f
or o
bser
ved
stan
dard
pra
ctic
e bu
t:•
Crit
ical
pap
er a
sset
s ar
e m
anag
ed w
ith
a cl
assi
ficat
ion
sche
me
that
incl
udes
impa
ct o
r cr
itica
lity.
•Cr
itic
al p
aper
doc
umen
tatio
n is
rep
licat
ed o
n a
man
aged
bas
is w
ithi
n on
e w
eek
of c
reat
ion
or c
hang
e.
•Sc
anne
d da
ta c
an b
e re
cove
red
and
used
at
reco
very
site
im
med
iate
ly f
or a
ll da
ta.
9B
usin
ess
Con
tinu
ity
Man
agem
ent
Prac
tice
Gui
de
A.3
Reso
urce
sOb
serv
ed s
tand
ard
prac
tice
Obse
rved
lea
ding
pra
ctic
e
A.3.
1 BC
P te
amA.
3.1.
1
A.3.
1.2
•M
ost
team
mem
bers
are
com
pete
nt i
n al
l dis
cipl
ines
or a
reas
def
ined
by
the
Busi
ness
Con
tinu
ity
Inst
itut
e.
•Te
am m
embe
rs u
nder
stan
d cr
itic
al f
unct
ions
and
are
able
to
repr
esen
t m
ost
of t
heir
con
tinu
ity
inte
rest
s.
As f
or o
bser
ved
stan
dard
pra
ctic
e bu
t:•
All t
eam
mem
bers
are
com
pete
nt i
n al
l dis
cipl
ines
or
area
s de
fine
d by
the
Bus
ines
s Co
ntin
uity
Ins
titu
te.
•Te
am m
embe
rs f
ully
unde
rsta
nd c
riti
cal f
unct
ions
and
are
able
to
conv
erse
flu
ently
wit
h sp
ecia
lists
inea
ch c
ritic
al a
rea.
A.3.
2 St
aff
and
BCP
A.3.
2.1
A.3.
2.2
A.3.
2.3
A.3.
2.4
•If
the
re i
s a
Trad
e Un
ion
pres
ence
in
the
orga
nisa
tion
, it
was
con
sult
ed o
n BC
P.
As f
or o
bser
ved
stan
dard
pra
ctic
e bu
t:•
Mor
e th
an 2
0% o
f U
K st
aff
have
bus
ines
s co
ntin
uity
as p
art
of t
heir
obj
ecti
ves.
•If
the
pla
n’s
activa
tion
is e
xpec
ted
to re
sult
inad
ditio
nal w
orkl
oad,
the
nee
d an
d de
ploy
men
t of
tem
pora
ry o
r co
ntra
ct s
taff h
as b
een
plan
ned
in d
etai
l.•
Plan
s m
ake
prov
isio
n fo
r tr
ansp
orta
tion
of
staf
fun
der
cert
ain
disr
upti
on c
ondi
tion
s.
A.3.
3 Th
ird p
arties
and
BCP
A.3.
3.1
A.3.
3.2
A.3.
3.3
•Pl
ans
refle
ct c
onsu
ltat
ion
of lo
cal e
mer
genc
y se
rvic
es’
resp
onse
pla
ns a
nd i
nclu
de r
efer
ence
mat
eria
ls.
•Pl
ans
take
int
o ac
coun
t pr
ovis
ions
of
the
Civi
lCo
ntin
genc
ies
Act.
•In
sura
nce
polic
y de
tails
are
inc
lude
d in
the
pla
ns.
•Lo
cal a
utho
rity
em
erge
ncy
plan
s an
d em
erge
ncy
serv
ices
’ res
pons
e pl
ans
are
refle
cted
in
the
plan
.
•In
sura
nce
deta
ils a
nd p
roce
dure
s ag
reed
with
insu
rers
are
incl
uded
in
the
plan
s.
10B
usin
ess
Con
tinu
ity
Man
agem
ent
Prac
tice
Gui
de
A.4
Plan
rev
iew
Obse
rved
sta
ndar
d pr
acti
ceOb
serv
ed l
eadi
ng p
ract
ice
A.4.
1 BC
P au
dit
A.4.
1.1
A.4.
1.2
A.4.
1.3
•Pl
ans
are
subj
ect
to i
nter
nal a
nd e
xter
nal a
udit
.
•Bu
sine
ss c
onti
nuit
y pl
anni
ng a
ppea
rs o
n Bo
ard’
sag
enda
at
leas
t tw
ice
each
yea
r.•
Busi
ness
con
tinu
ity
plan
ning
app
ears
on
Risk
and
Audi
t co
mm
itte
es’ a
gend
as a
t le
ast
ever
y qu
arte
r.
As f
or o
bser
ved
stan
dard
pra
ctic
e bu
t:•
Ther
e is
a c
lear
, do
cum
ente
d an
d ap
prov
ed a
udit
cycl
e co
veri
ng a
ll lo
cati
ons
and
func
tion
s.•
Busi
ness
con
tinu
ity
plan
ning
app
ears
on
Boar
d’s
agen
da a
t le
ast
ever
y qu
arte
r.
A.4.
2 BC
P ch
ange
sA.
4.2.
1
A.4.
2.2
•Bu
sine
ss c
onti
nuit
y is
alw
ays
cons
ider
ed a
s pa
rt o
f a
form
al c
hang
e co
ntro
l pro
cess
ens
urin
g al
l rel
evan
tco
mpo
nent
s ar
e re
view
ed b
efor
e ch
ange
tak
es p
lace
.•
Busi
ness
con
tinu
ity
docu
men
ts a
re u
pdat
ed w
hen
ate
st i
s co
mpl
eted
or
whe
n a
maj
or c
hang
e oc
curs
.
As f
or o
bser
ved
stan
dard
pra
ctic
e bu
t:
•De
taile
d ri
sk a
nd i
mpa
ct a
sses
smen
ts a
nd p
lan
upda
tes
are
carr
ied
out
to b
uild
bus
ines
s co
ntin
uity
into
a c
hang
e in
man
agem
ent
proc
esse
s.
A.4.
3 Te
stin
gA.
4.3.
1
A.4.
3.2
A.4.
3.3
A.4.
3.4
A.4.
3.5
A.4.
3.6
•At
leas
t 75
% o
f al
l bus
ines
s fu
ncti
ons
have
bee
nte
sted
in
the
last
tw
o ye
ars.
•
Test
s in
volv
e in
tegr
ated
sim
ulat
ion,
inv
olvi
ng I
T,fa
cilit
y an
d cr
itic
al s
taff
rec
over
y us
ing
alte
rnat
efa
cilit
ies.
•Ou
t-of
-hou
rs t
elep
hone
con
tact
tes
ts a
re c
ondu
cted
at le
ast
once
per
yea
r. •
Repr
esen
tati
ves
from
all
area
s an
d at
all
leve
ls,
incl
udin
g se
nior
man
agem
ent,
are
inv
olve
d in
tes
ts.
•Ne
ighb
ouri
ng b
usin
esse
s an
d em
erge
ncy
serv
ices
are
cons
ulte
d ab
out
test
ing.
•
The
test
ing
sche
dule
is
curr
ent
and
publ
ishe
d w
ithi
nth
e or
gani
sati
on.
As f
or o
bser
ved
stan
dard
pra
ctic
e bu
t:
•Ou
t-of
-hou
rs t
elep
hone
con
tact
tes
ts a
re c
ondu
cted
at le
ast
once
eve
ry s
ix m
onth
s.•
All s
taff
are
inv
olve
d in
tes
ts.
•Ne
ighb
ouri
ng b
usin
esse
s an
d em
erge
ncy
serv
ices
are
invo
lved
in
som
e te
sts.
11B
usin
ess
Con
tinu
ity
Man
agem
ent
Prac
tice
Gui
de
A.4.
4 Do
cum
enta
tion
A.4.
4.1
A.4.
4.2
•Pr
e-te
st d
ocum
enta
tion
is
avai
labl
e be
fore
tes
ting
. •
Afte
r th
e te
st,
repo
rts
are
all c
ompl
eted
wit
h cl
ear
acti
ons
and
owne
rs.
A.4.
5 Re
cove
ry s
ervi
cepr
ovid
ers
A.4.
