BCM Policy
BCM Policy
BCM Policy
August 2015
The Government of the Republic of Trinidad and Tobago
Business Continuity Management Policy for the Public Service
Approval Page
Distribution List
Change Record
Table of Contents
Abbreviations .............................................................................................................................. 1
1. Purpose ............................................................................................................................... 1
17. Glossary............................................................................................................................. 10
Abbreviations
1. Purpose
“Business Continuity Management is a holistic management process that identifies potential
threats to an organisation and the impact to business operations those threats, if realised, might
cause, and which provides a framework for building organisational resilience with the
capability of an effective response that safeguards the interests of its key stakeholders,
reputation, brand and value-creating activities”.1
The Government of the Republic of Trinidad & Tobago (GoRTT) has determined a need for the continuance of
critical services by Ministries, Departments and other Agencies across the Public Service, in the event of a unique
business debilitating incident. A unique business debilitating incident is any situation specific to the
organisation that might be or could lead to a business interruption, loss, emergency or crisis. During this period
of interruption, the rest of the country, and by extension the rest of the Public Service, is functional and therefore
users of Public Services expect the availability of services, notwithstanding an incident. The GoRTT
acknowledges that certain business debilitating incidents can escalate to a national or regional disaster, in which
instance the organisation facing the incident will be expected to keep the Office of Disaster Preparedness and
Management (ODPM) informed of the incident.
The GoRTT recognises that the unexpected could happen, the effect of which could compromise the ability to meet
acceptable standards of service. The GoRTT further recognises that it does not have the required business
resiliency to ensure seamless continuance of public services, in the event of a unique business interruption during
which citizens expect continued public services. To this end, the GoRTT wants assurance that it is protected
against such risks and threats that could materially impact upon or disrupt its critical business operations.
For these reasons, the GoRTT is implementing a Business Continuity Management (BCM) Programme across the
Public Service to ensure a timely and effective business continuity, disaster preparedness, response and total
business recovery, should a significant unique business interruption occur. The Programme minimises exposure
to risk, the adverse impact on employees and reputation, and protects the interests of stakeholders and the wider
community, while providing for continuity of operations.
This BCM Policy provides the framework on which the BCM Programme is designed and built and identifies the
principles to which the GoRTT aspires and provides the context in which the required capabilities will be
implemented. The BCM Policy demonstrates the GoRTT’s commitment to BCM.
The BCM Programme utilises a whole of Government approach which promotes the following:
1. A common and consistent methodology for BCM across the Public Service
2. A cost effective approach to implementing business continuity and disaster recovery strategies across the
Public Service
3. A centralised oversight and support system to monitor the successful implementation of BCM
1
ISO 22301:2012
2. Policy Goals
The overarching goal of the BCM Policy is to realise continued delivery of public services to citizens in the event of
a unique business interruption using this organisational resiliency approach. In so doing the GoRTT expects to
achieve:
3. Target Audience
This BCM Policy is targeted to the Accounting Officers or Administrative Heads of a public service Ministries,
Departments and Agencies and includes Permanent Secretaries, Heads of Departments, the Chief Administrator,
Tobago House of Assembly or any equivalent, and to Directors, Managers, Facilities Management Officers,
Health, Safety and the Environment (HSE) Officers, Information Technology (IT) Officers, Human Resource (HR)
Officers and all other persons across the Public Service responsible for the provision of services offered in its
business operations.
Elected or selected Heads including the President, Commissioners and other Heads of Constitutional and Other
Authorities including the Tobago House of Assembly, Parliamentary Heads and Members, the Chief Justice and
other Judiciary Heads, the Prime Minister and Line Ministers are key stakeholders in endorsing this Policy and
where applicable, participating in the rollout of BCM, to ensure the continued provision of public services.
It is the responsibility of the leadership of Ministries, Departments and Agencies across the Public Service to
inform staff about the BCM Policy.
It is the responsibility of staff to be aware of, understand and adhere to this Policy.
Each Ministry, Department and Agency is expected to comply with the provisions of this BCM Policy and to
develop and/or enhance its capability to continue critical operations in the event of a unique business
interruption.
