Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
MAJOR INCIDENT
Version 1.0
Implemented:
Last updated:
Review date:
1
Business Continuity Plan
Contents
Page
Distribution List 3
Introduction 4
Activation of Plan 5
Emergency Contacts 8
Board Contacts 10
Supplier Contacts 11
Media Contacts 15
Equipment Requirements 19
Risks 28
Log Sheet 52
Incident Timeline 54
Building Plan 55
2
Distribution List
Document Title
Health and safety policies/procedures
Building evacuation procedures
Other emergency procedures
Insurance policies
3
Introduction
It is very difficult, if not impossible, to formulate Business Continuity Plans for all eventualities. Several
risks have been identified and these have been mitigated as far as possible and practical (see pages
20 and 21).
The main objective of Business Continuity Management is to provide a planned approach to the
recovery of a business which has been affected by a business interruption and to help minimise the
impact on employees, customers and the company reputation.
This document is intended to assist in the recovery of key business functions in the event of a major
incident at the bridge such as an explosion in the Administration Building, a significant road traffic
accident, a dangerous structural failure or significant incident on the toll plaza.
Key to the success of recovery from such incidents is the immediate response of the Business
Continuity Team and the formulation of plans to restore critical business processes.
The nature of the incident will have a direct impact on the teams ability to respond immediately as the
Emergency Services will almost always take the lead in incident responses, with the Business
Continuity Team liaising with the Emergency Services and providing information until the incident has
been cleared. At this point plans for the restoration of critical business functions can be put into action.
Cases of structural failure not involving damage and/or injury to HBB employees or third parties will not
normally involve the Emergency Services other than the Police assisting the Board with closure of the
bridge by setting up diversionary routes and signage.
To put in place a structure by which the Board is able to cope with the effects of a major incident and
restore critical business processes as soon as practicable.
4
Activation of Plan: (The Golden Hour)
Notification of a business interruption may originate from a variety of sources. However nearly all
notifications will come from HBB staff as the building is staffed 24 hours a day.
At all times the General Manager and the Business Manager will be the first points of contact and it is
they who will activate the Business Continuity Plan. If neither are available then the Maintenance
Manager should be contacted.
They will ensure the members of the Business Continuity Team are contacted as soon as possible.
The following activation sequence will normally be used when informing HBB staff of the activation of
this plan:
Standby phase
Implement phase
Standby will be used as an early warning of a situation which might at some later stage escalate and
thus require implementation of this plan. A Standby allows key officers time to think, brief staff, start a
business interruption log and prepare for the deployment of resources should an Implement message
be received. This is particularly important if an interruption occurs towards the end of office hours and
staff may need to be asked to stay at work until the situation becomes clear. Resources are not
normally deployed at this stage (although this will largely depend upon circumstances) and a Stand
Down may follow this type of alert.
Implement will be used to request the immediate utilisation of the HBB staff and resources in
activation of the plan.
Stand Down will be used to signify the phased withdrawal of any services provided due to activation
of the plan.
5
Key Staff Contacts
Business Continuity Project Manager
Neil Marshall
The maintenance of this document is the responsibility of the Business Continuity Project
Manager. This plan will be updated on a regular basis and includes the key details and actions
needed to continue all business operations.
This team will comprise the key decision makers in the organisation. Ideally they should
congregate in a pre-designated location. They will be in close contact with the Business
Continuity Manager and will authorise any variations to the recovery plan.
6
BUSINESS CONTINUITY PLAN
Major Incident
This document is intended to assist in the recovery of key business functions following a major incident
at the bridge such as an explosion in the Administration Building, a significant road traffic accident, a
dangerous structural failure or significant incident on the toll plaza.
This plan can be adapted for less severe incidents as all the tasks appropriate in the worst case
scenario might not always be needed.
Alert the Business Continuity Team who will establish immediate business needs and necessary
actions
Advise relevant staff to report to the designated recovery site at appointed time
Consider shift patterns and overtime
Advise remaining staff who are not required immediately to remain at home until contacted
Notify critical contacts (e.g. customers & suppliers)
Establish operations at Designated Recovery Site
Maintain a log of actions taken
Refer to the telephone directory of all employees (includes work and home telephone numbers)
Hallmark Hotel
Ferriby High Road
North Ferriby
East Yorkshire
HU14 3LG
Web: www.hallmarkhotels.co.uk/our_hotels/hull
7
Emergency Contacts
Electricity
South Bank (Far Ings Road) Scottish Power A/C No. 409794508
Gas
8
Staff Contact Numbers
9
Board Contacts
10
Supplier Contacts
11
Other Important Contacts
Virtual Networking.
Insurance Company:
Payroll Services
12
Other Important Contacts (continued)
01430 861886
Farmers Market Manager Hannah Dowson
07814 702607
Cascade HR Software
101A 103 New Pudsey Court
Pudsey 0113 255 4115
Leeds
LS28 6AT
13
Corporate Business Interruption Communications Strategy
During the response to a business interruption it is important that HBB staff are kept fully informed of
progress. HBB staff directly affected by a business interruption will obviously be very concerned about
the impact upon them personally. HBB staff not directly affected by a business interruption also need
to be kept informed of progress as they may be impacted upon, e.g. they may need to take on
additional work, be relocated to alternative accommodation, etc. A clear, concise and accurate flow of
information is essential; it will ensure that all staff are fully aware of developments and can work
together to ensure that the Board overcomes the interruption. The severity of the business interruption
will influence the level of detail and amount of information which needs to be issued to staff.
