Docstoc

Understanding Business Interruption Insurance - Excel

Document Sample
Understanding Business Interruption Insurance - Excel Powered By Docstoc
					                                        Business Continuity Management
                                                Process Outline


N.B. If necessary, refer to HM Government BCM Toolkit for detailed explanation here:
http://www.direct.gov.uk/en/Governmentcitizensandrights/Dealingwithemergencies/Preparingforemergencie
s/DG_175927

1. Understanding the Organisation
This is the foundation of BCM. Undertaking the process of Business Impact Analysis and Risk Assessment
will enable better understanding of the organisation and help build BCM capability.

1.1 Carry out a Business Impact Assessment (BIA)
A BIA identifies and documents your key products and services; the critical activities required to deliver
these; the impact that a disruption of these activities would have on your section/school/department and the
resources required to resume the activities.

(i) List all the functions/products/services of the services of the school/dept/section - see BIA key
    functions sheet

(ii) Use the impact criteria chart to decide which are the key functions/products/services.

(iii) Carry out a Business Impact Analysis for each key function/product/service. see the BIA sheet

1.2 Carry out a Risk Assessment
In the context of BCM, a risk assessment looks at the likelihood and impact of a variety of risks that could
cause a business interruption. By assessing these, you will be able to prioritise your risk reduction
activities. You should focus your risk assessment on the critical activities and supporting resources
identified in the BIA stage. For this reason a risk assessment can only take place once a BIA has been
completed. See the BCM Risk Assessment sheet.

After risk assessment you should be able to rank the risks and make an informed decision about what
action to take next i.e. whether to tolerate, transfer, terminate or treat the risk using a BCM plan to reduce
disruption and promote recovery.




 2. Determine your BCM Strategy
 Identify the action you can take to maintain the critical activities that underpin the delivery of functions and
 services. Various tactics can be considered to protect resources of People, Premises, Technology,
 Information, Supliers, Partners and Stakeholders. See the BCM Strategy Sheet.



 3. Develop your BCM Plan and Arrangements.
 For those critical activities that you decide require BCM planning - use the BCM resource planning and
 emergency action sheets to determine how you will draw together the resources to be mustered for each
 critical activity in the BIA and the actions to be taken by individuals and groups in the event of an
 emergency. All planning sheets should be kept together with an overall BCM plan cover sheet.

 4. A copy of your overall plan with its resource and action requirement sheets should be forwarded to the
 BCM coordinator in order that a College wide BCM plan can be compiled.

 5. Keep your plans under regular review and exercise version control in order that only the latest version
 will be used when necessary.
isk Assessment




artment and the




ustered for each
                                          Understanding the Organisation
                                     BIA: Identify the Key functions & services
                         Please complete this page electronically in order to save the details to the
                                                     Summary sheet

    Dept./school/section:

List the functions, products & services your section/school/department provides . Use the impact
criteria chart and mark as 'key', those which if disrupted for any reason will have the greatest
impact. Also consider whether loss of the service would cause serious financial loss or serious
loss of reputation via e.g. negative impact in the HE media.


                                 Function or service heading                                    Key?
1
2
3
4
5
6
7
8
e the details to the
                                           Understanding the Organisation
                                      BIA: Template for key functions & services
                                Please enter the 'critical activities' list electronically in order to
                                              save the list to the Summary sheet



1. Key function, product or service heading: ________________________________________


2. Full description of the key function, product or service : ____________________________

  ______________________________________________________________________________

  ______________________________________________________________________________


3. Use the impact criteria chart and assess what would be the impact of a disruption to this key
function etc in terms of your ability to meet its aims and objectives and the impact on its
stakeholders for:

a) First 24 hours?     _________________________________________


b) 24 – 48 hours?      _________________________________________


c) Up to one week?     _________________________________________


d) Up to two weeks     _________________________________________



4. You should now be able to identify the maximum length of time that you can manage a
disruption to this key product or service without it threatening your organisation’s viability, either
financially or through a loss of reputation (this is often referred to as the Maximum Tolerable
Period of Disruption or MTPD).

The Maximum Tolerable Period of Disruption (MTPD) is therefore? ______________



5. You should now set the point in time at which this key product or service would need to be
resumed in the event of a disruption (this is often referred to as the Recovery Time Objective or
RTO). In determining the RTO, you should: take into account the confidence you have in the MTPD
and whether on reflection it was too optimistic; and ensure that you have built in a margin for
unforeseen difficulties with recovery.


