IMPLEMENTING BUSINESS CONTINUITY: A BANK OF ENGLAND PERSPECTIVE STEPHEN P COLLINS BANK OF ENGLAND.
-
Upload
emily-wilkerson -
Category
Documents
-
view
220 -
download
0
Transcript of IMPLEMENTING BUSINESS CONTINUITY: A BANK OF ENGLAND PERSPECTIVE STEPHEN P COLLINS BANK OF ENGLAND.
![Page 1: IMPLEMENTING BUSINESS CONTINUITY: A BANK OF ENGLAND PERSPECTIVE STEPHEN P COLLINS BANK OF ENGLAND.](https://reader036.fdocuments.us/reader036/viewer/2022071705/56649cea5503460f949b4e9e/html5/thumbnails/1.jpg)
IMPLEMENTING BUSINESS CONTINUITY:
A BANK OF ENGLAND PERSPECTIVE
STEPHEN P COLLINSBANK OF ENGLAND
![Page 2: IMPLEMENTING BUSINESS CONTINUITY: A BANK OF ENGLAND PERSPECTIVE STEPHEN P COLLINS BANK OF ENGLAND.](https://reader036.fdocuments.us/reader036/viewer/2022071705/56649cea5503460f949b4e9e/html5/thumbnails/2.jpg)
FOR AN EFFECTIVE CONTINGENCY PLAN, YOU NEED TO:
• Understand your business – what are the key activities?• Assess the impact – on your institution and on others – of
not being able to carry them out.• Establish recovery time objectives – the point where loss of
a key activity becomes critical to the business.• Estimate what is required to provide an acceptable level of
service, eg:- minimum staffing levels over time- minimum work-station and telephony requirements over
time- minimum PC and server requirements over time- application requirements over time
EFFECTIVE PLANNING
![Page 3: IMPLEMENTING BUSINESS CONTINUITY: A BANK OF ENGLAND PERSPECTIVE STEPHEN P COLLINS BANK OF ENGLAND.](https://reader036.fdocuments.us/reader036/viewer/2022071705/56649cea5503460f949b4e9e/html5/thumbnails/3.jpg)
RESILIENCE MEASURES
• Planning• Testing/Exercising• Contingency Sites• IT Resilience• Split-Site Working• Remote Access• BlackBerries
![Page 4: IMPLEMENTING BUSINESS CONTINUITY: A BANK OF ENGLAND PERSPECTIVE STEPHEN P COLLINS BANK OF ENGLAND.](https://reader036.fdocuments.us/reader036/viewer/2022071705/56649cea5503460f949b4e9e/html5/thumbnails/4.jpg)
SCENARIO PLANNING
What are we planning for ?
Five possible types of event:
• SERVICES : Loss of power, water, sewage to Bank locations• COMMUNICATIONS : Loss or severe degradation of public
and/or private telephone networks, including mobile networks• SYSTEMS : Acute systems failure (eg successful virus attack)• STAFF : Significant numbers of staff unable/unwilling to travel
to work (eg transport disruption, civil emergency, flu pandemic)• PREMISES : Loss of access to single or multiple Bank locations
(eg fire/ flood/ bomb/ something worse)
![Page 5: IMPLEMENTING BUSINESS CONTINUITY: A BANK OF ENGLAND PERSPECTIVE STEPHEN P COLLINS BANK OF ENGLAND.](https://reader036.fdocuments.us/reader036/viewer/2022071705/56649cea5503460f949b4e9e/html5/thumbnails/5.jpg)
HIERARCHY OF PLANS• Bank of England uses an integrated 3-tier structure of business continuity
plans– High level plan
• Used by executive and senior management: provides an outline plan of action, assigns responsibilities, identifies key people, and sets out who will be involved in the recovery process. Written and maintained by Business Continuity Division.
– Core and Crisis Function checklists• Each function has an individual Action Summary checklist which
briefly sets out the key actions required to cover each function. These are brief, cut across areas, and are in note format. Set format, but maintained by lead areas.
