View
219
Download
2
Embed Size (px)
Citation preview
Risk Management 2009
• 55 Risk Registers Submitted• Over 500 risks
• Aligned with Faculty & College
College Risk Register at:
http://www3.imperial.ac.uk/riskanddisasterrecovery/riskmanagementhomepage/currentriskregisters
Common Themes form Departments/Divisions
• Financial environment• impact of measures to manage the situation.
• Staff recruitment and retention
• UG recruitment• on student quality.
• Internal Communication, particularly of the College’s strategic vision
• Management of space, particularly in strategic terms
• Problems around the new student Visa application process
• The AHSC
• Damage or Disruption to College operations or infrastructure
Council & Management Board
• Financial environment
• Pension provision
• Swine Flu
• International developments
• AHSC
Lessons Learnt
• Knowledge library
• College and Faculty Risk Registers available to departments/divisions
• Very cumbersome as spreadsheets
• Avoid duplication• Strategic business risks
• Risks can be opportunities
• Tolerance• ALARP
• Escalation
• Risk Owner is those most affected if the
risk should come about
Most Frequently Cited Risks
• Financial Situation
• Reputation• Tended to be implicit
• Damage or Disruption to College operations or infrastructure
Why Disaster Recovery
2009 Departmental Risk Registers most frequently sited risk:
• Damage to or loss of department infrastructure
Internal audit have identified Disaster Recovery as an area of concern
Governance
Steering Committee sets strategic objectives and direction, approves policy & plans
Working Group develops and implements plans, addresses operational issues
Standing Committee provides first line identification, filtering and escalation
Management Board
Risk & DR Steering Committee
DR Standing Committee
Risk & DR Working Group
Guidance
Available at: https://sharepoint.ic.ac.uk/HQ/DR/DR%20Review%202009/Forms/AllItems.aspx
Policy
Responsibilities
Governance
Overview
Codes of Practice1. Departments
2. Medical Divisions
3. Faculties
4. Campuses
5. Central Admin Divisions
College Philosophy
• Cannot anticipate every eventuality
• Assemble appropriately knowledgeable people at a predetermined place to manage the incident.
Appropriately Knowledgeable People
Understand:
•What activities are disrupted
• Hazards associated with those activities
• Impact of disruption to those activities
• College organisation and management
• College engineering and infrastructure support
Preparation
Appropriate response and recovery need an understanding of the likely impact of an incident:
a. Identify Key activitiesi. Teaching
ii. Research
b. Impact of disruption to those activities
c. Key Stakeholdersi. Their likely reaction to disruption
d. Recovery Time Objective
e. Recovery Point Objective
f. Minimum acceptable service level
g. What mitigation is or needs to be in place
All on Activity Impact Analysis Template
Response
Needs to be proportional
a. Mobilise the team appropriate to the incident• Contact list• Call out procedure
b. At a predetermined location• Identified by College, Faculty or Campus plans
c. Access to information provided by PREPARATION
d. Effective communication with:• Staff• Students• Other Response teams
e. Information to Emergency Services
f. Manage College Response• Access Control
Recovery
Needs to be proportional
a. Mobilise the team appropriate to the incident• Contact list• Call out procedure
b. At a location to be determined
c. Access to information provided by PREPARATION
d. Establish recovery priorities
e. Implement measures to realise those priorities
f. Communicate with Staff and Students
Will probably commence before Response has completed
DR Plans - Contents
DR plan contains:
1. Activity Impact Analysis
2. Personnel & contact details
3. Departmental Floor Plans and Building Plans» Unique and significant hazards or risks
Additionally: Campus and Faculty DR plans contain:
4. Information about CMG Rooms & Battle Boxes
Callout Procedure
CALL OUT PROCEDURE
Incident discoveredSecurity alerted
4444ERT investigate
Seriousness assessed
Emergency Services called
Security deal with situation
Duty Security Manager called and
informed of situation and
actions
OR
EITHER
ALWAYS
SERG Callout
CMG CalloutSK Security control
call out CMG
Decide locationSK Security control
call out SERG
Incident arisesDuty
Communications alerted
Standing Committee
Potential Level 2 or 3
Other Response Group
Escalate?
YES
NO
YES
Monitor situation
NO
What Next
Website to be updated
Seminars in Nov/Dec
DR Plans to be updated
By end Jan 2010
Sent to Nick Kay