5.1
•If
rec
over
y se
rvic
e pr
ovid
ers
are
used
, th
eir
capa
city
to c
ope
wit
h m
ulti
ple
conc
urre
nt u
sage
ha
s be
en t
este
d.
12B
usin
ess
Con
tinu
ity
Man
agem
ent
Prac
tice
Gui
de
A.5
Reco
very
tim
es f
or c
riti
cal
func
tion
sOb
serv
ed s
tand
ard
prac
tice
Obse
rved
lea
ding
pra
ctic
e
A.5.
1 W
hole
sale
paym
ents
The
firm
avo
ids
ente
ring
int
o ne
w b
usin
ess
unle
ss i
t is
conf
iden
t it
can
mee
t it
s ob
ligat
ions
as
they
fal
l due
.Fr
om t
he p
oint
of
invo
cati
on a
ll m
ater
ial p
endi
ngtr
ansa
ctio
ns f
allin
g du
e th
at d
ay a
re s
ettl
ed b
y cl
ose
of b
usin
ess.
On t
he n
ext
wor
king
day
the
fol
low
ing
tran
sact
ions
are
sett
led
by c
lose
of
busi
ness
:•
Any
outs
tand
ing
tran
sact
ions
fal
ling
due
the
prev
ious
day
tha
t ha
ve b
een
rolle
d ov
er;
•Al
l tra
nsac
tion
s fa
lling
due
tha
t da
y.
A.5.
2 Tr
ade
clea
ring
The
firm
avo
ids
ente
ring
int
o ne
w b
usin
ess
unle
ss i
t is
conf
iden
t it
can
mee
t it
s ob
ligat
ions
as
they
fal
l due
.Fr
om t
he p
oint
of
invo
cati
on a
ll m
ater
ial p
endi
ngtr
ansa
ctio
ns f
allin
g du
e th
at d
ay a
re s
ettl
ed b
y cl
ose
of b
usin
ess.
On t
he n
ext
wor
king
day
the
fol
low
ing
tran
sact
ions
are
sett
led
by c
lose
of
busi
ness
:•
Any
outs
tand
ing
tran
sact
ions
fal
ling
due
the
prev
ious
day
tha
t ha
ve b
een
rolle
d ov
er;
•Al
l tra
nsac
tion
s fa
lling
due
tha
t da
y.
A.5.
3 Se
ttle
men
tTh
e fi
rm a
void
s en
teri
ng i
nto
new
bus
ines
s un
less
it
isco
nfid
ent
it c
an m
eet
its
oblig
atio
ns a
s th
ey f
all d
ue.
From
the
poi
nt o
f in
voca
tion
all
mat
eria
l pen
ding
tran
sact
ions
fal
ling
due
that
day
are
set
tled
by
clos
e of
bus
ines
s.
On t
he n
ext
wor
king
day
the
fol
low
ing
tran
sact
ions
are
sett
led
by c
lose
of
busi
ness
:•
Any
outs
tand
ing
tran
sact
ions
fal
ling
due
the
prev
ious
day
tha
t ha
ve b
een
rolle
d ov
er;
•Al
l tra
nsac
tion
s fa
lling
due
tha
t da
y.
13B
usin
ess
Con
tinu
ity
Man
agem
ent
Prac
tice
Gui
de
Busi
ness
Con
tinu
ity
Man
agem
ent
Prac
tice
Guid
e
B. C
orpo
rate
Cris
is M
anag
emen
t
14B
usin
ess
Con
tinu
ity
Man
agem
ent
Prac
tice
Gui
de
B.1
Cult
ure
Obse
rved
sta
ndar
d pr
acti
ceOb
serv
ed l
eadi
ng p
ract
ice
B.1.
1 St
rate
gyB.
1.1.
1 B.
1.1.
2
B.1.
1.3
•A
deta
iled
curr
ent
cris
is m
anag
emen
t pl
an i
s in
pla
ce.
•Th
e cr
isis
man
agem
ent
plan
con
tain
s in
stru
ctio
ns o
nho
w t
o re
spon
d to
the
issu
e of
cas
ualti
es a
nd f
atal
itie
s.•
The
cris
is m
anag
emen
t st
rate
gy a
llow
s op
erat
ions
to
cont
inue
ind
efin
itel
y, a
llow
ing
for
som
e re
duct
ion
ofth
roug
hput
.
As f
or o
bser
ved
stan
dard
pra
ctic
e bu
t:
•In
stru
ctio
ns o
n re
spon
ding
on
the
issu
e of
cas
ualt
ies
and
fata
litie
s ha
ve b
een
verif
ied
durin
g te
sts.
•
The
cris
is m
anag
emen
t st
rate
gy a
llow
s op
erat
ions
to
cont
inue
ind
efin
itel
y w
ith n
o re
duct
ion
of t
hrou
ghpu
t.
B.1.
2 Au
dit
and
revi
ewB.
1.2.
1 •
Adju
stm
ents
to
the
plan
are
mad
e w
hen
thre
ats
chan
ge s
igni
fican
tly.
•Th
ere
is a
reg
ular
for
mal
rev
iew
and
upd
ate
proc
ess,
irre
spec
tive
of
chan
ges
of t
hrea
ts.
B.1.
3Ac
cess
ibili
tyB.
1.3.
1 •
The
cris
is m
anag
emen
t pl
an i
s ac
cess
ible
in
a m
ix o
fm
edia
inc
ludi
ng:
•pa
per
plan
s;•
elec
tron
ic p
lans
;•
web
-bas
ed p
lans
; an
d•
refe
renc
e ca
rds
whi
ch a
re a
cces
sibl
e at
all
tim
es.
B.1.
4 Se
nior
man
agem
ent
B.1.
4.1
B.1.
4.2
B.1.
4.3
B.1.
4.4
•Th
e ex
ecut
ive
man
agem
ent
team
kno
ws
who
is
in t
hecr
isis
man
agem
ent
team
and
has
app
rove
d th
eir
sele
ctio
n.
•Th
e ex
ecut
ive
man
agem
ent
team
und
erst
ands
the
cris
is m
anag
emen
t te
am’s
rem
it.
They
hav
e ag
reed
to
them
run
ning
the
cri
sis,
app
rove
d th
eir
empo
wer
men
tan
d si
gned
off
the
pla
n.•
The
agre
ed r
oles
of
the
exec
utiv
e or
sen
ior
man
agem
ent
duri
ng a
n in
cide
nt a
re c
onta
ined
in
the
cris
is m
anag
emen
t pl
an a
nd t
hey
have
bee
n si
gned
off
by t
he i
ndiv
idua
ls c
once
rned
.•
If t
he s
enio
r m
anag
emen
t te
am i
s lo
cate
d ov
erse
as,
UK
offic
es a
re a
war
e of
its
pla
n to
man
age
a cr
isis
.
15B
usin
ess
Con
tinu
ity
Man
agem
ent
Prac
tice
Gui
de
B.2
Team
Obse
rved
sta
ndar
d pr
acti
ceOb
serv
ed l
eadi
ng p
ract
ice
B.2.
1 Cr
isis
man
agem
ent
team
B.2.
1.1
B.2.
1.2
B.2.
1.3
B.2.
1.4
B.2.
1.5
B.2.
1.6
B.2.
1.7
•Th
e cr
isis
man
agem
ent
team
is
resp
onsi
ble
for
man
agin
g al
l cri
tica
l int
erna
l and
ext
erna
l iss
ues
tore
solu
tion
.•
The
cris
is m
anag
emen
t te
am h
as a
cle
ar a
nd f
orm
alst
ruct
ure.
•Re
spon
sibi
litie
s an
d al
tern
ates
exi
st f
or a
ll ro
les.
•At
leas
t 70
% o
f cr
isis
man
agem
ent
team
mem
bers
and
depu
ties
hav
e be
en i
nvol
ved
in t
ests
or
inci
dent
sin
the
pas
t 12
mon
ths.
•Th
e co
re c
risi
s m
anag
emen
t te
am m
ay b
esu
pple
men
ted
by p
re-s
elec
ted
and
trai
ned
spec
ialis
tsac
cord
ing
to i
ncid
ent
type
, sc
ale
and
seve
rity
.•
The
cris
is m
anag
emen
t te
am h
as d
emon
stra
ted
capa
bilit
y in
tes
ts.