– Local area plans• These set out what each area needs to do in the aftermath of an
operational disruption, and who is responsible. Covers both core/ crisis functions and other functions. Are more detailed and cover a longer time frame. We do not impose any set format for these plans.
![Page 6: IMPLEMENTING BUSINESS CONTINUITY: A BANK OF ENGLAND PERSPECTIVE STEPHEN P COLLINS BANK OF ENGLAND.](https://reader036.fdocuments.us/reader036/viewer/2022071705/56649cea5503460f949b4e9e/html5/thumbnails/6.jpg)
Business Continuity planning – structure and ownership
High Level Plan
Core and crisis functions action checklists
Local area plans
Business Continuity Division
BCD and local areas
Drafting and testing responsibilitiesPlan ownership
Executive Team
Local Area management
All Staff
![Page 7: IMPLEMENTING BUSINESS CONTINUITY: A BANK OF ENGLAND PERSPECTIVE STEPHEN P COLLINS BANK OF ENGLAND.](https://reader036.fdocuments.us/reader036/viewer/2022071705/56649cea5503460f949b4e9e/html5/thumbnails/7.jpg)
WHY TEST?
• To check the assumptions implicit in your plan
• To check that all parties have sufficient knowledge of the plan, and that the plan is adequately documented
• To check that proposed actions are achievable
• To check business resilience
• To check that strategies, technology are appropriate
• To generate confidence in the plan
![Page 8: IMPLEMENTING BUSINESS CONTINUITY: A BANK OF ENGLAND PERSPECTIVE STEPHEN P COLLINS BANK OF ENGLAND.](https://reader036.fdocuments.us/reader036/viewer/2022071705/56649cea5503460f949b4e9e/html5/thumbnails/8.jpg)
WHAT SHOULD YOU TEST?• Processes, not individuals• Communication strategies
– External interaction (customers, media, etc)– Contacting staff
• Plan content– Logical, realistic, no assumptions
• Interdependencies– Internal & external, including links with civil authorities
• Technology solutions– Component level, data centres, data restoration
• Alternative locations– Recovery sites, reciprocal arrangements
![Page 9: IMPLEMENTING BUSINESS CONTINUITY: A BANK OF ENGLAND PERSPECTIVE STEPHEN P COLLINS BANK OF ENGLAND.](https://reader036.fdocuments.us/reader036/viewer/2022071705/56649cea5503460f949b4e9e/html5/thumbnails/9.jpg)
GENERIC FORMS OF TESTS
• Review of local area plans (do they complement or conflict?). Undertaken by a third party.
• Tabletop walk-through. Undertaken by the people mentioned in the plan – talk-through a given scenario. Focus on training, familiarisation with roles, procedures, responsibilities. But no need to arrange elaborate facilities or communications.
• Simulation. Uses a predefined scenario. May be announced or unannounced. As realistic as possible. Takes place in real time. May bring in “players” to act the roles of external bodies. May test facilities, communications, systems. All decisions and actions generate real responses and consequences from other players
• Tests of kit, individual processes, premises.
![Page 10: IMPLEMENTING BUSINESS CONTINUITY: A BANK OF ENGLAND PERSPECTIVE STEPHEN P COLLINS BANK OF ENGLAND.](https://reader036.fdocuments.us/reader036/viewer/2022071705/56649cea5503460f949b4e9e/html5/thumbnails/10.jpg)
Types of tests used at the Bank of England
• Phone cascades
• Desk-top scenario walk-throughs
• ‘Acted-out’ exercises (testing crisis functions)
• ‘Real-time’ scenario-based crisis management exercises (both internal and market-wide)
• Connectivity (kit) tests
• ‘Invacuation’ and ‘evacuation’ tests
• Live working from contingency sites
![Page 11: IMPLEMENTING BUSINESS CONTINUITY: A BANK OF ENGLAND PERSPECTIVE STEPHEN P COLLINS BANK OF ENGLAND.](https://reader036.fdocuments.us/reader036/viewer/2022071705/56649cea5503460f949b4e9e/html5/thumbnails/11.jpg)
MARKET WIDE EXERCISE - HISTORY
• Annual exercise to test the resilience of financial sector.