During the response to a business interruption, internal and external communications will be managed
through the General Manager and Bridgemaster by:
Establishing robust systems of internal communication to ensure HBB staff and Board Members
are kept fully up to date with progress in the recovery
Establishing a comprehensive record keeping system recording all internal and external
communications and monitoring all incoming/outgoing media related material in whatever format
to ensure rapid retrieval as required
Reviewing the effectiveness and appropriateness of the communication strategy once the
incident has been closed and recovery is complete
14
MEDIA CONTACTS
Newspapers
Television
Email: looknorth@bbc.co.uk
Radio
Viking FM Lincs FM
Email: contact@whcrfm.com
15
Resource Requirements for Recovery:
First 24 Hours:
16
24 To arrange temporary Wherever possible Telephones
resources Tel. numbers
Temporary buildings Stationery
Equipment
IT
Toilets
Telephones
Generators
Relocation of cash vault
Access to money
Access to purchase
orders
Skips/diggers etc.
17
Resource Requirements for Recovery:
24 48 Hours:
The number of staff and resources required will depend upon the level of damage to the building and
whether the bridge can re-open safely
18
Equipment Requirements
Location?
Generators
Lighting
Signs
Cones
PPE
Vehicles Owned or hired
Telephones
Mobile phones Phone chargers
Radios Radio chargers
Means of payment Company cheque book
Company credit card
Can our credit limit be increased?
Stationery Notebooks
Pens/pencils/paper
Clipboards
Telephone books
Whiteboards
Markers
Flip charts and pads
Map of the region
Electrical Photocopier
Extension leads
I.T. Computers
Printers
Cascade HR
19
Critical Function Priority List (Business Impact Analysis)
Impact of Loss - describe losses in terms of financial, staffing, loss of reputation etc.
Recovery Time Objective (RTO) - critical period before business losses occur
This list can be used during an emergency to assist your decision making when compiling an Action
Plan as to which function needs to be reinstated first.
20
Business Impact Analysis
Description: Unforeseen structural failure could lead to bridge closure for several
hours or longer.
Plan for closure > 4 hours: Convene the Business Continuity Team
21
Business Impact Analysis
Description: Road traffic accident or other major incident could lead to bridge
closure for several hours or longer.
Plan for closure > 4 hours: Convene the Business Continuity Team
22
Business Impact Analysis
Description: Resilience measures are in place should there be a major failure of the
toll system. Manual system would be initiated for a total system failure.
Key Contact(s):
23
Business Impact Analysis
Description: Many staff rely on computers and applications. Short-term outages are
inconvenient.
Key staff have laptops so key priorities can be met
Impact of Loss: Loss of reputation if not resolved quickly as customer service would be
affected.
Equipment:
24
Business Impact Analysis
Impact of Loss: Loss of reputation if not resolved quickly as customer service would be
affected.
Equipment: Telephone
25
Risk Register Spreadsheet
A number of business risks have been identified and are summarised in this section, and detailed in the
next section.
Each of the risks has been mitigated as far as practicable resulting in a reduction in the likelihood and
impact of those risks.
26
Humber Bridge Board - Risk Register
Description
Likelihood
Change in
risk rating
Reviewed
Reviewed
Risk No
Impact
Owner
Score
Date
Risk
Risk
by
Political pressure to remove toll
1A PH 3 1 3 10/2012 PH
charges
Stakeholder pressure to waive
1B PH 1 3 3 04/2012 PH
charges for specific users
Failure to modernise operations and
2 PH 3 3 9 11/2012 PH
practices
3 Structural failure PH 4 3 12 04/2012 PH
Terrorist attack resulting in serious
4 NM 3 2 6 03/2012 NM
damage
5 Toll system failure NM 2 2 4 03/2012 NM
Failure of major maintenance
contracts to fulfil the contract (in terms
6 PH 2 1 2 11/2012 PH
of completion, cost, timeliness or
quality)
Inability to fill specialist and skilled
7 NM 2 3 6 03/2012 NM
posts
8 Operational Inertia PH 2 3 6 04/2012 PH
27
Risks
28
HUMBERBRIDGEBOARDREVIEWOFRISKREGISTER
PotentialforGovernmenttofollowthepolicyintroducedinScotlandortointroduceaschemeofnationalroadchargingbutunlikelybecauseof
RiskDescription
financialconsequencesondebtrepayments.Impactwouldfallonstaffandchangethenatureofthebusinessobjectives.
AnalysisofGross
Impact 2 Likelihood 1 GrossRisk 2
InherentRisk
3.
4.
5.
6.
7.
8.
Takingintoaccountcontrolscurrentlyimplemented
AdditionalRiskControlMeasures
Providenameofpersonwho
Providetargetdatefor
Providedescriptionoftheadditionalriskcontrolsthathavebeenproposed willberesponsiblefor
implementation
implementingthecontrols
1.