•Th
e cr
isis
man
agem
ent
team
’s m
embe
rshi
p is
sta
ble,
and
any
nece
ssar
y ch
ange
s ke
pt t
o a
min
imum
.
B.2.
2 Te
am a
ctiv
atio
nB.
2.2.
1
B.2.
2.2
B.2.
2.3
•Th
e cr
isis
man
agem
ent
team
is
invo
ked
follo
win
gce
rtai
n ag
reed
dis
rupt
ive
circ
umst
ance
s.•
The
cris
is m
anag
emen
t te
am c
an b
e ac
tiva
ted
acco
rdin
g to
def
ined
esc
alat
ion
mec
hani
sm.
•Fo
llow
ing
acti
vati
on,
the
team
is
form
ed b
y on
e or
mor
e of
the
se o
ptio
ns a
ccor
ding
to
circ
umst
ance
s:•
conf
eren
ce c
all w
ith
furt
her
asse
mbl
y at
an
agre
ed lo
cati
on (
prim
ary
or s
econ
dary
);•
pre-
defin
ed s
tand
ard
mee
ting
pla
ces
and
tim
es; an
d•
asse
mbl
y at
a p
re-d
efin
ed lo
cati
on o
r se
cond
ary
loca
tion
.
16B
usin
ess
Con
tinu
ity
Man
agem
ent
Prac
tice
Gui
de
B.2.
3 Te
am a
ttrib
utes
B.2.
3.1
B.2.
3.2
•On
ce a
ctiv
ated
, th
e cr
isis
man
agem
ent
team
has
ful
lau
thor
ity
for
all d
ecis
ions
.•
The
cris
is m
anag
emen
t te
am h
as c
lear
spe
ndin
gpo
wer
s du
ring
a c
risi
s (t
heir
use
and
ext
ent
have
been
pre
-app
rove
d).
B.2.
4 Te
am s
uppo
rtB.
2.4.
1 •
The
plan
pro
vide
s fo
r na
med
ind
ivid
uals
to
bese
cond
ed t
o th
e cr
isis
man
agem
ent
team
to
prov
ide
oper
atio
nal s
uppo
rt o
n an
as-
need
ed b
asis
.
•Th
e cr
isis
man
agem
ent
team
is
prov
ided
wit
hpl
anne
d an
d pr
e-id
enti
fied
staf
f du
ring
a c
risi
s to
prov
ide
oper
atio
nal
supp
ort
(e.g
. as
sist
ants
,an
alys
ts a
nd a
udit
ors)
.
B.2.
5 Fa
cilit
ies
B.2.
5.1
B.2.
5.2
B.2.
5.3
•If
the
sit
e is
ina
cces
sibl
e, t
he c
risi
s m
anag
emen
tte
am i
s ac
com
mod
ated
in
a pr
e-pr
epar
ed p
rim
ary
orse
cond
ary
loca
tion
at
leas
t on
kilo
met
re f
rom
the
affe
cted
sit
e.•
If t
he s
ite
can
still
be
used
, th
e cr
isis
man
agem
ent
team
is
acco
mm
odat
ed i
n a
pre-
prep
ared
cri
sis
man
agem
ent
room
or
com
man
d ce
ntre
.•
The
prim
ary
com
man
d ce
ntre
loca
tion
to
supp
ort
the
cris
is m
anag
emen
t te
am i
s fu
lly e
quip
ped
to o
pera
teas
a d
edic
ated
cri
sis
com
man
d ce
ntre
(e.
g. s
tati
oner
y,te
leph
ones
, pr
inte
rs,
PCs,
TVs
, de
sks,
con
fere
ncin
g).
17B
usin
ess
Con
tinu
ity
Man
agem
ent
Prac
tice
Gui
de
B.3
Com
mun
icat
ions
Obse
rved
sta
ndar
d pr
acti
ceOb
serv
ed l
eadi
ng p
ract
ice
B.3.
1 Co
mm
unic
atio
nsst
rate
gyB.
3.1.
1
B.3.
1.2
B.3.
1.3
•Th
e cr
isis
man
agem
ent
com
mun
icat
ion
plan
cov
ers
inte
rnal
and
ext
erna
l com
mun
icat
ions
wit
h st
aff,
pee
ror
gani
sati
ons,
the
med
ia a
nd o
ther
sta
keho
lder
s.
•Th
ere
is a
cle
arly
def
ined
pro
cess
for
dea
ling
wit
h th
em
edia
and
pub
lic r
elat
ions
dur
ing
a cr
isis
and
it
has
been
ver
ifie
d du
ring
tes
ts.
•Th
e cr
isis
man
agem
ent
team
inc
ludi
ng k
eyco
mm
unic
atio
ns s
taff
, an
d ge
nera
l man
agem
ent
are
fam
iliar
wit
h th
e cr
isis
man
agem
ent
com
mun
icat
ions
plan
.
As f
or o
bser
ved
stan
dard
pra
ctic
e bu
t:
•Al
l sta
ffw
ith
spec
ific
req
uire
men
ts p
lace
d on
the
mby
the
pla
n ar
e fa
mili
ar w
ith
the
cris
is m
anag
emen
tco
mm
unic
atio
ns p
lan.
B.3.
2 In
tern
al a
ndex
tern
alco
mm
unic
atio
ns
B.3.
2.1
B.3.
2.2
B.3.
2.3
•Th
e ex
tern
al c
omm
unic
atio
ns o
r pu
blic
rel
atio
ns p
lan
has
been
tes
ted
resp
ondi
ng t
o cr
ises
aff
ecti
ng t
heor
gani
sati
on.
•Te
leph
one
or m
obile
pho
ne c
all c
asca
de o
r au
tom
ated
calli
ng s
yste
ms
are
used
for
com
mun
icat
ing
inst
ruct
ions
and
sta
tus
info
rmat
ion
to s
taff
at
the
star
t of
a c
risi
s.•
Durin
g a
cris
is s
taff
can
con
tact
the
bus
ines
s th
roug
h:•
a te
leph
one
num
ber
that
the
y kn
ow t
hey
can
call;
and/
or•
a w
idel
y pu
blic
ised
24-
hour
man
ned
emer
genc
yco
ntac
t nu
mbe
r.
•De
dica
ted
web
pag
es o
r re
cord
ed m
essa
ge o
r ca
llce
ntre
con
tact
are
use
d fo
r co
mm
unic
atin
gin
stru
ctio
ns a
nd s
tatu
s in
form
atio
n to
sta
ff a
t th
est
art
of a
cri
sis.
18B
usin
ess
Con
tinu
ity
Man
agem
ent
Prac
tice
Gui
de
Busi
ness
Con
tinu
ity
Man
agem
ent
Prac
tice
Guid
e
C. C
orpo
rate
Sys
tem
s
19B
usin
ess
Con
tinu
ity
Man
agem
ent
Prac
tice
Gui
de
C.1
ITOb
serv
ed s
tand
ard
prac
tice
Obse
rved
lea
ding
pra
ctic
e
C.1.
1Id
entific
atio
n of
ris
ks
C.1.
1.1
•Pl
ans
iden
tify
:•
poin
ts o
f co
nsis
tenc
y of
dat
a fo
r re
cove
ry;
•co
nseq
uenc
es o
f al
low
ing
non-
affe
cted
sys
tem
s to
cont
inue
whe
n ot
hers
are
non
-ope
rati
onal
; an
d•
any
uniq
ue c
riti
cal s
yste
m (
and
its
reco
very
is
refle
cted
in
the
plan
s).
C.1.
2Id
entific
atio
n of
crit
ical
IT
C.1.
2.1
C.1.
2.2
C.1.
2.3
•A
fully
det
aile
d im
pact
ana
lysi
s on
loss
of
IT h
asbe
en p
erfo
rmed
to
iden
tify
whi
ch o
f th
eor
gani
sati
on’s
IT s
yste
ms
and
infr
astr
uctu
re a
re t
hem
ost
busi
ness
cri
tica
l. •
Ther
e is
an
ongo
ing
cont
inuo
us p
roce
ss o
r cy
cle
toan
alys
e an
d do
cum
ent
the
crit
ical
ity
of t
heor
gani
sati
on’s
IT s
yste
ms.
