Business Continuity – Management Recovery Plan 2010 · PDF fileBusiness Continuity – Management Recovery Plan 2010 - 2015. Overview . The plan has been developed to ensure an orderly

Business Continuity – Management Recovery Plan 2010 - 2015

Overview The plan has been developed to ensure an orderly and effective response to any incident that significantly disrupts business operations. It is to be used to facilitate continuity of the NSW Rural Assistance Authority’s (the Authority) business and includes recovery of infrastructure in the event of a disaster or pandemic over a period of up to 30 days. Background The NSW Rural Assistance Authority Business Continuity Plan was originally prepared in consultation with IAB Services and was released in June 2005. This plan has been reviewed and revised to meet the Authority’s changing needs. Objectives The objectives of this plan are:

To ensure that maximum possible service levels are maintained To ensure that the Authority recovers from interruptions as quickly as possible To minimise the likelihood and impact (risk) of interruptions

Principles The principles behind this plan are:

Disaster Recovery is just part of Business Continuity Risks are assessed for both probability and business impact Business continuity plans must be reasonable, practical and achievable

In other words, we are not planning for every possibility. Diminishing returns affect the benefits of planning for extreme cases. Structure There are two levels of written Recovery Plans:

I. Management Recovery Plan (this Plan), which:

a. declares the disaster; b. invokes the business unit recovery plans; and c. monitors recovery at the highest level.

II. Business Unit Recovery Plans, which:

a. recovers the essential business operations belonging to business units. NSW Rural Assistance Authority Page 1 of 31

NSW Rural Assistance Authority Page 2 of 31

Definitions

Disaster - any event which prevents the Authority from carrying on its usual operations at the normal place of work for more than the predefined Maximum Acceptable Outage (MAO) periods. A disaster may include one, or a combination of any of the following:

a. Natural disasters (e.g. earthquake, storm, tsunami, flood). b. Accidental hazards (e.g. fire, gas leak, vehicle collision). c. Hostile acts (e.g. war, terrorism, sabotage, vandalism). d. Wilful/malicious damage (e.g. security breach, theft, media leak). e. System/equipment failure (e.g. IT or communications infrastructure, electronic security

systems, electrical equipment). f. Loss or destruction of vital records or information. g. Loss or lack of critical resources (e.g. power, water, office facilities). h. Loss of critical support functions (e.g. payroll, finance, administration). i. Loss of key personnel.

Disaster Recovery - Activities and procedures designed to return the organisation to an acceptable condition following a disaster.

Business Continuity - The uninterrupted availability of all key resources supporting essential business functions.

Business Continuity Management - Provides for the availability of processes and resources in order to ensure the continued achievement of critical objectives.

Business Continuity Planning - A process developed to ensure continuation of essential business operations at an acceptable level during and following a disaster.

Maximum Acceptable Outage (MAO) - The maximum period of time that critical business processes can operate before the loss of critical resources affects their operations.

Pandemic - epidemic of disease that occur on a worldwide scale. They are traditionally caused by infectious diseases such as influenza which have had devastating effects on people. An influenza pandemic occurs when a new influenza virus emerges which is markedly different from recently circulating seasonal influenza viruses and is able to:

a. infect people and cause disease (rather than, or in addition to, other mammals or birds); b. spread readily from person to person; and c. spread widely because most people will have little or no immunity. The likely consequences of a pandemic include:

a. Many people may become unwell and some will die; b. People who are sick with pandemic influenza, or who have been in close contact with sick

people, may be asked to stay at home; c. There may be workplace modification and/or closure: many people (up to 50%) will be unable

to go to work – because they have been asked to stay at home, they are sick or they are caring for others;

d. There may be disruption to utilities, transport and other services; e. There may be closure of schools, businesses and entertainment venues; and f. Health care will be delivered differently and health care resources may be stretched.

System Failure - When the delivered service no longer complies with the specifications, the latter being an agreed description of the system's expected function and/or service. This definition applies to both hardware and software system failures. Faults or bugs in a hardware or a software component cause errors.

