Business Continuity Management Policy 7299

8/8/2019 Business Continuity Management Policy 7299

1/34

LDA BUSINESS CONTINUITY MANAGEMENT POLICY

London Development Agency

Corporate Governance

Business ContinuityManagement Policy

Author: Richard TewDocument Name: Business Continuity Management PolicyDocument Number: #3362270

Effective Date: 01/06/2010Date due for review: 01/06/2011Responsible for review: Anne Hunter, Chief Information OfficerVersion: 0.1

The contents may not be reproduced or disclosed to any third party withoutthe prior written approval of the London Development Agency.

49244085.docLondon Development Agency 3.03.2010

Page 1 of 34


2/34


Version control

Number EffectiveDate

Author / Reviewer Comments (e.g. detailsof any policies being

replaced)0.1 01/06/2010 Richard Tew Current Version

Dissemination

Name or Class Method Date Version

Publication of current version

Location Date of Publication

Intranet 01/06/2010

Internet 01/06/2010

Approvals for current version

Name Date of ApprovalGMT Version 0.4 16/12/09

Law & Governance Version 0.5 29/01/10

Chief Information Officer Version 0.5 29/01/10

GD Communications and Marketing Version 0.5 29/01/10

ARP Committee 14/1/2010


Page 2 of 34


3/34


Contents

CONTENTS .........................................................................................................................................................3

LEVEL 1: STATEMENT OF POLICY PRINCIPLES ....................................................................... .........13

PURPOSE ........................................................................................................................................................ ..13

1.1. THE BUSINESS CONTINUITY MANAGEMENT POLICY IS AIMED AT ENSURING THAT

THE LONDON DEVELOPMENT AGENCY (LDA) CAN MAINTAIN OR RETURN TO BUSINESS

AS USUAL AFTER A DISRUPTION, MAJOR INCIDENT OR A CRISIS................................................13

1.2. BUSINESS CONTINUITY POLICIES AND PLANNING ARE CRITICAL TO MINIMISE THE

ORGANISATIONAL AND REPUTATIONAL RISKS TO THE LDA DURING A BUSINESS

INTERRUPTION AND TO ENSURE THAT THE BUSINESS CONTINUES TO OPERATE DURING

TIMES OF CRISIS. ...........................................................................................................................................13

1.3. THE POLICY SPECIFIES THE PLANNING PROCESS AND REQUIREMENTS ALONG WITH

THE PROCEDURES THAT MUST BE FOLLOWED DURING THE TIME OF A DISRUPTION,

INCIDENT OR EMERGENCY. IT PROVIDES GUIDANCE ABOUT THE ORGANISATIONAL

STRUCTURE AND ACTIVITIES WHICH WILL BE CARRIED OUT IN PLANNING FOR,

MANAGING DURING, AND RECOVERING AFTER SUCH EVENTS. .................................................13

1.4. THE MAIN FOCUS OF THIS POLICY DOCUMENT IS TO ENSURE THAT, FOLLOWING A

BUSINESS CONTINUITY EVENT (BC EVENT), THE KEY AND CRITICAL OPERATIONS OF

THE LDA CONTINUE UNTIL THE SITUATION IS RESOLVED AND THERE IS RETURN TO

BUSINESS AS USUAL (BAU). .........................................................................................................................13

OBJECTIVES ....................................................................................................................................... ......... ...13

1.5. THE OBJECTIVES OF THIS POLICY ARE TO: .................................................................................13

(A) PROVIDE A BUSINESS CONTINUITY PLANNING FRAMEWORK AND APPROACH THAT

WILL ENSURE RESILIENCE IS CONSIDERED AS PART OF LDA OPERATIONS...........................13

(B) PROVIDE GUIDANCE AND PROCEDURE TO ALL LDA STAFF THAT MUST BEFOLLOWED IN PLANNING FOR AND DURING THE TIME OF DISRUPTION, MAJOR

INCIDENT, EMERGENCY OR CRISIS SITUATION................................................................................. 13

(C) MINIMISE THE ORGANISATIONAL AND REPUTATIONAL RISKS TO THE LONDON

DEVELOPMENT AGENCY DURING BUSINESS INTERRUPTIONS AND TO ENSURE THAT THE

AGENCY CONTINUES TO OPERATE AT AN ACCEPTABLE LEVEL DURING A TIME OF

CRISIS.................................................................................................................................................................13

(D) TO BUILD RESILIENCE INTO THE LDAS ACTIVITIES AND SYSTEMS SO THAT THEY

ARE AVAILABLE AT AN APPROPRIATE LEVEL IN AS SHORT A TIME AS POSSIBLE

FOLLOWING A BUSINESS DISRUPTION...................................................................................................13

KEY PRINCIPLES ...........................................................................................................................................13

1.6. THE AGENCY WILL: ..............................................................................................................................13

DUTIES ..............................................................................................................................................................14

1.7. RESPONSIBILITIES FOR BUSINESS CONTINUITY ARE AS FOLLOWS: ......................... .........14

(A) THE BOARD AND CHIEF EXECUTIVE: ENDORSE THIS POLICY AND COMMITMENT TO

BUSINESS CONTINUITY PLANNING AND IMPLEMENTATION. ................................................. .....14

(B) GROUP MANAGEMENT TEAM: PROVIDE OVERSIGHT, DIRECTION AND COMMITMENT

TO THE BUSINESS CONTINUITY APPROACH........................................................................................ 14

(C) GROUP DIRECTOR FOR COMMUNICATIONS AND MARKETING - ENSURE A BUSINESS

CONTINUITY POLICY IS IN PLACE AND LEAD THE CRISIS MANAGEMENT TEAM..................14

(D) GROUP DIRECTORS: ENSURE DIRECTORATE PLANNING AND OPERATIONALCOMPLIANCE WITH THE POLICY.............................................................................................................14


Page 3 of 34


4/34


(E) CHIEF INFORMATION OFFICER: ENSURE THAT AN UP TO DATE AND EFFECTIVE

POLICY IS APPROVED, IN PLACE AND COMPLIED WITH WITHIN THE AGENCY ....................14

(F) DIRECTORS: PREPARE BUSINESS CONTINUITY PLANS FOR THEIR AREA AND ENSURE

STAFF ARE AWARE OF ARRANGEMENTS.............................................................................................. 14

(G) BUSINESS CONTINUITY MANAGER: PREPARE THE AGENCY BUSINESS CONTINUITY

POLICY AND APPROACH AND OVERSEE PLANNING AND RESPONSE ARRANGEMENTS .... ..14

(H) HUMAN RESOURCES: PROVIDE INDUCTION TRAINING AND ONGOING SUPPORT TO

STAFF TO ENSURE UNDERSTANDING......................................................................................................14

(I) ALL STAFF: UNDERSTANDING OF, CONTRIBUTE TO AND COMPLY WITH THE

AGENCYS BUSINESS CONTINUITY POLICY AS PART OF THEIR NORMAL DUTIES AND

RESPONSIBILITIES ...................................................................................................................................... ..14

LEVEL 2: GUIDANCE ON POLICY .................................................................................................. ........ ..15

DEFINITIONS AND ABBREVIATIONS ......................................................................................................15

2.1. THE FOLLOWING TABLE LISTS ALL THE DEFINITIONS FOR THE TERMS AND

ABBREVIATIONS USED IN THIS DOCUMENT AND ALL OTHER BUSINESS CONTINUITY

RELATED DOCUMENTS................................................................................................................................ 15

BIA ......................................................................................................................................................................15

BSI ............................................................................................................................................................ ........ ..15

CMT ....................................................................................................................................................... ......... ...15

CRISIS ................................................................................................................................................... ......... ...15

DISRUPTION ....................................................................................................................................................15

EMERGENCY .................................................................................................................................................16

LDA .......................................................................................................................................................... ........ ..16

MINOR INCIDENT / MAJOR INCIDENT/CRITICAL INCIDENT .........................................................16

BUSINESS CONTINUITY MANAGEMENT PROCESS ............................................................................16

2.2. BUSINESS CONTINUITY IS DEFINED AS A HOLISTIC MANAGEMENT PROCESS THAT

IDENTIFIES POTENTIAL IMPACTS THAT THREATEN AN ORGANISATION AND PROVIDES A

FRAMEWORK FOR BUILDING RESILIENCE WITH THE CAPABILITY FOR AN EFFECTIVE

RESPONSE THAT SAFEGUARDS THE INTERESTS OF ITS KEY STAKEHOLDERS,

REPUTATION, BRAND AND VALUE CREATING ACTIVITIES [BSI 25999-1:2006]........................16

2.3. BUSINESS CONTINUITY MANAGEMENT AT THE LDA IS ABOUT THE STRATEGIC AND

TACTICAL APPROACH OF THE AGENCY TO PLAN FOR AND DETAIL ITS RESPONSE TO

INCIDENTS AND BUSINESS DISRUPTIONS IN ORDER TO CONTINUE THE OPERATIONS AT

ACCEPTABLE QUALITY AND PERFORMANCE LEVELS.....................................................................16

2.4. THE LDA AS A REGIONAL DEVELOPMENT AGENCY AND AS A FUNCTIONAL BODY OF

THE MAYOR OF LONDON HAS RESPONSIBILITIES TO PREPARE FOR AND PROVIDE

RESILIENCE AGAINST ALL FORMS OF BUSINESS DISRUPTION. THE LDA IS NOT DEFINED

AS A CATEGORY ONE OR TWO RESPONDER UNDER THE CIVIL CONTINGENCIES ACT 2004.