The BCM Policy is not applicable to State Agencies (wholly owned, majority owned, minority owned or indirectly
owned etc). However, State Agencies are free to be guided by this policy framework.
This Policy covers business continuance of the critical processes across the Public Service, and the critical
supporting IT/ICT and other systems which must be operational at the primary or alternative locations, in the
event of a unique business interruption. A necessary pre-requisite is to identify the business processes critical to
each Ministry, Department and Agency across the Public Service; the resources required to effectively perform
these processes, and how each Ministry, Department and Agency, can sustain critical service delivery operations
during periods of interruption.
Compliance with the provisions of this BCM Policy is mandatory and breaches will be dealt with in accordance
with established regulations set out in the Civil Service Act, Chapter 23.01 of the Laws of the Republic of Trinidad
and Tobago and other regulations that govern staff performance.
The BCM Policy is aligned to the Comprehensive Disaster Management Policy Framework for Trinidad and
Tobago and the National Response Framework. The management of island wide disasters falls under the scope of
the Office of Disaster Preparedness and Management (ODPM), a division of the Ministry of National Security.
Nothing in this BCM Policy subsumes or cancels the function of the ODPM.
In the event that a unique business interruption escalates, it will be addressed in accordance with the three-level
system of response as defined in the National Response Framework, through organisations within the National
Disaster network e.g. local government authorities and other first responder Agencies; ODPM’s National
Emergency Operations Centre (NEOC) and relevant Ministries such as, but not limited to the Office of the Prime
Minister and the Ministries of National Security , Foreign Affairs and Finance and the Economy.
The BCM Policy is also in alignment with the Public Service Excellence programme which from 2014 includes the
Trinidad and Tobago Diamond Standard Certification, which provides national certification to services of
Ministries, Departments and Agencies that exemplifies excellence in delivering public services to citizens and
other client groups. Services seeking certification will be assessed on the basis on a number of criteria including
the level of Business Continuity capability.
This BCM Governance and Operational Framework, diagrammatically shown in Appendix A, consists of three (3)
tiers:
The BCM Oversight Committee will be responsible for leadership and oversight of the BCM operations across the
Public Service. This Committee will provide strategic direction of BCM across the Public Service, update and set
new Policy, make across-government decisions, guide across-government financing decisions relative to BCM,
identify and facilitate across-government BCM related synergies, develop the people capacity to ensure the
critical mass for sustainability of BCM, resolve across-government issues, set the boundaries for the working
relationship between the Ministry with responsibility for BCM, and the Ministries, Departments and Agencies
across the Public Service as it relates to business continuity; and monitor and inform the development,
continuous improvement, maturity and sustainability of the GoRTT’s BCM Programme.
The BCM Oversight Committee will comprise of representatives from the National Operations Centre (NOC) and
ODPM (or their equivalent new or restructured agencies) who will ensure direct linkage with the national disaster
network. The Committee will provide timely and accurate feedback to the Cabinet of the Republic of Trinidad and
Tobago, and facilitate information sharing with Permanent Secretaries, Heads of Departments and Heads of
Agencies across the Public Service on BCM matters. This Committee will collaborate with the ODPM to ensure
that GoRTT’s BCM Policy is incorporated into its deliberations and decision making. This Committee will be
chaired by the Permanent Secretary of the Ministry with responsibility for BCM and will work closely with the
BCM Services Division.
It is to be noted that government Ministries, in accordance with Section 66 D of Act No 29 of 1999 cited as the
Constitution (Amendment) Act of 1999, are required to report to the President and both Houses of Parliament on
an annual basis on their operations. As such, information on the BCM matters will be in the public domain.