System Error is defined as that part of the system which is liable to lead to subsequent failure, and an error affecting the service is an indication that a failure occurs or has occurred. If the system comprises of multiple components, errors can lead to a component failure. As various components in the system interact, failure of one component might introduce one or more faults in another. Acronyms The following acronyms are used throughout this document:

BCP Business Continuity Plan

MRT Management Recovery Team

BURT Business Unit Recovery Team

Authority NSW Rural Assistance Authority

I&I NSW NSW Department of Industry and Investment

MAO Maximum Acceptable Outage Roles and Responsibilities The following diagram depicts the inter-relationship between the various BCP entities:

The MRT is an executive level team responsible for the overall coordination of the Authority’s business continuity in the event of a disaster. In an emergency, it manages the Authority’s response to any significant interruption. It is the primary point of liaison with the State Crisis Centre (State Crisis Management Team), other Agency Crisis Management Teams and Emergency Services, should they be active. It reports directly to the Chief Executive. The MRT is responsible for: a) declaring a disaster; b) initiating the BCP; c) coordinating individual BURTs; and d) restoring normal operation.



MRT Members

Position

MRT Coordinator Manager Policy MRT Member General Manager MRT Member Manager Administration MRT Member Manager Records

The BURTs are responsible for the timely and controlled restoration of key business processes within pre-identified MAOs. In an emergency, these teams employ predefined and rehearsed recovery procedures as defined within individual Business Unit Recovery Plans. BURTs are responsible for: a) complete and timely recovery of the essential operations; and b) safety and welfare of public and staff during the disaster and its aftermath. BURT Members

Business Unit Position

Coordinator Manager Administration Team Member Manager Policy

Administration

Team Member Manager Records Coordinator Manager Loans Administration Team Member Assessment Manager – Loans Team Member Loan Securities Clerk

Loans Administration

Team Member Client Loans Accounting Officer Coordinator Manager Grants Administration Grants

Administration Team Member Assessment Manager/s, Grants Management Recovery Plan In the event of a disaster that stops the Authority from operating in its normal business premises the MRT will relocate to a Disaster Recovery Centre, where they will oversee resumption of the Authority’s operations and if necessary setting up of new/temporary premises. The recovery centre can be located at any I&I NSW office such as the Orange Agricultural Institute or at any other location suitable to the Authority providing IT services can be arranged within a reasonable period of time. All other disasters that do not affect the Authority’s occupation of its business premises will not result in relocation of the MRT to the Disaster Recovery Centre or the setting up of new/temporary premises. There may be a period of time following the disaster when the Authority is unable to maintain its normal operations. The Manager Administration, as part of the MRT and in consultation with individual Business Unit managers will advise staff of if, when and where they are required to report to work. Permanent staff members may also be required to take special disaster leave during this period, while temporary and contract staff may be stood down pending the resumption of normal operations.


Recovery Procedures

Task What Who When 1 Receive notice of disaster/pandemic or potential

disaster/pandemic. This notice may come from any source at any time. Obtain as clear a picture as the informant can give.

MRT Coordinator Immediately

2 Determine whether to invoke the BCP. Contact MRT Members, advise them of the situation and arrange to meet. Determine whether: (a) disaster or pandemic exists; (b) the BCP should be invoked.

(a) Determine whether a disaster or pandemic exists. If the event is one of the following and the impact will last longer than 72 hours1, immediately declare that a disaster exists: • destruction of, or severe damage to, premises

making use impossible, for example fire, flood, collapse, contamination;

• external event preventing access to premises, for example police cordon, emergency evacuation, weather conditions;

• loss of essential services, eg. power, phone, computing;

• an event which prevents one or more pre-defined key business processes from continuing within the identified MAOs.

(b) Determine whether the BCP should be

invoked • Make the decision: either declare a disaster and

invoke the BCP, or stand down. Remember that the declaration can be cancelled.

• If the BCP is to be activated, proceed to the next step.

MRT Coordinator MRT Members

Immediately

3 Invoke the BCP • Notify the Chief Executive and advise: the

nature, impact and time of incident; whether there are casualties; where you can be reached; what support you need; whether the Recovery Centre is required and located; agreed frequency of further updates.