Recovery Time Objective or RTO is therefore?       _____________________________
    6. Critical Activities
    You should now document the critical activities that are required to deliver your key functions
    and services.



                                 Critical Activities - (Please enter electronically)
1
2
3
4
5
6


    7. Resource Assessment
    You should now quantify the resources required over time to maintain the critical activities at an
    acceptable level and to meet the RTO identified in (5) above and document these. These may
    include: people; premises; technology; information; and supplies and partners

    Some of the questions that you may want to consider when quantifying the resources you will
    require to maintain your critical activities are set out below but this should not be seen as an
    exhaustive list. It should be noted that the resources required to resume an activity after an
    incident will not necessarily be the same as during normal operations as you may need additional
    resources to clear backlogs.



    7.1 PEOPLE:

    a) What is the optimum number of staff you require to carry out your critical activities? ______


    b) What is the minimum staffing level with which you could provide some sort of service? ____


    c) What skills/level of expertise is required to undertake these activities?________________
    ___________________________________________________________________________________




    7.2 PREMISES:

    a) What locations do your organisations critical activities operate from? _________________

      _________________________________________________________________________________

    b) What alternative premises do you have? ___________________________________________


    c) What plant, machinery and other facilities are essential to carry out your critical
       activities? ______________________________________________________________________

      ________________________________________________________________________________
7.3 TECHNOLOGY

a) What IT is essential to carry out your critical activities? _____________________________

  ________________________________________________________________________________

b) What systems and means of voice and data communication are required to carry out
   your critical activities? ____________________________________________________________

  _________________________________________________________________________________

 __________________________________________________________________________________




7.4 INFORMATION

a) What information is essential to carry out your critical activities? _____________________

  ________________________________________________________________________________

  ________________________________________________________________________________


b) How is this information stored? ___________________________________________________

  ________________________________________________________________________________

  ________________________________________________________________________________




7.5 SUPPLIERS AND PARTNERS

a) Who are your priority suppliers/partners whom you depend on to undertake your critical
   activities? ______________________________________________________________________

  ________________________________________________________________________________


b) Do you tender key services out to another organisation, to whom and for what? _______

   ________________________________________________________________________________


c) Do you have any reciprocal arrangements with other organisations? ________________
                                                Understanding the Organisation
                                                       Risk Assessment
                           Please complete the Ranked Risks section overleaf electronically in order to
                                             save the details to the Summary sheet

In the context of BCM, a risk assessment looks at the likelihood and impact of a variety of risks that
could cause a business interruption. By assessing these, you will be able to prioritise your risk
reduction activities.   You should focus your risk assessment on the critical activities and supporting
resources identified in the BIA stage. For this reason a risk assessment can only take place once a BIA
has been completed.


1. Identify events that could pose risk to your organisation.
These could include: Disruption to transport;Loss of staff; systems (IT and telecommunications); utilities eg
water, gas or electricity; key suppliers; loss of or access to premises;

               Event                                  Controls                    Impact Likelihood      Rating
                                                                                   score (low/high)     (A, B, C, D)




  2. List the controls/arrangements you currently have in place to prevent or minimise the likelihood of the
  event actually occurring e.g. alternative electricity supplies, premises, etc.


 3. Using the chart below, assess the impact each event would have on your ability to deliver your critical
 activities. Also consider whether loss of the service would cause serious financial loss or serious loss of
 reputation via e.g. negative impact in the HE media.
4. Taking into account the controls/arrangements in (2) above, assess whether the likelihood of the event
occurring is LOW or HIGH

5. Using the risk matrix below assess the risk rating for the event and list it (A, B, C or D) in
   the table above.



                                                     B                      A
                                                High Impact            High Impact
                          Increasing Impact    Low Likelihood         High Likelihood


                                                     D                      C
                                                Low Impact             Low Impact
                                               High Likelihood        Low Likelihood
                                              Increasing Likelihood




6. You will now be able to rank the risks and make an informed decision about what action to take. The
options for action are:

TREAT – use of a BCM plan i.e. consider what other controls/arrangements you could put in place to prevent
or reduce the risk of disruption to ensure the activity continues at, or is recovered to, the acceptable minimum
level and the timeframe stipulated in the BIA.

