1 What should you do in case you notice an incident?
1.1 Convene the Emergency Management Team (EMT) meeting on Telegram at this LINK. In case No internet connection is available, EMT members should get in contact with each other using mobile numbers.
1.2 Ensure the well-being of staff, visitors and any third parties affected.
1.3 Arrange staff transport if necessary.
1.4 Discuss with the EMT members whether to invoke or not the BC & DR Plan and the Project Manager to deal with the incident: the IT manager in case it is an IT incident, the HR department in the case is a Medical Incident etc)
Assign an Emergency Level to the incident, Section 6.2 of the BC & DR Plan and summarised below:
• Minor incident: Invocation not required
• Minor disruption (24-48 expected time to deal with the incident): prepare to invoke the BC & DR Plan
• Significant disruption (48 hours to 10 days required to deal with the incident): the invocation of the BC & DR Plan is mandatory
• Major disruption (total destructive loss of the sites, which could potentially cause an interruption lasting several months, staff fatalities possible): the invocation of the BC & DR Plan is mandatory.
2.1 Business Continuity Plan (BCP)
Strategy protocols designed to ensure the business can continue operating during a disruptive event.
2.2 Disaster Recovery Plan (DRP)
It specifically provides the information to recover the processes in case of incident, in order for the BCP to be put into action. It pertains to restoring lost data, infrastructure failure or other technological components.
2.3 Succession Plan
It describes how the business continues to function in the event of the unexpected permanent loss of named key persons due to resignation, serious long-term illness/injury or death.
2.4 Emergency Management Team (ETM)
The EMT commands the resources needed to manage an emergency situation and to recover the FISG’s operations.
2.5 What is an Incident (disruptive event)?
Any occurrence which can affect the business operations of the company through denial of access to premises or systems, categorised as follows:
• Fire, Explosion
• Power outage
• IT Failure (e.g. Cyber attack, Systems failure)
• Natural Disasters (e.g. Flood, Storm)
• Civil Disturbance
• Terrorist threat (e.g. Bomb attack or threat)
• Medical incident
• Any incident where the evacuation procedures are invoked by the Emergency Services.
3. teps you must follow in the case Invocation of the BC & DR Plan is required:
1. Supervise any evacuation
2. Complete the Emergency Procedures (flow charts available at this LINK, each tab summarises a different type of incident).
3. In the event of an emergency, the HR Department will be informed of the event by management so that a text message can then be circulated to all personnel informing them of the event via https://sms.to/. Username and Password to access the Platform are available at this LINK (5.2 SMS Tab)
• Ensure everybody has a copy of the Incident Log sheet.
• Make an entry for each significant action, decision or event, noting the date and time.
• Sign off each entry made.
• Ensure that all EMT staff use the sheets.
6. Compile a list of missing persons and known casualties. Ensure that the list includes both members of staff and visitors
7. Contact the Emergency Services to pass on the list of missing persons and receive information on casualties
8. Contact the Head of the IT Department to advise of the situation and to request assistance for IT and other infrastructure issues, and to invoke home working should the office premises remain inaccessible for a prolonged period
9. Contact the families and next-of-kin of affected staff
• Emergency security at the office if the site has sustained structural damage. If necessary, work with the landlord to ensure that the site is made safe and secure. Consider additional security personnel if required.
• When entry to the site will be allowed, if access has been denied.
• Confirm home workers are notified.
11. Collect backup tapes.
12. Establish a staff Co-ordination Point near to the site. Notify the Emergency Services of the co-ordination Point location.
13. Direct business visitors to the Co-ordination Point, if appropriate
14. Complete an interim business impact assessment. Consider:
• Impact on the ability to provide services normally undertaken at these offices
• Impact on the ability to undertake other activities such as IT development etc
• Loss of assets
• Direct costs
• Which losses will be sustained if the BCP is not invoked?
15.Decide whether to continue BCP invocation.
16. If the BCP is not to be invoked, then resolve any problems and implement the stand-down procedure: Notify all staff members of the stand-down. Otherwise, continue with the planned response.
17. Contact all members of staff and provide immediate instructions. Consider the following:
• Provide the minimum information to initiate the response and explain the current situation
• Verify specific Emergency Response tasks
• Identify any business-critical activities that should receive priority
• Confirm staff members’ immediate contact details
• Give notice of the staff briefing time and place
18. Instruct the staff that are immediately required to work from home
19. Provide emergency cash to staff involved in the recovery
20. Instruct the staff that are not required to remain at home and in contact
21. Clearly state the need for secrecy pending a formal press release
22. Inform third party contacts of the disruption affecting the firm’s operations and the recovery action being taken. (Full contact names and phone details for third parties are available at this LINK , 12.1 EMT Tab). Consider the following points:
• Wherever possible explain circumstances verbally using the latest approved statement
• Ask contacts not to call back and explain that they will be notified of events that affect them
23. Liaise with LIIBA.
24. Contact relevant banks if electronic payments are pending, informing them of the disruption affecting the firm and the recovery action being taken. Discuss any appropriate actions and advise of interim working arrangements
25. Verify with IT, voice line redirection, message content and call routing / handling
26. Redirect postal mail.
27. Conduct a damage assessment of the site and record details of damage to the building using a still or video camera. These pictures will be required for insurance purposes and damage must be recorded before the salvage and clean-up operations begin.