• Contact BURT Coordinators and brief them on the situation. Advise whether they are to invoke their individual Business Unit Recovery Plans.

• Contact I&I NSW and brief them on the

MRT Coordinator Immediately

1 This is because the soonest period where the MAO reaches a value of 4 is 3-5 days.


Task What Who When situation. Advise whether they are to invoke their Recovery Plans in relation to the services they provide to the Authority.

4 Activate the Recovery Centre (if necessary) • Alert the nominated Recovery Centre (if

premises are being provided by I&I NSW) that the Authority’s BCP has been invoked and to activate the Recovery Centre.

or

• Arrange for temporary office space and equipment at a location suitable to the Authority together with IT access though I&I NSW.

• Relocate the MRT to the Recovery Centre. • Make arrangements for the transportation of all

recovery material to the Recovery Centre for the relocating staff.

• On arrival at the Recovery Centre, check that each MRT member: has arrived safely; has moved into its allocated space; has its recovery material; has access to telephones, is able to access its systems on the PCs provided; has started its recovery.

• Coordinate the acquisition of ICT for various BURTs. This may include either purchase of equipment or sourcing of equipment from I&I NSW.

• Liaise with individual BURT Coordinators to ensure that all staff have been accounted for.

• Notify insurer within 48 hours of any injured persons.

MRT Members Immediately

5 Monitor interim operation • Liaise with the I&I NSW Premises Manager

over the restoration or replacement of the premises.

• Liaise with relevant salvage teams.

MRT Members From time of relocating to Recovery Centre.

6 Return to normal operations • If Recovery Centre has been activated plan

arrangements for return back to premises once the I&I NSW Premises Manager advises that the premises are ready for reoccupation.

• Coordinate staff to: save all data for transfer to original premises; delete the Authority’s data from the Recovery Centre's PCs and file servers; remove the Authority’s and personal property from the Recovery Centre.

• Arrange for: MRT logs to be collected; and expenses and insurance loss details to be passed to the MRT Coordinator.

• With the Team Leaders and Management and using the Team logs for input, hold a review of:

MRT Coordinator MRT Members

On advice from Premises Manager.


Task What Who When the disaster; the recovery; the performance of the BCP.

In addition to the above the following should also be undertaken

a) Develop Manual Processes

In the event of a disaster, manual processes may need to be developed to allow continuation of the Authority’s operations. These may include the following however development of other processes should not be discounted. Manual tracking of File Movements Payment of Grants and Loans from lists

b) Return to Normal Operations

Plan arrangements for return back to primary site once the MRT has advised the BURTS that the primary premises are ready for reoccupation.

Coordinate staff to: save all data for transfer to original premises; remove Authority and personal property from the Temporary Premises.

Arrange for BURT logs to be collected; and expenses and insurance loss details to be passed to the MRT.

Collaborate with the BURTS to review processes surrounding: the disaster; the recovery; the performance of the BCP.

c) During Each Incident

At all stages keep any affected business unit or person closely advised of progress – even negative progress. This is especially important for missing documents. Do not hesitate to advise the Manager, Administration of the incident and of progress. If any incident could possibly involve the press or public, immediately contact the Manager, Policy so that the General Manager and if necessary the Chief Executive may be briefed if required.

d) After Each Incident

After every incident, a standard set of tasks must be done. These have not been repeated under each risk, but they must still be done: Return all operations and services to their original form Contact all affected business units and suppliers, to advise them that the incident is over

and things are back to normal Thank everyone involved, preferably by personal phone call or email Review the way we managed the incident, and consider if we need to change anything – if

so, change it in this document too. Pandemics Unless staff are on approved leave they are to remain working and attend their normal workplace. Where recommended measures for providing a safe workplace are in place, employees are to undertake their normal duties.