•
A sy
stem
atic
dep
ende
ncy
anal
ysis
has
bee
n pe
rfor
med
cove
ring
mos
t cr
itic
al a
reas
of
IT t
o ev
alua
te t
heim
pact
of
an i
ndiv
idua
l IT
syst
em f
ailu
re.
As f
or o
bser
ved
stan
dard
pra
ctic
e bu
t:
•A
fully
det
aile
d an
d au
thor
ised
IT
depe
nden
cyan
alys
isha
s be
en p
erfo
rmed
to
eval
uate
the
im
pact
of a
n in
divi
dual
IT
syst
em f
ailu
re.
20B
usin
ess
Con
tinu
ity
Man
agem
ent
Prac
tice
Gui
de
C.1.
3 Re
cove
ryC.
1.3.
1
C.1.
3.2
C.1.
3.3
C.1.
3.4
C.1.
3.5
C.1.
3.6
C.1.
3.7
C.1.
3.8
C.1.
3.9
C.1.
3.10
IT r
esto
rati
on p
lans
add
ress
the
fol
low
ing:
•re
stor
atio
n of
all
IT s
yste
ms
acco
rdin
g to
bus
ines
sco
ndit
ions
;•
the
tim
e ne
eded
to
reco
ver
IT a
t al
l cri
tica
l sit
es;
•al
l asp
ects
of
crit
ical
sys
tem
s re
cove
ry i
s ca
rrie
d ou
tby
the
fir
m’s
staf
f;
•re
stor
atio
n of
con
nect
ivit
y to
cri
tica
l net
wor
ks;
•re
stor
atio
n (i
nclu
ding
tes
ts)
of c
riti
cal c
ompu
ter
syst
ems
and
asso
ciat
ed h
ardw
are;
•w
here
mir
ror
syst
ems
are
used
, ba
ckup
dev
ices
and
soft
war
e ar
e in
pla
ce t
o m
anag
e ba
ckup
s fr
om a
sing
le r
eplic
ated
sys
tem
whe
n th
e pr
imar
y ha
s fa
iled;
•
perm
anen
t co
nnec
tions
to
reco
very
sites
to
reco
ver
wid
ear
ea n
etw
ork
com
mun
icat
ions
for
syst
ems
and
user
s;•
even
tual
rec
over
y of
eve
ry s
yste
m;
and
•th
e re
turn
of
IT o
pera
tion
s to
the
ir o
rigin
al s
ite.
As f
or o
bser
ved
stan
dard
pra
ctic
e bu
t:
•Th
ere
are
deta
iled
proc
edur
es f
or p
riorit
isin
g IT
reco
very
acc
ordi
ng t
o bu
sine
ss c
ondi
tion
s.
•Th
ere
are
plan
s to
res
tore
the
dev
elop
men
ten
viro
nmen
t.
C.1.
4 Pr
ovid
ers
C.1.
4.1
C.1.
4.2
C.1.
4.3
•Al
l cri
tica
l sit
es u
se m
ore
than
one
tel
ecom
s pr
ovid
erfo
r vo
ice
and
data
. Th
e fo
llow
ing
inte
ract
ions
tak
epl
ace
wit
h pr
ovid
ers:
•pl
anne
d fo
rmal
mee
ting
s ta
ke p
lace
to
plan
resi
lienc
e of
the
com
mun
icat
ions
net
wor
k;•
plan
ned
verif
icat
ion
take
s pl
ace
to c
heck
the
resi
lienc
e of
tel
ecom
s pr
ovid
ers’
netw
ork
arch
itec
ture
and
of t
he c
onne
ctiv
ity
and
rout
ing
withi
n it; a
nd•
veri
ficat
ion
of I
T th
ird p
arty
sup
plie
rs’ d
isas
ter
reco
very
cap
abili
ty.
•Pr
oced
ures
as
to h
ow t
he d
isas
ter
reco
very
pro
vide
rsw
ill m
anag
e a
mul
tipl
e in
voca
tion
of
thei
r si
tes
iskn
own,
doc
umen
ted
and
agre
ed;
•As
sura
nce
has
been
giv
en b
y pr
ovid
ers
that
sepa
racy
/div
ersi
ty s
ervi
ces
are
in p
lace
in
the
wid
ear
ea n
etw
ork.
As f
or o
bser
ved
stan
dard
pra
ctic
e bu
t:
•Co
ntin
uous
int
erac
tion
wit
h pl
anne
d fo
rmal
mee
ting
s ta
kes
plac
e to
pla
n re
silie
nce
into
com
mun
icat
ions
net
wor
k.•
Deta
iled
plan
ned
and
form
al r
evie
ws
take
pla
ceto
ver
ify
the
resi
lienc
e of
tel
ecom
s pr
ovid
ers’
netw
ork
arch
itec
ture
and
of
the
conn
ecti
vity
and
rout
ing
wit
hin
it.
21B
usin
ess
Con
tinu
ity
Man
agem
ent
Prac
tice
Gui
de
C.1.
5 Ne
twor
kre
silie
nce
C.1.
5.1
C.1.
5.2
C.1.
5.3
C.1.
5.4
C.1.
5.5
C.1.
5.6
•Th
ere
is a
n up
-to-
date
and
det
aile
d ne
twor
k di
agra
min
IT
plan
s.•
All a
spec
ts o
f ne
twor
k co
ntin
uity
are
pro
acti
vely
and
form
ally
man
aged
.•
Netw
orks
are
des
igne
d to
be
fully
red
unda
nt w
ith
nosi
ngle
poi
nts
of f
ailu
re.
•Ne
twor
k av
aila
bilit
y fig
ures
are
mon
itor
ed f
or t
rend
sas
wel
l as
thre
shol
d ex
cept
ion
basi
s an
d th
ein
form
atio
n is
use
d to
iden
tify
poi
nts
of w
eakn
ess.
•Th
e fu
ll co
ntro
l and
vis
ibili
ty o
f w
ide
area
net
wor
kas
sets
nee
ded
to p
rovi
de e
nd-t
o-en
d se
para
tion
can
be
dem
onst
rate
d (e
.g.
thro
ugh
docu
men
tation
) in
tern
ally
.•
Wid
e ar
ea n
etw
ork
com
mun
icat
ions
can
be
rest
ored
at
wor
k ar
ea r
ecov
ery
site
s in
less
tha
n on
e ho
ur.
As f
or o
bser
ved
stan
dard
pra
ctic
e bu
t:
•Th
e fu
ll co
ntro
l and
vis
ibili
ty o
f yo
ur w
ide
area
netw
ork
asse
ts n
eede
d to
pro
vide
end
-to-
end
sepa
rati
on c
an b
e de
mon
stra
ted
(e.g
. th
roug
hdo
cum
enta
tion
) in
tern
ally
and
ext
erna
lly.
C.1.
6 IT
res
ilien
ceC.
1.6.
1
C.1.
6.2
C.1.
6.3
C.1.
6.4
C.1.
6.5
•No
cri
tica
l sys
tem
dep
ends
on
an i
ndiv
idua
l per
son
for
rest
orat
ion
in a
dis
aste
r.•
Crit
ical
IT
syst
ems
are
spre
ad a
cros
s di
vers
e lo
catio
ns.
•If
bui
ldin
gs a
nd c
onte
nt a
nd n
on-r
eplic
ated
dat
aw
ere
dest
roye
d, t
his
wou
ld c
reat
e ba
cklo
gs s
mal
ler
than
one
wee
k.
•In
an
inci
dent
aff
ecti
ng t
he m
ost
crit
ical
IT
site
, al
lof
the
aff
ecte
d cr
itic
al I
T sy
stem
s co
uld
be r
ecov
ered
wit
hin
four
hou
rs f
rom
inv
ocat
ion.
•If
rep
licat
ed c
riti
cal s
yste
ms
are
used
and
bot
h si
tes
are
lost
, re
cove
ry c
an s
till
take
pla
ce.