28. Verify that the landlord has been advised.
29. Monitor the situation and escalate to a higher level if required
BY DAY TWO OF THE RECOVERY:
- Review key priorities in the current recovery site workload.
2) Liaise with HR to arrange trauma counselling for affected staff if this is felt to be appropriate.
3) Conduct a briefing for all members of staff, both at the recovery site and elsewhere, covering the following:
• Internal press release, résumé of events and status.
• PR issues.
• Damage and impact assessment.
• Salvage status.
• Recovery strategy.
• Roles and responsibilities.
• Operating recovery targets.
• Department reporting and problem escalation guidelines.
• Voice and fax communications availability and usage.
• Progress reporting.
4) Assess the need for extra staff or shift work to address any backlogs and any urgent tasks.
5) Establish when access to the site will be allowed. If so, try to determine:
• What can be salvaged and its condition.
• What has been irretrievably lost or destroyed.
• What is intact, but inaccessible?
• Infrastructure damage and access availability.
• Expected rebuild time frames.
• Location for reconstruction activities.
6) Liaise with Lloyds to ensure that they are kept aware of the incident.
7) Contact the landlord. Arrange a meeting to establish insurance and reconstruction responsibilities.
BY DAY FIVE OF THE RECOVERY:
1) Monitor staff morale and confidence in employment continuity.
2) Staff at the recovery site should continue re-creation of lost or corrupted system data and paper-based work-in-progress.
3) Compile and submit insurance claims. Co-ordinate activities of loss adjusters/assessors.
4) If necessary, begin reconstruction of damaged or destroyed documents.
1) In conjunction with staff, begin to develop a long-term business recovery plan.
2) Decide if a refit of the site is viable. If the damaged site will not become habitable within one month, meet with property agents to identify a suitable alternative site. Otherwise, authorise reconstruction and refit of the site.
3) If necessary, search for local office space for short-term rental.
4) Review progress on the long-term site in conjunction with infrastructure staff from property agents. In particular:
• Construction and / or refurbishment.
• Design of floor layout(s).
• Plans for occupancy of the site.
• Procedures for security, cleaning, post and other services.
• Time frame for business transfer to the site.
• Emergency procedures.
• Procurement, installation, commissioning and testing of replacement computer systems.
• Order replacement stationary, proposal forms, cover-notes, certificates, renewal documentation and claims forms.
5) Prepare a staff briefing note on the new site. Include:
• The level of equipment and facilities available.
• Site layout plans.
• Directions to the site.
• The date of transfer of operations.
• The expected length of stay.
• Special arrangements regarding transport of staff.
• Altered working arrangements for staff.
• Recompense for disruption of work patterns.
6) Liaise with IT over systems as well as voice and data transfer to the new site.
7) Review timescales for occupation of the new site.
8) Resume normal operations from the new site. (e.g. Resume invoice processing and payments. Resume normal finance activities.)
1) Retrieve and review copies of Incident Logs. Identify:
• Exceptional performance.
• Sources of delay or inefficiency.
• Errors or inappropriate responses.
• Actual timescales for activity completion.
2) Hold a post-incident review meeting and quantify the cost of the incident in terms of:
• Lost information.
• Additional resource requirements.
• Missed opportunity.
• Inability to provide services and products internally and to customers.
• Fines, charges, compensation and penalties.
• Loss of staff and assets.
• Additional cost of working.
3) Update the BC & DR Plan, if necessary.
4) Update internal operating and emergency procedures.
ACTIONS THROUGHOUT THE RECOVERY:
1) Maintain the Incident Log.
2) Maintain contact with all members of staff:
• Respond to requests for information.
• Inform them of changes in strategy.
• Inform them of notable occurrences that may affect priorities.
3) At regular intervals:
• Review recovery progress against target timescales.
• Assess recovery progress.
• Prepare updates for all members of staff. Include the following:
o Incident status and recovery progress.
o Objectives and deadlines.
o Individual objectives, roles and responsibilities.
o Specific instructions.
o Handling personal problems caused by, or contributed to by the incident.
o Security issues.
o Current statements for handling incoming calls.
4) Liaise with senior management regarding all expenditure decisions.
5) Maintain regular contact with the site and with key third parties.
6) Ensure the prompt submission of any insurance claims.
7) Check salvage status – availability of paper-based records and extent of information lost.
8) Assess the well-being of staff and identify need for professional support.
• Casualties and staff well-being.
• Staff counselling or other assistance.
• Support for recruitment.
4. ADDITIONAL RELEVANT INFO:
In addition, if access to the office premises is denied all staff can WORK FROM HOME on any device using their Office365 account with 2FA to access Windows Virtual Desktop which includes access to the Azure File Server.
Sage200 and RiskServe users need remote or direct access to their desktops in the office.
SUCCESSION PLANS are also in place and available at this LINK in the event of the unexpected permanent loss of named key persons due to resignation, serious long-term illness/injury or death.