Business Continuity Guide - Alberta

Government of Alberta Business Continuity Guide

Business Continuity Guide 2017

June 2017

Page | 1

Government of Alberta Business Continuity Guide

Acknowledgements The Business Continuity Guide is the primary resource document for the Government of Alberta's departments in the development of a business continuity plan as defined by the Alberta Emergency Plan. The Alberta Emergency Management Agency has prepared this guide in order to provide a frame of reference for Business Continuity Officers to develop, maintain, and improve their departmental Business Continuity Programs. Consideration has been given to the development of three components: the legislated requirements, business continuity plan components (ability to activate and implement the plan), and business continuity management program components (ability to improve department's business continuity resilience) for continuous improvement. The guide emphasizes departments' responsibility to resume essential services for Albertans in the face of business continuity disruptions. In managing business continuity disruptions, a successful outcome is judged by both the technical response and the perceived competence of the management. We hope you find this guide a valuable addition to your business continuity planning resources. If you have any questions, comments, or recommendations for amendments, please contact: Plans Manager Alberta Emergency Management Agency 14515 122 Ave NW Edmonton, Alberta T5L 2W4 Phone: 780-422-9000 Website: 3rd Edition ISBN 978-0-7785-5982-5 Copyright ? 2014 the Crown in the Right of Alberta, as represented by the Minister of Municipal Affairs, Alberta Emergency Management Agency, Edmonton, Alberta, Canada. All Rights reserved. Commercial use strictly prohibited. Modification or reproduction prohibited unless authorized in writing by the copyright owner.

Page | 2

Government of Alberta Business Continuity Guide

Record of Amendments

The Business Continuity Guide may require updates and amendments based on various factors. In order to ensure that the most accurate copy of the Guide is maintained, it is recommended that a business continuity team member be assigned the responsibility of maintaining current copies of the Guide.

List of all amendments made to the Guide since inception.

Amendment Number 2007-01 2014-02 2017-03

Effective Date

April 2007 15 August 2014 1 June 2017

Amended By (Please print)

Shem Bundi Alan Younghusband Dan Howlader

Initials

SB AY DH

Page | 3

Government of Alberta Business Continuity Guide

Table of Contents

Acknowledgements .................................................................................................................... 2 Record of Amendments ............................................................................................................. 3 Table of Contents....................................................................................................................... 4 Business Continuity Management .............................................................................................. 7

1.1 Executive Summary ..................................................................................................... 7 1.2 GOA Business Continuity Management (BCM) ............................................................ 7 1.3 Authority and Legislation.............................................................................................. 7 1.4 Guiding Principles ........................................................................................................ 8 1.5 Business Continuity Standards and Best Practices ...................................................... 8 1.6 Acronyms..................................................................................................................... 8 1.7 Terms and Definitions .................................................................................................. 9 Business Continuity Program Creation and Management .........................................................11 2.1 What is a Business Continuity Program? ....................................................................11 2.2 BCM Program Scope ..................................................................................................11 Business Continuity Plan Development.....................................................................................13 3.1 Overview and Plan Development Objectives...............................................................13 3.2 Planning Steps / Development Process ......................................................................13

3.2.1 Initial Preparation .................................................................................................13 3.2.2 Interim Plan .........................................................................................................14 3.2.3 Risk Assessment .................................................................................................14 3.2.4 Business Impact Analysis ....................................................................................14 3.2.5 Emergency Response and Contingency Procedures ...........................................15 3.2.6 Disaster Recovery and Continuity Strategies .......................................................15 3.2.7 Writing .................................................................................................................15 3.2.8 Awareness and Training ......................................................................................15 3.2.9 Review, Test, Exercise, Audit, and Maintenance .................................................15 3.3 Structure and Content of the Business Continuity Plan ...............................................15 3.3.1 Cover Page, Contents and Layout .......................................................................15 3.3.2 Business Continuity Program ...............................................................................16 3.3.3 Plan Activation, Coordination and Communication...............................................16 3.3.4 Business Impact Analysis and Risk Assessment .................................................17 3.3.5 Business Unit(s) Continuity Procedures ...............................................................17 3.3.6 Review, Maintenance, Training, and Exercises....................................................17 3.3.7 Supporting Documents ........................................................................................17