As f
or o
bser
ved
stan
dard
pra
ctic
e bu
t:
•If
bui
ldin
gs a
nd c
onte
nt a
nd n
on-r
eplic
ated
dat
aw
ere
dest
roye
d, t
his
wou
ld c
reat
e no
not
icea
ble
back
logs
or
impa
ct o
n op
erat
ions
.•
In a
n in
cide
nt a
ffec
ting
the
mos
t cr
itic
al I
T si
te,
all
of t
he a
ffec
ted
crit
ical
IT
syst
ems
coul
d be
reco
vere
d w
ithi
n tw
o ho
urs
from
invo
cation
.•
If r
eplic
ated
cri
tica
l sys
tem
s ar
e us
ed a
nd b
oth
site
sar
e lo
st,
reco
very
can
sti
ll ta
ke p
lace
withi
n ag
reed
busi
ness
tim
efra
mes
.
C.1.
7 Da
taC.
1.7.
1
C.1.
7.2
•Al
l cri
tica
l dat
a ar
e co
pied
or
they
are
rep
licat
ed a
tan
othe
r si
te.
•It
tak
es le
ss t
han
one
hour
to
retr
ieve
off
-sit
e co
pies
of c
riti
cal r
ecov
ery
data
(w
here
app
licab
le).
22B
usin
ess
Con
tinu
ity
Man
agem
ent
Prac
tice
Gui
de
C.1.
8 Se
curit
yC.
1.8.
1
C.1.
8.2
C.1.
8.3
C.1.
8.4
C.1.
8.5
C.1.
8.6
C.1.
8.7
C.1.
8.8
C.1.
8.9
IT s
ecur
ity
elem
ents
inc
lude
the
fol
low
ing
elem
ents
:
•Fi
rew
alls
tha
t ar
e co
mpl
iant
wit
h th
e or
gani
sati
on’s
curr
ent
secu
rity
polic
y an
d th
at h
ave
been
com
plia
nce
test
ed t
hrou
gh r
egul
ar p
enet
rati
on t
esti
ng.
•Re
cogn
ised
sta
ndar
d of
enc
rypt
ion
for
all c
riti
cal
com
mun
icat
ions
is
used
int
erna
lly a
nd e
xter
nally
.
•Th
e us
age
of r
emov
able
sto
rage
dev
ices
on
desk
tops
is r
estr
icte
d an
d an
ti-v
irus
dep
loye
d.•
Anti
-vir
us p
rodu
cts
are
depl
oyed
at
exte
rnal
net
wor
ken
try
poin
ts,
on m
ail s
erve
rs a
nd o
n al
l des
ktop
s an
dla
ptop
s.•
Anti
-vir
us p
rodu
cts
are
auto
mat
ical
ly u
pdat
ed w
hen
rele
ased
by
vend
or.
•La
ptop
s ar
e ba
rred
fro
m c
onne
ctin
g to
the
net
wor
kun
less
the
y ar
e au
thor
ised
by
IT s
ecur
ity
firs
t.•
Vend
or o
pera
ting
sys
tem
s pa
tche
s ar
e re
view
ed f
orim
pact
and
rel
evan
ce a
nd t
este
d be
fore
bei
ng a
pplie
d.
•Es
crow
agr
eem
ents
are
use
d to
pro
tect
key
sof
twar
e.•
Docu
men
ted
info
rmat
ion
secu
rity
pol
icy
is c
urre
ntan
d fo
rmal
ly r
efer
s to
ISO
1779
9.
As f
or o
bser
ved
stan
dard
pra
ctic
e bu
t:
•Re
cogn
ised
sta
ndar
d of
enc
rypt
ion
for
all c
riti
cal
com
mun
icat
ions
is
used
int
erna
lly a
nd e
xter
nally
and
in s
tora
ge.
•Th
e us
age
of r
emov
able
sto
rage
dev
ices
on
desk
tops
is p
erm
itte
d on
ly t
o au
thor
ised
dev
ices
.
C.1.
9 Si
teC.
1.9.
1
C.1.
9.2
C.1.
9.3
C.1.
9.4
C.1.
9.5
•Th
e IT
env
ironm
ent
has
sepa
rate
phy
sica
l acc
ess
cont
rol.
•Th
e IT
env
ironm
ent
pow
er s
uppl
y to
cri
tica
l sys
tem
sis
pro
tect
ed w
ith
UPS
and
gen
erat
ors.
•IT
env
ironm
ent
hum
idit
y, v
enti
lati
on a
nd a
ir-
cond
itio
ning
are
con
trol
led.
•IT
env
ironm
ent
is p
rote
cted
by
fire
det
ecti
on a
ndsu
ppre
ssio
n.•
IT e
nviro
nmen
t is
pro
tect
ed b
y w
ater
det
ecti
on.
23B
usin
ess
Con
tinu
ity
Man
agem
ent
Prac
tice
Gui
de
C.1.
10
Alte
rnat
e si
teC.
1.10
.1
C.1.
10.2
C.1.
10.3
C.1.
10.4
C.1.
10.5
C.1.
10.6
•Th
ere
is a
n al
tern
ate
dedi
cate
d si
te w
here
IT
isre
stor
ed f
ollo
win
g a
disa
ster
loca
ted
at le
ast
ten
kilo
met
res
away
fro
m t
he m
ain
site
.•
Ther
e is
an
acce
ss t
o so
urce
cod
e on
cor
e sy
stem
s at
the
reco
very
sit
e.•
The
band
wid
th f
rom
wor
k ar
ea t
o re
cove
ry s
ite
isad
equa
te t
o ha
ndle
nee
ds i
n a
disa
ster
sce
nario
(100
% o
f th
e ba
ndw
idth
can
be
redi
rect
ed t
o th
ere
cove
ry s
ite
in 2
4 ho
urs)
.•
Deta
iled
reco
very
pla
ns e
xist
for th
e re
dire
ctio
n of
all
feed
s fro
m e
ach
prim
ary
site
to
resp
ectiv
e re
cove
ry s
ites.
•Th
ere
is a
mec
hani
sm f
or i
nvok
ing
the
seco
ndar
y si
teif
the
pri
mar
y re
cove
ry s
ite
is n
ot a
vaila
ble.
As f
or o
bser
ved
stan
dard
pra
ctic
e bu
t:
•Th
ere
exis
ts a
sec
onda
ry r
ecov
ery
site
tha
t ca
n be
used
if
the
prim
ary
reco
very
sit
e is
una
vaila
ble.
C.1.
11
Revi
ew,
audi
tan
d ch
ange
sC.
1.11
.1
C.1.
11.2
C.1.
11.3
C.1.
11.4
•Co
ntin
uity
is
alw
ays
cons
ider
ed a
s pa
rt o
f a
form
alch
ange
con
trol
pro
cess
ens
urin
g al
l rel
evan
tco
mpo
nent
s ar
e re
view
ed b
efor
e ch
ange
tak
es p
lace
.•
The
crit
ical
ity
of I
T sy
stem
s is
rev
iew
ed a
t le
ast
ever
ysi
x m
onth
s.•
Whe
re o
utso
urci
ng i
s us
ed,
crit
ical
IT
outs
ourc
ing
com
pani
es’ b
usin
ess
cont
inui
ty m
anag
emen
tca
pabi
litie
s ar
e au
dite
d.•
All c
hang
es g
o th
roug
h an
agr
eed
and
sign
ed-o
ffpr
oced
ure.
As f
or o
bser
ved
stan
dard
pra
ctic
e bu
t:
•Th
e cr
itic
alit
y of
IT
syst
ems
is r
evie
wed
on
a m
ajor
chan
ge o
r at
leas
t ev
ery
six
mon
ths
– w
hich
ever
is
firs
t.
C.1.
12
Test
ing
C.1.
12.1
C.1.
12.2
C.
1.12
.3
C.1.
12.4
•IT
rec
over
y te
sts
are
requ
ired
to r
ealis
tica
lly r
efle
ctth
e w
orst
cas
e sc
enar
io w
here
all
crit
ical
sys
tem
sm
ust
be r
esto
red
conc
urre
ntly
.•
Crit
ical
sys
tem
s re
cove
ry i
s te
sted
eve
ry s
ix m
onth
s.•
Whe
re a
tes
t en
viro
nmen
t is
use
d, i
t is
ver
y si
mila
r to
the
live
envi
ronm
ent.