2.
3.
4.
5.
Provideanassessmentofthetargetriskonceadditionalmeasuresimplemented
KeyforRiskCategories
AlmostCertain 5 10 15 20
Likely 4 8 12 16
Possible 3 6 9 12
Unlikely 2 4 6 8
VeryUnlikely 1 2 3 4
Likelihood
Low Medium High Extreme
Impact
ReviewedBy: Date:
29
HUMBERBRIDGEBOARDREVIEWOFRISKREGISTER
RiskDescription Theimpactonincomeofdiscreetgroupsunderconsiderationwouldbeslight.
AnalysisofGross
Impact 2 Likelihood 4 GrossRisk 8
InherentRisk
2. Costimplicationfortollfreeusergroupsareknown PHill W
3. PreviousPublicInquiryInspectorshaveconfirmedthatitisnottheBoardsplacetofundtoll
PHill W
exemptionforusergroups,i.e.hospitalvisitors
4. Significantreducedtolllevels PHill M
5.
6.
7.
8.
Takingintoaccountcontrolscurrentlyimplemented
AdditionalRiskControlMeasures
Providenameofpersonwho
Providetargetdatefor
Providedescriptionoftheadditionalriskcontrolsthathavebeenproposed willberesponsiblefor
implementation
implementingthecontrols
1.
2.
3.
4.
5.
Provideanassessmentofthetargetriskonceadditionalmeasuresimplemented
KeyforRiskCategories
AlmostCertain 5 10 15 20
Likely 4 8 12 16
Possible 3 6 9 12
Unlikely 2 4 6 8
VeryUnlikely 1 2 3 4
Likelihood
Low Medium High Extreme
Impact
ReviewedBy: Date:
30
HUMBERBRIDGEBOARDREVIEWOFRISKREGISTER
Tollboothsrepresentacollisionriskforcustomersandstaff.Automatedcollectionismorelikelytomaximiseincomethanmanualcollection.
RiskDescription
Inefficientpublicperceptionandimageofthebridge.Likelihoodsignificantuntilamodernisationprogrammeisagreed.
AnalysisofGross
Impact 2 Likelihood 3 GrossRisk 6
InherentRisk
2. Workingpractices(Maintenance)reviewedandchangesimplemented. JCooper/NMarshall S
3. Financialimpactestimatedandfundsavailable. PHill M
4.
5.
6.
7.
8.
Takingintoaccountcontrolscurrentlyimplemented
AdditionalRiskControlMeasures
Providenameofpersonwho
Providetargetdatefor
Providedescriptionoftheadditionalriskcontrolsthathavebeenproposed willberesponsiblefor
implementation
implementingthecontrols
1. Contractunderevaluationtoupdatesystemandequipment
PHill April2014
2.
3.
4.
5.
Provideanassessmentofthetargetriskonceadditionalmeasuresimplemented
KeyforRiskCategories
AlmostCertain 5 10 15 20
Likely 4 8 12 16
Possible 3 6 9 12
Unlikely 2 4 6 8
VeryUnlikely 1 2 3 4
Likelihood
Low Medium High Extreme
Impact
ReviewedBy: Date:
31
HUMBERBRIDGEBOARDREVIEWOFRISKREGISTER
Otherbridgesofthesameconstructiontypebutolderareexperiencingpreviouslyunexpectedformsofdeterioration.Lessonscanbelearned
RiskDescription
fromtheirexperiencesbutmitigationcannotbeguaranteed.
AnalysisofGross
Impact 4 Likelihood 3 GrossRisk 12
InherentRisk
2.Fundedmaintenanceprogramme PHill S
3.Nationalandinternationalpeerdiscussions PHill S
4.
5.
6.
7.
8.
Takingintoaccountcontrolscurrentlyimplemented
AdditionalRiskControlMeasures
Providenameofpersonwho
Providetargetdatefor
Providedescriptionoftheadditionalriskcontrolsthathavebeenproposed willberesponsiblefor
implementation
implementingthecontrols
1.Riskbasedinspectionprogramme PHill 2013
2.
3.
4.
5.
Provideanassessmentofthetargetriskonceadditionalmeasuresimplemented
KeyforRiskCategories
AlmostCertain 5 10 15 20
Likely 4 8 12 16
Possible 3 6 9 12
Unlikely 2 4 6 8
VeryUnlikely 1 2 3 4
Likelihood
Low Medium High Extreme
Impact
ReviewedBy: Date:
32
HUMBERBRIDGEBOARDREVIEWOFRISKREGISTER
6. Staffvigilance LineManagers S
7. CivilAviationAuthority500feetexclusionzonearoundthebridge(excludesmilitaryaircraft) GM&B S
Takingintoaccountcontrolscurrentlyimplemented
AdditionalRiskControlMeasures
Providenameofpersonwho
Providetargetdatefor
Providedescriptionoftheadditionalriskcontrolsthathavebeenproposed willberesponsiblefor
implementation
implementingthecontrols
1. None
2.
3.