HOWEVER, IT COULD BE REQUIRED TO SUPPORT THE MAYOR AND GREATER LONDON

AUTHORITY DURING A PAN LONDON EVENT...................................................................................... 16

2.5. THE BUSINESS CONTINUITY MANAGEMENT POLICY AT THE LDA AIMS TO PROVIDE A

ROBUST BUSINESS CONTINUITY AND BUSINESS RECOVERY APPROACH THAT MEETS THE

NEEDS OF THE AGENCY. .............................................................................................................................16

2.6. THE SCOPE OF THE BCM PROCESS AT THE LDA ADDRESSES LOSS OF SERVICES (IT,

POWER, COMMUNICATIONS ETC); LOSS OF BUILDINGS; LOSS OF DIRECT SUPPLY CHAIN;

AND LOSS OF STAFF.......................................................................................................................................16

BUSINESS CONTINUITY STRATEGY ................................................................................................ .......16


Page 4 of 34


5/34


2.7. THE LDA BUSINESS CONTINUITY MANAGEMENT (BCM) STRATEGY IS TO PLAN FOR

AND PROVIDE RESILIENCE AGAINST EVENTS THAT COULD DISRUPT BUSINESS AS USUAL

ACTIVITIES. THE RESILIENCE AND RESPONSE APPROACH IS TO BE PROPORTIONATE TO

THE RISK AND TO A LEVEL AGREED BY THE SENIOR MANAGEMENT TEAM. ........................17

2.8. THE STRATEGY IS BASED ON A NUMBER OF PLANNING ASSUMPTIONS TAKEN FROM

THE NATIONAL RISK REGISTER, LONDON REGIONAL RESILIENCE PLAN BYGOVERNMENT OFFICE FOR LONDON, INTERNAL AND EXTERNAL SOURCES AND THE

FOLLOWING OBJECTIVES: ................................................................................................................ .........17

ROLES & RESPONSIBILITIES ................................................................................................................. ...17

2.9. THE BOARD IS RESPONSIBLE FOR ENDORSING THE LEVEL 1 POLICY AND

COMMITMENT TO BUSINESS CONTINUITY PLANNING AND IMPLEMENTATION....................17

2.10. THE AUDIT, RISK & PERFORMANCE COMMITTEE ON BEHALF OF THE BOARD ARE

RESPONSIBLE FOR SCRUTINISING THE POLICY AND MONITORING THE CORPORATE RISK

APPROACH. IN PARTICULAR, IT RECEIVES THE POLICY FOR COMMENT AND REGULAR

UPDATES OF THE CORPORATE RISK REGISTER. ...............................................................................18

2.11. THE GROUP MANAGEMENT TEAM ACTS AS THE KEY OVERSIGHT BODY AND

ENSURES THAT BUSINESS CONTINUITY IS SUFFICIENTLY DEVELOPED IN ORDER TOPROVIDE THE LEVEL OF RESILIENCE REQUIRED BY THE ORGANISATION. THE GMT

ENSURES THE BUSINESS CONTINUITY MANAGEMENT FRAMEWORK IS FIT-FOR PURPOSE,

APPROPRIATE AND THAT IT IS ADEQUATELY RESOURCED AND FUNDED. THE GMT

PROVIDES THE STRATEGIC DIRECTION ON THE APPROPRIATENESS OF CRITICAL

ACTIVITIES AND SETS THE BUSINESS CONTINUITY CULTURE WITHIN THE AGENCY.........18

2.12. THE GROUP DIRECTOR FOR COMMUNICATIONS AND MARKETING HAS OVERALL

RESPONSIBILITY FOR ENSURING THE AGENCY HAS IN PLACE EFFECTIVE

ARRANGEMENTS TO RESPOND TO A BUSINESS DISRUPTION THAT COULD AFFECT THE

PROVISION OF SERVICES. THEY ARE IS RESPONSIBLE FOR ENSURING APPROPRIATE

STRUCTURES ARE IN PLACE TO RESPOND TO AN EVENT AND SHALL ACT AS THE LEAD

DURING SUCH AN EVENT.............................................................................................................................18

2.13. THE CHIEF INFORMATION OFFICER WILL ENSURE THAT AN UP TO DATE ANDEFFECTIVE POLICY IS PREPARED FOR THE AGENCY AND IS APPROVED BY THE GMT AND

BOARD. THE CIO WILL ENSURE THE APPROVED POLICY IS IN PLACE AND COMPLIED

WITH BY STAFF WITHIN THE AGENCY...................................................................................................18

2.14. DIRECTORS AND HEADS OF SERVICE ARE RESPONSIBLE FOR ENSURING THAT: ... .. ..18

(A) ALL AREAS WITHIN THEIR CONTROL HAVE BEEN IMPACT ASSESSED AND UNIT

BUSINESS CONTINUITY PLANS ARE IN PLACE,....................................................................................18

(B) BUSINESS CONTINUITY PLANS ARE CASCADED TO APPROPRIATE STAFF WITHIN

THEIR AREA,.................................................................................................................................................... 18

(C) CASCADE COMMUNICATION TREES ARE IN PLACE AND UP TO DATE,..............................18

(D) UNIT BUSINESS CONTINUITY PLANS ARE REVIEWED AS APPROPRIATE AND AT LEASTANNUALLY........................................................................................................................................................18

(E) KEY STAFF WITH CRITICAL FUNCTIONS HAVE CITRIX ACCESS AND THE ABILITY TO

WORK REMOTELY.........................................................................................................................................18

2.15. THE HEAD OF HEALTH & SAFETY ACTS AS THE BUSINESS CONTINUITY MANAGER

AND IS RESPONSIBLE FOR ENSURING THAT: .......................................................................................18

(A) THE POLICY IS PREPARED AND APPROVED; ....................................................................... .........18

(B) STAFF ARE AWARE OF THE PLAN AND INDIVIDUALS ARE INFORMED OF THEIR

SPECIFIC ROLE................................................................................................................................................18

(C) TOOLKITS AND TEMPLATES ARE DISTRIBUTED TO ALL DIRECTORS OR THEIR

NOMINATED BC COORDINATOR; ..............................................................................................................19


Page 5 of 34


6/34


(D) BUSINESS IMPACT ASSESSMENTS ARE UNDERTAKEN AND REVIEWED AT

APPROPRIATE INTERVALS OR AT LEAST ANNUALLY......................................................................19

(E) AN EXERCISE PLAN IS IN PLACE TO TEST THE EFFECTIVENESS OF THE PLAN..............19

(F) ALL SIGNIFICANT BUSINESS CONTINUITY RISKS AND EVENTS ARE RECORDED...........19

(G) A LIST OF CRISIS MANAGEMENT TEAM MEMBERS ARE MAINTAINED WITH OUT OFHOURS CONTACT DETAILS.........................................................................................................................19

2.16. HUMAN RESOURCES WILL ENSURE THAT NEW STAFF ARE PROVIDED WITH

INDUCTION TRAINING WHICH INCLUDES BUSINESS CONTINUITY ARRANGEMENTS AND

ONGOING SUPPORT TO STAFF TO ENSURE THEIR UNDERSTANDING.........................................19

2.17. ALL STAFF MUST MAKE THEMSELVES FAMILIAR WITH THEIR INDIVIDUAL ROLES

AS SET OUT WITHIN THE POLICY, CONTRIBUTE TO UNIT BUSINESS PLANS AND COMPLY

WITH THE AGENCYS BUSINESS CONTINUITY POLICY AS PART OF THEIR NORMAL

DUTIES AND RESPONSIBILITIES................................................................................................................19

BUSINESS IMPACT ASSESSMENT .............................................................................................................19

2.18. IT IS THE AGENCYS POLICY TO UNDERTAKE A BUSINESS IMPACT ANALYSIS OF ITS

ACTIVITIES FOR BUSINESS CONTINUITY PURPOSES AT SUFFICIENT INTERVALS TOENSURE THE BUSINESS CONTINUITY PLAN IS APPROPRIATE. THE BUSINESS IMPACT

ANALYSIS IS TO BE AGENCY WIDE AND SUPPLEMENTED BY THE UNIT SPECIFIC

ASSESSMENTS. THE BUSINESS IMPACT ANALYSIS IS TO BE REVIEWED A MINIMUM OF

ANNUALLY........................................................................................................................................................19

OPERATIONAL DEPENDENCE ............................................................................................................ ......19

2.19. IT IS THE PRINCIPLE OF THE AGENCY TO HAVE A RECOVERY CENTRE FOR IT

SYSTEMS AND WORK AREA SEATING FOR 70 STAFF SHOULD AN EVENT OCCUR THAT

PRECLUDES USE OF AN LDA OFFICE (E.G. PALESTRA) OR WHERE INTERNAL IT SYSTEMS

HAVE FAILED. FROM INVOCATION THE SEATING IS TO BE AVAILABLE WITHIN 1 HOUR

AND BASIC IT SYSTEMS WITHIN A MAXIMUM OF 4 DAYS............................................................... 19

2.20. ALL IT DATA IS TO BE BACKED UP DAILY AND STORED OFF SITE. THE PRIMARY

SERVER ROOM IS TO BE SUPPORTED BY UPS AND GENERATOR ELECTRICITY TO

MAINTAIN SYSTEMS IN A POWER OUTAGE. IT SYSTEMS ARE TO BE AVAILABLE VIA

REMOTE ACCESS TO STAFF IN THE EVENT OF PALESTRA HAVING ACCESS DENIED.

