Generic Branch Business Continuity Plan and Publications... · Web...

Confidential

Business Continuity Plan [Template]

Department: XYZ

Site/Location:Floors X SARB Head Office, Church

Street

Date: December 2010

Version: 1.0

Author : Delana de Jongh

Owner : [Head of the Department]

Confidential

Table of contents

1. AUTHORISED PLAN DISTRIBUTION.............................................................................................................................. 3

2. PURPOSE OF DOCUMENT............................................................................................................................... 3

3. AUDIENCE........................................................................................................................................................... 4

4. DEFINITION OF A MAJOR DISRUPTION/INCIDENT...............................................................................4

5. BCP ASSUMPTIONS.......................................................................................................................................... 4

6. AUTHORITY TO DECIDE ON INVOCATION OR REVOCATION OF BCP(S).........................................5

7. SUPPORTING DOCUMENTATION................................................................................................................. 6

8. RECOVERY STRATEGY.................................................................................................................................... 7

9. TRANSPORT ARRANGEMENTS..................................................................................................................... 8

10. RISK MANAGEMENT STRATEGY.................................................................................................................. 9

11. CRITICAL SUCCESS FACTORS..................................................................................................................... 10

12. FUNCTIONS AND RESPONSIBILITIES....................................................................................................... 11

13. EVENT-FLOW................................................................................................................................................... 13

14. ANNEXURE A:-CRITICAL BUSINESS PROCESSES – XYZ DEPARTMENT..........................................18

15. ANNEXURE B: EQUIPMENT/RESOURCE REQUIREMENTS FOR THE ALTERNATE SITE............19

16. ANNEXURE C: GETAWAY PARKING.......................................................................................................... 19

17. ANNEXURE D: CONTENTS OF RECOVERY BOX/CABINET..................................................................20

18. ANNEXURE E: DEPARTMENT XYZ EMERGENCY CONTACT LIST.....................................................21

19. OR ANNEXURE E: MANAGEMENT STRUCTURE – CALL OUT LIST...................................................22

20. ANNEXURE F: CLUSTER MANAGEMENT CONTACT NUMBERS[ IF REQUIRED]...........................23

21. ANNEXURE G: RETIRED AND/OR EX SARB EMPLOYEES...................................................................24

22. ANNEXURE H: EXTERNAL SUPPORT/KEY EXTERNAL SUPPLIERS/CUSTOMERS/3RD PARTIES25

23. ANNEXURE I: DETAILS OF STAFF REQUIRING ACCESS TO THE ALTERNATE SITE....................26

24. ANNEXURE J: LOCATION OF THE ALTERNATE SITE...........................................................................27

25. ANNEXURE K: PRE-RECOVERY PROCEDURES....................................................................................... 29

26. ANNEXURE L: XYZ DEPARTMENT’S TEST PREPARATORY PACK....................................................30

27. ANNEXURE M: XYZ DEPARTMENT’S TEST PACK..................................................................................33

28. ANNEXURE N: DEPARTMENTAL RISK MATRIX....................................................................................37

29. ANNEXURE O: ALTERNATE SITE TELEPHONE NUMBERS.................................................................38

30. ANNEXURE P: HR RESOURCE MANAGEMENT FOR THE XYZ DEPARTMENT...............................39

31. ANNEXURE Q: DEPARTMENTAL TRAINING AND AWARENESS.......................................................40

32. ANNEXURE R: GLOSSARY OF TERMS....................................................................................................... 41

of 43

/tt/file_convert/5b24288f7f8b9a37778b48d5/document.doc

Confidential

33. ANNEXURE S: XYZ Department plan sign-off..........................................................................................................43

1. Authorised Plan Distribution

Name: Division Designation Format

Mr A B Head of Department

Hard copy of signed –off

Ms BCP Co-ordinator Signed-off original

AGMs Electronic copy of original

BSTD CLO

2. Purpose of document

The Business Continuity Plan (BCP) 1 documents an effective framework for the recovery and

continuity of critical business processes in the event of a major disruption. It is therefore essential

that all staff members have a thorough understanding of the procedures and process contained in

the BCP document.

The BCP document, although not restricted, contains sensitive information and should be treated

accordingly. Departmental management should therefore ensure that the document is

disseminated to all relevant staff, keeping the sensitivity in mind, and ensuring that all other staff

are informed of what is required of them in terms of the document.