Provideanassessmentofthetargetriskonceadditionalmeasuresimplemented
KeyforRiskCategories
AlmostCertain 5 10 15 20
Likely 4 8 12 16
Possible 3 6 9 12
Unlikely 2 4 6 8
VeryUnlikely 1 2 3 4
Likelihood
Low Medium High Extreme
Impact
ReviewedBy: Date:
33
HUMBERBRIDGEBOARDREVIEWOFRISKREGISTER
MaintenanceManager
5. TollboothsandtollcomputersystemcoveredbyUPS S
6. Seniormanagersoncallinthefirstinstance BusinessManager S
AdditionalRiskControlMeasures
Providenameofpersonwho
Providetargetdatefor
Providedescriptionoftheadditionalriskcontrolsthathavebeenproposed willberesponsiblefor
implementation
implementingthecontrols
1. TollresiliencestudyhasbeenundertakenbyIBI.Recommendationsstilltobeauctioned,but
willnotbeinplaceuntilthenewtollsystemreplacementcontractislet. BusinessManager 12months+/
Decisionnottomeddlewiththeexistingsystemasthisiswhenfailureismorelikelytooccur.
AnalysisofTargetRisk Impact 2 Likelihood 1 TargetRisk 2
Provideanassessmentofthetargetriskonceadditionalmeasuresimplemented
KeyforRiskCategories
AlmostCertain 5 10 15 20
Likely 4 8 12 16
Possible 3 6 9 12
Unlikely 2 4 6 8
VeryUnlikely 1 2 3 4
Likelihood
Low Medium High Extreme
Impact
ReviewedBy: Date:
34
HUMBERBRIDGEBOARDREVIEWOFRISKREGISTER
Majorcontractsaregenerallysourcedfromspecialistprovidersknownintheindustry.Thereisarigorousselectionprocessandaproventrack
RiskDescription
recordofsuccesswithmajorcontracts.Specialistconsultantsassistwithcontractsupervision.
AnalysisofGross
Impact 3 Likelihood 2 GrossRisk 6
InherentRisk
PeterHill
3. Contractspecification S
PeterHill SRulesarerestrictiveinterms
4. ContractProcedureRules
ofdelegationandfinanciallimits
PeterHill
5. Contractmonitoringarrangements S
PeterHill SAloneorinconjunctionwith
6. SupervisionofcontractorsbyHBBstaff
consultantssupervision
PeterHill
7. PQQprocedureaugmentingselectlist WM
8.
Takingintoaccountcontrolscurrentlyimplemented
AdditionalRiskControlMeasures
Providenameofpersonwho
Providetargetdatefor
Providedescriptionoftheadditionalriskcontrolsthathavebeenproposed willberesponsiblefor
implementation
implementingthecontrols
1.
2.
3.
4.
Provideanassessmentofthetargetriskonceadditionalmeasuresimplemented
KeyforRiskCategories
AlmostCertain 5 10 15 20
Likely 4 8 12 16
Possible 3 6 9 12
Unlikely 2 4 6 8
VeryUnlikely 1 2 3 4
Likelihood
Low Medium High Extreme
Impact
ReviewedBy: PETERHILL Date:
35
HUMBERBRIDGEBOARDREVIEWOFRISKREGISTER
LimitednumberofspecialistsinthemarketplaceasevidencedbydifficultyinrecruitingMajorProjectsManagerandotherengineeringposts.
RiskDescription
Principalissuewithskilledmaintenancestaffwouldnotbeskillsbutlackofsiteknowledge
AnalysisofGross
Impact 3 Likelihood 3 GrossRisk 9
InherentRisk
GM&B
3. Accesstospecialistknowledgethroughconsultancyfirms S
GM&B
4. Accesstospecialistknowledgethroughrecruitmentagencies S
GM&B
5. Abilitytotakeonplacements/secondments S
6.
7.
8.
Takingintoaccountcontrolscurrentlyimplemented
AdditionalRiskControlMeasures
Providenameofpersonwho
Providetargetdatefor
Providedescriptionoftheadditionalriskcontrolsthathavebeenproposed willberesponsiblefor
implementation
implementingthecontrols
1. Boardcouldconsiderreviewingtheremunerationpackage Whenallotheroptions
GM&B
havebeenconsidered
5.
Provideanassessmentofthetargetriskonceadditionalmeasuresimplemented
KeyforRiskCategories
AlmostCertain 5 10 15 20
Likely 4 8 12 16
Possible 3 6 9 12
Unlikely 2 4 6 8
VeryUnlikely 1 2 3 4
Likelihood
Low Medium High Extreme
Impact
ReviewedBy: Date:
36
HUMBERBRIDGEBOARDREVIEWOFRISKREGISTER
RiskDescription Lackofprogressordevelopmentleadingtonottakingadvantageofopportunitiestoimproveefficiency
AnalysisofGross
Impact 1 Likelihood 4 GrossRisk 4
InherentRisk
2.Communicationstrategy PHill M
3.
4.
5.
6.
7.
8.