• First MWE in 2003
• Previous scenarios have included floods, and bombs – desktop and live-exercise simulation.
![Page 12: IMPLEMENTING BUSINESS CONTINUITY: A BANK OF ENGLAND PERSPECTIVE STEPHEN P COLLINS BANK OF ENGLAND.](https://reader036.fdocuments.us/reader036/viewer/2022071705/56649cea5503460f949b4e9e/html5/thumbnails/12.jpg)
• Human influenza pandemic.
• 70 UK firms took part with some 4,000 participants.
• Largest ever business continuity exercise.
• 6 week “rising tide” scenario covering several months in exercise time.
– Starting at WHO stage 4 (limited human-to-human transmission) to stage 6 (widespread, worldwide impact.)
MWE 2006
![Page 13: IMPLEMENTING BUSINESS CONTINUITY: A BANK OF ENGLAND PERSPECTIVE STEPHEN P COLLINS BANK OF ENGLAND.](https://reader036.fdocuments.us/reader036/viewer/2022071705/56649cea5503460f949b4e9e/html5/thumbnails/13.jpg)
THE TRIPARTITE AUTHORITIES
HM TREASURY
BANK OF ENGLAND
FINANCIAL SERVICES AUTHORITY
![Page 14: IMPLEMENTING BUSINESS CONTINUITY: A BANK OF ENGLAND PERSPECTIVE STEPHEN P COLLINS BANK OF ENGLAND.](https://reader036.fdocuments.us/reader036/viewer/2022071705/56649cea5503460f949b4e9e/html5/thumbnails/14.jpg)
GOVERNMENT/EMERGENCY SERVICES
TRIPARTITE AUTHORITIES
FINANCIAL PRIVATE SECTOR
AllFirms Counterparties
Exchanges Markets
Clearing Houses Payment Systems
Settlement systems
Standing Committee
FSA liaison
BoEliaison
CMBCG
Tripartite Press Group
MMLG FXJSC Other groups
Gold
FSC website/Teleconference
Members/Participants
DMOHMT
COBR
BCSub-Group
![Page 15: IMPLEMENTING BUSINESS CONTINUITY: A BANK OF ENGLAND PERSPECTIVE STEPHEN P COLLINS BANK OF ENGLAND.](https://reader036.fdocuments.us/reader036/viewer/2022071705/56649cea5503460f949b4e9e/html5/thumbnails/15.jpg)
SCHEMATIC OF TRIPARTITE/MARKET LIAISONFOR CRISIS MANAGEMENT
• Tripartite elements -
• Tripartite/market elements -
• Wider government elements -
• Tripartite/government elements -
• Tripartite/market info. exchange -
• Tripartite/wider government links -
• Tripartite info. to market -
![Page 16: IMPLEMENTING BUSINESS CONTINUITY: A BANK OF ENGLAND PERSPECTIVE STEPHEN P COLLINS BANK OF ENGLAND.](https://reader036.fdocuments.us/reader036/viewer/2022071705/56649cea5503460f949b4e9e/html5/thumbnails/16.jpg)
GLOSSARY
• BC Sub-Group – Business Continuity Sub-Group of the Tripartite Sub-Committee
• FSA – Financial Services Authority• BoE – Bank of England• HMT – Her Majesty’s Treasury• DMO – Debt Management Office• COBRA – Cabinet Office Briefing Room• Gold – Strategic Planning Committee• FSC – Financial Sector Continuity Website (www.fsc.gov.uk) • CMBCG – Cross Market Business Continuity Group• MMLG – Money Markets Liaison Group• FXJSC – Foreign Exchange Joint Standing Committee