1 Collection of procedures and information, which is developed, compiled and maintained in readiness for use in the

event of an incident or disaster.

of 43


Confidential

3. Audience

The target audience of this document is:

All the XYZ Department personnel based at SARB Head Office (HO), 370 Church Street,

Pretoria.

Business System and Technology Department (BSTD) Information Communication and

Technology personnel at HO that responsible for the vv Dept business continuity from a

system application perspective.

Risk Management and Compliance Department (RMCD), Business continuity personnel at

HO that are the custodians of the BCM Programme in SARB.

4. Definition of a major disruption/incident

Any situation or incident, which has a negative impact on the continuity of the identified critical

business processes.

5. BCP Assumptions

5.1 The departure point for this BCP is that an incident has occurred which has rendered the

primary site (HO) inaccessible. It has been determined that some or all the Bank’s BCPs

need to be invoked.

5.2 This BCP will automatically be invoked, should it become necessary for the Information and

Communications Technology (ICT) infrastructure and operations to be relocated to the

Alternate Site, as a partial relocation of the ICT infrastructure is not possible.

5.3 However, it will be possible to invoke this BCP and re-locate staff to the Alternate Site, should

the ICT infrastructure not be relocated to the Alternate Site.

5.4 Both sites (HO and Pretoria North) will not be affected by a major disruption at the same

time.

5.5 Recovery situations from “minor” to “worst case” situations will also be catered for through

the invocation of this BCP.

5.6 A “worst case” scenario implies that the HO building and all the resources (systems, facilities,

process and people) therein are debilitated, for whatever reason.

of 43


Confidential

5.7 This BCP document serve as a guide to continue the critical business processes utilising

alternative means for the situation where a maximum of 15% of the staff compliment, over a

2-3 week period, will not be available due to the catastrophic nature of the incident.

5.8 All Information and Communication Technologies (ICT) infrastructure required to continue the

critical business processes is determined and provided for by Business Systems and

Technology Department (BSTD).

5.9 Most as of the ICT infrastructure capacity will be recovered at adequate levels , however, is

some cases a degradation of service could be experienced.

5.10 Some of XYZ dept’s staff (NPS Department), based at alternate locations, will not be situated

at the affected premises at the time of an incident.

5.11 The recovery strategy does not cater for an incident happening at the secondary locations

(Branches, SARB College), the secondary locations are responsible for their respective

recovery plans.

5.12 Staff(with Laptops/PCs) at secondary sites or 3rd Parties, dependent on the critical systems

at HO, will only be able to resume their operations once the systems have been recovered

at the Alternate Site.

6. Authority to decide on invocation or revocation of BCP(s)

Any of the Bank's governors, or the most senior surviving person(s) acting in that capacity, have

the authority to invoke or revoke a BCP, as advised by the BCM Committee. This will be

communicated either formally, verbally or electronically in a top-down manner.

of 43


Confidential

7. Supporting documentation

Documentation that underpins this BCP:

Document Description Location

BCM Policy May 2010 A framework for a co-ordinated response to any

event or incident which could negatively impact

the continuity of critical business processes of

the Bank.

Intranet : Home >

BCM,Safety&Security > Business

Continuity Management >

Business Continuity Management

Or click on

http://intranet/Intranet/

Intranet.nsf/LADV/

90242123A4BCFEE34225785500

2D2B9F/$File/

BCM+Policy+12+May+2010.pdf

Emergency Management

Plan

June 2010

A framework within which most emergency

situations should be able to be effectively dealt

with

Intranet:

Home > Occupational Health &

Safety > Occupational Health &

Safety> Emergency Management

Plan

Or click on

http://intranet/Intranet/safety.nsf/

LADV/

656BE4E705E0D754422577F200

2B4F93/$File/

EMP+June+2010.doc

Xth Floor Emergency Evacuation process to

follow in an a case of an emergency

Link to be provided by BCP

Coordinator

Manual Operating

procedures? Methodologies

and Templates

These guidelines are used internally Link to be provided by BCP

Coordinator

of 43


http://intranet/Intranet/safety.nsf/LPTV/Occupational+Health+&+Safety

http://intranet/Intranet/safety.nsf/LPTV/Occupational+Health+&+Safety

http://intranet/

http://intranet/Intranet/Intranet.nsf/WLPSV/BCM,Safety&Security~Business+Continuity+Management?opendocument

http://intranet/Intranet/Intranet.nsf/WLPSV/BCM,Safety&Security~Business+Continuity+Management?opendocument

http://intranet/Intranet/Intranet.nsf/LPTV/BCM,Safety&Security

http://intranet/Intranet/intranet.nsf/mc

Confidential

8. Recovery Strategy

8.1 Based on the nature of the major disruption at HO and subsequent decisions made by the

BCM Committee of the Bank, critical business processes will be recovered at the Alternate

Site within :

Mail Service = 4 hours

Telephony = immediately

Travel office = Immediately

8.2 The remaining XYZ staff, normally based at HO, will be required to go home and stay

contactable until they are informed by the Head of XYZ or BCP Coordinator of the way

forward.

8.3 The staff at secondary locations will continue operations on local or manual basis until ICT

systems are restored at the Alternate Site.

of 43


Confidential

9. Transport Arrangements

9.1 The following alternative transport arrangements would apply:

9.1.1 Staff will make use of their existing transport arrangements to get to the Alternate Site

or home.

9.1.2 Corporate Services Department, as part of their critical BCP processes, will arrange for

alternative transport arrangements from the assembly points.

9.1.3 Staff could arrange for private or public (taxi’s) transportation to come and collect them

and take them to the Alternate Site or to their homes; the cost incurred in both cases

will be dealt with at a later stage similar to a travel claim.

of 43


Confidential

10.Risk Management Strategy

Certain Operational Risks as identified by the department have been documented and addressed

in the Risk Matrix - for details please refer to Annexure N.

Risk Criticality Action/Response

Non-availability of all key

staff and other staff, when

required

High 3rd Party Service providers – identified in

annexure C will be contacted to provide the

necessary assistance.

Multi skilling.

BCP is considered when scheduling event

meetings are scheduled and when leave is

granted.

Succession Planning

of 43


Confidential

11.Critical Success Factors

11.1 BCP is updated regularly.

11.2 All departmental BCM functionaries understand their roles and responsibilities.

11.3 Regular awareness session training is conducted by departmental BCM team.

11.4 All external dependencies are identified, documented and maintained, spelling out the

requirements as well as skills.

11.5 Exercise the plan at least twice a year and an unscheduled exercise at least once a year.

of 43


Confidential

12.Functions and Responsibilities

Function Responsibility

Head

of D

epar

tmen

t

Accountable for establishment and maintenance of a BCP capability within the XYZ

Department.

Assist the BCP Co-ordinator by giving inputs regarding their respective working environments

and any relevant changes that have taken place.

[The HOD will from part of the BCM Committee responsible for decisions regarding the

incident.]

Determine impact of the disaster on the specific environment.

Remain in contact with other role-players and take critical decisions during this time.

Man

agem

ent T

eam

(HO

D, A

GM

s) Manage the staff

Responsible for upward and downward communication to staff

Provide input to HOD regarding the impact of the incident

Continuous interaction with role players in the rest of the SARB.

BCP

Coor

dina

tor

Interaction with other BCP role players in the Bank.

Responsible for the development, dissemination, maintenance and testing of the

departmental BCP within the organisational BCP framework i.e.

Ensure the updating of contact details of all staff, including their alternates.

Responsible for the identification and maintenance of business process

interdependencies in the departmental BCP.

Ensure that external agreements/MoU’s (3rd party agreements) are in place.

Ensure continued adequacy and functionality of the XYZ Department’s infrastructure and

workstation provisioning, implemented at the Alternate Site. The requirements are regularly

confirmed with the BCM Division and BSTD (Technical support).

Responsible for the safekeeping and availability of the BCP document to all concerned

parties.

Ensure any “Recovery box” requirements are kept offsite and maintained – if required –

(special hardcopy documentation, specific stationery such as cheque forms, letter heads,

operational procedures, etc.).

Responsible for the testing and maintenance of the XYZ Department’s BCP in collaboration

with the BCM Division.

Departmental training and awareness is done on the BCP (staff is updated with the XYZ

Department’s BCP content and functioning).