ACCESS TO ALL STAFF WILL BE DEPENDANT ON HOME TECHNOLOGY BEING AVAILABLE

AND INCREASING LICENSES AT INVOCATION. ...................................................................................20

2.21. KEY STAFF WITH CRITICAL FUNCTIONS ARE TO BE PROVIDED WITH REMOTE

ACCESS TO SYSTEMS AND ENSURE ALTERNATIVE MEMBERS OF STAFF HAVE THE KEY

KNOWLEDGE AND SKILLS TO PREVENT A SINGLE POINT OF FAILURE. IT IS THE POLICY

OF THE AGENCY TO TAKE REASONABLE PRECAUTIONS AGAINST FORESEEABLE ILLNESS

THAT MAY AFFECT STAFF (E.G. PANDEMIC FLU)...............................................................................20

2.22. THE BUSINESS CONTINUITY PLANNING APPROACH IS TO INCLUDE THE

REPUTATION ASPECTS DURING A BUSINESS CONTINUITY EVENT, THEREFORE THEPLANS ARE TO INCLUDE THE METHODS OF BOTH INTERNAL AND EXTERNAL

COMMUNICATION. IT IS POLICY TO LIAISE WITH APPROPRIATE GOVERNMENT

DEPARTMENTS, INCLUDING THE GLA, IN RELATION TO ANY COMMON MESSAGES. .........20

2.23. IT IS THE POLICY OF THE AGENCY TO COMMUNICATE WITH STAFF BY THE MOST

APPROPRIATE MEANS IN THE EVENT OF A BUSINESS CONTINUITY EVENT. THE BUSINESS

CONTINUITY MANAGER AND DEPUTY WILL HOLD A DIRECTORS (AND DEPUTY) CASCADE

TREE AND WILL BE RESPONSIBLE FOR COMMENCING CASCADE OF INFORMATION

ABOUT THE EVENT TO STAFF. ..................................................................................................................20

CRISIS MANAGEMENT TEAM CONTROL STRUCTURE .............................................................. ......20

2.24. BUSINESS CONTINUITY EVENTS AT THE LDA ARE CLASSIFIED AS GOLD, SILVER,

AND BRONZE DEPENDING ON THE PERCEIVED LEVELS OF EMERGENCY AND THE CRISIS

MANAGEMENT TEAM ADOPTS APPROPRIATE LEVELS OF MANAGEMENT AND CO-

ORDINATION TO DEAL WITH EVENTS IN EACH OF THESE THREE CATEGORIES. ................ 20


Page 6 of 34


7/34


SILVER CRISIS MANAGEMENT TEAM (CMT) ................................................................................. .....21

2.25. THE LDA WILL, AT ALL TIMES, HAVE A NOMINATED GROUP OF STAFF WHO WILL

ACT AS THE SILVER CRISIS MANAGEMENT TEAM (CMT). THE (CMT) IS THE PRINCIPAL

EMERGENCY TEAM THAT DEALS WITH ALL BUSINESS CONTINUITY EVENTS AT THE LDA.

...............................................................................................................................................................................21

BUSINESS CONTINUITY EVENTS ....................................................................................................... ......21

2.26. ANY EVENT THAT AFFECTS KEY/CRITICAL BUSINESS PROCESSES CAN BE TERMED

AS A BUSINESS CONTINUITY EVENT AND MAY REQUIRE THE CONVENING OF THE CMT.

...............................................................................................................................................................................21

2.27. THE FOLLOWING ARE SOME OF THE EXAMPLES OF VARIOUS BUSINESS

CONTINUITY EVENTS....................................................................................................................................21

CMT MEMBERSHIP .......................................................................................................................................22

2.28. THE FOLLOWING ARE THE ROLE DESCRIPTIONS OF VARIOUS ROLES WITHIN THE

CMT ORGANISATION.....................................................................................................................................22

BC EVENT MANAGEMENT .........................................................................................................................23

2.29. AS BUSINESS CONTINUITY EVENTS IN PRINCIPLE ARE FORESEEABLE BUT NOT IN

DETAIL IT IS THE POLICY OF THE LDA TO HAVE A FLEXIBLE RESPONSE PLAN. THE

RESPONSE PLAN IS IDENTIFIABLE AS THE LDA RUNBOOK. IN ADDITION TO THE

RUNBOOK THE LDA WILL HAVE DOCUMENTED EMERGENCY PROCEDURES........................23

2.30. THE RUNBOOK IS TO BE AVAILABLE TO ALL STAFF VIA THE INTRANET AND ISSUED

IN HARDCOPY TO THE SILVER AND GOLD TEAM FOR OUT OF HOURS REFERENCE. THE

RUNBOOK WILL CONTAIN INFORMATION RELATING TO THE RECOVERY SITE...................23

2.31. THE CMT WILL CONVENE AS SOON AS PRACTICABLE FOLLOWING IDENTIFICATION

OF A BUSINESS CONTINUITY EVENT AND WILL CONSIDER ANY OPPORTUNITIES FOR

CHANGE AND IMPROVEMENT, AS APPROPRIATE..............................................................................23

2.32. THE LDA WILL PREPARE A PANDEMIC INFLUENZA APPROACH TO SIT ALONGSIDE

THE BC RUNBOOK. FLU PANDEMIC RELATED INCIDENTS WILL CONTINUE TO BEMANAGED UNDER THE GOLD/SILVER/BRONZE CMT COMMAND STRUCTURE.......................23

IT SERVICE CONTINUITY ..........................................................................................................................23

2.33. THE LDA IMT TEAM IS RESPONSIBLE FOR CARRYING OUT ALL THE NECESSARY IT

SERVICE CONTINUITY MANAGEMENT RELATED ACTIVITIES. THE IMT TEAM BC PLANS

WILL CONTAIN ALL THE RELEVANT IT SERVICE CONTINUITY DOCUMENTATION. ......... ..23

2.34. LDA SERVER BASED DATA WILL BE FULLY BACKED UP EACH WEEKEND AND THE

TAPES STORED OFF SITE WITH DATA PROTECT UK. IN ADDITIONAL TO TAPES SOME

SERVER INFORMATION SHALL BE STORED ON EXTERNAL HARD DRIVES WITH THE

TAPES, TO AID THE RESTORE PROCESS. DAILY INCREMENTAL BACK UP WILL BE

UNDERTAKEN MONDAY - THURSDAY NIGHT AND STORED OFF SITE WITH DATA

PROTECT UK....................................................................................................................................................242.35. CRITICAL LDA STAFF AS IDENTIFIED IN THE BUSINESS IMPACT ASSESSMENT AND

TEAM BUSINESS CONTINUITY PLANS SHALL HAVE CITRIX ACCESS TO LDA SYSTEMS.

ALL LDA STANDARD SYSTEMS SHALL BE ACCESSIBLE THROUGH CITRIX OR AVAILABLE

VIA A LAPTOP DEVICE..................................................................................................................................24

2.36. THE IMT TEAM SHALL MAINTAIN PROCESSES AND PROCEDURES TO ENSURE THE

FOLLOWING: ....................................................................................................................................................24

EXERCISE .............................................................................................................................................. ........ ..24

2.37. THE BUSINESS CONTINUITY POLICY AND PLANS WILL BE REVIEWED ON A 6

MONTHLY BASIS TO ENSURE THEY ARE FIT FOR PURPOSE, ROBUST AND TO PROVIDE

ASSURANCE TO LDA INTERNAL AND EXTERNAL STAKEHOLDERS. THERE WILL BE A

VARIETY OF EXERCISES TO TEST THE VARIOUS ELEMENTS OF THE PLAN AS FOLLOWS:...............................................................................................................................................................................24


Page 7 of 34


8/34


(A) IT SYSTEM REBUILD AT DR SITE (ANNUALLY) ................................................................ ......... ...24

(B) FULL REHEARSAL OF DR PROCESS (ANNUALLY) .......................................................................24

(C) CASCADE TEST (ANNUALLY) ........................................................................................................... ...24

(D) UNIT PLAN (SAMPLE ANNUALLY) .................................................................................................. ...24

TRAINING .............................................................................................................................................. ........ ..24

2.38. ALL STAFF ARE TO BE TRAINED IN THE PRINCIPLES OF THE POLICY AND THEIR

RESPONSIBILITIES. ......................................................................................................................................24

2.39. STAFF WITH SPECIFIC RESPONSIBILITIES AND DUTIES ARE TO RECEIVE TRAINING

APPROPRIATE TO THE ROLE THEY HAVE BEEN ASSIGNED...........................................................24

2.40. ALL NEW STAFF JOINING THE AGENCY ARE TO BE INDUCTED IN THE POLICY AND

THE APPROACH OF THE AGENCY............................................................................................................ 24

LESSONS LEARNT .................................................................................................................................... .....24

2.41. A LOG OF ALL INCIDENTS IS TO BE MAINTAINED BY THE BUSINESS CONTINUITY

MANAGER WHICH SHALL INCLUDE LESSONS LEARNT, PROCEDURAL / OPERATIONAL

CHANGES AND CORRECTIVE ACTIONS. REPORTS ON SUBSTANTIAL EVENTS THATAFFECT BUSINESS AS USUAL SHALL BE REPORTED TO THE GMT AND AUDIT RISK AND

PERFORMANCE COMMITTEE AS APPROPRIATE................................................................................ 25

LEVEL 3: PROCEDURAL STEPS ...............................................................................................................26

BUSINESS IMPACT ASSESSMENT .............................................................................................................26

3.1. THE BUSINESS CONTINUITY MANAGER (HEAD OF HEALTH & SAFETY) WILL ENSURE

THAT BUSINESS IMPACT ASSESSMENT REVIEWS AND UPDATES ARE CARRIED OUT IN

THE FINAL QUARTER OF EACH FINANCIAL YEAR OR FOLLOWING ORGANISATIONAL

CHANGES. ........................................................................................................................................................26

3.2. THE BUSINESS CONTINUITY RISK REGISTER WILL BE REVIEWED MONTHLY AND

FOLLOWING THE ANNUAL REVIEW OF THE IMPACT ASSESSMENT. WHERE RISKS ARE

IDENTIFIED AS SIGNIFICANT OR HIGH RISK THEY SHALL BE INCLUDED ON THECORPORATE RISK REGISTER AND COMMUNICATED TO THE GMT AND AUDIT, RISK AND

PERFORMANCE COMMITTEE.................................................................................................................... 26

OPERATIONAL DEPENDENCE ............................................................................................................ ......26

3.3. THE HEAD OF IMT IN CONSULTATION WITH THE BUSINESS CONTINUITY MANAGER

(HEAD OF HEALTH & SAFETY) IS RESPONSIBLE FOR ENSURING A SEPARATE RECOVERY

SITE OR FACILITY IS AVAILABLE WITH ACCESS TO THE LDA SYSTEMS ONCE RESTORED.