Page | 4

Government of Alberta Business Continuity Guide

3.4 Approval and Distribution ............................................................................................17 3.5 Summary ....................................................................................................................18 Plan Activation and Incident Management ................................................................................19 4.1 Overview.....................................................................................................................19 4.2 Management and Control Responsibilities ..................................................................19

4.2.1 Executive Team ...................................................................................................19 4.2.2 Management Team..............................................................................................19 4.2.3 Operational / Response Team .............................................................................19 4.3 Emergency Operations Centre Location .....................................................................20 4.4 Emergency Procedures ..............................................................................................20 4.5 Activation Procedures and Operations ........................................................................20 4.6 Communication Plan ...................................................................................................20 Risk Assessment ......................................................................................................................22 5.1 Background.................................................................................................................22 5.2 Risk Assessment Processes .......................................................................................22 5.2.1 Risk Assessment Considerations.........................................................................22 5.2.2 Risk Assessment Walkthrough ............................................................................22 5.2.3 Setting the Context ..............................................................................................23 5.2.4 Risk Identification.................................................................................................23 5.2.5 Risk Analysis .......................................................................................................23 5.2.6 Risk Evaluation ....................................................................................................25 5.2.7 Risk Mitigation .....................................................................................................26 5.3 Summary ....................................................................................................................27 Business Impact Analysis .........................................................................................................28 6.1 Overview.....................................................................................................................28 6.2 Business Impact Analysis Importance.........................................................................28 6.3 Conducting a Business Impact Analysis......................................................................29 6.3.1 Define the Scope .................................................................................................29 6.3.2 Preparing the Business Impact Analysis ..............................................................29 6.3.3 Data Collection: Scope and Methods ...................................................................30 6.3.4 Post Collection Activities ......................................................................................31 6.3.5 Processing Data ..................................................................................................31 6.3.6 Data Control ........................................................................................................32 6.4 Final BIA Report .........................................................................................................32 6.5 Summary ....................................................................................................................33 Business Continuity Strategies..................................................................................................34

Page | 5

Government of Alberta Business Continuity Guide

7.1 Overview.....................................................................................................................34 7.2 Information Gathering for Strategy Development ........................................................35 7.3 Approaches for Business Continuity Strategies...........................................................35

7.3.1 Disaster Recovery Strategies...............................................................................35 7.3.2 Business Continuity Strategies ............................................................................35 7.4 Strategy Selection Process .........................................................................................36 7.5 Summary ....................................................................................................................36 Awareness and Training ...........................................................................................................37 8.1 Overview.....................................................................................................................37 8.2 Creating Awareness....................................................................................................37 8.2.1 General Staff Awareness Training .......................................................................37 8.2.2 Business Continuity Team Training......................................................................37 8.2.3 Executive and Senior Management Training........................................................37 Program Maintenance...............................................................................................................38 9.1 Overview.....................................................................................................................38 9.2 Review Process ..........................................................................................................38 9.3 Audit Process..............................................................................................................39 Exercising and Testing..............................................................................................................41 10.1 Overview.....................................................................................................................41 10.2 Exercise Types and Methods ......................................................................................41 10.2.1 Walkthrough Business Continuity Exercise ..........................................................41 10.2.2 Table Top Business Continuity Exercise ..............................................................41 10.2.3 Simulation Business Continuity Exercise .............................................................42 10.3 Lessons Learned ........................................................................................................42

Page | 6

Government of Alberta Business Continuity Guide

Business Continuity Management

1.1 Executive Summary

When a significant event causes disruption to the provision of essential services to Albertans, the Government of Alberta (GOA) will execute the GOA Business Continuity Plan (BCP) in order to recover the disrupted services. The GOA BCP outlines the framework by which the government manages the continuity of its essential services during business disruptions. Under the coordination of Alberta Emergency Management Agency (AEMA), individual departments will implement their individual BCPs (as required) to ensure the continuation of critical and vital services that are essential for the health and safety of all Albertans. Under current legislation and in conjunction with industry best practices, AEMA and GOA departments maintain comprehensive Business Continuity Management programs to address the known and unknown risks that may adversely affect Albertans.