Takingintoaccountcontrolscurrentlyimplemented
AdditionalRiskControlMeasures
Providenameofpersonwho
Providetargetdatefor
Providedescriptionoftheadditionalriskcontrolsthathavebeenproposed willberesponsiblefor
implementation
implementingthecontrols
1.
2.
3.
4.
5.
Provideanassessmentofthetargetriskonceadditionalmeasuresimplemented
KeyforRiskCategories
AlmostCertain 5 10 15 20
Likely 4 8 12 16
Possible 3 6 9 12
Unlikely 2 4 6 8
VeryUnlikely 1 2 3 4
Likelihood
Low Medium High Extreme
Impact
ReviewedBy: PETERHILL Date:
37
HUMBERBRIDGEBOARDRISKREGISTER
RiskIdentified Malfunctionoftelephonesystem. Type/Category STRATEGICOROPERATIONAL
TelephonesareusedwidelyforcommunicationbothinternallyandexternallyandanyperiodsofdowntimewouldaffecttheBoardsabilityto
RiskDescription provideitsnormallevelofservice.Nofinancialrisk;moreaninconveniencealthoughprolongeddowntimewouldbehighlyinconvenientand
haveanegativeimpactoncustomerservicedelivery.
AnalysisofGross
Impact 3 Likelihood 3 GrossRisk 9
InherentRisk
MaintenancecontractwithCobusCommunications
JohnWilliams S
Afulltelephonesystemfailurecouldberecoveredwithin24hours
TelephonesystemisontheHBBUPSsystem JohnWilliams S
TelephonesystemhasitsownUPSsystemwhichalsoprotectsagainstpowersurges JohnWilliams/Cobus S
Cobuscoverlinefaults,throughKingstonCommunications S
Cobuscanremotelydivertcallstoothernumbers(e.g.mobiles) S
Keystaffhavemobilephonessoalloutsidecontactisnotlost S
Internalcommunicationsstillpossiblewithradiosandmobiles S
Takingintoaccountcontrolscurrentlyimplemented
AdditionalRiskControlMeasures
Providenameofpersonwho
Providetargetdatefor
Providedescriptionoftheadditionalriskcontrolsthathavebeenproposed willberesponsiblefor
implementation
implementingthecontrols
1.FaxescanbedivertedtoemailusingMyFaxorsimilarsoftware NeilMarshall Asrequired
2.Systemreplacementplannedaspartofthetollsystemupgrade,whentherewillbetheopportunityto
NeilMarshall December2013
reviewtherelationshipwiththeservercabinet.
AnalysisofTargetRisk Impact 2 Likelihood 2 TargetRisk 4
Provideanassessmentofthetargetriskonceadditionalmeasuresimplemented
KeyforRiskCategories
AlmostCertain 5 10 15 20
Likely 4 8 12 16
Possible 3 6 9 12
Unlikely 2 4 6 8
VeryUnlikely 1 2 3 4
Likelihood
Low Medium High Extreme
Impact
ReviewedBy: Date:
38
HUMBERBRIDGEBOARDREVIEWOFRISKREGISTER
Contractorsreviewedandworkssubjecttotender.Recentimprovementtooptionsconsidered(contractout,retaininhouse)andmaintained
RiskDescription
workingpractices
AnalysisofGross
Impact 2 Likelihood 3 GrossRisk 6
InherentRisk
2. CPRs JWilliams S
3. Valueformoneytestoninhousework JWilliams M
4. Maintenancecostsbenchmarking? JWilliams M
5. Routinemaintenanceprogrammereview JWilliams/JMilne M
6. Contractmonitoring/KPIs JWilliams S
7. Subjecttoperiodicaudittesting JWilliams M
8.
Takingintoaccountcontrolscurrentlyimplemented
AdditionalRiskControlMeasures
Providenameofpersonwho
Providetargetdatefor
Providedescriptionoftheadditionalriskcontrolsthathavebeenproposed willberesponsiblefor
implementation
implementingthecontrols
1.
2.
3.
4.
5.
Provideanassessmentofthetargetriskonceadditionalmeasuresimplemented
KeyforRiskCategories
AlmostCertain 5 10 15 20
Likely 4 8 12 16
Possible 3 6 9 12
Unlikely 2 4 6 8
VeryUnlikely 1 2 3 4
Likelihood
Low Medium High Extreme
Impact
ReviewedBy: JOHNWILLIAMS Date:
39
HUMBERBRIDGEBOARDREVIEWOFRISKREGISTER
RiskDescription Thereisnohistoricalevidenceofsuchinjuriesoccurring.FinancialimpactwouldbeminimalasHBBisinsuredagainstsuchanincident.
AnalysisofGross
Impact 3 Likelihood 2 GrossRisk 6
InherentRisk
2. Riskassessments JWilliams,JMilne,IAllenby M
3. Contactorriskassessments JCooper,JWilliams,JMilne,IAllenby M
4. WorksPermitSystem JMilne,IAllenby M
5. Maintenanceprogramme JWilliams,JMilne,IAllenby M
6. Signage JWilliams,JMilne,IAllenby M
7. H&Sinspections SPritlove M
8.