•W
here
som
e IT
fun
ctio
ns a
re o
utso
urce
d, c
riti
cal I
Tou
tsou
rce
com
pani
es p
arti
cipa
te i
ndiv
idua
lly i
n te
sts.
As f
or o
bser
ved
stan
dard
pra
ctic
e bu
t:
•W
here
a t
est
envi
ronm
ent
is u
sed,
it
is id
entica
lto
the
live
envi
ronm
ent.
•M
ulti
ple
crit
ical
IT
outs
ourc
e co
mpa
nies
par
tici
pate
conc
urre
ntly
in
test
s fo
r in
cide
nts
affe
ctin
g si
tes.
24B
usin
ess
Con
tinu
ity
Man
agem
ent
Prac
tice
Gui
de
C.1.
12.5
C.1.
12.6
C.1.
12.7
•If
som
e IT
asp
ects
are
out
sour
ced,
a p
olic
y to
tes
tou
tsou
rcer
s’ IT
dis
aste
r re
cove
ry c
apab
ility
exi
sts.
•Th
e fo
llow
ing
elem
ents
are
tes
ted:
•Id
enti
fied
crit
ical
app
licat
ion
or h
ardw
are
and/
orso
ftw
are
keys
.•
Mar
ket
data
fee
ds a
nd s
yste
ms
at t
he d
isas
ter
reco
very
sit
e (t
este
d to
the
bes
t of
abi
lity
due
toex
tern
al c
onst
rain
ts).
•Op
erat
ion
of m
arke
t da
ta a
nd o
ther
cri
tica
l thi
rdpa
rty
feed
s ar
e te
sted
at
each
dis
aste
r re
cove
rysi
te w
here
the
y w
ill b
e us
ed,
as a
pplic
able
.•
Rebu
ildin
g of
clie
nt o
r de
skto
p en
viro
nmen
t.•
Rem
ote
hom
e w
orki
ng r
ecov
ery
capa
bilit
y to
the
disa
ster
rec
over
y si
te,
and
adeq
uate
cap
abili
ty i
sev
iden
ced.
•Re
stor
atio
n of
cri
tica
l app
licat
ions
: liv
e te
sts
from
mir
rore
d sy
stem
s or
bac
kups
on
an u
n-co
nfig
ured
syst
em a
re r
un.
•If
mir
rore
d sy
stem
s ar
e us
ed,
the
oper
atio
n of
each
sec
onda
ry s
yste
m w
ith
the
prim
ary
swit
ched
off
is t
este
d.•
If c
riti
cal b
acku
ps a
re n
eede
d, t
hey
are
rest
ore-
test
ed e
very
mon
th.
•Un
sche
dule
d re
call
of o
ffsi
te c
opie
s of
cri
tica
lre
cove
ry d
ata.
•In
divi
dual
res
tora
tion
tes
ts s
ugge
st t
hat
all c
riti
cal
appl
icat
ions
can
be
reco
vere
d in
the
req
uire
dti
mef
ram
es.
Test
s ha
ve t
he f
ollo
win
g ad
diti
onal
fea
ture
s:
•Al
l mar
ket
data
fee
ds a
nd s
yste
ms
at t
he d
isas
ter
reco
very
sit
e.
•Co
ncur
rent
res
tora
tion
tes
ts s
ugge
st t
hat
all c
an b
ere
cove
red
in t
he r
equi
red
tim
efra
mes
.
25B
usin
ess
Con
tinu
ity
Man
agem
ent
Prac
tice
Gui
de
C.2
Tele
phon
yOb
serv
ed s
tand
ard
prac
tice
Obse
rved
lea
ding
pra
ctic
e
C.2.
1 Re
cove
ryC.
2.1.
1
C.2.
1.2
C.2.
1.3
C.2.
1.4
C.2.
1.5
C.2.
1.6
C.2.
1.7
C.2.
1.8
Reco
very
pla
ns i
nclu
de:
•Co
mpa
ny t
elec
omm
unic
atio
ns r
esili
ence
and
rec
over
yst
rate
gy t
o di
vert
cal
ls.
•AC
D, I
VR a
nd t
urre
ts i
n ca
ll ce
ntre
res
tora
tion
, w
here
appl
icab
le.
•Te
leph
one
conf
eren
cing
sys
tem
cap
abili
ties
are
plan
ned
to b
e re
stor
ed.
•Re
dire
ctio
n of
non
-geo
grap
hic
inco
min
g ph
one
lines
(080
0, 0
870
etc)
, if
the
y ar
e us
ed.
•Ad
equa
te f
ax f
acili
ty a
t th
e re
cove
ry s
ite.
•Vo
ice
com
mun
icat
ions
rec
over
y st
rate
gy c
an b
eim
plem
ente
d w
ithi
n tw
o ho
urs
of i
nvoc
atio
n.•
100%
of
voic
e lin
es c
an b
e re
dire
cted
to
anap
prop
riate
alt
erna
tive
loca
tion
(e.
g. r
ecov
ery
site
,ca
ll ce
ntre
) w
ithi
n 24
hou
rs o
f in
voca
tion
.•
At le
ast
80%
of
busi
ness
as
usua
l cal
l thr
ough
put
(inc
ludi
ng f
ax a
nd m
odem
) ca
n be
han
dled
by
the
reco
very
sit
e pr
ovis
ions
.
As f
or o
bser
ved
stan
dard
pra
ctic
e bu
t:
•Th
e vo
ice
com
mun
icat
ions
rec
over
y st
rate
gy c
an b
eim
plem
ente
d in
less
tha
n on
e ho
ur f
rom
inv
ocat
ion.
•M
ore
than
100
% (
in c
ase
of a
n in
crea
se i
n ca
llvo
lum
e) o
f vo
ice
lines
can
be
redi
rect
ed t
o th
ere
cove
ry s
ite
wit
hin
24 h
our
from
inv
ocat
ion.
•No
rmal
cal
l thr
ough
put
(inc
ludi
ng f
ax a
nd m
odem
)ca
n be
han
dled
by
the
reco
very
sit
e pr
ovis
ions
.
C.2.
2 Si
teC.
2.2.
1
C.2.
2.2
•Fo
r al
l sit
es,
whe
re t
he o
ptio
n ex
ists
, th
ere
is a
pol
icy
for
two
or m
ore
phys
ical
ent
ry p
oint
s or
duc
ts f
orvo
ice
com
mun
icat
ions
fib
res
and/
or c
able
s.•
Ther
e ar
e co
nnec
tion
s to
mul
tipl
e ex
tern
al t
elep
hone
exch
ange
s at
eac
h cr
itic
al s
ite.
C.2.
3 Te
stin
gC.
2.3.
1
C.2.
3.2
C.2.
3.3
C.2.
3.4
C.2.
3.5
•Te
leph
ony
reco
very
tes
t ta
kes
plac
e at
leas
t an
nual
lyat
eac
h cr
itic
al s
ite.
As
par
t of
thi
s, t
he f
ollo
win
g el
emen
ts a
re t
este
d:•
mob
ile p
hone
rec
epti
on a
t re
cove
ry s
ite;
•re
dire
ctio
n of
tel
epho
ny t
o th
e re
cove
ry s
ite;
•th
e pr
ogra
mm
ing
of t
he t
elep
hone
PAB
X us
ed
in r
ecov
ery;
and
•th
e re
stor
atio
n of
cri
tica
l tel
epho
ny.
•Te
leph
ony
reco
very
is t
este
d ev
ery
six
mon
ths
at e
ach
critic
al s
ite.
•Vo
ice
com
mun
icat
ions
can
be
redi
rect
ed t
o th
ere
cove
ry s
ite
and
have
bee
n te
sted
in
the
past
si
x m
onth
s.
26B
usin
ess
Con
tinu
ity
Man
agem
ent
Prac
tice
Gui
de
Busi
ness
Con
tinu
ity
Man
agem
ent
Prac
tice
Guid
e
D. C
orpo
rate
Fac
ilitie
s
27B
usin
ess
Con
tinu
ity
Man
agem
ent
Prac
tice
Gui
de
D.1
Plan
ning
Obse
rved
sta
ndar
d pr
acti
ceOb
serv
ed l
eadi
ng p
ract
ice
D.1.