Management of staff at the off-site areas during the recovery process.

Manage the process of recovery during a test or in case of a real incident.

On a continuous base updates the list for access to the Alternate site via an email to the

BCM Section.

Analyse impact of the disaster on the specific environment.

of 43


Confidential

Function ResponsibilitySt

aff

Regularly update themselves with the content and their responsibilities within the XYZ

Department’s BCP as well as the Emergency Management Plan.

Ensure contact details are relayed to the BCP Co-ordinator.

Buy into the departmental BCP- ask questions to ensure that you understand what is

expected of you.

Sell BCM to your colleagues

Ensure that you can contact your manager

Take the exercising of the BCP seriously and actively participate.

Inform the departmental BCP Co-ordinator of any changes in your specific working area.

Clu

ster

C

o-or

dina

tor

Oversees the process of departmental recovery procedures within own cluster.

Provides status feedback to the BCM regarding the recovery process.

Addresses cluster operational recovery issues.

Ensures that departmental testing occurs regularly.

Ensures that cluster testing occurs regularly.

Ensures that departmental maintenance processes are in place.

of 43


Confidential

13.Event-flow

The following event-flow addresses the procedures to be followed after an incident, affecting

access and/or functionality of the Head Office building, has occurred.

Two possible scenarios exist in this regard:

Office hours : majority of staff is in the building when the incident occurs.

After hours : the incident happens when staff are not at work.

Communication is effected as follows:”

Downward communication will take place according to the Call-out list in ANNEXURE D All staff should contact their managers at least once in a 24hour cycle unless instructed

otherwise.

13.1 Office hours: If the event takes place during office hours, steps 1 – 14 in the Event Flow will

be followed

Event Flow: Office hours

Step Action Accountability/ responsibility Reference/comments

1. Evacuate to the pre-determined assembly point immediately.

Roll-call : Floor Warden to confirm the availability of staff after re-grouping at the assembly point

All staff will disperse and remain contactable for further instructions from their management team.

[Identified BSTD staff who have been allocated “Get-away” parking should not go to the pre-determined assembly points but rather proceed to the “Get-away” parking area and drive to the Interim Waiting Point (IWP) that is situated on the open area in front of

All staff Refer to Emergency Management Plan for evacuation and assembly procedures.

Refer to Emergency Management Plan for evacuation, assembly and “Get-away” parking procedures.

of 43


Confidential

the BMW garage on the corner of Nelson Mandela and Vermeulen Streets ]

Identified critical staff who have been allocated “Get-away” parking should not go to the pre-determined assembly points but rather proceed to the Alternate Site.

2. Assess impact of the disruption according to the Emergency Meeting Agenda.

BCM Committee Receive feedback from the Emergency teams.

The Committee will utilise Emergency meeting Agenda to assess the situation.

3. Decision: Wait/ Invoke/ Stand down

Governors As advised by the BCM Committee

4. Execute call-out plan to inform staff of situation and arrange transport.

Management team

and supervisorsCall-out Plan: Annexure D & G

Allocation/re-allocation of resources, depending on the situation:

(Who goes to the Alternate Site/home)

5. All proceed according to

received instructions.

All staff [BSTD Staff at the

the Interim Waiting

Point (IWP) to

proceed to

instructed site.]

Stay in touch with

the departmental

management team

of 43


Confidential

on a regular basis.

Await Further

instructions.

6. At the Alternate Site:

Initiate ICT recovery

processes.

Await availability of the

critical ICT infrastructure.

BSTD, ITSCM team

Critical staff

BCM Manager

The departmental

BCP co-ordinator is

the link to the BCM

Manager and/or the

BCMC.

7. At the Alternate Site:

Convene to evaluate the

situation and decide on

appropriate actions,

depending on the

particular circumstances.

Conduct briefing session

inform all staff of the

decisions taken – also inform staff not at the Alternate Site. All staff

should know what will be

expected of them.

Departmental

Management Team

8. Inform business areas when

critical ICT systems have

been recovered.

BCM Manager

9. Proceed with critical

business process recovery.

Departmental critical

business area staffRefer to specific

business area BCPs.

10. Execute call-out plan to

critical 3rd parties – inform on

status and requirements.

