Upload
loredanaiuliana10
View
218
Download
0
Embed Size (px)
Citation preview
8/8/2019 Business Continuity Management Policy 7299
1/34
LDA BUSINESS CONTINUITY MANAGEMENT POLICY
London Development Agency
Corporate Governance
Business ContinuityManagement Policy
Author: Richard TewDocument Name: Business Continuity Management PolicyDocument Number: #3362270
Effective Date: 01/06/2010Date due for review: 01/06/2011Responsible for review: Anne Hunter, Chief Information OfficerVersion: 0.1
The contents may not be reproduced or disclosed to any third party withoutthe prior written approval of the London Development Agency.
49244085.docLondon Development Agency 3.03.2010
Page 1 of 34
8/8/2019 Business Continuity Management Policy 7299
2/34
LDA BUSINESS CONTINUITY MANAGEMENT POLICY
Version control
Number EffectiveDate
Author / Reviewer Comments (e.g. detailsof any policies being
replaced)0.1 01/06/2010 Richard Tew Current Version
Dissemination
Name or Class Method Date Version
Publication of current version
Location Date of Publication
Intranet 01/06/2010
Internet 01/06/2010
Approvals for current version
Name Date of ApprovalGMT Version 0.4 16/12/09
Law & Governance Version 0.5 29/01/10
Chief Information Officer Version 0.5 29/01/10
GD Communications and Marketing Version 0.5 29/01/10
ARP Committee 14/1/2010
49244085.docLondon Development Agency 3.03.2010
Page 2 of 34
8/8/2019 Business Continuity Management Policy 7299
3/34
LDA BUSINESS CONTINUITY MANAGEMENT POLICY
Contents
CONTENTS .........................................................................................................................................................3
LEVEL 1: STATEMENT OF POLICY PRINCIPLES ....................................................................... .........13
PURPOSE ........................................................................................................................................................ ..13
1.1. THE BUSINESS CONTINUITY MANAGEMENT POLICY IS AIMED AT ENSURING THAT
THE LONDON DEVELOPMENT AGENCY (LDA) CAN MAINTAIN OR RETURN TO BUSINESS
AS USUAL AFTER A DISRUPTION, MAJOR INCIDENT OR A CRISIS................................................13
1.2. BUSINESS CONTINUITY POLICIES AND PLANNING ARE CRITICAL TO MINIMISE THE
ORGANISATIONAL AND REPUTATIONAL RISKS TO THE LDA DURING A BUSINESS
INTERRUPTION AND TO ENSURE THAT THE BUSINESS CONTINUES TO OPERATE DURING
TIMES OF CRISIS. ...........................................................................................................................................13
1.3. THE POLICY SPECIFIES THE PLANNING PROCESS AND REQUIREMENTS ALONG WITH
THE PROCEDURES THAT MUST BE FOLLOWED DURING THE TIME OF A DISRUPTION,
INCIDENT OR EMERGENCY. IT PROVIDES GUIDANCE ABOUT THE ORGANISATIONAL
STRUCTURE AND ACTIVITIES WHICH WILL BE CARRIED OUT IN PLANNING FOR,
MANAGING DURING, AND RECOVERING AFTER SUCH EVENTS. .................................................13
1.4. THE MAIN FOCUS OF THIS POLICY DOCUMENT IS TO ENSURE THAT, FOLLOWING A
BUSINESS CONTINUITY EVENT (BC EVENT), THE KEY AND CRITICAL OPERATIONS OF
THE LDA CONTINUE UNTIL THE SITUATION IS RESOLVED AND THERE IS RETURN TO
BUSINESS AS USUAL (BAU). .........................................................................................................................13
OBJECTIVES ....................................................................................................................................... ......... ...13
1.5. THE OBJECTIVES OF THIS POLICY ARE TO: .................................................................................13
(A) PROVIDE A BUSINESS CONTINUITY PLANNING FRAMEWORK AND APPROACH THAT
WILL ENSURE RESILIENCE IS CONSIDERED AS PART OF LDA OPERATIONS...........................13
(B) PROVIDE GUIDANCE AND PROCEDURE TO ALL LDA STAFF THAT MUST BEFOLLOWED IN PLANNING FOR AND DURING THE TIME OF DISRUPTION, MAJOR
INCIDENT, EMERGENCY OR CRISIS SITUATION................................................................................. 13
(C) MINIMISE THE ORGANISATIONAL AND REPUTATIONAL RISKS TO THE LONDON
DEVELOPMENT AGENCY DURING BUSINESS INTERRUPTIONS AND TO ENSURE THAT THE
AGENCY CONTINUES TO OPERATE AT AN ACCEPTABLE LEVEL DURING A TIME OF
CRISIS.................................................................................................................................................................13
(D) TO BUILD RESILIENCE INTO THE LDAS ACTIVITIES AND SYSTEMS SO THAT THEY
ARE AVAILABLE AT AN APPROPRIATE LEVEL IN AS SHORT A TIME AS POSSIBLE
FOLLOWING A BUSINESS DISRUPTION...................................................................................................13
KEY PRINCIPLES ...........................................................................................................................................13
1.6. THE AGENCY WILL: ..............................................................................................................................13
DUTIES ..............................................................................................................................................................14
1.7. RESPONSIBILITIES FOR BUSINESS CONTINUITY ARE AS FOLLOWS: ......................... .........14
(A) THE BOARD AND CHIEF EXECUTIVE: ENDORSE THIS POLICY AND COMMITMENT TO
BUSINESS CONTINUITY PLANNING AND IMPLEMENTATION. ................................................. .....14
(B) GROUP MANAGEMENT TEAM: PROVIDE OVERSIGHT, DIRECTION AND COMMITMENT
TO THE BUSINESS CONTINUITY APPROACH........................................................................................ 14
(C) GROUP DIRECTOR FOR COMMUNICATIONS AND MARKETING - ENSURE A BUSINESS
CONTINUITY POLICY IS IN PLACE AND LEAD THE CRISIS MANAGEMENT TEAM..................14
(D) GROUP DIRECTORS: ENSURE DIRECTORATE PLANNING AND OPERATIONALCOMPLIANCE WITH THE POLICY.............................................................................................................14
49244085.docLondon Development Agency 3.03.2010
Page 3 of 34
8/8/2019 Business Continuity Management Policy 7299
4/34
LDA BUSINESS CONTINUITY MANAGEMENT POLICY
(E) CHIEF INFORMATION OFFICER: ENSURE THAT AN UP TO DATE AND EFFECTIVE
POLICY IS APPROVED, IN PLACE AND COMPLIED WITH WITHIN THE AGENCY ....................14
(F) DIRECTORS: PREPARE BUSINESS CONTINUITY PLANS FOR THEIR AREA AND ENSURE
STAFF ARE AWARE OF ARRANGEMENTS.............................................................................................. 14
(G) BUSINESS CONTINUITY MANAGER: PREPARE THE AGENCY BUSINESS CONTINUITY
POLICY AND APPROACH AND OVERSEE PLANNING AND RESPONSE ARRANGEMENTS .... ..14
(H) HUMAN RESOURCES: PROVIDE INDUCTION TRAINING AND ONGOING SUPPORT TO
STAFF TO ENSURE UNDERSTANDING......................................................................................................14
(I) ALL STAFF: UNDERSTANDING OF, CONTRIBUTE TO AND COMPLY WITH THE
AGENCYS BUSINESS CONTINUITY POLICY AS PART OF THEIR NORMAL DUTIES AND
RESPONSIBILITIES ...................................................................................................................................... ..14
LEVEL 2: GUIDANCE ON POLICY .................................................................................................. ........ ..15
DEFINITIONS AND ABBREVIATIONS ......................................................................................................15
2.1. THE FOLLOWING TABLE LISTS ALL THE DEFINITIONS FOR THE TERMS AND
ABBREVIATIONS USED IN THIS DOCUMENT AND ALL OTHER BUSINESS CONTINUITY
RELATED DOCUMENTS................................................................................................................................ 15
BIA ......................................................................................................................................................................15
BSI ............................................................................................................................................................ ........ ..15
CMT ....................................................................................................................................................... ......... ...15
CRISIS ................................................................................................................................................... ......... ...15
DISRUPTION ....................................................................................................................................................15
EMERGENCY .................................................................................................................................................16
LDA .......................................................................................................................................................... ........ ..16
MINOR INCIDENT / MAJOR INCIDENT/CRITICAL INCIDENT .........................................................16
BUSINESS CONTINUITY MANAGEMENT PROCESS ............................................................................16
2.2. BUSINESS CONTINUITY IS DEFINED AS A HOLISTIC MANAGEMENT PROCESS THAT
IDENTIFIES POTENTIAL IMPACTS THAT THREATEN AN ORGANISATION AND PROVIDES A
FRAMEWORK FOR BUILDING RESILIENCE WITH THE CAPABILITY FOR AN EFFECTIVE
RESPONSE THAT SAFEGUARDS THE INTERESTS OF ITS KEY STAKEHOLDERS,
REPUTATION, BRAND AND VALUE CREATING ACTIVITIES [BSI 25999-1:2006]........................16
2.3. BUSINESS CONTINUITY MANAGEMENT AT THE LDA IS ABOUT THE STRATEGIC AND
TACTICAL APPROACH OF THE AGENCY TO PLAN FOR AND DETAIL ITS RESPONSE TO
INCIDENTS AND BUSINESS DISRUPTIONS IN ORDER TO CONTINUE THE OPERATIONS AT
ACCEPTABLE QUALITY AND PERFORMANCE LEVELS.....................................................................16
2.4. THE LDA AS A REGIONAL DEVELOPMENT AGENCY AND AS A FUNCTIONAL BODY OF
THE MAYOR OF LONDON HAS RESPONSIBILITIES TO PREPARE FOR AND PROVIDE
RESILIENCE AGAINST ALL FORMS OF BUSINESS DISRUPTION. THE LDA IS NOT DEFINED
AS A CATEGORY ONE OR TWO RESPONDER UNDER THE CIVIL CONTINGENCIES ACT 2004.