Any employee who then chooses not to work should (after the appropriate process has been followed) be placed on leave without pay. The Authority may apply any or all of the following flexible working arrangements:

a) Attend Normal Place of Work – All staff are to attend the workplace as usual, except where working from home (or elsewhere) as part of the Authority’s business continuity and workforce management plan aimed at ensuring ongoing service delivery.

b) Staff Working Remotely from Home - If necessary and practical, staff, following receipt of

approval from the Chief Executive may work remotely from home should: There be a recommendation from NSW Health to increase social distancing and remote

working allows this to be implemented. Schools and caring facilities have been closed requiring staff to stay at home to provide

care. Public transport is closed and some staff cannot reasonably get in to work, or the risk of

staff being infected through the use of public transport cannot be reasonably managed. The workplace itself has been isolated / quarantined by NSW Health. The staff member is caring for a sick family member.

c) Alternate Duties – Where possible staff may be utilised in other areas of the Authority so that

all areas of the Authority remain open at all stages during the pandemic. Staff may be: Required to undertake different work functions (most likely for essential work) as directed

within their competencies but outside the scope of their normal duties. Redeployed to other government agencies to assist priority service delivery.

Staff who perform duties for another agency will remain employed by the Authority but will be under the control and direction of the host agency. The Authority will continue to pay employees at their normal rate of pay.

d) Transport or Other Major Disruptions – Where employees are unable to get to work due to transport or other major disruptions, employees may be directed to do their usual job remotely at another government agency or from home.

e) Workplace Closure – During a pandemic NSW Health may close premises either as a preventative measure or because those premises have been isolated or quarantined. In particular: Closing premises to the public by NSW Health does not necessarily exclude employees

from continuing to work in such premises (unless the directive is for the premises themselves to be isolated or quarantined).

Where the workplace has been closed to the public as part of preventative measures appropriate workplace safety measures as recommended by NSW Health should still be implemented and employees in that workplace should still attend work unless the premises themselves have been closed.

Where staff are directed to stay at home, the employee will: i. remain on pay for the period, and ii. remain at home until directed to return to work; iii. failure to return to work in the absence of illness, caring for family or authorised

absences may result in disciplinary action. In the event of workplace closure the Authority may activate the Recovery Centre.

Employees may also be required to do their job remotely at another government agency or at home.


Employees may be deployed to another government agency to undertake other duties as directed within their competencies.

The Authority will manage the absence and return to work of staff during a pandemic. Some issues to consider are:

a) advice to the employee on how long to stay away from work (the NSW Health website will have advice on this once the characteristics of a pandemic are known);

b) checking on the staff member during their absence from work; and c) ensure staff are healthy before allowing them to return to work (NSW Health advice will assist

the Authority is this regard). Pandemic Special Leave up to a maximum of 20 days may apply when employees are sick or caring for other family members and may be used in conjunction with other leave available to staff. Employees are not required to provide a medical certificate when absent due to sickness or to provide care for others but will need to provide a copy of their record of attendance, or for the person for whom they are providing care, from a NSW Health Fever Clinic, or such other document(s) which satisfy the Authority’s requirements. Maximum Acceptable Outages The most critical business process undertaken by the Authority is the provision of IT and communications. This function is currently outsourced to I&I NSW. The next most critical business processes undertaken by the Authority are:

a) Provision of payroll; b) Accommodation management; and c) Records management. Each of these are also outsourced to I&I NSW. All other identified business processes never reach an impact ranking of “major”. The following table lists each business process undertaken by the Authority along with the maximum impact ever reached and when that maximum is reached.

Business process Max impact reached

When max is reached

Prepare Annual Report. 2 >30

Reporting and information dissemination. 3 >30

Internal education of staff on policy. 2 16-30

Public relations including outside events and website. 1 N/A

Reporting to Board and management 3 >30

Loan securities documentation 3 >30

Process applications (deferment, inter-generational transfers, and security variations) 3 >30

Debt recovery 1 N/A

Process applications for assistance. 3 16-30

Assistance appeals 2 >30


Business process Max impact reached

When max is reached

Awareness and education relating to schemes. 1 N/A

Preparation and dissemination of mediation kits 2 16-30

Processing of Section 11 applications 2 16-30

Maintenance of mediation panel. 1 N/A

Education and awareness of farming sector and lending institutions and mediators. 1 N/A