THE ALLOCATION OF SEATING IS THE RESPONSIBILITY OF THE CRISIS MANAGEMENT

TEAM OPERATING AT THE FACILITY.....................................................................................................26

3.4. IT DATA IS TO BE BACKED UP DAILY AND STORED OFF SITE IN ACCORDANCE WITH

THE IMT POLICY .............................................................................................................................................26

3.5. KEY STAFF WITH CRITICAL FUNCTIONS ARE REQUIRED TO REQUEST CITRIX

ACCESS VIA THE INTRANET APPLICATION FORM. STAFF MUST THEN LOG ON AND

ENSURE CRITICAL FUNCTIONS CAN BE CARRIED VIA THAT SYSTEM....................................... 26

CRISIS MANAGEMENT TEAM (CMT) .................................................................................................... ..26

3.6. THE BC EVENTS AT THE LDA ARE CLASSIFIED AS GOLD, SILVER, AND BRONZE

DEPENDING ON THE PERCEIVED LEVELS OF EMERGENCY AND THE CMT ADOPTS

APPROPRIATE LEVELS OF MANAGEMENT AND CO-ORDINATION TO DEAL WITH EVENTS

IN EACH OF THESE THREE CATEGORIES. THE CMT LEADER OR BUSINESS CONTINUITY

MANAGER WILL ASSIGN THE CATEGORY DEPENDANT ON THE SEVERITY AND IMPACT

OF THE EVENT.................................................................................................................................................26

3.7. THE FOLLOWING IS THE PROCEDURE TO CONVENE THE CMT FOLLOWING A

BUSINESS CONTINUITY EVENT..................................................................................................................26

INITIATING A CMT MEETING ...................................................................................................................27


Page 8 of 34


9/34


3.8. THE FIRST MEETING AFTER CONVENING THE CMT WILL TAKE PLACE AT THE

EARLIEST CONVENIENCE (IDEALLY WITHIN AN HOUR OF AN INCIDENT). THE EXACT

LOCATION AND TIME WILL BE COMMUNICATED TO THE CMT MEMBERS (GOLD, SILVER

AND RELEVANT BRONZE TEAM MEMBERS) BY THE BC MANAGER. AT THIS MEETING THE

CMT WILL DECIDE ON THE SHORT TERM PRIORITIES FOR THE LDA........................................27

UPDATING THE RUNBOOK ..................................................................................................................... ...273.9. THE FOLLOWING IS THE PROCEDURE TO UPDATE THE RUNBOOK; .................... ........ ......27

(A) THE RUNBOOK SHALL BE UPDATED BY THE BUSINESS CONTINUITY MANAGER

ANNUALLY OR FOLLOWING A SUBSTANTIAL CHANGE...................................................................27

(B) THE RUNBOOK SHALL BE DISPLAYED ON THE INTRANET AND HARD COPIES SHALL

BE DISTRIBUTED BY THE BUSINESS CONTINUITY MANAGER TO THE GMT AND

NOMINATED CMT MEMBERS..................................................................................................................... 27

UPDATING THE EVENTS LOG AND RISK REGISTER .........................................................................27

3.10. THE FOLLOWING IS THE PROCEDURE TO UPDATE THE RISK REGISTER ......................27

(C) THE BUSINESS CONTINUITY MANAGER SHALL MAINTAIN AN EVENTS LOG THAT

RECORDS THE BUSINESS CONTINUITY EVENTS IN THE AGENCY. SIGNIFICANT EVENTSWHICH WARRANT ESCALATION SHALL BE INCLUDED WITHIN THE MONTHLY H&S

PAPER TO THE GMT.......................................................................................................................................27

(D) THE RISK REGISTER SHALL BE UPDATED BY THE BUSINESS CONTINUITY MANAGER

MONTHLY. WHERE RISKS WARRANT ESCALATION THIS SHALL BE INCLUDED ON THE

CORPORATE RISK REGISTER BY THE HEAD OF AUDIT AND ASSURANCE.................................28

(E) THE RISK REGISTER AND EVENTS LOG SHALL BE STORED IN ELECTRONIC FORMAT

WITHIN ATHENA DOCS. ...............................................................................................................................28

UNIT BUSINESS CONTINUITY PLANS .................................................................................................. ...28

3.11. RECOVERY PLAN MUST BE PRODUCED BY EACH BUSINESS UNIT AFTER

PERFORMING A UNIT BUSINESS IMPACT ANALYSIS BASED ON THE STANDARD. THE

PRIMARY AIM OF THE BCP SHOULD BE TO DESCRIBE RECOVERY STEPS TO GET BACK TOWORK AS SOON AS POSSIBLE. ..................................................................................................................28

3.12. A LIBRARY OF THESE DOCUMENTS, ALONG WITH THIS POLICY DOCUMENT AND

THE CMT RUNBOOK, WILL FORM THE LDA BUSINESS CONTINUITY PLAN (BCP)..................28

3.13. INDIVIDUAL TEAM LEVEL BCPS SHOULD BE TESTED ANNUALLY TO VALIDATE

THEIR ACCURACY AND INTEGRITY. THE BC MANAGER WILL COMMUNICATE ALL THE

RELEVANT TEST SCHEDULES....................................................................................................................28

3.14. EACH TEAM BC PLAN WILL INCLUDE A CASCADE COMMUNICATIONS PROCESS

THAT ALLOWS THE MANAGERS TO CONTACT THEIR STAFF DURING EMERGENCIES.......28

3.15. THE BC PLAN WILL ALSO IDENTIFY WHO CAN WORK FROM HOME AND WILL BE

USED TO COMMUNICATE TO THOSE STAFF USING EMAILS ALONG WITH OTHER MODES

OF COMMUNICATION...................................................................................................................................28

COMMUNICATIONS WITH THE STAFF ................................................................................................ ..28

3.16. THE FOLLOWING ARE THE POLICIES RELATING TO COMMUNICATIONS AT THE LDA

...............................................................................................................................................................................28

(A) ONCE THE BC MANAGER HAS CONFIRMED THE BC EVENT, IN CASE OF EMERGENCY

EVACUATIONS AND INVOCATIONS OF PRIMARY RECOVERY SITE, THE BC MANAGER

WILL INITIATE A CASCADE COMMUNICATION LIAISING WITH THE COMMUNICATIONS

MANAGER. THE CASCADE COMMUNICATIONS COULD REACH THE STAFF VIA MOBILE

TEXTS, EMAILS, OR INFORMATION HOTLINES...................................................................................28

(B) IN CASE OF GOLD EVENTS, THE CMT LEADER WILL BE THE POINT OF CONTACT

WITH THE LDA GMT & BOARD. THE CMT LEADER WILL COMMUNICATE THE COURSE OF

ACTIONS AND DECISIONS TO THE BC MANAGER AND OTHER SILVER TEAM MEMBERS.. .28


Page 9 of 34


10/34


(C) THE CASCADE INFORMATION WILL ALSO ADVISE THE GROUP DIRECTORS, LINE

MANAGERS OR TEAM BC CONTACTS TO INVOKE THE TEAM BC PLANS.................................. 28

(D) IN ADDITION TO THE CASCADE INFORMATION COMING THROUGH TO MOBILES AND

EMAILS, A STAFF EMERGENCY LINE WILL BE ACTIVATED BY THE CMT AND PRE

RECORDED MESSAGES WILL BE MADE AVAILABLE ADVISING STAFF ABOUT WHAT HAS

HAPPENED AND THE ACTION TO TAKE................................................................................................. 29(E) THE BC PLAN WHICH IDENTIFIES WHO CAN WORK FROM HOME WILL BE USED TO

COMMUNICATE TO THOSE STAFF USING EMAILS ALONG WITH OTHER MODES OF

COMMUNICATION..........................................................................................................................................29

(F) EACH TEAM BC PLAN WILL INCLUDE A CASCADE COMMUNICATIONS PROCESS THAT

ALLOWS THE MANAGERS TO CONTACT THEIR STAFF. SEATS AT THE PRIMARY

RECOVERY SITE WILL BE ALLOCATED BY THE CMT AND THE GROUP DIRECTOR WILL

IDENTIFY WHICH STAFF WILL INITIALLY MOVE TO THE PRIMARY RECOVERY SITE. THIS

COULD VARY DEPENDING ON THE SITUATION AND BUSINESS REQUIREMENTS. THE BC

MANAGERS AND GROUP DIRECTORS OF EACH TEAM WILL MAKE THE DECISIONS IN THIS

REGARD.............................................................................................................................................................29