TOLORATE – you may decide that you are willing to accept the risk as the cost of implementing any risk
reduction strategies outweigh the benefits.

TRANSFER – for some risks the best response may be to transfer them. This might be done by
conventional insurance or contractual arrangements, or it might be done by paying a third party to take the
risk in another way. This option is particularly good for mitigating financial risks or risks to assets.

TERMINATE – in some circumstances it might be appropriate to change, suspend or terminate the service,
product, activity, function or process. This option ought only to be considered where there is no conflict with
the organisation’s objectives, statutory compliance and stakeholder expectation. This approach is most likely to
be considered where a service, product, activity, function or process has a limited lifespan.

In some cases, a combination of BCM and insurance will give your organisation the best chance of
recovering quickly.




  Rank the risks - As first then Bs, Cs etc (please enter electronically)               Action: BCM, Tolerate etc
 lace to prevent




party to take the


 te the service,
s no conflict with
  is most likely to
                                            Determining the BCM Strategy


Determining the BCM strategy.
This stage of the BCM process is about identifying the action that you can take to maintain the
critical activities that underpin the delivery of your school/department/section's functions and
services.

Having previously determined the RTO for each critical activity you now need to develop a
strategy for meeting it. This involves taking appropriate action to mitigate the loss of the resources
that you identified in the Resource Assessment section of the BIA. The suggestions below outline
some of the tactics that you could adopt to protect your resources but should not be seen as an
exhaustive list.



PEOPLE
Inventory of staff skills not utilised within their existing roles - to enable redeployment

Process mapping and documentation - to allow staff to undertake roles with which they are
unfamiliar;

Multi-skill training of each individual;

Cross-training of skills across a number of individuals;

Succession planning;

Use of third party support, backed by contractual agreements;

Geographical separation of individuals or groups with core skills can reduce the likelihood of losing
all those capable of undertaking a specific role.




PREMISES
Relocation of staff to other accommodation owned by your organisation such as training facilities;

Displacement of staff performing less urgent business processes with staff performing a higher
priority activity (Care must be taken when using this option that backlogs of the less urgent work
do not become unmanageable).

Remote working – this can be working from home or working from other locations;

Use premises provided by other organisations, including those provided by third-party specialists;

Alternative sources of plant, machinery and other equipment.
TECHNOLOGY
Maintaining the same technology at different locations that will not be affected by the same
business disruption;

Holding older equipment as emergency replacement or spares



INFORMATION
Ensure data is backed-up and it is kept off site;

Essential documentation is stored securely (e.g. fire proof safe);

Copies of essential documentation are kept elsewhere.



SUPPLIERS AND PARTNERS
Storage of additional supplies at another location;

Dual or multi-sourcing of materials;

Identification of alternative suppliers;

Encouraging or requiring suppliers/partners to have a validated business continuity capability;

Significant penalty clauses on supply contracts.



STAKEHOLDERS
Mechanisms in place to provide information to stakeholders;

Arrangement to ensure vulnerable groups are accommodated
e likelihood of losing
                                              Business Continuity Planning (1)
                                                   Planning control form



Department/School/Section: ____________________________________________________________


1. Purpose, scope & location of BCM plan
A Business Continuity Management Plan and its supplementing material should provide all the information
the department/school/section needs to ensure that it can manage an immediate incident, continue to carry
out its critical functions and eventually return to a normalised state. These critical functions have been
identified in the BIA section where the calculated Recovery Time Objectives (RTOs) for each are also stated.
It is important to ensure that the plan is easily accessible and copies are kept on and off site.

On site copy location:                                Off site copy location:




2. Version:                                Date:


3. Document owner
   Head of school, department or section :_____________________________________________

   Document maintainer (responsible for reviewing, amending and updating it at regular intervals)
   Area BCM Co-ordinator : ____________________________________________________________



5. Plan invocation
A member of the College's 'Gold' team (SMT members) or, should none be available,
a 'Silver' team member (senior heads of administration & deputies) acting in lieu will instruct (in person or by
phone) the managers of sections/schools/departments to invoke their local emergency plans as necessary
when an emergency situation is threatened or occurs without notice. The same authority level will
communicate when to 'stand down' from the emergency.

Within the section/school/department the following staff have authority to invoke the local emergency plans
as well as mobilise and subsequently stand down their teams. For speed this should be done by radio, land
line, mobile phone or via a runner with written authority or codeword.