Provide awareness and education to farming sector and training sector. 1 N/A

Policy implementation, oversight and management including appeal process. 3 16-30

Provide corporate services to Authority including:

• HR 3 >30

• Finance & budgeting 3 >30

• Payroll 4 >30

• IT and Communications 5 3-5

• Transport 1 N/A

• Asset management 1 N/A

• Accommodation 4 >30

• Reception services 1 N/A

• Maintain SLA 1 N/A

• Internal audit 1 N/A

Provide records management 4 >30

Draw-down and maintain history of all loans and grants, and receive repayments. 3 >30

Supporting Information Contacts

a) Staff Welfare Adviser

N/A b) Premises Manager (I&I NSW staff)

Building Manager - Kite Street Premises

Institute Manager – Orange Agricultural Institute

c) Other Internal Site Contacts

Mailroom

Switchboard


d) External Contacts – I&I NSW

Media Advisor e) External Contacts – Non Departmental

Emergency Services Who Phone Fax

Fire Brigade 000 Police 000 Ambulance 000 Hospital 02 6393 3000 02 6393 3593 State Emergency Services 132 500

Utilities Who Phone Fax

Electricity (Country Energy) 132 080 Gas (Country Energy) 132 080 Water (Orange City Council) 02 6393 8500 02 6393 8512

Couriers N/A

Related Legislation

State Emergency and Rescue Management Act, 1989 Public Heath Act 1991 Public Sector Employment and Management Act 2002

Related Delegations

Nil. Related Documents

Business Continuity Plan – Administration Unit Business Continuity Plan – Grants Administration Business Continuity Plan – Loans Administration NSW Human Influenza Pandemic Plan – August 2010 C2010-32 – NSW Human Influenza Pandemic Plan – NSW Department of Premier & Cabinet Memorandum of Understanding (MoU) – Arrangements for Public Sector Employees in the

event of an Influenza Pandemic NSW State Disaster Plan (Displan)

Revision History

VERSION DATE BY WHOM DATE OF NEXT REVIEW 1.0 JUNE 2005 IAB SERVICES 2.0 10/03/2010 POLICY OFFICER 31/03/2014

Authorised by Manager Administration, Manager Policy


Attachment ‘A’ Risks Risk Building Loss – NSW RAA Work areaProbability Low

Impact High

Likely Scenario Fire; Bomb threat

Functions Affected

All

Action Contact I&I NSW Building Manager to assess damage and availability and timing of alternate locations Move MRT and Authority operations to the Disaster Recovery Centre Advise all business units, and suppliers if affected Stand down other Authority staff members until relocation to new premises is completed or until able to return to Authority work area If documents have been destroyed, see Paper Documents Lost If documents have been damaged, see Fire and Water Damage

Responsibilities MRT Coordinator

Mitigation

Constraints The Authority’s and I&I NSW Emergency Procedures override these instructions if there are any conflicts

Resources See Point 12


Risk Building Loss – I&I NSW Head Office BuildingProbability Low

Impact High

Likely Scenario Fire

Functions Affected

All

Action Contact I&I NSW Building Manager to assess damage and availability and timing of alternate locations Move MRT and Authority operations to the Disaster Recovery Centre Contact all Authority staff and suppliers to arrange alternate locations and contact details Stand down other Authority staff members until relocation to new premises is completed or until able to return to Authority work area If documents have been destroyed, see Paper Documents Lost If documents have been damaged, see Fire and Water Damage

Responsibilities MRT Coordinator to contact I&I NSW Building Manager Manager Administration to coordinate contacting all Authority staff and suppliers Authority staff to contact Manager Administration If MRT Coordinator is unavailable, members of MRT to deputise

Mitigation


Resources See Point 12


Risk Building Loss – I&I NSW Head Office Building BasementProbability Low

Impact Medium

Likely Scenario Fire; Bomb threat

Functions Affected

Garage access for scheduled courier services/deliveries; offsite storage services

Action Contact courier and storage company and Reception immediately to arrange deliveries via main reception If documents have been destroyed, see Paper Documents Lost If documents have been damaged, see Fire and Water Damage