EVACUATION AND PRIMARY RECOVERY SITE ........................................................................ .........29

3.17. IN THE EVENT OF A BC EVENT OR CRISIS THAT RENDERS LDA BUILDINGS NOT

OPERATIONAL OR NOT AVAILABLE FOR OCCUPATION, THE PRIMARY RECOVERY SITE

WILL BE INVOKED (CURRENTLY AT UXBRIDGE). THE BC MANAGER OR FACILITIES

MANAGER IN CHARGE WILL CONTACT THE THIRD PARTY RECOVERY SITE PROVIDER

TO INVOKE AND IMMEDIATELY MOBILISE THE RECOVERY SITE.............................................. 29

THERE ARE CURRENTLY LIMITED WORK AREA RECOVERY (WAR) SEATS AVAILABLE

FOR ALLOCATION AT UXBRIDGE ALONG WITH ADDITIONAL SEATS FOR CMT USE. .........29

DURING CORE WORKING HOURS ...........................................................................................................29

1. IF THE BC EVENT OCCURS DURING WORKING HOURS AND REQUIRED MASS

EVACUATION, THE BUILDING EVACUATION PROCEDURE WILL BE FOLLOWED. ONCE

EVACUATED, FURTHER INFORMATION AND THE FUTURE COMMUNICATIONS PROCESS

WILL BE ANNOUNCED AT THE MUSTER POINT. .................................................................................29

2. THE CMT WILL IMMEDIATELY CONVENE FOLLOWING AN EMERGENCY EVACUATION.

THE CMT WILL INITIATE THE GENERAL CASCADE COMMUNICATIONS PROCESS. IF

POSSIBLE, THE TEAM BCP WILL BE INVOKED AND TEAMS WILL ALSO USE THEIR OWN

CASCADE COMMUNICATIONS PROCESS TO BRIEF THEIR TEAM MEMBERS........................... 29

OUTSIDE CORE WORKING HOURS ...................................................................................................... ...29

3. IF THE BC EVENT OCCURS OUTSIDE OF THE CORE WORKING HOURS AND DOESNT

REQUIRE EVACUATION, THE CMT WILL CONVENE AND INVOKE THE GENERAL CASCADE

COMMUNICATIONS PROCESS TO INFORM STAFF AS TO WHAT ACTIONS THEY SHOULD

TAKE ON THE FOLLOWING MORNING. .................................................................................................30

4. TEXT MESSAGES AND EMAILS WILL BE SENT TO ALL EMPLOYEES IN CASE OFEMERGENCIES AND WILL ADVISE THE STAFF ON THE COURSE OF ACTION. ........................30

5. THE LINE MANAGERS AND GROUP DIRECTORS WILL MAKE THE DECISION ON

WHETHER TO ADVISE THE TEAM MEMBERS TO WORK FROM HOME OR GO TO THE

RECOVERY SITE. THIS WILL DEPEND ON THE DESK QUOTAS AVAILABLE FOR EACH

DIRECTORATE AND THE EXISTING REMOTE WORKING PROCEDURES AT THE TEAM

LEVEL. ...............................................................................................................................................................30

6. SHOULD THE STAFF RETURN HOME AFTER AN EVACUATION OR A BC EVENT, THEY

SHOULD CALL THE INFORMATION HOTLINE MENTIONED IN THE RUNBOOK, CHECK

THEIR EMAILS REMOTELY (IF IT SYSTEMS ARE STILL OPERATIONAL) OR MOBILE

MESSAGES FOR FURTHER INFORMATION............................................................................................30

BC EVENT CLOSURE ............................................................................................................................... .....30


Page 10 of 34


11/34


3.18. THE FOLLOWING ARE THE KEY POLICIES REGARDING THE CLOSURE OF A BC

EVENT: ................................................................................................................................................................30

(A) IT IS THE ULTIMATE RESPONSIBILITY OF THE CMT LEADER (FOR GOLD EVENTS) OR

THE BC MANAGER IN CHARGE (IN CASE OF SILVER EVENTS) TO ENSURE THE BC EVENT

IS RESOLVED....................................................................................................................................................30

(B) THE CLOSURE SHOULD BE COMMUNICATED WITH THE STAFF AND THE GMTAPPROPRIATELY............................................................................................................................................30

(C) THE CMT SHOULD NOW INITIATE ANY APPROPRIATE MANAGEMENT REPORTS AND

POST INCIDENT INVESTIGATION..............................................................................................................30

(D) THE BUSINESS CONTINUITY PLAN SHOULD BE REVIEWED IN LIGHT OF ANY

CHANGES TO WORKING ARRANGEMENTS ...........................................................................................30

(E) A BC EVENT CLOSURE REPORT SHOULD BE PRODUCED AFTER THE RESOLUTION OF

THE BC EVENT, AS SOON IS IT BECOMES BUSINESS AS USUAL. CLOSE OUT REPORTS AND

LESSONS LEARNT SHALL BE REPORTED TO THE GMT, AUDIT, RISK & PERFORMANCE

COMMITTEE AND BOARD. ..........................................................................................................................30

RESOURCE REQUIREMENTS .....................................................................................................................30

3.19. THE CMT TEAM MEMBERS SHOULD BE MADE AWARE OF THE ROLES AND

RESPONSIBILITIES AND THEIR TIME SHOULD BE ALLOCATED FOR ALL BCM RELATED

ACTIVITIES INCLUDING TESTING EXERCISES. THE BC MANAGER SHOULD ALSO ENSURE

THAT EVERY TEAM BC CONTACT (THIS COULD BE THE LINE MANAGERS OR GROUP

DIRECTORS) ALLOCATE THE APPROPRIATE TIME AND RESOURCES TO CARRY OUT ALL

BCM RELATED ACTIVITIES........................................................................................................................ 30

TRAINING REQUIREMENTS ................................................................................................................ ......31

3.20. THIS POLICY SHOULD BE COMMUNICATED TO ALL GROUP DIRECTORS, LINE

MANAGERS AND STAFF MAKING THEM AWARE OF THE ROLES AND RESPONSIBILITIES.

IDEALLY A SERIES OF BCM WORKSHOPS SHOULD BE CONDUCTED ACROSS THE

ORGANISATION MAKING EVERYONE AWARE OF THE IMPORTANCE AND RELEVANCE OF

THE BCM PROCESSES AND PROCEDURES............................................................................................. 31

TEAMS/PERSONS CONSULTED ON THIS POLICY ...............................................................................31

3.21. THE FOLLOWING HAVE BEEN CONSULTED DURING THE DEVELOPMENT OF THIS

FRAMEWORK: ..................................................................................................................................................31

(A) GROUP DIRECTOR COMMUNICATIONS AND MARKETING .....................................................31

(B) HEAD OF RISK & AUDIT; ..................................................................................................................... ..31

(C) HEAD OF HEALTH AND SAFETY; ..................................................................................................... ..31

(D) HEAD OF IMT SERVICE DELIVERY; ..................................................................................................31

(E) THE EQUALITY TEAM; ....................................................................................................................... ...31

(F) THE LEGAL TEAM ............................................................................................................................ .......31

(G) CHIEF INFORMATION OFFICER........................................................................................................ 31

EQUALITY IMPACT ASSESSMENT ..........................................................................................................32

SECTION 1 - SCREENING .............................................................................................................................32

QUESTION ........................................................................................................................................................32

RESPONSE .......................................................................................................................................................32

SQ1. PLEASE LIST HERE HOW THE STATED AIMS AND OBJECTIVES OF YOUR POLICY

RELATE TO EQUALITIES GROUPS AND WHO THE MAIN BENEFICIARIES ARE. ..................... 32

THE POLICY IN ITSELF DOES NOT RELATE TO ANY PARTICULAR EQUALITY GROUPS AS

IT APPLIES TO ALL STAFF. HOWEVER, BCPS SUBMITTED FROM SPECIFIC TEAMS NEEDTO CONSIDER ANY ACCESS REQUIREMENTS FOR THEIR MEMBERS OF STAFF. ...................32


Page 11 of 34


12/34


SQ2. PLEASE USE THIS SECTION TO OUTLINE WHAT EVIDENCE IS AVAILABLE ABOUT

EQUALITIES GROUPS IN RELATION TO THIS AREA OF ACTIVITY. THIS SHOULD INCLUDE

DATA AND ANY RESEARCH ON POPULATION, EDUCATIONAL ATTAINMENT, LDA

WORKFORCE, INCOME LEVELS, ETC. ....................................................................................................32

DESCRIBE WHAT THE EVIDENCE TELLS YOU IN TERMS OF THE LIKELY NEGATIVE

IMPACTS ARE IN REGARD TO RACE, GENDER, DISABILITY, FAITH, AGE, SEXUALORIENTATION, REFUGEES OR ASYLUM STATUS AND ON COMMUNITY COHESION AND

WHICH GROUPS MIGHT BE MOST AFFECTED. ALSO HIGHLIGHT ANY GAPS IN THE

EVIDENCE WHICH MAY REQUIRE FURTHER INFORMATION GATHERING I.E.