HOWEVER, IT COULD BE REQUIRED TO SUPPORT THE MAYOR AND GREATER LONDON
AUTHORITY DURING A PAN LONDON EVENT...................................................................................... 16
2.5. THE BUSINESS CONTINUITY MANAGEMENT POLICY AT THE LDA AIMS TO PROVIDE A
ROBUST BUSINESS CONTINUITY AND BUSINESS RECOVERY APPROACH THAT MEETS THE
NEEDS OF THE AGENCY. .............................................................................................................................16
2.6. THE SCOPE OF THE BCM PROCESS AT THE LDA ADDRESSES LOSS OF SERVICES (IT,
POWER, COMMUNICATIONS ETC); LOSS OF BUILDINGS; LOSS OF DIRECT SUPPLY CHAIN;
AND LOSS OF STAFF.......................................................................................................................................16
BUSINESS CONTINUITY STRATEGY ................................................................................................ .......16
49244085.docLondon Development Agency 3.03.2010
Page 4 of 34
8/8/2019 Business Continuity Management Policy 7299
5/34
LDA BUSINESS CONTINUITY MANAGEMENT POLICY
2.7. THE LDA BUSINESS CONTINUITY MANAGEMENT (BCM) STRATEGY IS TO PLAN FOR
AND PROVIDE RESILIENCE AGAINST EVENTS THAT COULD DISRUPT BUSINESS AS USUAL
ACTIVITIES. THE RESILIENCE AND RESPONSE APPROACH IS TO BE PROPORTIONATE TO
THE RISK AND TO A LEVEL AGREED BY THE SENIOR MANAGEMENT TEAM. ........................17
2.8. THE STRATEGY IS BASED ON A NUMBER OF PLANNING ASSUMPTIONS TAKEN FROM
THE NATIONAL RISK REGISTER, LONDON REGIONAL RESILIENCE PLAN BYGOVERNMENT OFFICE FOR LONDON, INTERNAL AND EXTERNAL SOURCES AND THE
FOLLOWING OBJECTIVES: ................................................................................................................ .........17
ROLES & RESPONSIBILITIES ................................................................................................................. ...17
2.9. THE BOARD IS RESPONSIBLE FOR ENDORSING THE LEVEL 1 POLICY AND
COMMITMENT TO BUSINESS CONTINUITY PLANNING AND IMPLEMENTATION....................17
2.10. THE AUDIT, RISK & PERFORMANCE COMMITTEE ON BEHALF OF THE BOARD ARE
RESPONSIBLE FOR SCRUTINISING THE POLICY AND MONITORING THE CORPORATE RISK
APPROACH. IN PARTICULAR, IT RECEIVES THE POLICY FOR COMMENT AND REGULAR
UPDATES OF THE CORPORATE RISK REGISTER. ...............................................................................18
2.11. THE GROUP MANAGEMENT TEAM ACTS AS THE KEY OVERSIGHT BODY AND
ENSURES THAT BUSINESS CONTINUITY IS SUFFICIENTLY DEVELOPED IN ORDER TOPROVIDE THE LEVEL OF RESILIENCE REQUIRED BY THE ORGANISATION. THE GMT
ENSURES THE BUSINESS CONTINUITY MANAGEMENT FRAMEWORK IS FIT-FOR PURPOSE,
APPROPRIATE AND THAT IT IS ADEQUATELY RESOURCED AND FUNDED. THE GMT
PROVIDES THE STRATEGIC DIRECTION ON THE APPROPRIATENESS OF CRITICAL
ACTIVITIES AND SETS THE BUSINESS CONTINUITY CULTURE WITHIN THE AGENCY.........18
2.12. THE GROUP DIRECTOR FOR COMMUNICATIONS AND MARKETING HAS OVERALL
RESPONSIBILITY FOR ENSURING THE AGENCY HAS IN PLACE EFFECTIVE
ARRANGEMENTS TO RESPOND TO A BUSINESS DISRUPTION THAT COULD AFFECT THE
PROVISION OF SERVICES. THEY ARE IS RESPONSIBLE FOR ENSURING APPROPRIATE
STRUCTURES ARE IN PLACE TO RESPOND TO AN EVENT AND SHALL ACT AS THE LEAD
DURING SUCH AN EVENT.............................................................................................................................18
2.13. THE CHIEF INFORMATION OFFICER WILL ENSURE THAT AN UP TO DATE ANDEFFECTIVE POLICY IS PREPARED FOR THE AGENCY AND IS APPROVED BY THE GMT AND
BOARD. THE CIO WILL ENSURE THE APPROVED POLICY IS IN PLACE AND COMPLIED
WITH BY STAFF WITHIN THE AGENCY...................................................................................................18
2.14. DIRECTORS AND HEADS OF SERVICE ARE RESPONSIBLE FOR ENSURING THAT: ... .. ..18
(A) ALL AREAS WITHIN THEIR CONTROL HAVE BEEN IMPACT ASSESSED AND UNIT
BUSINESS CONTINUITY PLANS ARE IN PLACE,....................................................................................18
(B) BUSINESS CONTINUITY PLANS ARE CASCADED TO APPROPRIATE STAFF WITHIN
THEIR AREA,.................................................................................................................................................... 18
(C) CASCADE COMMUNICATION TREES ARE IN PLACE AND UP TO DATE,..............................18
(D) UNIT BUSINESS CONTINUITY PLANS ARE REVIEWED AS APPROPRIATE AND AT LEASTANNUALLY........................................................................................................................................................18
(E) KEY STAFF WITH CRITICAL FUNCTIONS HAVE CITRIX ACCESS AND THE ABILITY TO
WORK REMOTELY.........................................................................................................................................18
2.15. THE HEAD OF HEALTH & SAFETY ACTS AS THE BUSINESS CONTINUITY MANAGER
AND IS RESPONSIBLE FOR ENSURING THAT: .......................................................................................18
(A) THE POLICY IS PREPARED AND APPROVED; ....................................................................... .........18
(B) STAFF ARE AWARE OF THE PLAN AND INDIVIDUALS ARE INFORMED OF THEIR
SPECIFIC ROLE................................................................................................................................................18
(C) TOOLKITS AND TEMPLATES ARE DISTRIBUTED TO ALL DIRECTORS OR THEIR
NOMINATED BC COORDINATOR; ..............................................................................................................19
49244085.docLondon Development Agency 3.03.2010
Page 5 of 34
8/8/2019 Business Continuity Management Policy 7299
6/34
LDA BUSINESS CONTINUITY MANAGEMENT POLICY
(D) BUSINESS IMPACT ASSESSMENTS ARE UNDERTAKEN AND REVIEWED AT
APPROPRIATE INTERVALS OR AT LEAST ANNUALLY......................................................................19
(E) AN EXERCISE PLAN IS IN PLACE TO TEST THE EFFECTIVENESS OF THE PLAN..............19
(F) ALL SIGNIFICANT BUSINESS CONTINUITY RISKS AND EVENTS ARE RECORDED...........19
(G) A LIST OF CRISIS MANAGEMENT TEAM MEMBERS ARE MAINTAINED WITH OUT OFHOURS CONTACT DETAILS.........................................................................................................................19
2.16. HUMAN RESOURCES WILL ENSURE THAT NEW STAFF ARE PROVIDED WITH
INDUCTION TRAINING WHICH INCLUDES BUSINESS CONTINUITY ARRANGEMENTS AND
ONGOING SUPPORT TO STAFF TO ENSURE THEIR UNDERSTANDING.........................................19
2.17. ALL STAFF MUST MAKE THEMSELVES FAMILIAR WITH THEIR INDIVIDUAL ROLES
AS SET OUT WITHIN THE POLICY, CONTRIBUTE TO UNIT BUSINESS PLANS AND COMPLY
WITH THE AGENCYS BUSINESS CONTINUITY POLICY AS PART OF THEIR NORMAL
DUTIES AND RESPONSIBILITIES................................................................................................................19
BUSINESS IMPACT ASSESSMENT .............................................................................................................19
2.18. IT IS THE AGENCYS POLICY TO UNDERTAKE A BUSINESS IMPACT ANALYSIS OF ITS
ACTIVITIES FOR BUSINESS CONTINUITY PURPOSES AT SUFFICIENT INTERVALS TOENSURE THE BUSINESS CONTINUITY PLAN IS APPROPRIATE. THE BUSINESS IMPACT
ANALYSIS IS TO BE AGENCY WIDE AND SUPPLEMENTED BY THE UNIT SPECIFIC
ASSESSMENTS. THE BUSINESS IMPACT ANALYSIS IS TO BE REVIEWED A MINIMUM OF
ANNUALLY........................................................................................................................................................19
OPERATIONAL DEPENDENCE ............................................................................................................ ......19
2.19. IT IS THE PRINCIPLE OF THE AGENCY TO HAVE A RECOVERY CENTRE FOR IT
SYSTEMS AND WORK AREA SEATING FOR 70 STAFF SHOULD AN EVENT OCCUR THAT
PRECLUDES USE OF AN LDA OFFICE (E.G. PALESTRA) OR WHERE INTERNAL IT SYSTEMS
HAVE FAILED. FROM INVOCATION THE SEATING IS TO BE AVAILABLE WITHIN 1 HOUR
AND BASIC IT SYSTEMS WITHIN A MAXIMUM OF 4 DAYS............................................................... 19
2.20. ALL IT DATA IS TO BE BACKED UP DAILY AND STORED OFF SITE. THE PRIMARY
SERVER ROOM IS TO BE SUPPORTED BY UPS AND GENERATOR ELECTRICITY TO
MAINTAIN SYSTEMS IN A POWER OUTAGE. IT SYSTEMS ARE TO BE AVAILABLE VIA
REMOTE ACCESS TO STAFF IN THE EVENT OF PALESTRA HAVING ACCESS DENIED.