Management team

Critical StaffCall-out plan:

Interdependencies

(Annexure D & G)

of 43


Confidential

11. Manage business recovery

procedures to operational

state.

(Obtain, evaluate and

process status information

on systems availability and

processing ability.)

Management Team

BSTD CLO is the link

between ICT support

and the department.

Departmental BCP

Co-ordinator is the

link to the BCM-

Committee.

Initially every hour until

stability is reached.

From there, status

updates are based on

the decision of the

management team.

Refer to Annexure ? for the operational

recovery procedures.

12. Decision to Go Live / Stand Down

Governors As advised by the BCM Committee

13. Provide regular feedback to

cluster BCP co-ordinator

regarding the status of

business processes.

HoD/Departmental BCP

co-ordinator

14. Provide regular status

reports to the BCM Manager

or the BCMC.

Cluster co-ordinator or

anyone of the BCP co-

ordinators within the

cluster

of 43


Confidential

13.2 After hours: If the event happens after hours, steps 1 – 3 in the Event Flow will be followed

(continued)

Event Flow: After hours

Step

/TimeAction Accountability/ responsibility Reference/comments

1. Evacuate to the predetermined assembly point immediately.

Main Security Control

room

SCO

Refer to Emergency Management Plan for evacuation and assembly procedures.

2. Assess impact of the disruption

according to the Emergency

Meeting Agenda.

SCO Receive feedback from the Protection Services staff.

The SCO according to operational procedure assess the situation.

3. Decision to: Escalate / Managed - inform HODs and BCM

committee

Head of Currency and

Protection Services

Department

Head of Protection

Services Division

Head of Security

Business Continuity

Manager

4. The rest is the same as for office

hours, step 3-14.

of 43


Confidential

14.ANNEXURE A:-Critical Business Processes – XYZ Department

Critical Business Processes – XYZ Department

No.Business process name

Business process description

ICT Business application

Critical process time

Recovery times Interdependencies

<4 H

ours

<48

Hou

rs

Afte

r

10

Wor

king

Information from Information to

1.1

Risk Assessment Compile a risk Matrix

Basket of ToolsInternetGroupwiseZ: SIMSDongle for Analyst NotebookAnalyst Notebook

On request X Exec Man Internal -HODs

2.2

Operational planning H: DriveBasket of Tools

Annual X HOD InternallyAll Departments

3.

3

JOC : Risk Assessment Manual Procees imme

diately

4.

4

5.

of 43 /tt/file_convert/5b24288f7f8b9a37778b48d5/document.doc

Confidential

15.ANNEXURE B: Equipment/Resource requirements for the Alternate site

Department

Immediate

(Within 4 Hours)

48 Hour

(in addition)

After 10 Days

(in addition0Information

Seats PCs Phones Seats PCs Phones Seats PCs Phones

Board room

(Command Centre)

Department XYZ 2 2 0 3 3 3 0 0 0 Note:HOD 2 Risk Staff

Telephony : 2x

16.ANNEXURE C: Getaway parking

Seventeen (17) parking bays have been made available for the purpose of facilitating the speedy evacuating and transportation staff members to the Alternate Site.

Department Responsible persons Allocated parking

Executive Management Executive Assistant: Executive Management and the

Head: VIP Protection

Ground Floor (Three bays allocated in the

Conference Centre parking area)

Financial Services Mr B Thomas Level P1: 148, 150, 151& 152

National Payment System Mr T Masela Level P1: 153 and 154


Confidential

Financial Markets Mr M Mphuthi Level P1: 149, 155 and 156

Business Systems and Technology

Mr J J du Preez Level P1: 157,158, 159 and 160

Business Continuity Management Mr W van Rooyen Level P1: 161

17.ANNEXURE D: Contents of Recovery Box/Cabinet

Item Purpose Quantity

DR Phone numbers and Procedures Contact List for staff at the Alternate Site and operating procedures 1x Hard copy

Manual Operating Procedures

Access control Procedures Guidelines on accessing the Alternate Site 1x Hard copy

BCP Test Process Sign-off Certificate Document to be complete as proof that the business process has been

recovered.