CONSULTATION. IF THIS IS REQUIRED YOU WILL NEED TO CARRY OUT A FULL

EQUALITIES IMPACT ASSESSMENT.........................................................................................................32

POSITIVE IMPACTS - THE DISASTER RECOVERY CENTRE (DRC) IS A RECENT

CONSTRUCTION AND PRESUMED TO BE DDA COMPLIANT. THE MAJORITY OF LDA

EMPLOYEES SHOULD BE ABLE TO WORK FROM HOME AND HAVE ACCESS TO CITRIX .. ..32

THE DRC IS PHYSICALLY ACCESSIBLE TO ALL STAFF AND VISITORS BUT DUE TO AN

EXTREMELY LIMITED NUMBER OF DESK SPACE, THE VAST MAJORITY OF EMPLOYEES

WILL WORK FROM HOME VIA CITRIX WHICH IS ACCESSIBLE TO ALL WHO REQUIRE IT.

SHOULD A MEMBER OF STAFF WITH A DISABILITY BE LOCATED THERE, A PEEP(PERSONAL EMERGENCY EVACUATION PLAN) WILL BE CARRIED OUT. ............................. ...32

CASCADE SOFTWARE ........................................................................................................................ .........32

ALL INFORMATION DISSEMINATED BY THE CASCADE SOFTWARE SYSTEM WILL BE

AVAILABLE ON MULTIPLE PLATFORMS I.E. SMS, VOICE, LANDLINE AND EMAIL.................32

NEGATIVE IMPACTS ............................................................................................................................... ..32

ANY REASONABLE ADJUSTMENTS THAT ARE EXISTING IN PALESTRA, MAY NOT BE

REASONABLY DUPLICATED AT THE DRC .............................................................................................32

THE TEAM BCPS DO NOT COVER ACCESS ISSUES REGARDING INDIVIDUALS. ...................32

CASCADE SOFTWARE ........................................................................................................................ .........32

THERE MAY BE INSTANCES WHERE THE MULTI PLATFORM METHODOLOGY IS NOT

SUFFICIENT. WHERE THIS IS THE CASE, HR TO INFORM THE HEAD OF H&S SO AN

INDIVIDUAL ACTION PLAN CAN BE DEVELOPED. .............................................................................32

SQ3. CONFIRM WITH THE EQUALITY TEAM WHETHER A FULL EIA IS REQUIRED FOR

THIS AREA OF ACTIVITY AND RECORD THE OUTCOME OF THIS DISCUSSION HERE...........33

NO .......................................................................................................................................................................33

SECTION 2 FULL ASSESSMENT .............................................................................................................33

QUESTION ........................................................................................................................................................33

RESPONSE .......................................................................................................................................................33


Page 12 of 34


13/34


Level 1: Statement of Policy Principles

Purpose

1.1.The Business Continuity Management policy is aimed at ensuring that the LondonDevelopment Agency (LDA) can maintain or return to business as usual after a

disruption, major incident or a crisis.

1.2.Business continuity policies and planning are critical to minimise the organisational andreputational risks to the LDA during a business interruption and to ensure that the

business continues to operate during times of crisis.

1.3.The policy specifies the planning process and requirements along with the proceduresthat must be followed during the time of a disruption, incident or emergency. It provides

guidance about the organisational structure and activities which will be carried out in

planning for, managing during, and recovering after such events.

1.4. The main focus of this policy document is to ensure that, following a Business

Continuity Event (BC Event), the key and critical operations of the LDA continue until

the situation is resolved and there is return to Business as Usual (BAU).

Objectives

1.5. The objectives of this policy are to:

(a) Provide a business continuity planning framework and approach that will ensure

resilience is considered as part of LDA operations.

(b) Provide guidance and procedure to all LDA staff that must be followed in planning

for and during the time of disruption, major incident, emergency or crisis situation.

(c) Minimise the organisational and reputational risks to the London Development

Agency during business interruptions and to ensure that the Agency continues to

operate at an acceptable level during a time of crisis.(d) To build resilience into the LDAs activities and systems so that they are available

at an appropriate level in as short a time as possible following a business

disruption.

Key Principles

1.6. The Agency will:

(a) Address the risks and issues which may jeopardise operations, key business

processes, its financial situation and legal standing.


Page 13 of 34


14/34


(b) Minimise the effects of a business disruption event and maintain operations at an

appropriate level.

(c) Resume a business as usual state as soon as possible

(d) Promote business continuity planning and preparedness

(e) Plan for foreseeable events

(f)Communicate our approach to staff

(g) Rehearse and test our approach against foreseeable events.

Duties

1.7. Responsibilities for business continuity are as follows:

(a) The Board and Chief Executive: Endorse this policy and commitment tobusiness continuity planning and implementation.

(b) Group Management Team: Provide oversight, direction and commitment tothe business continuity approach.

(c) Group Director for Communications and Marketing - Ensure a BusinessContinuity Policy is in place and lead the Crisis Management Team.

(d) Group Directors: ensure directorate planning and operational compliancewith the policy.

(e) Chief Information Officer: Ensure that an up to date and effective policy isapproved, in place and complied with within the Agency

(f) Directors: Prepare business continuity plans for their area and ensure staffare aware of arrangements.

(g) Business Continuity Manager: Prepare the Agency Business Continuity

Policy and approach and oversee planning and response arrangements

(h) Human Resources: provide induction training and ongoing support to staffto ensure understanding.

(i) All staff: Understanding of, contribute to and comply with the Agencys Business

Continuity Policy as part of their normal duties and responsibilities


Page 14 of 34


15/34


Level 2: Guidance on Policy

Definitions and Abbreviations

2.1. The following table lists all the definitions for the terms and abbreviations used in this

document and all other Business Continuity related documents.

Term/Abbreviation Definition

BAU Business As Usual

BC Business Continuity

BCM Business Continuity Management.

BIA Business Impact Assessment.

BSI British Standards Institute.

Business Continuity A holistic management process that identifies potentialimpacts that threaten an organisation and provides a

framework for building resilience with the capability for aneffective response that safeguards the interests of its keystakeholders, reputation, brand and value creatingactivities [BSi 25999-1:2006]

Business ContinuityEvent

Any event that interrupts the normal continuation of oneor more of the LDA business processes or its key BAUactivities.

CMT Crisis Management Team - The emergency organisationthat deals with all business disruptions, Major Incidents

and emergencies/crisis in the organisation.

Crisis When a major incident or an emergency renders the LDAoperations (including buildings) not BAU for long periods(many days or weeks together). Example, fire orearthquake rendering the primary building nonoperational for several weeks. Another example is aPandemic Flu outbreak affecting significant number ofemployees of LDA.

Disruption Any event that briefly interrupts or has the potential to

interrupt (few hours) normal operations at the LDA. E.g. aprotest outside the building or minor power outage


Page 15 of 34


16/34


Emergency Any BC Event that requires the invoking of the BC plansand usually requires evacuation. Example, fire, naturaldisasters e.g. earthquakes, terrorist attacks etc.

LDA London Development Agency

Minor Incident /

Major

Incident/Critical

Incident

Any incident that affects the functioning of the IT systemsand buildings and renders them not operational for longerperiods of time.

Business Continuity Management Process

2.2.Business Continuity is defined as a holistic management process thatidentifies potential impacts that threaten an organisation and provides a

framework for building resilience with the capability for an effective response

that safeguards the interests of its key stakeholders, reputation, brand and value

creating activities [BSi 25999-1:2006].

2.3. Business Continuity Management at the LDA is about the strategic and tactical

approach of the Agency to plan for and detail its response to incidents and business

disruptions in order to continue the operations at acceptable quality and performancelevels.

2.4.The LDA as a Regional Development Agency and as a functional body of the Mayor ofLondon has responsibilities to prepare for and provide resilience against all forms of

business disruption. The LDA is NOT defined as a Category one or two responder

under the Civil Contingencies Act 2004. However, it could be required to support the

Mayor and Greater London Authority during a Pan London event.

2.5. The Business Continuity Management policy at the LDA aims to provide a robustbusiness continuity and business recovery approach that meets the needs of the

Agency.

2.6.The scope of the BCM process at the LDA addresses loss of services (IT, power,communications etc); loss of buildings; loss of direct supply chain; and loss of staff.

Business Continuity Strategy


Page 16 of 34


17/34


2.7.The LDA Business Continuity Management (BCM) Strategy is to plan for andprovide resilience against events that could disrupt business as usual activities.

The resilience and response approach is to be proportionate to the risk and to a

level agreed by the senior management team.

2.8.The strategy is based on a number of planning assumptions taken from theNational Risk Register, London Regional Resilience Plan by Government Office

for London, internal and external sources and the following objectives:

(a)To ensure the health, safety and welfare of LDA employees during a business

continuity event.

(b)To provide an appropriate level of organisational resilience sufficient to continue

critical activities as identified in the Business Impact Assessment and Team

Business Continuity Plans.

(c)To develop a framework that provides the necessary assurance to the Board,

Mayor, and external stakeholders through appropriate exercising, rehearsing

and review.

(d)To maintain LDAs communication and support to the Mayors office, GLA and

other Key Stakeholder relationships, along with our Corporate Social

Responsibility.

(e)Maintain the LDAs reputation during a continuity event.

(f)To maintain financial commitments to staff, projects and the supply chain.

(g)Prevent breaches of statutory and regulatory requirements that could lead to

litigation and ensure appropriate governance is maintained.

(h)To support the LDA risk management approach.

(i)To maximise opportunity for improvement following a business continuity event

Roles & Responsibilities

2.9.The Board is responsible for endorsing the Level 1 Policy and commitment tobusiness continuity planning and implementation.


Page 17 of 34


18/34


2.10. The Audit, Risk & Performance Committee on behalf of the Board are responsible forscrutinising the policy and monitoring the corporate risk approach. In particular, it

receives the Policy for comment and regular updates of the corporate risk register.