Responsibilities Manager Records to coordinate and escalate if required

Mitigation


Resources Email, phone


Risk Building Loss – Site other than NSW RAA work areaProbability Low

Impact Medium

Likely Scenario Fire, Bomb threat

Functions Affected

Scheduled courier services/deliveries

Action Contact affected business unit and couriers immediately to arrange alternate pickup and delivery points; hold all parcels/files etc at RAA work area

Responsibilities Manager to coordinate and escalate if required

Mitigation




Risk Mail Item MissingProbability Medium

Impact Varies – can be high

Likely Scenario Incoming or outgoing mail item reported missing

Functions Affected

Incoming and outgoing mail, couriers; potentially any business operation

Action Contact affected business unit and/or sender to get full description of missing item, delivery method, addressee, times and dates Check Records area, I&I NSW Mail Room, Reception area, look in all satchels, empty mailbags and trolleys Incoming

Check Authority and I&I NSW Reception areas Check Records area Check with Courier companies if necessary

Outgoing Check Records area Check with Courier companies if necessary

If still not found Broadcast email to advise staff of missing item and to request they check their desks Repeat some of these actions over two or three days if necessary – most missing mail items turn up the next day at the correct destination


Mitigation

Constraints



Risk Couriers – Services UnavailableProbability Low

Impact Medium – if longer than half a day

Likely Scenario Courier driver’s strike

Functions Affected

Delivery of items to/from the Authority

Action Advise all business units of problem Business units can use fax, email, express post, personal hand to hand delivery Some courier drivers may do local work

Responsibilities Manager Records to coordinate and escalate if necessary

Mitigation Contract specifies alternate, trained drivers available to cover sickness etc

Constraints Widespread industrial disputes may include other courier companies and express post deliveries



Risk Documents lost – Electronic (in large numbers)Probability Low

Impact High

Likely Scenario Network problem (Eg. TRIM failure)

Functions Affected

All electronic and paper-based document related activities

Action Immediately (Manager Records): Contact the Help Desk to log problem and establish nature and

duration of problem. If necessary request recreation from backup Contact TRIM coordinator to ensure problem is treated with urgency Advise Manager Administration Advise all affected business units

If problem cannot be fixed within one day by recreation from backup, discuss with all stakeholders how to manage current operations and any ad hoc document recreations so that a later full restoration does not create more problems – involve all stakeholders, particularly the I&I NSW IT area and all affected business units. If problem cannot be fixed by recreation from backup, investigate ways and need to recreate from paper files, or from individual staff members files – involve all stakeholders


Mitigation Backups by I&I NSW IT area; some documents saved to CD (EG – SAP reports) with copies held by business units; original paper documents retained on physical files

Constraints Backups by I&I NSW IT area – it may take some time to organise a recovery

Resources I&I NSW IT area; CDs; physical files


Risk Documents Lost – Electronic (specific documents)Probability Low

Impact Varies

Likely Scenario Document accidentally deleted; recorded/saved incorrectly

Functions Affected

All electronic and paper-based document related activities

Action Immediately (Manager Records): Contact the Help Desk to log problem and if necessary request

recreation from backup Contact TRIM support area to ensure problem is treated with urgency Advise all affected business units

If problem cannot be fixed by recreation from backup, investigate ways and need to recreate from paper files, or from individual staff members files – involve all stakeholders


Mitigation Backups by I&I NSW IT area; some documents saved to CD (EG – SAP reports) with copies held by business units; original paper documents retained on physical files

Constraints Backups by I&I NSW IT area – it may take some time to organise a recovery

Resources I&I NSW IT area; CDs; physical files


Risk Documents Lost – Hardcopy (in large numbers)Probability Low

Impact High

Likely Scenario Authority work area in I&I NSW Head Office building lost; loss of other Authority work area; offsite document storage site lost; fire or storm damage

Functions Affected

File and document retrievals; all document/file based activities

Action Immediately: Advise Manager Administration Advise all affected business units and discuss both short and long term

implications Investigate ways and need to recreate from other paper or electronic files, or from individual staff members files – involve all stakeholders