ACCESS TO ALL STAFF WILL BE DEPENDANT ON HOME TECHNOLOGY BEING AVAILABLE
AND INCREASING LICENSES AT INVOCATION. ...................................................................................20
2.21. KEY STAFF WITH CRITICAL FUNCTIONS ARE TO BE PROVIDED WITH REMOTE
ACCESS TO SYSTEMS AND ENSURE ALTERNATIVE MEMBERS OF STAFF HAVE THE KEY
KNOWLEDGE AND SKILLS TO PREVENT A SINGLE POINT OF FAILURE. IT IS THE POLICY
OF THE AGENCY TO TAKE REASONABLE PRECAUTIONS AGAINST FORESEEABLE ILLNESS
THAT MAY AFFECT STAFF (E.G. PANDEMIC FLU)...............................................................................20
2.22. THE BUSINESS CONTINUITY PLANNING APPROACH IS TO INCLUDE THE
REPUTATION ASPECTS DURING A BUSINESS CONTINUITY EVENT, THEREFORE THEPLANS ARE TO INCLUDE THE METHODS OF BOTH INTERNAL AND EXTERNAL
COMMUNICATION. IT IS POLICY TO LIAISE WITH APPROPRIATE GOVERNMENT
DEPARTMENTS, INCLUDING THE GLA, IN RELATION TO ANY COMMON MESSAGES. .........20
2.23. IT IS THE POLICY OF THE AGENCY TO COMMUNICATE WITH STAFF BY THE MOST
APPROPRIATE MEANS IN THE EVENT OF A BUSINESS CONTINUITY EVENT. THE BUSINESS
CONTINUITY MANAGER AND DEPUTY WILL HOLD A DIRECTORS (AND DEPUTY) CASCADE
TREE AND WILL BE RESPONSIBLE FOR COMMENCING CASCADE OF INFORMATION
ABOUT THE EVENT TO STAFF. ..................................................................................................................20
CRISIS MANAGEMENT TEAM CONTROL STRUCTURE .............................................................. ......20
2.24. BUSINESS CONTINUITY EVENTS AT THE LDA ARE CLASSIFIED AS GOLD, SILVER,
AND BRONZE DEPENDING ON THE PERCEIVED LEVELS OF EMERGENCY AND THE CRISIS
MANAGEMENT TEAM ADOPTS APPROPRIATE LEVELS OF MANAGEMENT AND CO-
ORDINATION TO DEAL WITH EVENTS IN EACH OF THESE THREE CATEGORIES. ................ 20
49244085.docLondon Development Agency 3.03.2010
Page 6 of 34
8/8/2019 Business Continuity Management Policy 7299
7/34
LDA BUSINESS CONTINUITY MANAGEMENT POLICY
SILVER CRISIS MANAGEMENT TEAM (CMT) ................................................................................. .....21
2.25. THE LDA WILL, AT ALL TIMES, HAVE A NOMINATED GROUP OF STAFF WHO WILL
ACT AS THE SILVER CRISIS MANAGEMENT TEAM (CMT). THE (CMT) IS THE PRINCIPAL
EMERGENCY TEAM THAT DEALS WITH ALL BUSINESS CONTINUITY EVENTS AT THE LDA.
...............................................................................................................................................................................21
BUSINESS CONTINUITY EVENTS ....................................................................................................... ......21
2.26. ANY EVENT THAT AFFECTS KEY/CRITICAL BUSINESS PROCESSES CAN BE TERMED
AS A BUSINESS CONTINUITY EVENT AND MAY REQUIRE THE CONVENING OF THE CMT.
...............................................................................................................................................................................21
2.27. THE FOLLOWING ARE SOME OF THE EXAMPLES OF VARIOUS BUSINESS
CONTINUITY EVENTS....................................................................................................................................21
CMT MEMBERSHIP .......................................................................................................................................22
2.28. THE FOLLOWING ARE THE ROLE DESCRIPTIONS OF VARIOUS ROLES WITHIN THE
CMT ORGANISATION.....................................................................................................................................22
BC EVENT MANAGEMENT .........................................................................................................................23
2.29. AS BUSINESS CONTINUITY EVENTS IN PRINCIPLE ARE FORESEEABLE BUT NOT IN
DETAIL IT IS THE POLICY OF THE LDA TO HAVE A FLEXIBLE RESPONSE PLAN. THE
RESPONSE PLAN IS IDENTIFIABLE AS THE LDA RUNBOOK. IN ADDITION TO THE
RUNBOOK THE LDA WILL HAVE DOCUMENTED EMERGENCY PROCEDURES........................23
2.30. THE RUNBOOK IS TO BE AVAILABLE TO ALL STAFF VIA THE INTRANET AND ISSUED
IN HARDCOPY TO THE SILVER AND GOLD TEAM FOR OUT OF HOURS REFERENCE. THE
RUNBOOK WILL CONTAIN INFORMATION RELATING TO THE RECOVERY SITE...................23
2.31. THE CMT WILL CONVENE AS SOON AS PRACTICABLE FOLLOWING IDENTIFICATION
OF A BUSINESS CONTINUITY EVENT AND WILL CONSIDER ANY OPPORTUNITIES FOR
CHANGE AND IMPROVEMENT, AS APPROPRIATE..............................................................................23
2.32. THE LDA WILL PREPARE A PANDEMIC INFLUENZA APPROACH TO SIT ALONGSIDE
THE BC RUNBOOK. FLU PANDEMIC RELATED INCIDENTS WILL CONTINUE TO BEMANAGED UNDER THE GOLD/SILVER/BRONZE CMT COMMAND STRUCTURE.......................23
IT SERVICE CONTINUITY ..........................................................................................................................23
2.33. THE LDA IMT TEAM IS RESPONSIBLE FOR CARRYING OUT ALL THE NECESSARY IT
SERVICE CONTINUITY MANAGEMENT RELATED ACTIVITIES. THE IMT TEAM BC PLANS
WILL CONTAIN ALL THE RELEVANT IT SERVICE CONTINUITY DOCUMENTATION. ......... ..23
2.34. LDA SERVER BASED DATA WILL BE FULLY BACKED UP EACH WEEKEND AND THE
TAPES STORED OFF SITE WITH DATA PROTECT UK. IN ADDITIONAL TO TAPES SOME
SERVER INFORMATION SHALL BE STORED ON EXTERNAL HARD DRIVES WITH THE
TAPES, TO AID THE RESTORE PROCESS. DAILY INCREMENTAL BACK UP WILL BE
UNDERTAKEN MONDAY - THURSDAY NIGHT AND STORED OFF SITE WITH DATA
PROTECT UK....................................................................................................................................................242.35. CRITICAL LDA STAFF AS IDENTIFIED IN THE BUSINESS IMPACT ASSESSMENT AND
TEAM BUSINESS CONTINUITY PLANS SHALL HAVE CITRIX ACCESS TO LDA SYSTEMS.
ALL LDA STANDARD SYSTEMS SHALL BE ACCESSIBLE THROUGH CITRIX OR AVAILABLE
VIA A LAPTOP DEVICE..................................................................................................................................24
2.36. THE IMT TEAM SHALL MAINTAIN PROCESSES AND PROCEDURES TO ENSURE THE
FOLLOWING: ....................................................................................................................................................24
EXERCISE .............................................................................................................................................. ........ ..24
2.37. THE BUSINESS CONTINUITY POLICY AND PLANS WILL BE REVIEWED ON A 6
MONTHLY BASIS TO ENSURE THEY ARE FIT FOR PURPOSE, ROBUST AND TO PROVIDE
ASSURANCE TO LDA INTERNAL AND EXTERNAL STAKEHOLDERS. THERE WILL BE A
VARIETY OF EXERCISES TO TEST THE VARIOUS ELEMENTS OF THE PLAN AS FOLLOWS:...............................................................................................................................................................................24
49244085.docLondon Development Agency 3.03.2010
Page 7 of 34
8/8/2019 Business Continuity Management Policy 7299
8/34
LDA BUSINESS CONTINUITY MANAGEMENT POLICY
(A) IT SYSTEM REBUILD AT DR SITE (ANNUALLY) ................................................................ ......... ...24
(B) FULL REHEARSAL OF DR PROCESS (ANNUALLY) .......................................................................24
(C) CASCADE TEST (ANNUALLY) ........................................................................................................... ...24
(D) UNIT PLAN (SAMPLE ANNUALLY) .................................................................................................. ...24
TRAINING .............................................................................................................................................. ........ ..24
2.38. ALL STAFF ARE TO BE TRAINED IN THE PRINCIPLES OF THE POLICY AND THEIR
RESPONSIBILITIES. ......................................................................................................................................24
2.39. STAFF WITH SPECIFIC RESPONSIBILITIES AND DUTIES ARE TO RECEIVE TRAINING
APPROPRIATE TO THE ROLE THEY HAVE BEEN ASSIGNED...........................................................24
2.40. ALL NEW STAFF JOINING THE AGENCY ARE TO BE INDUCTED IN THE POLICY AND
THE APPROACH OF THE AGENCY............................................................................................................ 24
LESSONS LEARNT .................................................................................................................................... .....24
2.41. A LOG OF ALL INCIDENTS IS TO BE MAINTAINED BY THE BUSINESS CONTINUITY
MANAGER WHICH SHALL INCLUDE LESSONS LEARNT, PROCEDURAL / OPERATIONAL
CHANGES AND CORRECTIVE ACTIONS. REPORTS ON SUBSTANTIAL EVENTS THATAFFECT BUSINESS AS USUAL SHALL BE REPORTED TO THE GMT AND AUDIT RISK AND
PERFORMANCE COMMITTEE AS APPROPRIATE................................................................................ 25
LEVEL 3: PROCEDURAL STEPS ...............................................................................................................26
BUSINESS IMPACT ASSESSMENT .............................................................................................................26
3.1. THE BUSINESS CONTINUITY MANAGER (HEAD OF HEALTH & SAFETY) WILL ENSURE
THAT BUSINESS IMPACT ASSESSMENT REVIEWS AND UPDATES ARE CARRIED OUT IN
THE FINAL QUARTER OF EACH FINANCIAL YEAR OR FOLLOWING ORGANISATIONAL
CHANGES. ........................................................................................................................................................26
3.2. THE BUSINESS CONTINUITY RISK REGISTER WILL BE REVIEWED MONTHLY AND
FOLLOWING THE ANNUAL REVIEW OF THE IMPACT ASSESSMENT. WHERE RISKS ARE
IDENTIFIED AS SIGNIFICANT OR HIGH RISK THEY SHALL BE INCLUDED ON THECORPORATE RISK REGISTER AND COMMUNICATED TO THE GMT AND AUDIT, RISK AND
PERFORMANCE COMMITTEE.................................................................................................................... 26
OPERATIONAL DEPENDENCE ............................................................................................................ ......26
3.3. THE HEAD OF IMT IN CONSULTATION WITH THE BUSINESS CONTINUITY MANAGER
(HEAD OF HEALTH & SAFETY) IS RESPONSIBLE FOR ENSURING A SEPARATE RECOVERY
SITE OR FACILITY IS AVAILABLE WITH ACCESS TO THE LDA SYSTEMS ONCE RESTORED.