The BCM Services Division of the Ministry with responsibility for BCM will be responsible for managing and
coordinating business continuity implementation across the Public Service. This includes standardisation of
business continuity and disaster recovery planning, policy and plan development, validation and compliance,
project management, training, and BCM monitoring and evaluation across the Public Service. The BCM Services
Division will be headed by a Director BCM Services, who will be responsible for the overall management and
coordination of BCM for the Public Service. The Director will report to the Permanent Secretary of the Ministry
with responsibility for BCM. The BCM Services Division will be resourced with the requisite skills to roll-out BCM
to the Public Service
Accounting Officers or Administrative Heads of each Ministry, Department and Agency across the Public Service
will be responsible for adherence to this BCM Policy, implementing the BCM methodology as well as for the
maintenance of the Ministry’s, Department’s or Agency’s Business Continuity and Recovery Plans. Accounting
Officers or Administrative Heads will be supported by the Head of each Division or Business Unit. The Head of
each Division or Business Unit will be responsible for ensuring the implementation and maintenance of Divisional
or Business Unit Business Continuity and Recovery plans, and adherence by all staff of each Division or Business
Unit to this BCM Policy and the plans. Each Ministry, Department or Agency will appoint a BCM Co-ordinator
who will liaise with the BCM Services Division of the Ministry with responsibility for BCM and will ensure that the
Ministry, Department or Agency’s Business Impact Assessment (BIAs) are completed and BCM plans are tested
and updated periodically. The BCM Co-ordinator will report to the Permanent Secretary, Head of the Department
or Head of the Agency i.e. the Accounting Officer or Administrative Head on BCM matters.
All Public Service organisations will make adequate provisions to facilitate staff who are assigned to respond to
relevant business interruptions beyond the normal operational hours.
A Business Impact Analysis (BIA) to identify and understand the impact of a significant business
interruption on the Ministry, Department or Agency and associated business units, as well as the impact
of significant business interruptions at key third parties; to obtain an inventory of the Ministry,
Department or Agency’s business processes, to identify the time criticality of each business process, to
determine their order of recovery in the event of disruptions, and to identify the minimum supporting
data and resources to maintain or recover these critical processes following disruptions.
In consideration of the fact that there are very small and very large public service Ministries, Departments and
Agencies, and cognisant of the maturity level of BCM and economies of scale, conduct of risk assessments and
business impact analysis may be appropriately scoped, and is to be done in consultation with the BCM Services
Division.
Business Continuity, Disaster Recovery and Emergency Response Plans will be developed and documented so that
business continuity strategies can be implemented and maintained. These plans will also provide scenario based
guidance on the sequence of actions to be taken in the event of business interruptions and disaster. These plans
will include continuity and recovery measures and teams with their roles, responsibilities, and accountabilities
during and after business interruptions. Plans will have clear procedures to deal with significant unique
disruptions; including communication with ODPM should these escalate to geographic or national crises.
Therefore Crisis Communication Plans will be tightly integrated into BCPs and DRPs, as well as inventories of
back up resources for rapid deployment to maintain services to the public.
Business Continuity, Disaster Recovery and Emergency Response Plans will be available in both hard and soft
copies at the relevant Ministry, Department and Agency.
Each Ministry, Department or Agency will have ownership of its business continuity plan and will be responsible
for its maintenance and evaluation to ensure that business continuity and disaster recovery strategies are
appropriate, and that the plan adequately addresses its service level requirements.
Testing of BCM plans will be conducted by each Ministry, Department and Agency across the Public Service at
least annually or more frequently as the need arises and will increase in scope each subsequent year as the BCM
Programme matures. Where possible, this can coincide with the National Annual Drill spearheaded by the
National Disaster Office. . Between the annual test intervals, components of the overall plan can also be tested in
preparation for the full blown exercise. The scope of each test will be discussed and agreed by the BCM Services
Division of the Ministry with responsibility for BCM and the relevant Ministry, Department and Agency.
Logistics of the test i.e. date, time, venue, transportation and technical support
Communications, Disaster Declaration and Plan Execution Sequence
Test activities
Report of the test results
Corrective action, where relevant
De-briefing sessions will be held immediately after each test to identify strengths, weaknesses, capacity to meet
response time objectives (RTOs), lessons learnt and ways for improving the exercise and/or business
continuity/disaster recovery plans.