    Name                         Status                         Contact number

   _____________________________________________________________________

   _____________________________________________________________________

   _____________________________________________________________________




4. Contents

4.1 Resource plan for critical activity/function (1)________________________________

4.2 Resource plan for critical activity/function (2)________________________________

4.3 Resource plan for critical activity/function (3)________________________________

4.4 Resource plan for critical activity/function (4)________________________________
                                                Business Continuity Planning (2)
                                      Resources immediately essential to the critical activities


 Use a separate planning template for each critical activity or group of activities

Department/School/Section__________________________________________________________

Prioritised critical activity/ies ________________________________________________________

Brief Description ___________________________________________________________________
               _____________________________________________________________________
               _____________________________________________________________________
               _____________________________________________________________________

Other organisation performing/capable of activity/ies:__________________________________

Location of activity/ies: _____________________________________________________________

Level of service to be restored: fully:               partial (explain):

Recovery Time Objective:     hours:                   days:                  weeks:

Remarks: e.g. most critical period ___________________________________________________
___________________________________________________________________________________
___________________________________________________________________________________
__________________________________________________________________________________
___________________________________________________________________________________
___________________________________________________________________________________

1.1 Emergency Contacts


1.1 Essential people to perform/maintain the critical activity/activities

Essential people within the section/school/department
             Name                           Contact Details                 Role/Responsibilities




Essential people within other sections/schools/departments
             Name                           Contact Details                 Role/Responsibilities




Essential people external to Birkbeck
             Name                           Contact Details                 Role/Responsibilities
1.2 Alternative locations for the critical activity/activities

Alternative locations for students
            Locations                            Contacts              Special Arrangements




Alternative locations for staff
            Locations                            Contacts              Special Arrangements




1.3 Equipment and services required + to where & when, how much and where sourced from
           Equipment                 Quantity + to where & when       Source? Supplier? on site
                                                                    already? Order lead time, etc

Emergency grab bag                                                  At Malet & Gordon reception
Emergency staff contact list
Emergency student contact list




1.4 Communication
      Stakeholders to be              Media that will be used for       Message subject to be
     communicated with                  that communication                communicated
Disabled students
Lecturers & other staff
Media
Families
Hirers
                                          Business Continuity Planning (3)
                                           EMERGENCY action checklists
                                Please complete this page electronically in order to save the
                                              details to the Summary sheet

In the event of an EMERGENCY the following actions may need to be undertaken

2.1 Overall priorities of the school/department/section

 Overall                                 Action to take                                 Action
 priorities                                                                             taken
     1
     2
     3
     4
     5
     6
     7
     8
     9
    10

2.2 Action by specific persons or groups
Some tasks/actions may need to be undertaken by particular persons or groups. These tasks
may be one or more of the overall priorities above. Plan these tasks/actions below.


Person/Team:

 Priorities                              Action to Take                                  Taken
     1
     2
     3
     4
     5
     6

Person/Team:

 Priorities                              Action to Take                                  Taken
     1
     2
     3
     4
     5
     6
Person/Team:
 Priorities    Action to Take   Taken
     1
     2
     3
     4
     5
     6

Person/Team:

 Priorities    Action to Take   Taken
     1
     2
     3
     4
     5
     6

Person/Team:

 Priorities    Action to Take   Taken
     1
     2
     3
     4
     5
     6
                                               Business Continuity Management
                                                       Summary Sheet

                                             This sheet will compile automatically


Dept./school/section:

Key Functions or Services
0
0
0
0
0
0
0
0

Critical Activities
0
0
0
0
0
0

                  Ranked Risks - As then Bs, Cs etc (please enter electronically)
0
0
0
0
0
0
0
0
0
0
0
0

Priority emergency actions of the dept./school/section
                                                                                     0
                                                                                     0
                                                                                     0
                                                                                     0
                                                                                     0
                                                                                     0
                                                                                     0
                                                                                     0
                                                                                     0
                                                                                     0

Person/Team:
                                                                                     0
                                                                                     0
                                                                                     0
               0
               0
               0

Person/Team:
               0
               0
               0
               0
               0
               0

Person/Team:
               0
               0
               0
               0
               0
               0

Person/Team:
               0
               0
               0
               0
               0
               0

				
DOCUMENT INFO
Description: Understanding Business Interruption Insurance document sample