THE ALLOCATION OF SEATING IS THE RESPONSIBILITY OF THE CRISIS MANAGEMENT
TEAM OPERATING AT THE FACILITY.....................................................................................................26
3.4. IT DATA IS TO BE BACKED UP DAILY AND STORED OFF SITE IN ACCORDANCE WITH
THE IMT POLICY .............................................................................................................................................26
3.5. KEY STAFF WITH CRITICAL FUNCTIONS ARE REQUIRED TO REQUEST CITRIX
ACCESS VIA THE INTRANET APPLICATION FORM. STAFF MUST THEN LOG ON AND
ENSURE CRITICAL FUNCTIONS CAN BE CARRIED VIA THAT SYSTEM....................................... 26
CRISIS MANAGEMENT TEAM (CMT) .................................................................................................... ..26
3.6. THE BC EVENTS AT THE LDA ARE CLASSIFIED AS GOLD, SILVER, AND BRONZE
DEPENDING ON THE PERCEIVED LEVELS OF EMERGENCY AND THE CMT ADOPTS
APPROPRIATE LEVELS OF MANAGEMENT AND CO-ORDINATION TO DEAL WITH EVENTS
IN EACH OF THESE THREE CATEGORIES. THE CMT LEADER OR BUSINESS CONTINUITY
MANAGER WILL ASSIGN THE CATEGORY DEPENDANT ON THE SEVERITY AND IMPACT
OF THE EVENT.................................................................................................................................................26
3.7. THE FOLLOWING IS THE PROCEDURE TO CONVENE THE CMT FOLLOWING A
BUSINESS CONTINUITY EVENT..................................................................................................................26
INITIATING A CMT MEETING ...................................................................................................................27
49244085.docLondon Development Agency 3.03.2010
Page 8 of 34
8/8/2019 Business Continuity Management Policy 7299
9/34
LDA BUSINESS CONTINUITY MANAGEMENT POLICY
3.8. THE FIRST MEETING AFTER CONVENING THE CMT WILL TAKE PLACE AT THE
EARLIEST CONVENIENCE (IDEALLY WITHIN AN HOUR OF AN INCIDENT). THE EXACT
LOCATION AND TIME WILL BE COMMUNICATED TO THE CMT MEMBERS (GOLD, SILVER
AND RELEVANT BRONZE TEAM MEMBERS) BY THE BC MANAGER. AT THIS MEETING THE
CMT WILL DECIDE ON THE SHORT TERM PRIORITIES FOR THE LDA........................................27
UPDATING THE RUNBOOK ..................................................................................................................... ...273.9. THE FOLLOWING IS THE PROCEDURE TO UPDATE THE RUNBOOK; .................... ........ ......27
(A) THE RUNBOOK SHALL BE UPDATED BY THE BUSINESS CONTINUITY MANAGER
ANNUALLY OR FOLLOWING A SUBSTANTIAL CHANGE...................................................................27
(B) THE RUNBOOK SHALL BE DISPLAYED ON THE INTRANET AND HARD COPIES SHALL
BE DISTRIBUTED BY THE BUSINESS CONTINUITY MANAGER TO THE GMT AND
NOMINATED CMT MEMBERS..................................................................................................................... 27
UPDATING THE EVENTS LOG AND RISK REGISTER .........................................................................27
3.10. THE FOLLOWING IS THE PROCEDURE TO UPDATE THE RISK REGISTER ......................27
(C) THE BUSINESS CONTINUITY MANAGER SHALL MAINTAIN AN EVENTS LOG THAT
RECORDS THE BUSINESS CONTINUITY EVENTS IN THE AGENCY. SIGNIFICANT EVENTSWHICH WARRANT ESCALATION SHALL BE INCLUDED WITHIN THE MONTHLY H&S
PAPER TO THE GMT.......................................................................................................................................27
(D) THE RISK REGISTER SHALL BE UPDATED BY THE BUSINESS CONTINUITY MANAGER
MONTHLY. WHERE RISKS WARRANT ESCALATION THIS SHALL BE INCLUDED ON THE
CORPORATE RISK REGISTER BY THE HEAD OF AUDIT AND ASSURANCE.................................28
(E) THE RISK REGISTER AND EVENTS LOG SHALL BE STORED IN ELECTRONIC FORMAT
WITHIN ATHENA DOCS. ...............................................................................................................................28
UNIT BUSINESS CONTINUITY PLANS .................................................................................................. ...28
3.11. RECOVERY PLAN MUST BE PRODUCED BY EACH BUSINESS UNIT AFTER
PERFORMING A UNIT BUSINESS IMPACT ANALYSIS BASED ON THE STANDARD. THE
PRIMARY AIM OF THE BCP SHOULD BE TO DESCRIBE RECOVERY STEPS TO GET BACK TOWORK AS SOON AS POSSIBLE. ..................................................................................................................28
3.12. A LIBRARY OF THESE DOCUMENTS, ALONG WITH THIS POLICY DOCUMENT AND
THE CMT RUNBOOK, WILL FORM THE LDA BUSINESS CONTINUITY PLAN (BCP)..................28
3.13. INDIVIDUAL TEAM LEVEL BCPS SHOULD BE TESTED ANNUALLY TO VALIDATE
THEIR ACCURACY AND INTEGRITY. THE BC MANAGER WILL COMMUNICATE ALL THE
RELEVANT TEST SCHEDULES....................................................................................................................28
3.14. EACH TEAM BC PLAN WILL INCLUDE A CASCADE COMMUNICATIONS PROCESS
THAT ALLOWS THE MANAGERS TO CONTACT THEIR STAFF DURING EMERGENCIES.......28
3.15. THE BC PLAN WILL ALSO IDENTIFY WHO CAN WORK FROM HOME AND WILL BE
USED TO COMMUNICATE TO THOSE STAFF USING EMAILS ALONG WITH OTHER MODES
OF COMMUNICATION...................................................................................................................................28
COMMUNICATIONS WITH THE STAFF ................................................................................................ ..28
3.16. THE FOLLOWING ARE THE POLICIES RELATING TO COMMUNICATIONS AT THE LDA
...............................................................................................................................................................................28
(A) ONCE THE BC MANAGER HAS CONFIRMED THE BC EVENT, IN CASE OF EMERGENCY
EVACUATIONS AND INVOCATIONS OF PRIMARY RECOVERY SITE, THE BC MANAGER
WILL INITIATE A CASCADE COMMUNICATION LIAISING WITH THE COMMUNICATIONS
MANAGER. THE CASCADE COMMUNICATIONS COULD REACH THE STAFF VIA MOBILE
TEXTS, EMAILS, OR INFORMATION HOTLINES...................................................................................28
(B) IN CASE OF GOLD EVENTS, THE CMT LEADER WILL BE THE POINT OF CONTACT
WITH THE LDA GMT & BOARD. THE CMT LEADER WILL COMMUNICATE THE COURSE OF
ACTIONS AND DECISIONS TO THE BC MANAGER AND OTHER SILVER TEAM MEMBERS.. .28
49244085.docLondon Development Agency 3.03.2010
Page 9 of 34
8/8/2019 Business Continuity Management Policy 7299
10/34
LDA BUSINESS CONTINUITY MANAGEMENT POLICY
(C) THE CASCADE INFORMATION WILL ALSO ADVISE THE GROUP DIRECTORS, LINE
MANAGERS OR TEAM BC CONTACTS TO INVOKE THE TEAM BC PLANS.................................. 28
(D) IN ADDITION TO THE CASCADE INFORMATION COMING THROUGH TO MOBILES AND
EMAILS, A STAFF EMERGENCY LINE WILL BE ACTIVATED BY THE CMT AND PRE
RECORDED MESSAGES WILL BE MADE AVAILABLE ADVISING STAFF ABOUT WHAT HAS
HAPPENED AND THE ACTION TO TAKE................................................................................................. 29(E) THE BC PLAN WHICH IDENTIFIES WHO CAN WORK FROM HOME WILL BE USED TO
COMMUNICATE TO THOSE STAFF USING EMAILS ALONG WITH OTHER MODES OF
COMMUNICATION..........................................................................................................................................29
(F) EACH TEAM BC PLAN WILL INCLUDE A CASCADE COMMUNICATIONS PROCESS THAT
ALLOWS THE MANAGERS TO CONTACT THEIR STAFF. SEATS AT THE PRIMARY
RECOVERY SITE WILL BE ALLOCATED BY THE CMT AND THE GROUP DIRECTOR WILL
IDENTIFY WHICH STAFF WILL INITIALLY MOVE TO THE PRIMARY RECOVERY SITE. THIS
COULD VARY DEPENDING ON THE SITUATION AND BUSINESS REQUIREMENTS. THE BC
MANAGERS AND GROUP DIRECTORS OF EACH TEAM WILL MAKE THE DECISIONS IN THIS
REGARD.............................................................................................................................................................29
EVACUATION AND PRIMARY RECOVERY SITE ........................................................................ .........29
3.17. IN THE EVENT OF A BC EVENT OR CRISIS THAT RENDERS LDA BUILDINGS NOT
OPERATIONAL OR NOT AVAILABLE FOR OCCUPATION, THE PRIMARY RECOVERY SITE
WILL BE INVOKED (CURRENTLY AT UXBRIDGE). THE BC MANAGER OR FACILITIES
MANAGER IN CHARGE WILL CONTACT THE THIRD PARTY RECOVERY SITE PROVIDER
TO INVOKE AND IMMEDIATELY MOBILISE THE RECOVERY SITE.............................................. 29
THERE ARE CURRENTLY LIMITED WORK AREA RECOVERY (WAR) SEATS AVAILABLE
FOR ALLOCATION AT UXBRIDGE ALONG WITH ADDITIONAL SEATS FOR CMT USE. .........29
DURING CORE WORKING HOURS ...........................................................................................................29
1. IF THE BC EVENT OCCURS DURING WORKING HOURS AND REQUIRED MASS
EVACUATION, THE BUILDING EVACUATION PROCEDURE WILL BE FOLLOWED. ONCE
EVACUATED, FURTHER INFORMATION AND THE FUTURE COMMUNICATIONS PROCESS
WILL BE ANNOUNCED AT THE MUSTER POINT. .................................................................................29