Takingintoaccountcontrolscurrentlyimplemented
AdditionalRiskControlMeasures
Providenameofpersonwho
Providetargetdatefor
Providedescriptionoftheadditionalriskcontrolsthathavebeenproposed willberesponsiblefor
implementation
implementingthecontrols
1.
2.
3.
4.
5.
Provideanassessmentofthetargetriskonceadditionalmeasuresimplemented
KeyforRiskCategories
AlmostCertain 5 10 15 20
Likely 4 8 12 16
Possible 3 6 9 12
Unlikely 2 4 6 8
VeryUnlikely 1 2 3 4
Likelihood
Low Medium High Extreme
Impact
ReviewedBy: JOHNWILLIAMS Date:
40
HUMBERBRIDGEBOARDREVIEWOFRISKREGISTER
AlthoughworkisriskassessedandcarriedoutinaccordancewithH&Sregulations/guidance,itisinthenatureofthestructureandthe
RiskDescription
maintenanceworkthatinjuriesmayoccur.Financialimpactismitigatedthroughinsurance.
AnalysisofGross
Impact 3 Likelihood 4 GrossRisk 12
InherentRisk
2. Stafftraining JWilliams,SPritlove,JMilne S
3. Employmenttermsandconditions JKurring M
4. Riskassessments JWilliams,AScullion,JMilne,IAllenby M
5. Signage JWilliams,JMilne,IAllenby W
6. H&Sinspections SPritlove,H&SExecutive M
7.
8.
Takingintoaccountcontrolscurrentlyimplemented
AdditionalRiskControlMeasures
Providenameofpersonwhowillbe Providetargetdatefor
Providedescriptionoftheadditionalriskcontrolsthathavebeenproposed
responsibleforimplementingthecontrols implementation
1.Closersitesupervisionofbothemployeesandcontractors JWilliams,AScullion,JMilne,IAllenby Spring2012
2.
3.
4.
5.
Provideanassessmentofthetargetriskonceadditionalmeasuresimplemented
KeyforRiskCategories
AlmostCertain 5 10 15 20
Likely 4 8 12 16
Possible 3 6 9 12
Unlikely 2 4 6 8
VeryUnlikely 1 2 3 4
Likelihood
Low Medium High Extreme
Impact
ReviewedBy: JOHNWILLIAMS Date:
41
HUMBERBRIDGEBOARDREVIEWOFRISKREGISTER
Themediasometimespresentsnegativereportsasmoreengagingtothepublicleadingtoagenerallossofconfidenceinourprovisionof
RiskDescription
service.
AnalysisofGross
Impact 2 Likelihood 3 GrossRisk 6
InherentRisk
2.EnsureBoardreportsdonotpromotenegativecommentofspeculation PHill S
3.UseprofessionalPRcompaniestomanageexternalpromotion NMarshall M
4.
5.
6.
7.
8.
Takingintoaccountcontrolscurrentlyimplemented
AdditionalRiskControlMeasures
Providenameofpersonwho
Providetargetdatefor
Providedescriptionoftheadditionalriskcontrolsthathavebeenproposed willberesponsiblefor
implementation
implementingthecontrols
1.
2.
3.
4.
5.
Provideanassessmentofthetargetriskonceadditionalmeasuresimplemented
KeyforRiskCategories
AlmostCertain 5 10 15 20
Likely 4 8 12 16
Possible 3 6 9 12
Unlikely 2 4 6 8
VeryUnlikely 1 2 3 4
Likelihood
Low Medium High Extreme
Impact
ReviewedBy: PETERHILL Date:
42
HUMBERBRIDGEBOARDREVIEWOFRISKREGISTER
Businesscontinuityplansareimportantinhelpingtheorganisationdealwithmatterswhichaffecttherunningofthebusiness.
RiskDescription
Planshavenotbeenproduced,formulisedorsharedwithstaff.
AnalysisofGross
Impact 4 Likelihood 4 GrossRisk 16
InherentRisk
5.
6.
Takingintoaccountcontrolscurrentlyimplemented
AdditionalRiskControlMeasures
Providenameofpersonwho
Providetargetdatefor
Providedescriptionoftheadditionalriskcontrolsthathavebeenproposed willberesponsiblefor
implementation
implementingthecontrols
1. PresentationshavebeengiventothemanagementteambyAlanBraveyoftheHumber
EmergencyPlanningTeam,sincewhentheyhaveworkedontheirownBusinessContinuity
WorkongoingDecember
issues. BusinessManager
2012
ThesewillbebroughttogetherbytheBusinessManagerinduecourseinaBusiness
ContinuityPlan.
2.
3.
4.
Provideanassessmentofthetargetriskonceadditionalmeasuresimplemented
KeyforRiskCategories
AlmostCertain 5 10 15 20
Likely 4 8 12 16
Possible 3 6 9 12
Unlikely 2 4 6 8
VeryUnlikely 1 2 3 4
Likelihood
Low Medium High Extreme
Impact
ReviewedBy: Date:
43
HUMBERBRIDGEBOARDREVIEWOFRISKREGISTER
ImpactandlikelihoodhavedecreasedasaresultoftheBoardadoptingrecommendationscomingfromrecentInternalAuditreports.Although
RiskDescription therearewellestablishedcontrolsforprocurement(CPRs),cashcollection,countingandbanking,ticketsalesetc.thereisalwaysthepossibility
ofcollusion.Securityofthevaultishigh.