Mitigation Scanning of some documents to CD, TRIM etc, copy documents held by business areas

Constraints

Resources


Risk Documents Lost – Hardcopy (specific document, file or box)Probability Medium

Impact Varies, potentially high

Likely Scenario It’s always urgent – a subpoena, FOI or Privacy request

Functions Affected

Document retrieval; any document-based activity

Action Check SAP File Tracking/Records Archived Files records for possible locations Ask last known person with document Ask business unit – most lost documents are elsewhere in the requestor’s business unit Records staff to check at likely sites Broadcast email to all staff Contact individual staff members who may have knowledge of the documents concerned If document is irrevocably lost, discuss impact with stakeholders, issue statement of search and loss signed by Records Manager.


Mitigation Scanning of some documents to CD, TRIM etc, copy documents held by business areas

Constraints

Resources


Risk Email or Network downProbability Medium

Impact High

Likely Scenario A malfunction in the computer system or on the LAN

Functions Affected

Business units requesting files and boxes (excludes interruptions to the File Tracking system, for which see Software – SAP System Down

Action Contact Business Units by phone and ask that all communications be by phone, on paper or in person Records Area to records all file requests manually When the system is available again, arrange data entry of all movements recorded manually


Mitigation

Constraints

Resources Phone, Fax, File Request forms


Risk Fire or Water Damage to DocumentsProbability Low

Impact Medium

Likely Scenario False alarm setting off sprinklers; or fire damage plus water damage from sprinklers and hoses; or stormwater damage. Water damage is usually the most serious outcome of a fire

Functions Affected

Business Units using files; Records Area issuing and returning files

Action The document compactus has been designed to reduce fire and water damage to documents stored therein. The compactus is to be closed and locked during non business hours. Should the building alarm sound during business hours Records Area staff are, if safe to do so, immediately close and lock the compactus prior to evacuating the building. URGENT: Assess damage – if more than is manageable in house, contact BMS Catastrophe or Munters to get quotes on removal, drying and cleaning. Critical files have been colour coded to aid in identification – these files would be the only files where recovery would be attempted. Drying should begin within 24 hours to minimise damage. Advise all Business Units of extent of problem and likely delays If documents are lost, see Documents Lost – Hardcopy (in large numbers)


Mitigation

Constraints Cost for use of commercial recovery specialists (Eg BMS Catastrophe)

Resources Email, phones


Risk Franking Machine FaultProbability Low

Impact High

Likely Scenario Franking machine develops a fault and fails to operate

Functions Affected

Outgoing mail

Action Contact supplier immediately to arrange service/replacement Contact Australia Post to arrange for them to do the franking Contact couriers to arrange any urgent deliveries Advise all Business units if earlier cut-off deadline is required Count and bundle outgoing mail ready to go to Australia Post unfranked Purchase stamps


Mitigation Australia Post account; service arrangement with franking machine supplier

Constraints Nature and volume of outgoing mail does not warrant cost of fast response service contract with machine vendor

Resources Phone; Australia Post account


Risk Hardware ProblemsProbability Low

Impact Low

Likely Scenario Malfunctioning PCs, printer, scanner etc For more widespread hardware or IT problems, see Software - XXXX System Down, Email or Network Down

Functions Affected

Any

Action For PC’s printers, contact the Help Desk; switch to another PC or printer in the meantime. For other equipment contact the supplier or manufacturer

Responsibilities Senior Authority staff member to coordinate and escalate if required

Mitigation iPrint function on PC’s allows printer drivers to be installed and switching of printers; service agreements for mission-critical equipment

Constraints

Resources Phone


Risk Offsite Archive Services UnavailableProbability Low

Impact Medium

Likely Scenario Industrial dispute

Functions Affected

Archive box pickups and deliveries

Action Advise all Business Units In some cases identifiable documents can be selected and faxed by the storage company


Mitigation

Constraints Industrial action may prevent faxing or site access; faxing expensive and only possible for clearly identifiable documents

Resources Email, phone, fax


Risk Phone System UnavailableProbability Low

Impact Medium

Likely Scenario Phone system or phone line problems

Functions Affected

Client enquiries Enquiries from Rural Counsellors Business Units requesting files, advice