A report outlining the outcomes of the exercise, lessons learnt and recommendations for improvements will also
be prepared and presented to the Permanent Secretary of the relevant Ministry, Head of the Department, or Head
of the Agency. When completed a copy of this report will be forwarded to the BCM Services Division of the
Ministry with responsibility for BCM.
The results of the tests will be used to identify and correct continuity planning gaps, update existing plan
documentation, and procedures.
In consideration of the fact that there are very small and very large public service Ministries, Departments and
Agencies and cognisant of the maturity level of BCM and economies of scale, Plan Maintenance and Testing may
be appropriately scoped, and is to be done in consultation with the BCM Services Division.
The BCM Services Division of the Ministry with responsibility for BCM will prepare and submit an Annual Report
on BCM to the Oversight Committee. This Report will address matters such as but not limited to, the following:
the BCM activities undertaken, capacity measurements (number of staff involved in BCM activities; number of
trained personnel; number of Agencies that have completed, pursuing and/or maintaining BCM; number of tests
completed and the results; number of audits conducted and the results, also a record of outages and their impact
during the reporting period); BCM maturity of the Ministries, Departments and Agencies and plans for the
following year.
The Policy will be available electronically to staff via the GovNeTT Communications Backbone and hardcopies will
be maintained by each Ministry, Department or Agency.
Feedback is welcome and is to be addressed to the Permanent Secretary of the Ministry with responsibility for
BCM.
The core disaster management legislation is the Disaster Measures Act, 1978 supported by the following plans
which were prepared and are monitored by the ODPM
ODPM Disaster/Emergency Standard Operating Procedures and Contingency Plans
National Recovery Plan
Earthquake Contingency Response and Recovery Plan
Severe Weather Contingency Response and Recovery Plan
Tropical Storm/Hurricane Contingency Response and Recovery Plan
standard is available it will be reviewed, by the BCM Division of MPA who will update the BCM Policy where
relevant.
17. Glossary
Refer to Appendix C for definitions of key terms used in this Policy.
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Tier II:
MPA Leading and Managing Ministry of Public
BCM Implementation Administration
Permanent Secretary
Business and Disaster Business and Disaster Business and Disaster BC Compliance
Recovery Manager Recovery Manager Recovery Manager Manager
- Project Management - Business Continuity - Disaster Recovery - Policy Development
- Training and Awareness Planning Planning - Compliance & Audit
Business Operations
Co-ordinator
Business Operations
Assistant
- Administration
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
BCM Coordinator
Ministry or
Agency BCM
Team
In preparing this BCM Policy, across Government and across Industry leading practice information was reviewed.
Some of these are:
Governments/Ministries/Agencies
Department for Transport, UK “Business Continuity Management Policy”. 13 pages. October 2011
Metropolitan Police, London, UK “Business Continuity Management Policy”4 pages. September 2009
National Health Service, UK “Business Continuity Management Strategy” 26 pages. August 2013
The Government of the Republic of Trinidad and Tobago, “Crisis Communications Guidelines and Response
Plan” 124 pages April 2011
The Government of the Republic of Trinidad and Tobago, “National Climate Change Policy” 28 pages July 2011
The Government of the Republic of Trinidad and Tobago “National Policy on Gender and Development”. 64
pages June 2009
The Government of the Republic of Trinidad and Tobago. “National Response Framework”. 13 pages.
December 2010.
The Government of the Republic of Trinidad and Tobago, Ministry of Public Administration. “Green Paper.
Transforming the Civil Service: Renewal and Modernisation”. 48 pages. May 25 2011.
The Government of the Republic of Trinidad and Tobago, Ministry of Public Administration and Information.
Draft Policy on Governance for the Trinidad and Tobago e-Government Portal. Version 2.00. 19 pages.
November 2006.
International Standards
International Organisation for Standardisation. Societal security – Business Continuity Management Systems –
Requirements. ISO 22301:2012(E). 24 pages. ISO2012.
Health, Safety and the Environment (HSE) Policies from a range of Energy companies and BCM Policies and
Strategies from select Universities
Methodologies
Publications
Business Continuity Institute. “Good Practice Guidelines 3013 Global Edition A Guide to Global Good Practice in
Business Continuity”. 115 pages. bci@thebci.org. 2013.