AnalysisofGross
Impact 4 Likelihood 4 GrossRisk 16
InherentRisk
BusinessManager
3. Assetsecurity/inventorycontrols S
BusinessManager
4. ContractProcedureRules S
BusinessManager
5. Whistleblowingpolicyandprocedure S
BusinessManager
6. AntifraudandCorruptionPolicy S
BusinessManager
7. Personnelpolicies/timesheetcontrols S
8. SAGEaccountingcontrolsandprocedurescoveringpayments,purchaseinvoicesand BusinessManager
S
ordering.
9. AuditpackageprocuredandtestedfortheSAGEsystemasrequestedbyInternalAudit BusinessManager S
Takingintoaccountcontrolscurrentlyimplemented
AdditionalRiskControlMeasures
Providenameofpersonwho
Providetargetdatefor
Providedescriptionoftheadditionalriskcontrolsthathavebeenproposed willberesponsiblefor
implementation
implementingthecontrols
1. None
Provideanassessmentofthetargetriskonceadditionalmeasuresimplemented
KeyforRiskCategories
AlmostCertain 5 10 15 20
Likely 4 8 12 16
Possible 3 6 9 12
Unlikely 2 4 6 8
VeryUnlikely 1 2 3 4
Likelihood
Low Medium High Extreme
Impact
ReviewedBy: Date:
44
HUMBERBRIDGEBOARDREVIEWOFRISKREGISTER
RiskOwner NEILMARSHALL Position BusinessManager RiskNo: 16
ClaimsforinjuryagainstHBBbyparticipantsandobserversof
largeeventstakingplaceonHBBproperty,wherespecificHBB
RiskIdentified Type/Category STRATEGIC
assistancehasbeenrequestedandgiven.
ManyeventsaresmallscaleandpermissionisgiventothesegroupstouseHBBlandandproperty,subjecttooperationalneeds.Nodirect
RiskDescription HBBinvolvement.LargescaleeventsneedHBBinvolvementintheplanning,organisationandsettingupofcones,managingtrafficetc.These
eventsposethegreaterrisk.
AnalysisofGross
Impact 4 Likelihood 4 GrossRisk 16
InherentRisk
GM&B MwouldbeSbut
3. KeyHBBstaffinvolvedineventplanningmeetingswithorganisers,ieHalfMarathon,HOG
meetingsdontalways
includingH&SManager.Minutestakencancirculatedtoallparties
includedutyinspector
GM&B
4. Cleardefinitionofrolesandresponsibilities S
5. EventorganisersconductriskassessmentsandprovidePublicLiabilityInsurance(copiedfor GM&B
M
HBB)
GM&B
6. EventorganisersarrangeFirstAidandliaisonwithEmergencyServices S
GM&B
7. EventorganisersmarshaltheeventHBBassistancekepttoaminimum S
GM&B
8. HBBhavedirectcontactwitheventorganisersontheday S
9. ExtensiveCCTVsystemtomonitorandrecordactivity MaintenanceManager S
GM&B
10. Posteventdebriefincl.HBBstaffweaknessesidentified S
GM&B
11. HBBcansuspendorcancelanevent S
Takingintoaccountcontrolscurrentlyimplemented
AdditionalRiskControlMeasures
Providenameofpersonwho
Providetargetdatefor
Providedescriptionoftheadditionalriskcontrolsthathavebeenproposed willberesponsiblefor
implementation
implementingthecontrols
1. NONE
KeyforRiskCategories
AlmostCertain 5 10 15 20
Likely 4 8 12 16
Possible 3 6 9 12
Unlikely 2 4 6 8
VeryUnlikely 1 2 3 4
Likelihood
Low Medium High Extreme
Impact
ReviewedBy: Date:
45
HUMBERBRIDGEBOARDREVIEWOFRISKREGISTER
Relianceoncomputerswithintheorganisationhasincreasedovertheyearstoanextentthatanyperiodsofserverdowntimeaffectsthe
RiskDescription Boardsabilitytoprovideitsnormallevelofservice.Nofinancialrisk;moreaninconveniencealthoughprolongeddowntimewouldbehighly
inconvenient.