1 Pl
anni
ngD.
1.1.
1
D.1.
1.2
D.1.
1.3
•On
-sit
e no
n-co
mpa
ny b
uild
ing
man
ager
s ar
e re
quire
dto
be
invo
lved
in
veri
fyin
g si
te e
mer
genc
y pl
ans.
•
If o
ccup
ancy
of
build
ings
is
mix
ed,
tena
nts’
plan
s ar
ere
quire
d to
con
form
wit
h th
e bu
ildin
g m
anag
er’s
cont
inui
ty p
lan.
•Pl
ans
incl
ude
vaca
ting
rec
over
y si
tes
once
rec
over
y is
com
plet
e.
D.1.
2 En
ergy
D.1.
2.1
D.1.
2.2
D.1.
2.3
D.1.
2.4
•Al
l cri
tica
l bus
ines
s fu
ncti
ons
are
prot
ecte
d by
unin
terr
upti
ble
pow
er s
uppl
y (U
PS)
or s
imila
r ba
tter
yba
ckup
.•
All a
reas
and
sys
tem
s ha
ve t
heir
pow
er s
uppl
y ba
cked
up b
y ge
nera
tors
.•
Pow
er c
an b
e pr
ovid
ed b
y ge
nera
tor(
s) f
or a
t le
ast
thre
e da
ys u
sing
on-
site
sto
red
fuel
.•
If t
he g
as s
uppl
y to
the
are
a is
dis
cont
inue
d,fu
ncti
ons
at t
he s
ite
can
still
ope
rate
ind
efin
itel
ybe
caus
e al
tern
ativ
e so
urce
s of
ene
rgy
are
in p
lace
.
As f
or o
bser
ved
stan
dard
pra
ctic
e bu
t:•
All a
reas
and
sys
tem
s ar
e pr
otec
ted
by u
nint
erru
ptib
lepo
wer
sup
ply
or s
imila
r ba
tter
y ba
ckup
.
•Po
wer
can
be
prov
ided
by
gene
rato
r(s)
for
at
leas
ton
e w
eek
usin
g on
-sit
e st
ored
fue
l.
D.1.
3 W
ater
D.1.
3.1
•If
the
wat
er s
uppl
y to
the
are
a is
dis
cont
inue
d or
beco
mes
con
tam
inat
ed,
the
site
can
rem
ain
open
at
leas
t tw
o da
ys.
•If
the
wat
er s
uppl
y to
the
are
a is
dis
cont
inue
d or
beco
mes
con
tam
inat
ed,
the
site
can
rem
ain
open
at
leas
t on
e w
eek.
D.1.
4 Se
curit
yD.
1.4.
1
D.1.
4.2
D.1.
4.3
•Al
l cri
tica
l sit
es h
ave
secu
rity
gua
rds
(24
hour
s a
day,
7 da
ys a
wee
k),
inte
rnal
and
ext
erna
l CCT
Vs,
acce
ssco
ntro
l sys
tem
s an
d a
stan
dard
sec
urit
y pr
oced
ure
for
rece
ivin
g co
urie
rs a
nd v
isit
ors.
•
Phys
ical
acc
ess
to c
riti
cal a
reas
and
flo
ors
isre
stric
ted
by g
uard
s’ pr
esen
ce a
nd i
ndiv
idua
l sw
iped
card
or
sim
ilar
(e.g
. bi
omet
rics)
.•
Perm
anen
t an
d te
mpo
rary
sta
ff,
cont
ract
sta
ff a
ndvi
sito
rs r
equi
red
to w
ear
visi
ble
id b
adge
s.
As f
or o
bser
ved
stan
dard
pra
ctic
e bu
t:
28B
usin
ess
Con
tinu
ity
Man
agem
ent
Prac
tice
Gui
de
D.1.
4.4
D.1.
4.5
D.1.
4.6
D.1.
4.7
D.1.
4.8
D.1.
4.9
D.1.
4.10
D.1.
4.11
•Si
tes
use
‘bat
tle
boxe
s’. A
lter
nati
vely
, fi
rms
keep
an
d m
aint
ain
the
mat
eria
ls t
hey
need
to
help
the
m
to r
ecov
er t
heir
ope
rati
ons
off-
site
, an
d in
a
secu
re lo
cati
on.
•W
here
bat
tle
boxe
s ar
e us
ed s
ite
occu
pant
s ar
e ab
leto
ret
rieve
bat
tle
boxe
s fr
om t
he p
oint
of
dem
and
wit
hin
two
hour
s.•
A cl
ear
desk
pol
icy
is i
n op
erat
ion.
•A
polic
y fo
r co
ntro
lling
int
rodu
ctio
n of
pac
kage
s or
item
s m
eans
tha
t th
ere
is a
ded
icat
ed p
ost
room
whi
ch s
yste
mat
ical
ly s
cans
for
thr
eate
ning
obj
ects
.•
Adva
nced
fire
det
ecti
on a
nd e
arly
war
ning
sys
tem
sar
e in
stal
led.
•Th
e ai
r-co
ndit
ioni
ng s
yste
m h
as a
uto-
shut
-off
if
ther
eis
a f
ire,
smok
e de
tect
ion
or C
BRN
aler
t.•
Ther
e ar
e w
ater
det
ecti
on s
yste
ms
in a
ll vu
lner
able
or
high
flo
od-r
isk
area
s.•
The
site
is
prot
ecte
d ag
ains
t el
ectr
ical
spi
kes
and
surg
es (
e.g.
ligh
tnin
g st
rike
s).
•Si
te o
ccup
ants
are
abl
e to
ret
rieve
bat
tle
boxe
s fr
omth
e po
int
of d
eman
d w
ithi
n on
e ho
ur.
D.1.
5Ev
acua
tion
D.1.
5.1
D.1.
5.2
D.1.
5.3
D.1.
5.4
•A
desi
gnat
ed t
rain
ed s
enio
r m
anag
er o
r th
eir
depu
tyal
way
s ta
kes
resp
onsi
bilit
y fo
r m
anag
ing
evac
uati
on.
•In
vacu
atio
n po
ints
hav
e be
en id
enti
fied
and
clea
rlym
arke
d fo
r al
l sta
ff.
•Th
ere
is a
cle
ar d
emon
stra
ble
way
of
ensu
ring
the
build
ing
is c
lear
(e.
g. e
lect
roni
c re
cord
s, r
oll c
all)
.•
A se
cond
ary
evac
uati
on p
oint
is
loca
ted
at le
ast
500m
aw
ay f
rom
pri
mar
y ev
acua
tion
poi
nts.
D.1.
6Em
erge
ncy
Serv
ices
D.1.
6.1
•Em
erge
ncy
serv
ices
are
aw
are
of a
ll cr
itic
al s
ite
emer
genc
y pl
ans.
D.1.
7 Te
stin
gD.
1.7.
1
D.1.
7.2
•Fu
ll fi
re e
vacu
atio
n te
sts
are
requ
ired
at e
ach
crit
ical
site
ann
ually
.•
Both
gen
erat
ors
and
UPS
are
ful
l-lo
ad t
este
d on
an
atle
ast
bi-a
nnua
l bas
is.
As f
or o
bser
ved
stan
dard
pra
ctic
e bu
t:
•Bo
th g
ener
ator
s an
d U
PS a
re f
ull-
load
tes
ted
on a
nat
leas
t qu
arte
rly b
asis
.
29B
usin
ess
Con
tinu
ity
Man
agem
ent
Prac
tice
Gui
de
Busi
ness
Con
tinu
ity
Man
agem
ent
Prac
tice
Guid
e
E. C
orpo
rate
Peo
ple
30B
usin
ess
Con
tinu
ity
Man
agem
ent
Prac
tice
Gui
de
E.1
Staf
fOb
serv
ed s
tand
ard
prac
tice
Obse
rved
lea
ding
pra
ctic
e
E.1.
1 BC
P aw
aren
ess
E.1.
1.1
E.1.
1.2
E.1.
1.3
E.1.
1.4
E.1.
1.5
E.1.
1.6
E.1.
1.7
E.1.