2.11. The Group Management Team acts as the key oversight body and ensures thatbusiness continuity is sufficiently developed in order to provide the level of resilience

required by the organisation. The GMT ensures the business continuity management

framework is fit-for purpose, appropriate and that it is adequately resourced and

funded. The GMT provides the strategic direction on the appropriateness of critical

activities and sets the business continuity culture within the Agency.

2.12. The Group Director for Communications and Marketing has overall responsibility for

ensuring the Agency has in place effective arrangements to respond to a businessdisruption that could affect the provision of services. They are is responsible for

ensuring appropriate structures are in place to respond to an event and shall act as the

lead during such an event.

2.13. The Chief Information Officer will ensure that an up to date and effective policy isprepared for the Agency and is approved by the GMT and Board. The CIO will

ensure the approved policy is in place and complied with by staff within the

Agency.

2.14. Directors and Heads of Service are responsible for ensuring that:

(a) All areas within their control have been impact assessed and unit business

continuity plans are in place,

(b) Business continuity plans are cascaded to appropriate staff within their area,

(c) Cascade communication trees are in place and up to date,

(d) Unit business continuity plans are reviewed as appropriate and at least annually.

(e) Key staff with critical functions have Citrix access and the ability to workremotely.

2.15. The Head of Health & Safety acts as the Business Continuity Manager and isresponsible for ensuring that:

(a) The policy is prepared and approved;

(b) Staff are aware of the plan and individuals are informed of their specific role.


Page 18 of 34


19/34


(c) Toolkits and templates are distributed to all Directors or their nominated BC

coordinator;

(d) Business impact assessments are undertaken and reviewed at appropriate

intervals or at least annually.

(e) An exercise plan is in place to test the effectiveness of the plan.

(f) All significant business continuity risks and events are recorded.

(g) A list of Crisis Management Team members are maintained with out of hours

contact details.

2.16. Human Resources will ensure that new staff are provided with inductiontraining which includes business continuity arrangements and ongoing support

to staff to ensure their understanding.

2.17. All Staff must make themselves familiar with their individual roles as set out within thepolicy, contribute to unit business plans and comply with the Agencys Business

Continuity Policy as part of their normal duties and responsibilities.

Business Impact Assessment

2.18. It is the Agencys policy to undertake a Business Impact Analysis of its activities forbusiness continuity purposes at sufficient intervals to ensure the business continuity

plan is appropriate. The business impact analysis is to be Agency wide and

supplemented by the unit specific assessments. The business impact analysis is to be

reviewed a minimum of annually.

Operational Dependence

2.19. It is the principle of the Agency to have a recovery centre for IT systems and workarea seating for 70 staff should an event occur that precludes use of an LDA office (e.g.

Palestra) or where internal IT systems have failed. From invocation the seating is to be

available within 1 hour and basic IT systems within a maximum of 4 days.


Page 19 of 34


20/34


2.20. All IT data is to be backed up daily and stored off site. The primary server room is tobe supported by UPS and generator electricity to maintain systems in a power outage.

IT systems are to be available via remote access to staff in the event of Palestra having

access denied. Access to all staff will be dependant on home technology being

available and increasing licenses at invocation.

2.21. Key staff with critical functions are to be provided with remote access to systems andensure alternative members of staff have the key knowledge and skills to prevent a

single point of failure. It is the policy of the agency to take reasonable precautions

against foreseeable illness that may affect staff (e.g. Pandemic Flu).

2.22. The business continuity planning approach is to include the reputation aspects during

a business continuity event, therefore the plans are to include the methods of bothinternal and external communication. It is policy to liaise with appropriate government

departments, including the GLA, in relation to any common messages.

2.23. It is the policy of the Agency to communicate with staff by the most appropriatemeans in the event of a business continuity event. The Business Continuity Manager

and deputy will hold a Directors (and deputy) cascade tree and will be responsible for

commencing cascade of information about the event to staff.

Crisis Management Team Control Structure

2.24. Business Continuity events at the LDA are classified as Gold, Silver, andBronze depending on the perceived levels of emergency and the Crisis

Management Team adopts appropriate levels of management and co-ordination

to deal with events in each of these three categories.

CMT Category Management Hierarchy Who

Gold Strategic Management:Planning ahead andsetting the BCM strategyfor LDA

GMT plus BusinessContinuity Manager andselected SilverMembers. Silver CMTLeader interfaces withthe LDA Gold to providestrategic input,

Silver Tactical Management:

Implementing the strategyand co-ordinating the

Crisis Management

Team (predefinedDirectors and/or Heads


Page 20 of 34


21/34


BCM operations of Service.

Bronze Operational Management:Delivering on the ground

Specific individuals withspecific key skills and

expertise.

Silver Crisis Management Team (CMT)

2.25. The LDA will, at all times, have a nominated group of staff who will act as theSilver Crisis Management Team (CMT). The (CMT) is the principal emergency

team that deals with all Business Continuity Events at the LDA.

(a) The CMT is headed by the CMT Leader who will take ownership of a

Gold level Business Continuity event and also provide strategic inputsto the CMT during a BC Event and during normal business operations.

(b) In all Business Continuity invocation scenarios, the CMT would beresponsible for ensuring the continuity of LDA business operations

(c) The Business Continuity Manager in charge will have the responsibilityof carrying out the strategies outlined by the CMT leader but also takeownership during a Silver category BC event.

(d) The BC Manager also has the responsibility of forming the Bronzeteams and co-ordinating their activities and recovery actions.

(e) The ownership of events and activities can be delegated to one of thesilver team members at the discretion of the BC manager.

(f) The CMT will be responsible for prioritising all the activities for theorganisation and will make necessary resource allocations to carry outthe activities.

(g) Some of the immediate priorities of the CMT following an emergencywill be to invoke the Primary Recovery Site and cascade/maintaincommunications to staff and Board members.

Business Continuity Events

2.26. Any event that affects key/critical business processes can be termed as aBusiness Continuity Event and may require the convening of the CMT.

2.27. The following are some of the examples of various Business Continuityevents.


Page 21 of 34


22/34


Incident/EventCategory

Utilities IT/TechnologyBuilding Loss(Flood, Fire,Collapse etc

Gold Long termoutage i.e.for morethan 48hours

Loss of all criticalsystems for morethan 2 days

Loss of criticalamount of officespace, complete lossof access tobuildings, massevacuationnecessary

Silver Entire

building for 1or moredays.

Loss of multiple

critical systems orall systems for lessthan a day.

Large number of

facilities affected forless than 3 days

Bronze Local loss orloss lessthan 1 day

Virus or loss of asingle criticalserver/system

Localised, shortduration. Fewer than2 facilities. E.g. 5th

floor toilet, 7th floorkitchette.

CMT Membership

2.28. The following are the role descriptions of various roles within the CMTorganisation.

Role Description CMTHierarchy

CMT Leader Responsible for the overall BCMstrategy and directs the CMT

Gold

GMT Provide decision making forum and setstrategic approach

Gold

BusinessContinuityManager inCharge

Responsible for managing the BCpolicy, the CMT and silver category BCevents.

Gold/Silver

Health andSafety Managerin Charge

Responsible for managing all healthand safety related incidents at the LDA.

Gold/Silver

IMT Lead The Head of IMT manages all IT related

activities and bring back all the ITsystems.

Silver


Page 22 of 34


23/34


FacilitiesManager inCharge

Responsible for managing allbuildings/facilities related incidents andliaising with the external buildingmanagement during evacuations.

Silver/Bronze

Corporate

CommunicationsRepresentative

Responsible for carrying out the

communications process on behalf ofthe CMT.

Gold/Silver

CMTAdministrator

Provide assistance in running theactivities of the CMT to resolve the BCincidents.

Silver

Legal Liaison Responsible for providing all legalrelated guidance during a BC event.

Silver

HRRepresentative

Responsible for providing HR relatedadvise and managing HR relatedelements during a BC event.

Silver

BC Event Management

2.29. As business continuity events in principle are foreseeable but not in detail it is thepolicy of the LDA to have a flexible response plan. The response plan is identifiable as

the LDA Runbook. In addition to the Runbook the LDA will have documented

emergency procedures.

2.30. The Runbook is to be available to all staff via the intranet and issued in hardcopy tothe Silver and Gold Team for out of hours reference. The Runbook will contain

information relating to the recovery site.

2.31. The CMT will convene as soon as practicable following identification of a businesscontinuity event and will consider any opportunities for change and improvement, as

appropriate.

2.32. The LDA will prepare a pandemic influenza approach to sit alongside the BCRunbook. Flu pandemic related incidents will continue to be managed under the

Gold/Silver/Bronze CMT command structure.

IT Service Continuity

2.33. The LDA IMT team is responsible for carrying out all the necessary IT servicecontinuity management related activities. The IMT team BC plans will contain all the

relevant IT service continuity documentation.


Page 23 of 34


24/34


2.34. LDA server based data will be fully backed up each weekend and the tapes stored offsite with Data Protect UK. In additional to tapes some server information shall be

stored on external hard drives with the tapes, to aid the restore process. Daily

incremental back up will be undertaken Monday - Thursday night and stored off site

with Data Protect UK.

2.35. Critical LDA staff as identified in the Business Impact Assessment and TeamBusiness Continuity plans shall have Citrix access to LDA systems. All LDA standard

systems shall be accessible through Citrix or available via a laptop device.

2.36. The IMT team shall maintain processes and procedures to ensure the following:

Data is backed up and able to be restored

Virus and firewall protection is maintained

Rebuild dependences are documented and tested annually.