2. THE CMT WILL IMMEDIATELY CONVENE FOLLOWING AN EMERGENCY EVACUATION.
THE CMT WILL INITIATE THE GENERAL CASCADE COMMUNICATIONS PROCESS. IF
POSSIBLE, THE TEAM BCP WILL BE INVOKED AND TEAMS WILL ALSO USE THEIR OWN
CASCADE COMMUNICATIONS PROCESS TO BRIEF THEIR TEAM MEMBERS........................... 29
OUTSIDE CORE WORKING HOURS ...................................................................................................... ...29
3. IF THE BC EVENT OCCURS OUTSIDE OF THE CORE WORKING HOURS AND DOESNT
REQUIRE EVACUATION, THE CMT WILL CONVENE AND INVOKE THE GENERAL CASCADE
COMMUNICATIONS PROCESS TO INFORM STAFF AS TO WHAT ACTIONS THEY SHOULD
TAKE ON THE FOLLOWING MORNING. .................................................................................................30
4. TEXT MESSAGES AND EMAILS WILL BE SENT TO ALL EMPLOYEES IN CASE OFEMERGENCIES AND WILL ADVISE THE STAFF ON THE COURSE OF ACTION. ........................30
5. THE LINE MANAGERS AND GROUP DIRECTORS WILL MAKE THE DECISION ON
WHETHER TO ADVISE THE TEAM MEMBERS TO WORK FROM HOME OR GO TO THE
RECOVERY SITE. THIS WILL DEPEND ON THE DESK QUOTAS AVAILABLE FOR EACH
DIRECTORATE AND THE EXISTING REMOTE WORKING PROCEDURES AT THE TEAM
LEVEL. ...............................................................................................................................................................30
6. SHOULD THE STAFF RETURN HOME AFTER AN EVACUATION OR A BC EVENT, THEY
SHOULD CALL THE INFORMATION HOTLINE MENTIONED IN THE RUNBOOK, CHECK
THEIR EMAILS REMOTELY (IF IT SYSTEMS ARE STILL OPERATIONAL) OR MOBILE
MESSAGES FOR FURTHER INFORMATION............................................................................................30
BC EVENT CLOSURE ............................................................................................................................... .....30
49244085.docLondon Development Agency 3.03.2010
Page 10 of 34
8/8/2019 Business Continuity Management Policy 7299
11/34
LDA BUSINESS CONTINUITY MANAGEMENT POLICY
3.18. THE FOLLOWING ARE THE KEY POLICIES REGARDING THE CLOSURE OF A BC
EVENT: ................................................................................................................................................................30
(A) IT IS THE ULTIMATE RESPONSIBILITY OF THE CMT LEADER (FOR GOLD EVENTS) OR
THE BC MANAGER IN CHARGE (IN CASE OF SILVER EVENTS) TO ENSURE THE BC EVENT
IS RESOLVED....................................................................................................................................................30
(B) THE CLOSURE SHOULD BE COMMUNICATED WITH THE STAFF AND THE GMTAPPROPRIATELY............................................................................................................................................30
(C) THE CMT SHOULD NOW INITIATE ANY APPROPRIATE MANAGEMENT REPORTS AND
POST INCIDENT INVESTIGATION..............................................................................................................30
(D) THE BUSINESS CONTINUITY PLAN SHOULD BE REVIEWED IN LIGHT OF ANY
CHANGES TO WORKING ARRANGEMENTS ...........................................................................................30
(E) A BC EVENT CLOSURE REPORT SHOULD BE PRODUCED AFTER THE RESOLUTION OF
THE BC EVENT, AS SOON IS IT BECOMES BUSINESS AS USUAL. CLOSE OUT REPORTS AND
LESSONS LEARNT SHALL BE REPORTED TO THE GMT, AUDIT, RISK & PERFORMANCE
COMMITTEE AND BOARD. ..........................................................................................................................30
RESOURCE REQUIREMENTS .....................................................................................................................30
3.19. THE CMT TEAM MEMBERS SHOULD BE MADE AWARE OF THE ROLES AND
RESPONSIBILITIES AND THEIR TIME SHOULD BE ALLOCATED FOR ALL BCM RELATED
ACTIVITIES INCLUDING TESTING EXERCISES. THE BC MANAGER SHOULD ALSO ENSURE
THAT EVERY TEAM BC CONTACT (THIS COULD BE THE LINE MANAGERS OR GROUP
DIRECTORS) ALLOCATE THE APPROPRIATE TIME AND RESOURCES TO CARRY OUT ALL
BCM RELATED ACTIVITIES........................................................................................................................ 30
TRAINING REQUIREMENTS ................................................................................................................ ......31
3.20. THIS POLICY SHOULD BE COMMUNICATED TO ALL GROUP DIRECTORS, LINE
MANAGERS AND STAFF MAKING THEM AWARE OF THE ROLES AND RESPONSIBILITIES.
IDEALLY A SERIES OF BCM WORKSHOPS SHOULD BE CONDUCTED ACROSS THE
ORGANISATION MAKING EVERYONE AWARE OF THE IMPORTANCE AND RELEVANCE OF
THE BCM PROCESSES AND PROCEDURES............................................................................................. 31
TEAMS/PERSONS CONSULTED ON THIS POLICY ...............................................................................31
3.21. THE FOLLOWING HAVE BEEN CONSULTED DURING THE DEVELOPMENT OF THIS
FRAMEWORK: ..................................................................................................................................................31
(A) GROUP DIRECTOR COMMUNICATIONS AND MARKETING .....................................................31
(B) HEAD OF RISK & AUDIT; ..................................................................................................................... ..31
(C) HEAD OF HEALTH AND SAFETY; ..................................................................................................... ..31
(D) HEAD OF IMT SERVICE DELIVERY; ..................................................................................................31
(E) THE EQUALITY TEAM; ....................................................................................................................... ...31
(F) THE LEGAL TEAM ............................................................................................................................ .......31
(G) CHIEF INFORMATION OFFICER........................................................................................................ 31
EQUALITY IMPACT ASSESSMENT ..........................................................................................................32
SECTION 1 - SCREENING .............................................................................................................................32
QUESTION ........................................................................................................................................................32
RESPONSE .......................................................................................................................................................32
SQ1. PLEASE LIST HERE HOW THE STATED AIMS AND OBJECTIVES OF YOUR POLICY
RELATE TO EQUALITIES GROUPS AND WHO THE MAIN BENEFICIARIES ARE. ..................... 32
THE POLICY IN ITSELF DOES NOT RELATE TO ANY PARTICULAR EQUALITY GROUPS AS
IT APPLIES TO ALL STAFF. HOWEVER, BCPS SUBMITTED FROM SPECIFIC TEAMS NEEDTO CONSIDER ANY ACCESS REQUIREMENTS FOR THEIR MEMBERS OF STAFF. ...................32
49244085.docLondon Development Agency 3.03.2010
Page 11 of 34
8/8/2019 Business Continuity Management Policy 7299
12/34
LDA BUSINESS CONTINUITY MANAGEMENT POLICY
SQ2. PLEASE USE THIS SECTION TO OUTLINE WHAT EVIDENCE IS AVAILABLE ABOUT
EQUALITIES GROUPS IN RELATION TO THIS AREA OF ACTIVITY. THIS SHOULD INCLUDE
DATA AND ANY RESEARCH ON POPULATION, EDUCATIONAL ATTAINMENT, LDA
WORKFORCE, INCOME LEVELS, ETC. ....................................................................................................32
DESCRIBE WHAT THE EVIDENCE TELLS YOU IN TERMS OF THE LIKELY NEGATIVE
IMPACTS ARE IN REGARD TO RACE, GENDER, DISABILITY, FAITH, AGE, SEXUALORIENTATION, REFUGEES OR ASYLUM STATUS AND ON COMMUNITY COHESION AND
WHICH GROUPS MIGHT BE MOST AFFECTED. ALSO HIGHLIGHT ANY GAPS IN THE
EVIDENCE WHICH MAY REQUIRE FURTHER INFORMATION GATHERING I.E.
CONSULTATION. IF THIS IS REQUIRED YOU WILL NEED TO CARRY OUT A FULL
EQUALITIES IMPACT ASSESSMENT.........................................................................................................32
POSITIVE IMPACTS - THE DISASTER RECOVERY CENTRE (DRC) IS A RECENT
CONSTRUCTION AND PRESUMED TO BE DDA COMPLIANT. THE MAJORITY OF LDA
EMPLOYEES SHOULD BE ABLE TO WORK FROM HOME AND HAVE ACCESS TO CITRIX .. ..32
THE DRC IS PHYSICALLY ACCESSIBLE TO ALL STAFF AND VISITORS BUT DUE TO AN
EXTREMELY LIMITED NUMBER OF DESK SPACE, THE VAST MAJORITY OF EMPLOYEES
WILL WORK FROM HOME VIA CITRIX WHICH IS ACCESSIBLE TO ALL WHO REQUIRE IT.