Action Contact all Business Units by email or mobile phone and ask that all communications be by email or mobile phone

Responsibilities Manager Administration to coordinate and escalate if required

Mitigation Mobile phone

Constraints Problems may also affect mobile phone and email use

Resources Email; mobile phone


Risk Power UnavailableProbability Low

Impact High

Likely Scenario Lights or power points only or all 240v power failure

Functions Affected

All

Action Total power outage means no lifts, lights, phones or computers Use rechargeable flashlights supplied to the Building Warden for essential movement Find out extent of the problem – contact I&I NSW Building Manager who will contact power suppliers and repairers if there are no broadcast messages

Responsibilities Manager Administration to coordinate and escalate if required

Mitigation I&I NSW Emergency Procedures


Resources Phone, mobile phones, rechargeable flashlights


Risk Software – SAP System DownProbability Low

Impact Medium

Likely Scenario SAP itself playing up, the network having problems, or the database corrupted and being restored or rebuilt. This Risk only covers the SAP system itself: for network and email problems see Email or Network Down; for hardware problems see Hardware Problems

Functions Affected

All – assessment and payment of loans and grants file tracking accounts payable general ledger reporting

Action On realising that system has problem Investigate – IT Help Desk, SAP Support – determine if problem is widespread Advise all Business Units – this will be done by either I&I NSW ITC or the SAP Support area Log all file movements on paper or an Excel spreadsheet If system is expected to be down for an extended period of time Accounts Payable, Loan and Grant disbursements to be paid manually – either through payment from lists at the bank or issuing of cheques Once problem is resolved, arrange data entry of all payments and file movements processed manually. End of month processing/reporting, if affected, to also be completed prior to all staff being allowed access to the system and normal processing being resumed

Responsibilities Manager Administration, Client Loans Accounting Officer, Manager Records, I&I NSW ITC area. I&I NSW SAP Support

Mitigation For overall system availability and database integrity we rely on normal IT backups and offsite storage arrangements Development of manual processes

Constraints Email, phone It can be difficult to decide whether the problem lies with the SAP system, the network or hardware

Resources Broadcast email (preferred); phone system; paper forms; excel


Risk Software – TRIM System DownProbability Low

Impact Medium

Likely Scenario TRIM itself playing up, the network having problems, or the database corrupted and being restored or rebuilt. This Risk only covers the TRIM system itself: for network and email problems see Email or Network Down; for hardware problems see Hardware Problems

Functions Affected

Administration Responses to Ministerial and Departmental correspondence Some reporting

Action On realising that system has problem Investigate – determine if problem is widespread – discuss with I&I NSW TRIM Support Advise all Business Units affected Log all file movements on paper or an Excel spreadsheet Saving of documents to local drives (Eg. ‘H’) until system is restored Once problem is resolved, arrange data entry of all file movements processed manually. Documents saved to local drives to be saved to TRIM

Responsibilities Manager Records, Manager Policy, I&I NSW ITC (TRIM) area

Mitigation For overall system availability and database integrity we rely on normal IT backups and offsite storage arrangements Scanning of documents Use of local drives (Eg. ‘H’) Use of copy documents/templates saved to local drives Development of manual processes

Constraints Email, phone It can be difficult to decide whether the problem lies with the TRIM system, the network or hardware

Resources Broadcast email (preferred); phone system; scanners; paper forms; excel


Risk Vehicle UnavailableProbability Medium

Impact Low

Likely Scenario Vehicle booked with I&I NSW vehicle fleet, unavailable at last minute due to breakdown, required by senior management, disaster response

Functions Affected

Local deliveries/pick-ups Attendance at meetings and other events

Action Walk (short distances only) Use of taxis Use of private vehicles – staff to be reimbursed cost Air travel – attendance at meetings and training in capital cities Use of hire vehicles (to be authorised by senior management for attendance at important meetings only)

Responsibilities Manager Administration, I&I NSW Fleet Management

Mitigation

Constraints Cost Security

Resources Phone, staff, Cabcharge account