Exercise

2.37. The Business Continuity Policy and plans will be reviewed on a 6 monthly basis toensure they are fit for purpose, robust and to provide assurance to LDA internal and

external stakeholders. There will be a variety of exercises to test the various elements

of the plan as follows:

(a) IT system rebuild at DR site (Annually)

(b) Full rehearsal of DR process (Annually)

(c) Cascade test (Annually)

(d) Unit plan (Sample annually)

Training

2.38. All staff are to be trained in the principles of the policy and their responsibilities.

2.39. Staff with specific responsibilities and duties are to receive training appropriate to the

role they have been assigned.

2.40. All new staff joining the Agency are to be inducted in the policy and the approach ofthe Agency.

Lessons Learnt


Page 24 of 34


25/34


2.41. A log of all incidents is to be maintained by the Business Continuity Manager whichshall include lessons learnt, procedural / operational changes and corrective actions.

Reports on substantial events that affect business as usual shall be reported to the

GMT and Audit Risk and Performance Committee as appropriate.


Page 25 of 34


26/34


Level 3: Procedural Steps

Business Impact Assessment

3.1. The Business Continuity Manager (Head of Health & Safety) will ensure thatBusiness Impact assessment reviews and updates are carried out in the final quarter

of each financial year or following organisational changes.

3.2. The Business Continuity Risk Register will be reviewed monthly and following theannual review of the impact assessment. Where risks are identified as significant or

high risk they shall be included on the corporate risk register and communicated to

the GMT and Audit, Risk and Performance Committee.

Operational Dependence

3.3.The Head of IMT in consultation with the Business Continuity Manager (Head of Health& Safety) is responsible for ensuring a separate recovery site or facility is available with

access to the LDA systems once restored. The allocation of seating is the

responsibility of the Crisis Management Team operating at the facility.

3.4. IT data is to be backed up daily and stored off site in accordance with the IMT policy

3.5.Key staff with critical functions are required to request Citrix access via the Intranetapplication form. Staff must then log on and ensure critical functions can be carried via

that system.

Crisis Management Team (CMT)

3.6.The BC events at the LDA are classified as Gold, Silver, and Bronze dependingon the perceived levels of emergency and the CMT adopts appropriate levels of

management and co-ordination to deal with events in each of these three

categories. The CMT leader or Business Continuity Manager will assign the

category dependant on the severity and impact of the event.

3.7. The following is the procedure to convene the CMT following a BusinessContinuity event.

(a) The CMT Leader, BC Manager or a Group Director have the authority to

convene the Crisis Management Team after establishing/confirming that there

is a Business Continuity event that requires crisis management.


Page 26 of 34


27/34


(b) The CMT will be contacted via email or mobile by one of the CMT members

depending on how they fit into the various cascading trees.

(c) The BC Manager will decide appropriate course of action and CMT meeting

arrangements.

(d) The BC Manager or CMT leader will notify relevant GMT members by the most

appropriate and fastest method.

(e) CMT meetings will be chaired by the CMT Leader and facilitated by the BC

Manager with administrative support.

(f) Bronze CMT members should attend CMT meetings only when requested to

provide specific input.

(g) The Bronze team will ensure that they provide periodic reports to the Silver

team as required

Initiating a CMT Meeting

3.8.The first meeting after convening the CMT will take place at the earliestconvenience (Ideally within an hour of an incident). The exact location and time

will be communicated to the CMT members (Gold, Silver and relevant Bronze

team members) by the BC Manager. At this meeting the CMT will decide on the

short term priorities for the LDA.

Updating the RunBook

3.9. The following is the procedure to update the Runbook;

(a) The Runbook shall be updated by the Business Continuity Manager annually or

following a substantial change.

(b) The Runbook shall be displayed on the Intranet and hard copies shall be

distributed by the Business Continuity Manager to the GMT and nominated CMT

members.

Updating the Events Log and Risk Register

3.10. The following is the procedure to update the Risk Register

(c) The Business Continuity Manager shall maintain an events log that records the

business continuity events in the Agency. Significant events which warrant

escalation shall be included within the monthly H&S paper to the GMT.


Page 27 of 34


28/34


(d) The Risk Register shall be updated by the Business Continuity Manager monthly.

Where risks warrant escalation this shall be included on the corporate risk register

by the Head of Audit and Assurance.

(e) The risk register and events log shall be stored in electronic format within AthenaDocs.

Unit Business Continuity plans

3.11. Recovery plan must be produced by each Business Unit after performing a UnitBusiness Impact Analysis based on the standard. The primary aim of the BCP should

be to describe recovery steps to get back to work as soon as possible.

3.12. A library of these documents, along with this policy document and the CMT Runbook,

will form the LDA Business Continuity Plan (BCP).

3.13. Individual team level BCPs should be tested annually to validate their accuracy andintegrity. The BC Manager will communicate all the relevant test schedules.

3.14. Each team BC plan will include a cascade communications process thatallows the managers to contact their staff during emergencies.

3.15. The BC plan will also identify who can work from home and will be used tocommunicate to those staff using emails along with other modes of

communication.

Communications with the Staff

3.16. The following are the policies relating to communications at the LDA

(a) Once the BC manager has confirmed the BC event, in case of emergency

evacuations and invocations of primary recovery site, the BC Manager will

initiate a cascade communication liaising with the Communications Manager.

The cascade communications could reach the staff via mobile texts, emails, or

Information hotlines.

(b) In case of Gold events, the CMT leader will be the point of contact with the

LDA GMT & Board. The CMT Leader will communicate the course of actions

and decisions to the BC Manager and other Silver team members.

(c) The cascade information will also advise the Group Directors, Line Managers

or team BC contacts to invoke the team BC plans.


Page 28 of 34


29/34


(d) In addition to the cascade information coming through to mobiles and emails,

a staff emergency line will be activated by the CMT and pre recorded

messages will be made available advising staff about what has happened and

the action to take.

(e) The BC plan which identifies who can work from home will be used to

communicate to those staff using emails along with other modes of

communication.

(f) Each team BC plan will include a cascade communications process that

allows the managers to contact their staff. Seats at the Primary recovery site

will be allocated by the CMT and the Group Director will identify which staff

will initially move to the Primary Recovery site. This could vary depending on

the situation and business requirements. The BC Managers and GroupDirectors of each team will make the decisions in this regard.

Evacuation and Primary Recovery Site

3.17. In the event of a BC event or crisis that renders LDA Buildings not operationalor not available for occupation, the Primary Recovery Site will be invoked

(currently at Uxbridge). The BC Manager or Facilities Manager in Charge will

contact the third party recovery site provider to invoke and immediately

mobilise the recovery site.

There are currently limited Work Area Recovery (WAR) seats available for allocation at

Uxbridge along with additional seats for CMT use.

During Core Working Hours

1. If the BC event occurs during working hours and required mass evacuation, thebuilding evacuation procedure will be followed. Once evacuated, further information

and the future communications process will be announced at the muster point.

2. The CMT will immediately convene following an emergency evacuation. The CMTwill initiate the general cascade communications process. If possible, the team BCP

will be invoked and teams will also use their own cascade communications process

to brief their team members.

Outside Core Working Hours


Page 29 of 34


30/34


3. If the BC event occurs outside of the core working hours and doesnt requireevacuation, the CMT will convene and invoke the general cascade communications

process to inform staff as to what actions they should take on the following morning.

4. Text messages and emails will be sent to all employees in case of emergencies and

will advise the staff on the course of action.

5. The Line Managers and Group Directors will make the decision on whether to advisethe team members to work from home or go to the recovery site. This will depend on

the desk quotas available for each directorate and the existing remote working

procedures at the team level.

6. Should the staff return home after an evacuation or a BC event, they should call theinformation hotline mentioned in the RunBook, check their emails remotely (if IT

systems are still operational) or mobile messages for further information.

BC Event Closure

3.18. The following are the key policies regarding the closure of a BC Event:

(a) It is the ultimate responsibility of the CMT Leader (for Gold events) or the BC

Manager in Charge (in case of silver events) to ensure the BC event is resolved.

(b) The closure should be communicated with the staff and the GMT appropriately.

(c) The CMT should now initiate any appropriate management reports and post incident

investigation.

(d) The business continuity plan should be reviewed in light of any changes to working

arrangements

(e) A BC Event closure report should be produced after the resolution of the BC event,

as soon is it becomes Business As Usual. Close out reports and lessons learnt shall

be reported to the GMT, Audit, Risk & Performance Committee and Board.

Resource requirements

3.19. The CMT team members should be made aware of the roles and responsibilities andtheir time should be allocated for all BCM related activities including testing exercises.

The BC Manager should also ensure that every team BC contact (This could be the

Line Managers or Group Directors) allocate the appropriate time and resources to carry

out all BCM related activities.


Page 30 of 34


31/34


Training requirements

3.20. This policy should be communicated to all Group Directors, Line Managers and staffmaking them aware of the roles and responsibilities. Ideally a series of BCM

workshops should be conducted across the organisation making everyone aware ofthe importance and relevance of the BCM processes and procedures.

Teams/Persons consulted on this policy

3.21. The following have been consulted during the development of this framework:

(a) Group Director Communications and Marketing

(b) Head of Risk & Audit;

(c) Head of Health and Safety;

(d) Head of IMT Service Delivery;

(e) the Equality team;

(f) The Legal Team

(g) Chief Information Officer.


Page 31 of 34


32/34


Equality Impact Assessment

Section 1 - Screening

Question Response

SQ1. Please list here how the stated aims

and objectives of your policy relate to

equalities groups and who th

Documents

Business Continuity Management Policy 7299