SHOULD A MEMBER OF STAFF WITH A DISABILITY BE LOCATED THERE, A PEEP(PERSONAL EMERGENCY EVACUATION PLAN) WILL BE CARRIED OUT. ............................. ...32
CASCADE SOFTWARE ........................................................................................................................ .........32
ALL INFORMATION DISSEMINATED BY THE CASCADE SOFTWARE SYSTEM WILL BE
AVAILABLE ON MULTIPLE PLATFORMS I.E. SMS, VOICE, LANDLINE AND EMAIL.................32
NEGATIVE IMPACTS ............................................................................................................................... ..32
ANY REASONABLE ADJUSTMENTS THAT ARE EXISTING IN PALESTRA, MAY NOT BE
REASONABLY DUPLICATED AT THE DRC .............................................................................................32
THE TEAM BCPS DO NOT COVER ACCESS ISSUES REGARDING INDIVIDUALS. ...................32
CASCADE SOFTWARE ........................................................................................................................ .........32
THERE MAY BE INSTANCES WHERE THE MULTI PLATFORM METHODOLOGY IS NOT
SUFFICIENT. WHERE THIS IS THE CASE, HR TO INFORM THE HEAD OF H&S SO AN
INDIVIDUAL ACTION PLAN CAN BE DEVELOPED. .............................................................................32
SQ3. CONFIRM WITH THE EQUALITY TEAM WHETHER A FULL EIA IS REQUIRED FOR
THIS AREA OF ACTIVITY AND RECORD THE OUTCOME OF THIS DISCUSSION HERE...........33
NO .......................................................................................................................................................................33
SECTION 2 FULL ASSESSMENT .............................................................................................................33
QUESTION ........................................................................................................................................................33
RESPONSE .......................................................................................................................................................33
49244085.docLondon Development Agency 3.03.2010
Page 12 of 34
8/8/2019 Business Continuity Management Policy 7299
13/34
LDA BUSINESS CONTINUITY MANAGEMENT POLICY
Level 1: Statement of Policy Principles
Purpose
1.1.The Business Continuity Management policy is aimed at ensuring that the LondonDevelopment Agency (LDA) can maintain or return to business as usual after a
disruption, major incident or a crisis.
1.2.Business continuity policies and planning are critical to minimise the organisational andreputational risks to the LDA during a business interruption and to ensure that the
business continues to operate during times of crisis.
1.3.The policy specifies the planning process and requirements along with the proceduresthat must be followed during the time of a disruption, incident or emergency. It provides
guidance about the organisational structure and activities which will be carried out in
planning for, managing during, and recovering after such events.
1.4. The main focus of this policy document is to ensure that, following a Business
Continuity Event (BC Event), the key and critical operations of the LDA continue until
the situation is resolved and there is return to Business as Usual (BAU).
Objectives
1.5. The objectives of this policy are to:
(a) Provide a business continuity planning framework and approach that will ensure
resilience is considered as part of LDA operations.
(b) Provide guidance and procedure to all LDA staff that must be followed in planning
for and during the time of disruption, major incident, emergency or crisis situation.
(c) Minimise the organisational and reputational risks to the London Development
Agency during business interruptions and to ensure that the Agency continues to
operate at an acceptable level during a time of crisis.(d) To build resilience into the LDAs activities and systems so that they are available
at an appropriate level in as short a time as possible following a business
disruption.
Key Principles
1.6. The Agency will:
(a) Address the risks and issues which may jeopardise operations, key business
processes, its financial situation and legal standing.
49244085.docLondon Development Agency 3.03.2010
Page 13 of 34
8/8/2019 Business Continuity Management Policy 7299
14/34
LDA BUSINESS CONTINUITY MANAGEMENT POLICY
(b) Minimise the effects of a business disruption event and maintain operations at an
appropriate level.
(c) Resume a business as usual state as soon as possible
(d) Promote business continuity planning and preparedness
(e) Plan for foreseeable events
(f)Communicate our approach to staff
(g) Rehearse and test our approach against foreseeable events.
Duties
1.7. Responsibilities for business continuity are as follows:
(a) The Board and Chief Executive: Endorse this policy and commitment tobusiness continuity planning and implementation.
(b) Group Management Team: Provide oversight, direction and commitment tothe business continuity approach.
(c) Group Director for Communications and Marketing - Ensure a BusinessContinuity Policy is in place and lead the Crisis Management Team.
(d) Group Directors: ensure directorate planning and operational compliancewith the policy.
(e) Chief Information Officer: Ensure that an up to date and effective policy isapproved, in place and complied with within the Agency
(f) Directors: Prepare business continuity plans for their area and ensure staffare aware of arrangements.
(g) Business Continuity Manager: Prepare the Agency Business Continuity
Policy and approach and oversee planning and response arrangements
(h) Human Resources: provide induction training and ongoing support to staffto ensure understanding.
(i) All staff: Understanding of, contribute to and comply with the Agencys Business
Continuity Policy as part of their normal duties and responsibilities
49244085.docLondon Development Agency 3.03.2010
Page 14 of 34
8/8/2019 Business Continuity Management Policy 7299
15/34
LDA BUSINESS CONTINUITY MANAGEMENT POLICY
Level 2: Guidance on Policy
Definitions and Abbreviations
2.1. The following table lists all the definitions for the terms and abbreviations used in this
document and all other Business Continuity related documents.
Term/Abbreviation Definition
BAU Business As Usual
BC Business Continuity
BCM Business Continuity Management.
BIA Business Impact Assessment.
BSI British Standards Institute.
Business Continuity A holistic management process that identifies potentialimpacts that threaten an organisation and provides a
framework for building resilience with the capability for aneffective response that safeguards the interests of its keystakeholders, reputation, brand and value creatingactivities [BSi 25999-1:2006]
Business ContinuityEvent
Any event that interrupts the normal continuation of oneor more of the LDA business processes or its key BAUactivities.
CMT Crisis Management Team - The emergency organisationthat deals with all business disruptions, Major Incidents
and emergencies/crisis in the organisation.
Crisis When a major incident or an emergency renders the LDAoperations (including buildings) not BAU for long periods(many days or weeks together). Example, fire orearthquake rendering the primary building nonoperational for several weeks. Another example is aPandemic Flu outbreak affecting significant number ofemployees of LDA.
Disruption Any event that briefly interrupts or has the potential to
interrupt (few hours) normal operations at the LDA. E.g. aprotest outside the building or minor power outage
49244085.docLondon Development Agency 3.03.2010
Page 15 of 34
8/8/2019 Business Continuity Management Policy 7299
16/34
LDA BUSINESS CONTINUITY MANAGEMENT POLICY
Emergency Any BC Event that requires the invoking of the BC plansand usually requires evacuation. Example, fire, naturaldisasters e.g. earthquakes, terrorist attacks etc.
LDA London Development Agency
Minor Incident /
Major
Incident/Critical
Incident
Any incident that affects the functioning of the IT systemsand buildings and renders them not operational for longerperiods of time.
Business Continuity Management Process
2.2.Business Continuity is defined as a holistic management process thatidentifies potential impacts that threaten an organisation and provides a
framework for building resilience with the capability for an effective response
that safeguards the interests of its key stakeholders, reputation, brand and value
creating activities [BSi 25999-1:2006].
2.3. Business Continuity Management at the LDA is about the strategic and tactical
approach of the Agency to plan for and detail its response to incidents and business
disruptions in order to continue the operations at acceptable quality and performancelevels.
2.4.The LDA as a Regional Development Agency and as a functional body of the Mayor ofLondon has responsibilities to prepare for and provide resilience against all forms of
business disruption. The LDA is NOT defined as a Category one or two responder
under the Civil Contingencies Act 2004. However, it could be required to support the
Mayor and Greater London Authority during a Pan London event.
2.5. The Business Continuity Management policy at the LDA aims to provide a robustbusiness continuity and business recovery approach that meets the needs of the
Agency.
2.6.The scope of the BCM process at the LDA addresses loss of services (IT, power,communications etc); loss of buildings; loss of direct supply chain; and loss of staff.
Business Continuity Strategy
49244085.docLondon Development Agency 3.03.2010
Page 16 of 34
8/8/2019 Business Continuity Management Policy 7299
17/34
LDA BUSINESS CONTINUITY MANAGEMENT POLICY
2.7.The LDA Business Continuity Management (BCM) Strategy is to plan for andprovide resilience against events that could disrupt business as usual activities.
The resilience and response approach is to be proportionate to the risk and to a
level agreed by the senior management team.
2.8.The strategy is based on a number of planning assumptions taken from theNational Risk Register, London Regional Resilience Plan by Government Office
for London, internal and external sources and the following objectives:
(a)To ensure the health, safety and welfare of LDA employees during a business
continuity event.
(b)To provide an appropriate level of organisational resilience sufficient to continue
critical activities as identified in the Business Impact Assessment and Team
Business Continuity Plans.
(c)To develop a framework that provides the necessary assurance to the Board,
Mayor, and external stakeholders through appropriate exercising, rehearsing
and review.
(d)To maintain LDAs communication and support to the Mayors office, GLA and
other Key Stakeholder relationships, along with our Corporate Social
Responsibility.
(e)Maintain the LDAs reputation during a continuity event.
(f)To maintain financial commitments to staff, projects and the supply chain.
(g)Prevent breaches of statutory and regulatory requirements that could lead to
litigation and ensure appropriate governance is maintained.
(h)To support the LDA risk management approach.
(i)To maximise opportunity for improvement following a business continuity event
Roles & Responsibilities
2.9.The Board is responsible for endorsing the Level 1 Policy and commitment tobusiness continuity planning and implementation.
49244085.docLondon Development Agency 3.03.2010
Page 17 of 34
8/8/2019 Business Continuity Management Policy 7299
18/34
LDA BUSINESS CONTINUITY MANAGEMENT POLICY
2.10. The Audit, Risk & Performance Committee on behalf of the Board are responsible forscrutinising the policy and monitoring the corporate risk approach. In particular, it
receives the Policy for comment and regular updates of the corporate risk register.
2.11. The Group Management Team acts as the key oversight body and ensures thatbusiness continuity is sufficiently developed in order to provide the level of resilience
required by the organisation. The GMT ensures the business continuity management
framework is fit-for purpose, appropriate and that it is adequately resourced and
funded. The GMT provides the strategic direction on the appropriateness of critical
activities and sets the business continuity culture within the Agency.
2.12. The Group Director for Communications and Marketing has overall responsibility for
ensuring the Agency has in place effective arrangements to respond to a businessdisruption that could affect the provision of services. They are is responsible for
ensuring appropriate structures are in place to respond to an event and shall act as the
lead during such an event.
2.13. The Chief Information Officer will ensure that an up to date and effective policy isprepared for the Agency and is approved by the GMT and Board. The CIO will
ensure the approved policy is in place and complied with by staff within the
Agency.
2.14. Directors and Heads of Service are responsible for ensuring that:
(a) All areas within their control have been impact assessed and unit business
continuity plans are in place,
(b) Business continuity plans are cascaded to appropriate staff within their area,
(c) Cascade communication trees are in place and up to date,
(d) Unit business continuity plans are reviewed as appropriate and at least annually.
