5 minute read
Table 3: Incident response team members
5 Assemble incident response team
Once the decision has been made to activate the business continuity plan, the Team Leader (or deputy) will ensure that all role holders (or their deputies if main role holders are uncontactable) are contacted, made aware of the nature of the incident and asked to assemble at the Incident Command Centre.
The exception is the Incident Liaison who will be asked to attend the location of the incident in order to start to gather information for the impact assessment that the IRT will conduct so that an appropriate response can be determined.
5.1 Incident response team members
The IRT will consist of the following people in the roles specified and with the stated deputies.
ROLE
Team Leader
Team Facilitator
Incident Liaison
Business Operations
Health and Safety
Human Resources
Communications
Legal and Regulatory
MAIN ROLE HOLDER
Table 3: Incident response team members
DEPUTY
Contact details for the above are listed in the document Business Continuity Contact Log.
5.2 Roles and responsibilities
The responsibilities of the roles within the incident response team are as follows:
5.2.1 Team leader
• Decides whether or not to initiate a response
• Assembles the incident response team • Overall management of the incident response team • Acts as interface with the board and other high-level stakeholders • Final decision maker in cases of disagreement
5.2.2 Team facilitator
• Supports the incident response team • Co-ordinates resources within the command centre • Prepares for meetings and takes record of actions and decisions • Briefs team members on latest status on their return to the command centre • Facilitates communication via email, fax, telephone or other methods • Monitors external information feeds such as weather and news
5.2.3 Incident liaison
• Attends the site of the incident as quickly as possible • Assesses the extent and impact of the incident • Provides first-person account of the situation to the IRT • Liaises with the IRT on an on-going basis to provide updates and answer any questions required for decision-making by the IRT
5.2.4 Business operations
• Contributes to decision-making based on knowledge of business operations, products and services • Briefs other members of the team on operational issues • Helps to assess likely impact on customers of the organization
5.2.5 Health and safety
• Assesses the risk to life and limb of the incident • Ensures that legal responsibilities for health and safety are met at all times • Liaises with emergency services such as police, fire and medical • Considers environmental issues with respect to the incident
5.2.6 Human Resources
• Assesses and advises on HR policy and employment contract matters • Represents the interests of organization employees • Advises on capability and disciplinary issues
5.2.7 Communications
• Responsible for ensuring internal communications are effective • Decides the level, frequency and content of communications with external parties such as the media • Defines approach to keeping affected parties informed e.g. customers, shareholders
5.2.8 Legal and regulatory
• Advises on what must be done to ensure compliance with relevant laws and regulatory frameworks • Assesses the actual and potential legal implications of the incident and subsequent actions
5.3 Incident command centre
In order to accommodate the IRT, a pre-prepared location has been selected for the incident command centre.
5.3.1 Location
The address of the command centre is as follows:
[Give the full address of the command centre]
A location map and floor plan of the command centre are shown at Appendix B of this document.
5.3.2 Access
During office hours (8am to 5.30pm Monday to Friday) the command centre is accessible via reception at the main entrance to the building. Outside of office hours the Duty Facilities
Manager must be contacted on xxx xxxx to provide access within one hour of it being requested.
5.3.3 Parking
Parking is available 24 hours a day, 7 days a week at the public facility directly across the street from the office building containing the command centre.
5.3.4 Facilities in the command centre
The following facilities are available with the command centre:
• Main office area • Separate conference room • 8 x Landline telephones • 1 x Fax machine • 8 x desktop computers • Access to the corporate network • Internet access • 8 x workstations • Washroom facilities • Small kitchen with kettle and microwave • Projector with screen • 1 x colour printer (networked) • Television • Radio • 8 x hard hats and high visibility vests • 4 x flashlights • Stationery (pads, pens, pencils, hole punch, staplers)
A variety of shops are within easy walk of the command centre should additional equipment be needed (shop hours only).
5.4 Alternate command centre
If the incident command centre is not available for any reason, a secondary facility exists at the following location:
[Give the full address of the alternate command centre. Add location map, floor plan and facility list if available]
6 Impact assessment
Once the IRT has been assembled at the command centre, a more detailed impact assessment must be carried out in order to decide the appropriate response.
The information that should have been recorded at the time of notification of the incident is as follows:
• Date and time of the incident • Nature of the incident e.g. fire, flood, explosion • Location of the incident • Whether emergency services have been called (if appropriate) and if so, are they in attendance? • Any injuries or loss of life if known • An estimate of the scale of the impact
In addition to this initial indication, further information should be available from the Incident Liaison team member of the IRT who should be at the location of the incident.
Useful further information could include:
• Likely duration of the incident • Any obvious knock-on effects • The extent of impact on infrastructure including computers, networks, equipment and accommodation • The business units affected and the extent of the impact to them • The effect on production or service delivery • A list of those people that will not be able to assist in the recovery • Initial indication of the likely cause of the incident
This information should be documented so that a clear time-based understanding of the situation as it emerges is available for current use and later review. A form template is provided for this purpose in the document Incident Impact Information Log.
A list of the business activities, products, services, teams and supporting processes that have been affected by the incident should be created together with an assessment of the extent of the impact. Template forms to record this information can be found in the BCMS documents Incident Impact Information Log and Plan Activation Log.