This guide will assist Business Continuity Officers (BCOs) and their teams through the process of business continuity planning and management. This guide is intended as an overview of current best practices targeted at GOA departments, and while extensive, may not cover all unique requirements for each department. Users are encouraged to seek additional information as needed of this guide to meet the demands of their departments. Similarly, while many of the lessons and components in this guide may transfer to municipal management, outside users should ensure fit and applicability for their specific requirements. Additional information and assistance for GOA departmental Business Continuity Teams (BCTs) is available from AEMA.

1.2 GOA Business Continuity Management (BCM)

When a disruptive incident occurs, and the initial emergency response has been resolved, departments need to begin the task of restoring and maintaining essential services to Albertans. Through a comprehensive Business Continuity Program, with a documented BCP, departments will be able to assess potential risks, understand their impacts, and know how to resume essential services efficiently and effectively, regardless of the mechanism of disruption.

A comprehensive Business Continuity program will:

? Ensure provision of essential services to all Albertans. ? Ensure and maintain confidence in government. ? Minimize potential revenue loss. ? Reduce the impact related to service disruption.

1.3 Authority and Legislation

The current legislative framework for business continuity planning in the GOA is derived from the Emergency Management Act (EMA) and the Government Emergency Management Regulation (GEMR). These documents assigned roles, responsibilities and authorities for business continuity planning in the GOA.

The GEMR assigns AEMA the responsibility for developing, implementing and maintaining the Alberta Emergency Plan (AEP) and the GOA BCP. The GEMR also assigns AEMA the responsibility for requiring each department, in consultation with AEMA, to prepare, implement, and maintain a BCP. The deputy heads of departments (typically deputy ministers) retain the accountability for business continuity planning within each department.

Page | 7

Government of Alberta Business Continuity Guide

1.4 Guiding Principles

This guide provides a frame of reference for BCOs to develop, maintain, and improve their departmental BCM program. This guide is meant to highlight current industry best practices and provide suggestions or an alternative perspective that will enhance existing BCPs. The Guide is not a prescriptive instruction manual that must be followed to meet GOA BCP requirements. While not focusing on templates, it is understood that content specific to the department be more important than standardization of the plan.

1.5 Business Continuity Standards and Best Practices

Business continuity continues to gain momentum and recognition within both the national and the global emergency management framework. Currently, the GOA recognizes that in the international business continuity community, ISO 22301:2012 provides leadership and comprehensive standards for business continuity professionals to benchmark against in developing and enhancing their BC programs. AEMA uses CSA Z1600 to create measureable goals within a national context. Both of these standards are used as benchmarks in developing this Guide and will be used on an ongoing basis to inform best practice for the GOA.

1.6 Acronyms

Acronym

AEMA AEP BC BCG BCM BCO BCP BCT BIA CSA DM EMA EOC FERP GEMR GOA GOA BCP IAP IT MTPD RTO(s)

Full Spelling

Alberta Emergency Management Agency Alberta Emergency Plan Business Continuity Business Continuity Guide Business Continuity Management Business Continuity Officer Business Continuity Plan Business Continuity Team Business Impact Analysis Canadian Standards Association Deputy Minister Emergency Management Act Emergency Operations Centre Facility Emergency Response Plan Government Emergency Management Regulation Government of Alberta Government of Alberta Business Continuity Plan Incident Action Plan Information Technology Maximum Tolerable Period of Disruption Recovery Time Objective(s)

Page | 8

 ................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download