(e) Key staff with critical functions have Citrix access and the ability to workremotely.
2.15. The Head of Health & Safety acts as the Business Continuity Manager and isresponsible for ensuring that:
(a) The policy is prepared and approved;
(b) Staff are aware of the plan and individuals are informed of their specific role.
49244085.docLondon Development Agency 3.03.2010
Page 18 of 34
8/8/2019 Business Continuity Management Policy 7299
19/34
LDA BUSINESS CONTINUITY MANAGEMENT POLICY
(c) Toolkits and templates are distributed to all Directors or their nominated BC
coordinator;
(d) Business impact assessments are undertaken and reviewed at appropriate
intervals or at least annually.
(e) An exercise plan is in place to test the effectiveness of the plan.
(f) All significant business continuity risks and events are recorded.
(g) A list of Crisis Management Team members are maintained with out of hours
contact details.
2.16. Human Resources will ensure that new staff are provided with inductiontraining which includes business continuity arrangements and ongoing support
to staff to ensure their understanding.
2.17. All Staff must make themselves familiar with their individual roles as set out within thepolicy, contribute to unit business plans and comply with the Agencys Business
Continuity Policy as part of their normal duties and responsibilities.
Business Impact Assessment
2.18. It is the Agencys policy to undertake a Business Impact Analysis of its activities forbusiness continuity purposes at sufficient intervals to ensure the business continuity
plan is appropriate. The business impact analysis is to be Agency wide and
supplemented by the unit specific assessments. The business impact analysis is to be
reviewed a minimum of annually.
Operational Dependence
2.19. It is the principle of the Agency to have a recovery centre for IT systems and workarea seating for 70 staff should an event occur that precludes use of an LDA office (e.g.
Palestra) or where internal IT systems have failed. From invocation the seating is to be
available within 1 hour and basic IT systems within a maximum of 4 days.
49244085.docLondon Development Agency 3.03.2010
Page 19 of 34
8/8/2019 Business Continuity Management Policy 7299
20/34
LDA BUSINESS CONTINUITY MANAGEMENT POLICY
2.20. All IT data is to be backed up daily and stored off site. The primary server room is tobe supported by UPS and generator electricity to maintain systems in a power outage.
IT systems are to be available via remote access to staff in the event of Palestra having
access denied. Access to all staff will be dependant on home technology being
available and increasing licenses at invocation.
2.21. Key staff with critical functions are to be provided with remote access to systems andensure alternative members of staff have the key knowledge and skills to prevent a
single point of failure. It is the policy of the agency to take reasonable precautions
against foreseeable illness that may affect staff (e.g. Pandemic Flu).
2.22. The business continuity planning approach is to include the reputation aspects during
a business continuity event, therefore the plans are to include the methods of bothinternal and external communication. It is policy to liaise with appropriate government
departments, including the GLA, in relation to any common messages.
2.23. It is the policy of the Agency to communicate with staff by the most appropriatemeans in the event of a business continuity event. The Business Continuity Manager
and deputy will hold a Directors (and deputy) cascade tree and will be responsible for
commencing cascade of information about the event to staff.
Crisis Management Team Control Structure
2.24. Business Continuity events at the LDA are classified as Gold, Silver, andBronze depending on the perceived levels of emergency and the Crisis
Management Team adopts appropriate levels of management and co-ordination
to deal with events in each of these three categories.
CMT Category Management Hierarchy Who
Gold Strategic Management:Planning ahead andsetting the BCM strategyfor LDA
GMT plus BusinessContinuity Manager andselected SilverMembers. Silver CMTLeader interfaces withthe LDA Gold to providestrategic input,
Silver Tactical Management:
Implementing the strategyand co-ordinating the
Crisis Management
Team (predefinedDirectors and/or Heads
49244085.docLondon Development Agency 3.03.2010
Page 20 of 34
8/8/2019 Business Continuity Management Policy 7299
21/34
LDA BUSINESS CONTINUITY MANAGEMENT POLICY
BCM operations of Service.
Bronze Operational Management:Delivering on the ground
Specific individuals withspecific key skills and
expertise.
Silver Crisis Management Team (CMT)
2.25. The LDA will, at all times, have a nominated group of staff who will act as theSilver Crisis Management Team (CMT). The (CMT) is the principal emergency
team that deals with all Business Continuity Events at the LDA.
(a) The CMT is headed by the CMT Leader who will take ownership of a
Gold level Business Continuity event and also provide strategic inputsto the CMT during a BC Event and during normal business operations.
(b) In all Business Continuity invocation scenarios, the CMT would beresponsible for ensuring the continuity of LDA business operations
(c) The Business Continuity Manager in charge will have the responsibilityof carrying out the strategies outlined by the CMT leader but also takeownership during a Silver category BC event.
(d) The BC Manager also has the responsibility of forming the Bronzeteams and co-ordinating their activities and recovery actions.
(e) The ownership of events and activities can be delegated to one of thesilver team members at the discretion of the BC manager.
(f) The CMT will be responsible for prioritising all the activities for theorganisation and will make necessary resource allocations to carry outthe activities.
(g) Some of the immediate priorities of the CMT following an emergencywill be to invoke the Primary Recovery Site and cascade/maintaincommunications to staff and Board members.
Business Continuity Events
2.26. Any event that affects key/critical business processes can be termed as aBusiness Continuity Event and may require the convening of the CMT.
2.27. The following are some of the examples of various Business Continuityevents.
49244085.docLondon Development Agency 3.03.2010
Page 21 of 34
8/8/2019 Business Continuity Management Policy 7299
22/34
LDA BUSINESS CONTINUITY MANAGEMENT POLICY
Incident/EventCategory
Utilities IT/TechnologyBuilding Loss(Flood, Fire,Collapse etc
Gold Long termoutage i.e.for morethan 48hours
Loss of all criticalsystems for morethan 2 days
Loss of criticalamount of officespace, complete lossof access tobuildings, massevacuationnecessary
Silver Entire
building for 1or moredays.
Loss of multiple
critical systems orall systems for lessthan a day.
Large number of
facilities affected forless than 3 days
Bronze Local loss orloss lessthan 1 day
Virus or loss of asingle criticalserver/system
Localised, shortduration. Fewer than2 facilities. E.g. 5th
floor toilet, 7th floorkitchette.
CMT Membership
2.28. The following are the role descriptions of various roles within the CMTorganisation.
Role Description CMTHierarchy
CMT Leader Responsible for the overall BCMstrategy and directs the CMT
Gold
GMT Provide decision making forum and setstrategic approach
Gold
BusinessContinuityManager inCharge
Responsible for managing the BCpolicy, the CMT and silver category BCevents.
Gold/Silver
Health andSafety Managerin Charge
Responsible for managing all healthand safety related incidents at the LDA.
Gold/Silver
IMT Lead The Head of IMT manages all IT related
activities and bring back all the ITsystems.
Silver
49244085.docLondon Development Agency 3.03.2010
Page 22 of 34
8/8/2019 Business Continuity Management Policy 7299
23/34
LDA BUSINESS CONTINUITY MANAGEMENT POLICY
FacilitiesManager inCharge
Responsible for managing allbuildings/facilities related incidents andliaising with the external buildingmanagement during evacuations.
Silver/Bronze
Corporate
CommunicationsRepresentative
Responsible for carrying out the
communications process on behalf ofthe CMT.
Gold/Silver
CMTAdministrator
Provide assistance in running theactivities of the CMT to resolve the BCincidents.
Silver
Legal Liaison Responsible for providing all legalrelated guidance during a BC event.
Silver
HRRepresentative
Responsible for providing HR relatedadvise and managing HR relatedelements during a BC event.
Silver
BC Event Management
2.29. As business continuity events in principle are foreseeable but not in detail it is thepolicy of the LDA to have a flexible response plan. The response plan is identifiable as
the LDA Runbook. In addition to the Runbook the LDA will have documented
emergency procedures.
2.30. The Runbook is to be available to all staff via the intranet and issued in hardcopy tothe Silver and Gold Team for out of hours reference. The Runbook will contain
information relating to the recovery site.
2.31. The CMT will convene as soon as practicable following identification of a businesscontinuity event and will consider any opportunities for change and improvement, as
appropriate.
2.32. The LDA will prepare a pandemic influenza approach to sit alongside the BCRunbook. Flu pandemic related incidents will continue to be managed under the
Gold/Silver/Bronze CMT command structure.
IT Service Continuity
2.33. The LDA IMT team is responsible for carrying out all the necessary IT servicecontinuity management related activities. The IMT team BC plans will contain all the
relevant IT service continuity documentation.
49244085.docLondon Development Agency 3.03.2010
Page 23 of 34
8/8/2019 Business Continuity Management Policy 7299
24/34
LDA BUSINESS CONTINUITY MANAGEMENT POLICY
2.34. LDA server based data will be fully backed up each weekend and the tapes stored offsite with Data Protect UK. In additional to tapes some server information shall be
stored on external hard drives with the tapes, to aid the restore process. Daily
incremental back up will be undertaken Monday - Thursday night and stored off site
with Data Protect UK.
2.35. Critical LDA staff as identified in the Business Impact Assessment and TeamBusiness Continuity plans shall have Citrix access to LDA systems. All LDA standard
systems shall be accessible through Citrix or available via a laptop device.
2.36. The IMT team shall maintain processes and procedures to ensure the following:
Data is backed up and able to be restored
Virus and firewall protection is maintained
Rebuild dependences are documented and tested annually.
Exercise
2.37. The Business Continuity Policy and plans will be reviewed on a 6 monthly basis toensure they are fit for purpose, robust and to provide assurance to LDA internal and
external stakeholders. There will be a variety of exercises to test the various elements
of the plan as follows:
(a) IT system rebuild at DR site (Annually)
(b) Full rehearsal of DR process (Annually)
(c) Cascade test (Annually)
(d) Unit plan (Sample annually)
Training
2.38. All staff are to be trained in the principles of the policy and their responsibilities.
2.39. Staff with specific responsibilities and duties are to receive training appropriate to the
role they have been assigned.