1.8
•Bu
sine
ss c
onti
nuit
y is
inc
lude
d in
ind
ucti
onpr
ogra
mm
es f
or n
ew e
mpl
oyee
s.
•M
ost
staf
f ar
e aw
are
of t
he o
rgan
isat
ion’
s bu
sine
ssco
ntin
uity
str
ateg
y an
d of
the
rol
es,
resp
onsi
bilit
ies
and
orga
nisa
tion
of
the
busi
ness
con
tinu
ity
team
.•
Seni
or m
anag
emen
t an
d m
ost
staf
f ar
e fa
mili
ar w
ith
thei
r ro
le d
urin
g a
maj
or o
pera
tion
al d
isru
ptio
n.•
Plan
s cl
early
sta
te w
hich
sta
ff a
re r
equi
red
at t
here
cove
ry s
ite
and
whi
ch c
an g
o ho
me
and
this
has
been
tes
ted.
•St
aff
know
whe
ther
the
y m
ight
be
sent
hom
e in
an
inci
dent
.•
All H
R st
aff
have
bee
n tr
aine
d an
d ha
ve b
een
invo
lved
in
busi
ness
con
tinu
ity
test
s.•
HR
stra
tegy
sup
port
s bu
sine
ss c
onti
nuit
y.•
Mor
e th
an 9
0% o
f m
anag
ers
know
the
ir p
lann
edst
affi
ng le
vels
in
an i
ncid
ent.
As f
or o
bser
ved
stan
dard
pra
ctic
e bu
t:
•Al
l sta
ff a
re a
war
e of
the
org
anis
atio
n bu
sine
ssco
ntin
uity
str
ateg
y an
d of
the
rol
es,
resp
onsi
bilit
ies
and
orga
nisa
tion
of
the
busi
ness
con
tinu
ity
team
.•
All s
taff
are
fam
iliar
wit
h th
eir
inte
nded
rol
e du
ring
a m
ajor
ope
rati
onal
dis
rupt
ion.
E.1.
2 Tr
aini
ngE.
1.2.
1
E.1.
2.2
E.1.
2.3
•M
ost
staf
f at
all
grad
es a
nd c
ontr
acto
rs h
ave
rece
ived
busi
ness
con
tinu
ity
trai
ning
. •
Staf
f w
ho m
ight
be
calle
d up
on t
o de
al w
ith
sens
itiv
eis
sues
(su
ch a
s w
orki
ng o
n a
casu
alty
hel
plin
e) h
ave
been
tra
ined
.•
All e
xecu
tive
s, m
anag
ers
and
desi
gnat
ed c
riti
cal s
taff
have
tra
ined
dep
utie
s w
ho c
an f
ulfi
l the
ir d
utie
s.
As f
or o
bser
ved
stan
dard
pra
ctic
e bu
t:
•Al
l exe
cuti
ves,
man
ager
s an
d de
sign
ated
cri
tica
lst
aff
have
firs
t an
d se
cond
-leve
l tra
ined
dep
utie
sw
hoca
n fu
lfil t
heir
dut
ies.
31B
usin
ess
Con
tinu
ity
Man
agem
ent
Prac
tice
Gui
de
E.1.
3 St
aff
plan
ning
E.1.
3.1
E.1.
3.2
•Al
l sta
ff c
ontr
acts
mak
e pr
ovis
ion
for
wor
king
fro
mal
tern
ativ
e or
rec
over
y si
tes.
•W
orki
ng T
ime
Dire
ctiv
e re
quire
men
ts a
re c
onsi
dere
d in
BCP
.
E.1.
4 Ke
y st
aff
E.1.
4.1
E.1.
4.2
E.1.
4.3
•Th
ere
is a
pol
icy
prev
enti
ng k
ey s
taff
fro
m t
rave
lling
toge
ther
.
•Ri
sk m
itig
atio
n m
eans
tha
t th
e lo
ss o
f cr
itic
al s
taff
in
a di
sast
er w
ould
hav
e a
limit
ed i
mpa
ct o
n op
erat
ions
.
As f
or o
bser
ved
stan
dard
pra
ctic
e bu
t:
•Un
ique
ly s
kille
d in
divi
dual
s ar
e id
enti
fied
and
cros
s-tr
aini
ng o
r ot
her
form
al m
easu
res
are
prov
ided
to
redu
ce t
he r
isk.
•Ri
sk m
itiga
tion
mea
ns t
hat
the
loss
of cr
itica
l sta
ff in
adi
sast
er w
ould
hav
e a
negl
igib
leim
pact
on
oper
atio
ns.
E.1.
5 Ch
ecks
E.1.
5.1
E.1.
5.2
E.1.
5.3
•At
leas
t tw
o re
fere
nces
are
alw
ays
requ
este
d an
dch
ecke
d fo
r ne
w e
mpl
oyee
s. N
ew e
mpl
oyee
s ar
e al
soba
ckgr
ound
sec
urit
y ch
ecke
d.
•Re
fere
nces
are
alw
ays
requ
este
d an
d ch
ecke
d fo
rco
ntra
ctor
s, i
nclu
ding
age
ncy
tem
ps.
•Co
ntra
ctor
s w
ho w
ill p
erfo
rm s
ensi
tive
fun
ctio
ns a
rese
curi
ty c
heck
ed.
As f
or o
bser
ved
stan
dard
pra
ctic
e bu
t•
The
chec
ks a
re r
epea
ted
perio
dica
lly.
•At
leas
t tw
o re
fere
nces
are
alw
ays
requ
este
d an
dch
ecke
d fo
r co
ntra
ctor
s, i
nclu
ding
age
ncy
tem
ps.
•Co
ntra
ctor
s w
ho w
ill p
erfo
rm s
ensi
tive
fun
ctio
ns a
rese
curi
ty c
heck
ed a
nd t
he c
heck
s ar
e re
peat
ed.
E.1.
6 Te
stin
gE.
1.6.
1 •
Spec
ialis
t H
R su
ppor
t pr
ovid
ers
are
invo
lved
in
cont
inui
ty-r
elat
ed t
ests
and
exe
rcis
es.
32B
usin
ess
Con
tinu
ity
Man
agem
ent
Prac
tice
Gui
de
E.2
Cris
isM
anag
emen
tOb
serv
ed s
tand
ard
prac
tice
Obse
rved
lea
ding
pra
ctic
e
E.2.
1 Co
ntac
ting
sta
ffE.
2.1.
1 •
Ther
e is
a d
etai
led
proc
edur
e to
ens
ure
that
all
staf
fst
ayin
g at
hom
e du
ring
any
rec
over
y ar
e ke
ptin
form
ed.
E.2.
2 St
aff
wel
fare
E.2.
2.1
E.2.
2.2
E.2.
2.3
E.2.
2.4
•To
pro
vide
for
the
ass
uran
ce o
f st
aff
wel
fare
, pl
ans
have
one
or
mor
e of
the
fol
low
ing:
•pr
oced
ures
are
in
plac
e fo
r de
sign
ated
sta
ff a
ndm
anag
ers
to e
nsur
e st
aff
wel
fare
nee
ds a
re m
et;
•co
ntra
cts
are
in p
lace
to
iden
tify
and
pro
vide
all
affe
cted
sta
ff w
ith
liais
on,
supp
ort
and
coun
selli
ng f
ollo
win
g a
disr
upti
on;
and
•th
ere
are
proc
edur
es i
n pl
ace
to e
nlis
t sp
ecia
list
care
and
wel
fare
ser
vice
s an
d di
rect
the
m t
oaf
fect
ed s
taff
.•
Plan
s in
clud
e pr
ovis
ion
for
man
agin
g st
aff
fata
litie
s.•
Plan
s co
nsid
er a
leve
l of
staf
f fa
talit
ies.
•Ne
xt-o
f-ki
n in
form
atio
n fo
r st
aff
is a
vaila
ble
onev
acua
tion
.
The Financial Services Authority25 The North Colonnade Canary Wharf London E14 5HSTelephone: +44 (0)20 7066 1000 Fax: +44 (0)20 7066 1099Website: http://www.fsa.gov.ukRegistered as a Limited Company in England and Wales No. 1920623. Registered Office as above.