HM Government. “How prepared are you? Business Continuity Management”. Version 1. 19 pages.
Internal Audit & Advisory Services. “Report on the Cross Government Review of Business Continuity
Management.” 80 pages March 2007
Lalla, Kenneth R. The Public Service and Service Commissions. (Universal Printers (T&T) Limited, 2013).
National School of Government, September 2008 - Making Policy that Happens - A Policy Toolkit (Draft)
Office of Disaster Preparedness and Management “National Institutional Disaster Management Framework for
Trinidad and Tobago” Nov 2013
Office of Disaster Preparedness and Management “Comprehensive Disaster Management Policy Framework for
Trinidad and Tobago ” (Draft) 31 pages
Appendix C - Glossary
The following are definitions of key terms utilized in this Policy:-
Term Definition
Agency A business or organisation providing a particular service on behalf of another
business or person.
(Source:http://www.oxforddictionaries.com/us/definition/English)
Business Service(s) delivered by the Ministries, Departments and Agencies, administrative
processes; general operations.
Business Interruption Any event whether anticipated or unanticipated which disrupts the normal
course of business operations at the established location. The business
interruption will be unique to the location only as the rest of the country will be
operational.
Business Continuity (BC) The capability of the organisation to continue delivery of products or services at
acceptable predefined levels following a disruptive incident. (Source: ISO
22301:2012)
Business Continuity (BC) An organisation's risk management strategy for threats that may interrupt,
Planning terminate or significantly disrupt core business proceses. It involves mitigation
activities and contingency planning for response and recovery actions.
Business Continuity Plan Documented procedures that guide organisations to respond, recover, resume
(BCP) and restore to a predefined level of operation following disruption. (Source: ISO
22301:2012)
Business Continuity (BC) The ongoing management and governance process supported by top
Programme Management and appropriately resourced to implement and maintain business
continuity management. (Source: ISO 22301:2012)
Business Continuity The BCM Co-ordinator will have delegated authority from the Permanent
Management (BCM) Secretary, Head of Department or Head of Agency for coordinating the BCM
Co-ordinator activities of the Ministry, Department or Agency, and will be expected to work in
close collaboration with the BCM Services Division of the Ministry with
responsibility for BCM. The incumbent will report to the Permanent Secretary of
the relevant Ministry, Head of Department or Head of Agency.
Business Impact Analysis Process of analysing activities and the effect that a unique business disruption
(BIA) might have on them. (Source: ISO 22301:2012)
Crisis A situation with a high level of uncertainty that disrupts the core activities
and/or credibility of an organisation and requires urgent action. (Source: ISO
22301:2012)
Term Definition
Crisis Management Plan A Crisis Management Plan describes the various actions which need to be taken
(CMP) during critical situations or crisis and the roles and responsibilities of employees
and other critical dependencies during crises.
Incident Situation that might be or could lead to a disruption, loss, emergency or crisis.
(Source: ISO 22300:2012)
Key Performance Indicators Key performance indicators are measures used to gauge performance in terms of
(KPI) meeting goals. Examples of KPIs are as follows: BCM activities undertaken vis-
a-vis the BCM Programme; number of Ministries, Departments and Agencies
that have completed, pursuing and/or maintaining BCM; number of audits
conducted and the results; and BCM maturity of the Ministries, Departments
and Agencies
Ministry A government department headed by a Minister of State (Source: Merriam-
Webster)
Public Service Refers to Ministries, Departments (e.g. Service Commissions Department,
Personnel Department) and Agencies (Fire Service, Prison Service, Teaching
Service, Judicial and Legal Service and the Police Service.)
Recovery Time Objective The period of time following an incident within which a product or an activity
(RTO) must be resumed, or resources must be recovered. (Source: ISO 22301:2012)
Risk Assessment A risk assessment is a process to identify potential hazards and analyse what
could happen if a hazard occurs. A business impact analysis (BIA) is the process
for determining the potential impacts resulting from the interruption of time
sensitive or critical business processes. (Source: http://www.ready.gov/risk-
assessment)