2.40. All new staff joining the Agency are to be inducted in the policy and the approach ofthe Agency.
Lessons Learnt
49244085.docLondon Development Agency 3.03.2010
Page 24 of 34
8/8/2019 Business Continuity Management Policy 7299
25/34
LDA BUSINESS CONTINUITY MANAGEMENT POLICY
2.41. A log of all incidents is to be maintained by the Business Continuity Manager whichshall include lessons learnt, procedural / operational changes and corrective actions.
Reports on substantial events that affect business as usual shall be reported to the
GMT and Audit Risk and Performance Committee as appropriate.
49244085.docLondon Development Agency 3.03.2010
Page 25 of 34
8/8/2019 Business Continuity Management Policy 7299
26/34
LDA BUSINESS CONTINUITY MANAGEMENT POLICY
Level 3: Procedural Steps
Business Impact Assessment
3.1. The Business Continuity Manager (Head of Health & Safety) will ensure thatBusiness Impact assessment reviews and updates are carried out in the final quarter
of each financial year or following organisational changes.
3.2. The Business Continuity Risk Register will be reviewed monthly and following theannual review of the impact assessment. Where risks are identified as significant or
high risk they shall be included on the corporate risk register and communicated to
the GMT and Audit, Risk and Performance Committee.
Operational Dependence
3.3.The Head of IMT in consultation with the Business Continuity Manager (Head of Health& Safety) is responsible for ensuring a separate recovery site or facility is available with
access to the LDA systems once restored. The allocation of seating is the
responsibility of the Crisis Management Team operating at the facility.
3.4. IT data is to be backed up daily and stored off site in accordance with the IMT policy
3.5.Key staff with critical functions are required to request Citrix access via the Intranetapplication form. Staff must then log on and ensure critical functions can be carried via
that system.
Crisis Management Team (CMT)
3.6.The BC events at the LDA are classified as Gold, Silver, and Bronze dependingon the perceived levels of emergency and the CMT adopts appropriate levels of
management and co-ordination to deal with events in each of these three
categories. The CMT leader or Business Continuity Manager will assign the
category dependant on the severity and impact of the event.
3.7. The following is the procedure to convene the CMT following a BusinessContinuity event.
(a) The CMT Leader, BC Manager or a Group Director have the authority to
convene the Crisis Management Team after establishing/confirming that there
is a Business Continuity event that requires crisis management.
49244085.docLondon Development Agency 3.03.2010
Page 26 of 34
8/8/2019 Business Continuity Management Policy 7299
27/34
LDA BUSINESS CONTINUITY MANAGEMENT POLICY
(b) The CMT will be contacted via email or mobile by one of the CMT members
depending on how they fit into the various cascading trees.
(c) The BC Manager will decide appropriate course of action and CMT meeting
arrangements.
(d) The BC Manager or CMT leader will notify relevant GMT members by the most
appropriate and fastest method.
(e) CMT meetings will be chaired by the CMT Leader and facilitated by the BC
Manager with administrative support.
(f) Bronze CMT members should attend CMT meetings only when requested to
provide specific input.
(g) The Bronze team will ensure that they provide periodic reports to the Silver
team as required
Initiating a CMT Meeting
3.8.The first meeting after convening the CMT will take place at the earliestconvenience (Ideally within an hour of an incident). The exact location and time
will be communicated to the CMT members (Gold, Silver and relevant Bronze
team members) by the BC Manager. At this meeting the CMT will decide on the
short term priorities for the LDA.
Updating the RunBook
3.9. The following is the procedure to update the Runbook;
(a) The Runbook shall be updated by the Business Continuity Manager annually or
following a substantial change.
(b) The Runbook shall be displayed on the Intranet and hard copies shall be
distributed by the Business Continuity Manager to the GMT and nominated CMT
members.
Updating the Events Log and Risk Register
3.10. The following is the procedure to update the Risk Register
(c) The Business Continuity Manager shall maintain an events log that records the
business continuity events in the Agency. Significant events which warrant
escalation shall be included within the monthly H&S paper to the GMT.
49244085.docLondon Development Agency 3.03.2010
Page 27 of 34
8/8/2019 Business Continuity Management Policy 7299
28/34
LDA BUSINESS CONTINUITY MANAGEMENT POLICY
(d) The Risk Register shall be updated by the Business Continuity Manager monthly.
Where risks warrant escalation this shall be included on the corporate risk register
by the Head of Audit and Assurance.
(e) The risk register and events log shall be stored in electronic format within AthenaDocs.
Unit Business Continuity plans
3.11. Recovery plan must be produced by each Business Unit after performing a UnitBusiness Impact Analysis based on the standard. The primary aim of the BCP should
be to describe recovery steps to get back to work as soon as possible.
3.12. A library of these documents, along with this policy document and the CMT Runbook,
will form the LDA Business Continuity Plan (BCP).
3.13. Individual team level BCPs should be tested annually to validate their accuracy andintegrity. The BC Manager will communicate all the relevant test schedules.
3.14. Each team BC plan will include a cascade communications process thatallows the managers to contact their staff during emergencies.
3.15. The BC plan will also identify who can work from home and will be used tocommunicate to those staff using emails along with other modes of
communication.
Communications with the Staff
3.16. The following are the policies relating to communications at the LDA
(a) Once the BC manager has confirmed the BC event, in case of emergency
evacuations and invocations of primary recovery site, the BC Manager will
initiate a cascade communication liaising with the Communications Manager.
The cascade communications could reach the staff via mobile texts, emails, or
Information hotlines.
(b) In case of Gold events, the CMT leader will be the point of contact with the
LDA GMT & Board. The CMT Leader will communicate the course of actions
and decisions to the BC Manager and other Silver team members.
(c) The cascade information will also advise the Group Directors, Line Managers
or team BC contacts to invoke the team BC plans.
49244085.docLondon Development Agency 3.03.2010
Page 28 of 34
8/8/2019 Business Continuity Management Policy 7299
29/34
LDA BUSINESS CONTINUITY MANAGEMENT POLICY
(d) In addition to the cascade information coming through to mobiles and emails,
a staff emergency line will be activated by the CMT and pre recorded
messages will be made available advising staff about what has happened and
the action to take.
(e) The BC plan which identifies who can work from home will be used to
communicate to those staff using emails along with other modes of
communication.
(f) Each team BC plan will include a cascade communications process that
allows the managers to contact their staff. Seats at the Primary recovery site
will be allocated by the CMT and the Group Director will identify which staff
will initially move to the Primary Recovery site. This could vary depending on
the situation and business requirements. The BC Managers and GroupDirectors of each team will make the decisions in this regard.
Evacuation and Primary Recovery Site
3.17. In the event of a BC event or crisis that renders LDA Buildings not operationalor not available for occupation, the Primary Recovery Site will be invoked
(currently at Uxbridge). The BC Manager or Facilities Manager in Charge will
contact the third party recovery site provider to invoke and immediately
mobilise the recovery site.
There are currently limited Work Area Recovery (WAR) seats available for allocation at
Uxbridge along with additional seats for CMT use.
During Core Working Hours
1. If the BC event occurs during working hours and required mass evacuation, thebuilding evacuation procedure will be followed. Once evacuated, further information
and the future communications process will be announced at the muster point.
2. The CMT will immediately convene following an emergency evacuation. The CMTwill initiate the general cascade communications process. If possible, the team BCP
will be invoked and teams will also use their own cascade communications process
to brief their team members.
Outside Core Working Hours
49244085.docLondon Development Agency 3.03.2010
Page 29 of 34
8/8/2019 Business Continuity Management Policy 7299
30/34
LDA BUSINESS CONTINUITY MANAGEMENT POLICY
3. If the BC event occurs outside of the core working hours and doesnt requireevacuation, the CMT will convene and invoke the general cascade communications
process to inform staff as to what actions they should take on the following morning.
4. Text messages and emails will be sent to all employees in case of emergencies and
will advise the staff on the course of action.
5. The Line Managers and Group Directors will make the decision on whether to advisethe team members to work from home or go to the recovery site. This will depend on
the desk quotas available for each directorate and the existing remote working
procedures at the team level.
6. Should the staff return home after an evacuation or a BC event, they should call theinformation hotline mentioned in the RunBook, check their emails remotely (if IT
systems are still operational) or mobile messages for further information.
BC Event Closure
3.18. The following are the key policies regarding the closure of a BC Event:
(a) It is the ultimate responsibility of the CMT Leader (for Gold events) or the BC
Manager in Charge (in case of silver events) to ensure the BC event is resolved.
(b) The closure should be communicated with the staff and the GMT appropriately.
(c) The CMT should now initiate any appropriate management reports and post incident
investigation.
(d) The business continuity plan should be reviewed in light of any changes to working
arrangements
(e) A BC Event closure report should be produced after the resolution of the BC event,
as soon is it becomes Business As Usual. Close out reports and lessons learnt shall
be reported to the GMT, Audit, Risk & Performance Committee and Board.
Resource requirements
3.19. The CMT team members should be made aware of the roles and responsibilities andtheir time should be allocated for all BCM related activities including testing exercises.
The BC Manager should also ensure that every team BC contact (This could be the
Line Managers or Group Directors) allocate the appropriate time and resources to carry
out all BCM related activities.
49244085.docLondon Development Agency 3.03.2010
Page 30 of 34
8/8/2019 Business Continuity Management Policy 7299
31/34
LDA BUSINESS CONTINUITY MANAGEMENT POLICY
Training requirements
3.20. This policy should be communicated to all Group Directors, Line Managers and staffmaking them aware of the roles and responsibilities. Ideally a series of BCM
workshops should be conducted across the organisation making everyone aware ofthe importance and relevance of the BCM processes and procedures.
Teams/Persons consulted on this policy
3.21. The following have been consulted during the development of this framework:
(a) Group Director Communications and Marketing
(b) Head of Risk & Audit;
(c) Head of Health and Safety;
(d) Head of IMT Service Delivery;
(e) the Equality team;
(f) The Legal Team
(g) Chief Information Officer.
49244085.docLondon Development Agency 3.03.2010
Page 31 of 34
8/8/2019 Business Continuity Management Policy 7299
32/34
LDA BUSINESS CONTINUITY MANAGEMENT POLICY
Equality Impact Assessment
Section 1 - Screening
Question Response
SQ1. Please list here how the stated aims
and objectives of your policy relate to
equalities groups and who th