1x Hard copy

Departmental BCP For guidance during an incident 1x Hard copy

Memory Stick 1MB Document transfer/backups 1


Confidential

18. ANNEXURE E: Department XYZ Emergency contact list

IN THE EVENT OF AN EMERGENCY, PROTECTION SERVICES DIVISION WILL ACTIVATE A TELEPHONIC WARNING SYSTEM TO INFORM PERSONNEL OF PROCEDURES AND POSSIBLE RESTRICTIONS REGARDING ACCESS TO THE BANK. THE MESSAGE WHICH YOU RECEIVE MUST BE RELAYED

TO THE PERSON “to call Who” ON THE LIST.

( Lookup )

Staff Member Name

DesignationCr

itica

l()

Tim

e

In

Whi

ch

Requ

ired:

Alternate/Stand-In

Office No

Cell No Home No Address

Alte

rnat

e Lo

catio

n

To Call Who

Ms Gill Marcus Minele Residence Dr XP Guma

Dr D Minele

B van Zyl

Dr Rossouw

Dr XP Guma

Minele l

Dr J Rossouww

The BCP Co-ordinator will keep this address and telephone list of staff members up to date This list will be distributed regularly to all personnel on the list. A copy of the list must be kept safely at home where it is easily accessible when required. Personnel not listed must contact their supervisors and wait for instructions.


Confidential

19. or ANNEXURE E: Management Structure – Call out list

The BCP Co-ordinator will keep this address and telephone list of staff members up to date This list will be distributed regularly to all personnel on the list. A copy of the list must be kept safely at home where it is easily accessible when required. Personnel not listed must contact their supervisors and wait for instructions.


Head of Department

BCP Co-Ordinator

Deputy Head

Assistant

Heads

Section

Heads

Critical Team

Members

Deputy Head

Assistant

Heads

Section

Heads

Critical Team

Members

Management

Support

Assistant

Head

Section

Heads

Critical Team

Members

Deputy Head

Assistant

Heads

Section

Heads

Critical Team

Members

Confidential

20.ANNEXURE F: Cluster Management Contact numbers[ if required]

No Caller’s Name To Call Who Cluster Department Office No Cell No Home No


Confidential

21. ANNEXURE G: Retired and/or Ex SARB employees

[if part of HR resource replacement strategy]

No Name Current Employer Office No Cellular No. Home No.


Confidential

22.ANNEXURE H: External Support/Key External Suppliers/Customers/3rd Parties

Name Requirement Contact Person Contact Number

1 XCBM<K FGGJKLUJ: JHHHJKLKLKL (JHHJKJJ

2

3

4

5

6

7


Confidential

23.ANNEXURE I: Details of Staff requiring access to the Alternate Site

Name ID Number Card Number Personnel Number

Vehicle Registration Number


Confidential

24.ANNEXURE J: Location of the Alternate site

24.1 Physical address of Alternate Site:

Pretoria North Branch460 Jan Van Riebeeck StreetPretoria NorthPretoria

Tel number: Alternate Site Switchboard – 012 565 7000

24.2 Directions

From the Pretoria Central Business District, take Paul Kruger Street northwards. Stay left on the R101 (Mansfield Avenue) through the Wonderboom interchange. At the following Pretoria North interchange, take the off ramp to President Steyn road. At the first intersection, turn right into Jan Van Riebeeck Street. Follow the road over the railway tracks straight into the Pretoria North Branch parking area. Report to the Protection Services staff who will direct you further.

24.3 GPS Co-ordinates

25°39’42.61”S 28°10’47.95”Eor

-25.661836 lat. 28.179986 lon.


Confidential

24.4 Map to the Alternate site

25. ANNEXURE

K: Pre-recovery Procedures


Confidential

(What to do when ICT Infrastructure has been recovered – real incident )

Step Action Accountability / Responsibility Reference/comment(where applicable)

1. Assemble in the cafeteria area

and report to the BCP Co-

ordinator

All Rollcall

2. Test access control at the

Alternate site

All Access Control

Procedures

3. Activate telephone and setup

internal telephone list

All Telephone

procedures in

Recovery box

4. Retrieve Recovery box contents BCP Co-ordinator

5. Assess Staff availability and

functional responsibilities

ABC & Departmental.

Management Team

H: \Policies and

Procedures.

6. Conduct Departmental meeting HOD

7. Assess data loss and point in time

of incident

Dept Management Team H: \Policies and

Procedures.