AnalysisofGross
Impact 4 Likelihood 3 GrossRisk 12
InherentRisk
3. HBBserverisontheHBBUPSsystembuthasitsownforifthemainUPSfails MaintenanceManager S
BusinessManager
4. ManagedserviceagreementwithVirtualNetworkingwith1to4hourresponsetime S
BusinessManager
5. AutomaticproactivemonitoringofHBBsystembyVirtualNetworkingandfaultreporting S
BusinessManager
6. RobustFirewalltopreventvirusattacks S
BusinessManager
7. VirtualBackupundertakeneverydayandrestorationtestingundertakenperiodically S
Takingintoaccountcontrolscurrentlyimplemented
AdditionalRiskControlMeasures
Providenameofpersonwho
Providetargetdatefor
Providedescriptionoftheadditionalriskcontrolsthathavebeenproposed willberesponsiblefor
implementation
implementingthecontrols
1. Anadditionalserveristobepurchasedwhichwillduplicatetheexistingserverandwhichcan
bebroughtintoservicequitequicklyintheeventthemainserverfails. BusinessManager Before31/02/2013
Provideanassessmentofthetargetriskonceadditionalmeasuresimplemented
KeyforRiskCategories
AlmostCertain 5 10 15 20
Likely 4 8 12 16
Possible 3 6 9 12
Unlikely 2 4 6 8
VeryUnlikely 1 2 3 4
Likelihood
Low Medium High Extreme
Impact
ReviewedBy: Date:
46
HUMBERBRIDGEBOARDREVIEWOFRISKREGISTER
HighlevelsofstaffabsenceatanyonetimecanaffecttheBoardsabilitytoprovideitsnormallevelsofservice.Highstaffabsenceissupplier
RiskDescription
organisationscanaffecttheBoardfunction.
AnalysisofGross
Impact 4 Likelihood 2 GrossRisk 8
InherentRisk
2. Routineworkscanbedelayedorundertakenbyotheremployeesorcontractedin LineManagers S
3. HBBemployeeabsencecanbecoveredbyovertimeand/oragencyworkers LineManagers S
4. HBBisabletosourceproductsandservicesfromotherorganisation.CPRrulescanbe
GM&B S
suspended
Macriticalalertdoesnt
5. AlertsfromGovernmentandotherAgencies. GM&B automaticallymeanHBB
willbeaffected
6. AdditionalPPEcanbeprovidedtostaffi.e.gloves,gelsetc. LineManagers/H&SManager S
7.
Takingintoaccountcontrolscurrentlyimplemented
AdditionalRiskControlMeasures
Providenameofpersonwho
Providetargetdatefor
Providedescriptionoftheadditionalriskcontrolsthathavebeenproposed willberesponsiblefor
implementation
implementingthecontrols
1. Couldincreasethedeploymentofremoteaccesstoallowmorestafftoworkfromhome
BusinessManager Whennecessary
2. BusinessContinuityPlanstobeformalised
BusinessManager Whennecessary
3. Awarenesstrainingforstaff
BusinessManager Whennecessary
4.
Provideanassessmentofthetargetriskonceadditionalmeasuresimplemented
KeyforRiskCategories
AlmostCertain 5 10 15 20
Likely 4 8 12 16
Possible 3 6 9 12
Unlikely 2 4 6 8
VeryUnlikely 1 2 3 4
Likelihood
Low Medium High Extreme
Impact
ReviewedBy: Date:
47
HUMBERBRIDGEBOARDREVIEWOFRISKREGISTER
TheprimarycoldwaterstoragetankissituatedabovetheControlRoomintheAdministrationblock.Ifthistankfailstherecouldbepotential
RiskDescription
leakageontocriticalcomputerequipmentinthecontrolroomandotheroffices.
AnalysisofGross
Impact 4 Likelihood 3 GrossRisk 12
InherentRisk
PHill
3. Tankisofnoncorrosivematerial S
4. Materialisunlikelytosuffercatastrophicfailure(ieitwouldleakprogressivelyratherthan PHill
M
burst)
5.
6.
7.
8.
Takingintoaccountcontrolscurrentlyimplemented
AdditionalRiskControlMeasures
Providenameofpersonwho
Providetargetdatefor
Providedescriptionoftheadditionalriskcontrolsthathavebeenproposed willberesponsiblefor
implementation
implementingthecontrols
1. Annualvisualinspectiontoconfirmintegrityoftank
MaintenanceManager 12/2012
2. Proactiverenewalinlinewithmanufacturersrecommendedlifespanof30years(inst.2000)
GeneralManager 2030
3.
4.
Provideanassessmentofthetargetriskonceadditionalmeasuresimplemented
KeyforRiskCategories
AlmostCertain 5 10 15 20
Likely 4 8 12 16
Possible 3 6 9 12
Unlikely 2 4 6 8
VeryUnlikely 1 2 3 4
Likelihood
Low Medium High Extreme
Impact
ReviewedBy: Date:
Signed: DateOfNextReview:
48
Emergency Response Checklist
Arrange a Debrief:
49
Invocation Business Continuity Team
In the first 24 hours following a major incident and the implementation of the Business Continuity Plan a
number of actions will need to be completed.
8 Ensure you have identified the priorities, i.e. the critical services
affected, or likely to be affected, by the incident (refer to Business
Impact Analysis)
10 Identify not only the priorities for recovering mission critical services,
but also consider the unaffected mission critical services which may
need protecting/sustaining while effort is focused on recovery.
50
and thereafter (Checklist of Actions)
51
Log Sheet
52
Incident Assessment Form
This table is to be used for completing an initial assessment of which mission critical services have been impacted and the likely duration of the impact.
Priority
Accountability for
Order
Note: Columns 2 and 3 should be populated from the Business Impact Assessment in advance of an incident.
53
INCIDENT TIMELINE
Incident
Timeline
Incident Response
Business Continuity
54
Building Plan as at 23 August 2012
55