crisis & risk management plan - test valley packaging - … · all three buildings have...
Post on 19-Jul-2018
219 Views
Preview:
TRANSCRIPT
Crisis & Risk Management PlanOverview
Michael Steedman 27/10/2017
This document contains information of what to do in a crisis affecting the company and to minimise the impact on its customers. Copies of this document are controlled.
Test Valley Limited
Date of Issue: 4th February 2015 (Revised 27/10/2017)
Issue Number: TVP/0004
Author: Michael Steedman
Telephone: 01722 414 800
Email: michael@testvalleypkg.co.uk
Fire Evacuation Plan: \\SBS\public\RLB ADMIN\Health & Safety\fire.
Health & Safety Policy: www.testvalleypkg.co.uk/userfiles/downloads/10/
This crisis management plan has been approved by:
Jerry Steedman (Managing Director)
Rob Barry (Facilities Manager)
Test Valley Limited
Copy Number: Name: Department:
TVP/004.01 Rob Barry Admin
TVP/004.02 Jerry Steedman Purchasing
TVP/004.03 Dave Murray Warehouse Unit 1.
Crisis & Risk Management PlanTest Valley Packaging
Distribution Record
References and Related Documents
Media
1. 0.
2. 0.
3. 0.
NOTE TO ALL STAFF: In the event of a crisis, unless you have been authorised DO NOT speak to the Media. Please refer all Media enquiries to the Managing Director or the person appointed by the Managing Director. It is important that the Media are kept updated with accurate information. There should only be one spokesman for the company.
Page 1
A crisis is a LOW PROBABILITY, HIGH IMPACT event and can cause a lot of damage to a company. The management team has carried out procedures across the company for identifying threats to assets and functions and has analyzed our exposure to risk. Disruptions come in all shapes and sizes and no organization is immune. Examples of causes of disruption that could affect our business are fires, floods technology failure, supplier failure and business crime. On a wider scale, as we often see in the press, events such as terrorism, pandemics and fuel protests do occur.
Business Continuity Management does look to minimise the risks these incidents occurring though Risk Assessment; however if they do occur then the consequences could affect:
The above assets are valuable to a business, and if one or more of these assets is affected then the smooth running of our business could be at risk.
This plan will provide Test Valley Limited with guidelines to minimise the effects of unexpected disruption or emergencies, and ultimately maintain continuity of supply to key customers.
This plan will be reviewed regularly to ensure all critical aspects of the company’s work andactivities are recoverable or transferable within 24 hours.
In the event of any procedures being amended, it is the responsibility of each manager to inform the plan author of the necessary amendments to the plan, which will then be incorporated and distributed to all plan holders.
Introduction & Overview4. 0.
Aim5. 0.
6. 0. Objective
7. 0. Management Statement
• Buildings and facilities• Staff• Technology and communications• Data• Supply Chain• Equipment
• To define and prioritise the critical functions of the business• To analyze the risks of partial or total failure• To detail the agreed response to an emergency• To identify key contacts during an emergency
Page 2
7. 0. Executive Summary
Test Valley Limited is in a strong position to cope with crisis. Operating out of three separate buildings (two on the same site) with spare office space in unit 2, (which has all servicesconnected including separate broadband and telephone lines) gives many advantages.
It is company policy to store key products across at least two buildings to ensure continued supply to our customers.
Fire & Flood
Due to the nature of the product we sell there is a medium fire risk and a fire incident has a very high probability of being totally devastating in terms of damage. However, because Test Valley Limited have multiple warehouse and office facilities with I.T. Back up, the potential impact of disruption to business operations from fire is significantly reduced. All fire regulations including fire fighting equipment, evacuation plans etc. are complied with and with Health & Safety procedures are audited every 6 months by Eliss Whittham to ensure compliance. A monitored fire alarm is operational at all times. All buildings are outside the flood plain areas.