8. Arrange for rotation of staff Dept Management Team


Confidential

26.ANNEXURE L: XYZ Department’s Test Preparatory Pack

The objective of the actions below is to prepare documentation for sign-off during a BCP Test.

(Please note: these actions will not be performed during a real incident).

At least all the Critical Business Processes should be tested

26.1 Staff planning

The Departmental BCP Co-ordinator will identify who will be testing the XYZ Plan on the

Saturday.

The BCP Co-ordinator to forward the names and details of the staff specified in Annexure H to

the BCM Section in the RMCD via GroupWise in order to arrange access to the Alternate site.


Confidential

26.2 Actions to be performed closest time possible before the test at the Alternate Site:

[Printable Page]

Test conducted by :________________________________________

Date : yyyy/mm/dd Time: hh:mm

1 Business Process : monitor Samos

H: drive Completed()

Comments

Access H:\ drive [xxxxxx]

Identify a recently modified file and verify that it has been recovered

correctly.

Make a note of the details and keep for comparative purposes.

Close the file.

Basket of toolsCompleted()

Comments

On your desktop go to the Start Button and click it.

Move your mouse to All Programmes, Microsoft Office and a List of

Microsoft office products will list.

Make a print for verification purposes.

Open Microsoft Office Word and Microsoft Excel.

Open a document of each application.

GroupWiseCompleted()

Comments

Logon to GroupWise with user name and password.

Sent a message to yourself or a colleague.


Confidential

Print the message for verification purposes.

Schedule an appointment and confirm the delivery of the appointment by

checking the properties of your message.

Print the calendar for verification purposes.

View Calendar and confirm that you can view all appointments

Select Address Book and confirm that you can view all your contracts in the

various Address Books.

Print the Address Book for verification purposes.

Logoff GroupWise.

CRSCompleted()

Comments

?

?


Confidential

27.ANNEXURE M: XYZ Department’s Test Pack

The objective of executing the Test Pack is to verify, either during a test or during a real incident that

the critical business processes together with the supporting ICT were recovered successfully and

processing live information/request can commence.

At least all the Critical Business Processes (manual process or business application) must be

tested Testing can commence upon notification from the BCP Test coordinator that the ICT systems

has been recovered


Confidential

27.1 Actions to be performed during a test or in case of a real incident

[Printable Page]

Test conducted by :________________________________________

Date : yyyy/mm/dd Time: hh:mm

Please indicate: Test Real Incident Resumption/Reverting

Telephony(not applicable during resumption)Completed()

Comments

Test telephone

Refer to Annexure O for DR Phone Numbers and DR Phone Procedures

– only applicable to test or real incident.

Test Service Desk and confirm own number

Logon to PCCompleted()

Comments

Logon to the PC with username and Password

Use same username and password as Head Office – report problems to

Help Desk.

Logoff when done.

1 Business Process: Co-ordination of the Bank’s Risk Management Discipline

H:driveCompleted()

Comments

Access H: drive [XXXXx]

Identify a recently modified file and verify that it has been recovered

correctly.

If comparative notes exist, compare and verify.


Confidential

Close the file.

Basket of toolsCompleted()

Comments

On your desktop go to the Start Button and click it.

Move your mouse to All Programmes, Microsoft Office and a List of

Microsoft office products will list.

Open Microsoft Office Word and Microsoft Excel.Open a document of each

application.

If comparative documentation exists, compare and verify.

GroupWiseCompleted()

Comments

Logon to GroupWise with user name and password.

Sent a message to yourself or a colleague.


Schedule an appointment and confirm the delivery of the appointment by

checking the properties of your message.

View Calendar and confirm that you can view all appointments


Select Address Book and confirm that you can view all your contracts in the

various Address Books.


Logoff GroupWise

Make a copy of the completed Test pack and keep a copy for your own records purposes.

Hand the completed Test Pack to the BCM Co-ordinator.


Confidential


Confidential

28.ANNEXURE N: Departmental Risk Matrix

Risk Criticality Action/Response

Non-availability of all key

staff and other staff, when

required

High 3rd Party Service providers – identified in

annexure C will be contacted to provide the

necessary assistance.

Multi skilling.

BCP is considered when scheduling event

meetings are scheduled and when leave is

granted.

Succession Planning

.Critical staff not contactable

.

.

.

.

.


Confidential

29.ANNEXURE O: Alternate Site Telephone Numbers

29.1 Golden no: 0861127272


Confidential

30.ANNEXURE P: HR Resource Management for the XYZ Department

30.1 Planning for 15 % of staff not being available to perform critical functions as a result of a

pandemic.

30.2 Process dependencies identified.

30.3 Critical functions identified

30.4 Critical staff identified as well as their alternates

30.5 Needs/requirements for critical staff to work from home, i.e. hardware, software, telephone lines,

etc.

30.6 Depth of knowledge/skills levels within the Human Resources Department - rotation/constant

training/succession planning

30.7 External parties identified to assist with operations within the Legal Services Department in

event of a pandemic

30.8 Alternate people from other departments that could assist with Shares related functions have

been identified and informed of the expected responsibilities.


Confidential

31.ANNEXURE Q: Departmental Training and Awareness

Date Type of training/awareness done

Comments/outcome of training and awareness session/s

Date of next training/awareness session

11 August

2009

Previous plan was discussed

with the Management Team

to revise the plan.

Managers were tasks to come

up with Critical processes ,

Recovery actions & Test packs

12 October 2009

20 April

2010

Presentation was presented

on the dept BCP.

Attendance register was kept of

all that attended

Whenever new employees start.

To the whole department after the

Annual BCP maintenance cycle in

January 2010.

8 June 2010 E-mail BCP to new staff

members.

No feedback was provided by

the new staff members

Whenever new employees start.

To the whole department after the

Annual BCP maintenance cycle in

January 2010.


Confidential

32.ANNEXURE R: Glossary of Terms

Abbreviation

Term Definition

Alternate Site Pretoria North Branch460 Jan v Riebeeck Street Pretoria North 0182 Tel: (012) 521 7700 Fax: (012) 521 7701

BCI Business Continuity Institute (UK)The Business Continuity Institute (BCI) was established in 1994 to enable individual members toThe wider role of the BCI and the BCI Partnership is to promote the highest standards of professional competence and commercial ethics in the provision and maintenance of business continuity planning and services. The BCI is the world’s most eminent BCM institute.

BCM Business Continuity

Management

BCP Business Continuity

Plan

A documented collection of procedures and information that is develop, compiled and maintained in readiness for use in an incident to enable an organisation to continue to deliver its critical products and service at an acceptable level

BIA Business Impact AssessmentBusiness processes with their supporting systems, critical periods, recovery times, interdependencies, workstations and HR requirements.

Command Centre (often called a war room) Any place that is used to provide centralized command for some purpose.

Disruption An event that interrupts normal business functions, operations, or processes, whether anticipated(e.g. political unrest) or unanticipated (e.g. blackout)

Event Occurrence or change of a particular set of circumstances

Exercise A process to rehearse the roles of team members and staff, and test the recovery of continuity of an organisations systems

Facility Plant, machinery, equipment, property, buildings, vehicles, information Systems, transportation facilities and other items or infrastructure


Confidential

HO Head Office (370 Church Street)

Impact The evaluated consequence of a particular outcome

Incident An event that has the capacity to lead to loss of or a disruption to an organisations operations, services or functions- which if not managed, can escalate into an emergency, crisis or disaster

Invocation The declaration that an organisation’s BCP needs to be put into effect in order to continue deliver key products and services

MTPD Maximum tolerable Period of Disruption

The duration after which and organisation’s viability will be irreparably damaged if a product or service delivery cannot resume

Policy The intentions and direction of an organisation as

formally expressed by top Management.

Process A set of interrelated activities which transform inputs into

outputs

RTO Recovery Time

Objective

The target time in which the delivery of a product or

service following its disruption is to be resumed

RPO Recovery Point

Objective

The target set for the status and availability of data at

the start of the recovery process

SCO Shift Control Officer The person in charge of assesssment of an incident


Confidential

33.ANNEXURE S: XYZ Department plan sign-off

Designation Name Signature Date

Head of Department Mr A

BCP Co-ordinator for

[Internal Audit]

Department

Ms B

BCM Manager Mr X


Generic Branch Business Continuity Plan and Publications... · Web...

Documents

Transcript of Generic Branch Business Continuity Plan and Publications... · Web...