Security
All three buildings have intruder alarms, including a perimeter alarm and motion detectors in the offices. Intruder alarms are monitored by an outside security company. All external doors are steel security doors with high security locks. Unit 1 (offices) has security shutters/grills on all ground floor windows. The yard area where vehicles are parked overnight is flood lit and has 2.4 meter security fence all round.
Fraud & Default
Risk of fraud has been identified when customers pay by card over the phone. There are strict procedures that should be followed when processing card payments. Following these processes will eliminate this risk. Every customer who is given a credit account has to pass various tests as dictated by our credit insurer. Processes are in place to ensure credit insurance claims are made within the required time frames.
I.T. and Broadband
Broadband is supplied under contract by Aspire Technology Solutions who are contracted to give immediate remote back up, Aspire Technology Solutions also give Test Valley Limited redundant capability with an ADSL line to back-up. This provides a bandwidth of 20Mb scalable up to 100Mb if needed.
All data has an hourly off-site back-up, plus a daily off-site back-up. An on-site hard-drivemaintains a copy of the server settings to allow rapid configuration of a new server if needed.No specialist stationery is needed for printing off picking/delivery notes.
Page 3
Logistics
In case of road fuel shortage Test Valley Limited has a bunded fuel tank in a secure building for use by the delivery vehicles. This always has a minimum of 1000 liters of road fuel available on standby.
All delivery vehicles are on a maintenance schedule with Adams Morey to ensure legal compliance and to carry out preventative maintenance. Adams Morey provides a very good vehicle breakdown support service. Test Valley Limited has a policy of regularly replacing older vehicles in order to maintain a modern delivery fleet. All delivery vehicles have tracking devices fitted.
Seasonal and exceptional demand
Test Valley Limited apportions equal weight to the potential disruption caused to customers as a result of stock outs as any other disruption or failure, and plan accordingly. As part of risk management planning Test Valley Limited have a policy of setting minimum stock levels to match peak customer demands at all times throughout the year. Careful liaison is undertaken with customers in the event of the supply of any new line or lines being contracted to Test Valley Limited.
Seasonal and exceptional demand forecasts are communicated to all relevant departments to ensure these departments are sufficiently resourced. Changes to usage patterns are automatically tracked and stock levels revised as necessary.
As a matter of policy Test Valley Limited guides customers towards the use of standard size stock products (for which Test Valley Packaging has more than one supplier) to minimise risk and disruption in the event of a product shortage or manufacturer failure.
Supply Chain
For key products it is company policy to have at least two suppliers. Regular credit checks are carried out on key suppliers. Under our ISO9001:2000 quality system, non conformances are recorded against suppliers who will be removed from the Test Valley Limited Approved Supplier List (ASL) if adequate corrective action is not taken by them.
Test Valley Packaging has a policy of only buying from suppliers on their ASL with whom we have a good relationship, and who have supplied consistent quality products for long period of time. Bytaking this approach TVP are able to focus their quality control on new suppliers who are in the process of qualifying for inclusion on the ASL. Any quality issues are taken seriously and dealt with promptly. The results of investigations are reported back to the customer if appropriate.
This Business Continuity Plan is ‘work-in-progress’ and is regularly reviewed and updated. It is the aim of the management team to manage risk in all functions of the business and to carry out staff training, to ensure that any potential crisis are prevented or the impact of a crisis incident are minimised.
Please Note:Important Information in this plan:Contact Numbers – Page 5Notification tree – Page 10Emergency checklist – Page 11
Page 4
Key Contacts
Management Team
External IT Support
HR & Finance
External Logistics Support
Jerry SteedmanManaging Director
Road FuelCertas Energy
Employment LawEllis Whittam Ltd
VISMAMatt Benfield
Ian SteedmanFinance Director
Alarm System - FireDorset Fire protection
BroadbandAspire Techology Solutions
Robert BarryFacilities Manager
Alarm system (Watt road)Wessex Fire & Security
General I.T.Jim Aitkin
Greg BallOperations Manager
Security MonitoringVenture Security
Michael SteedmanMarketing Director
ForkliftsAndover Fork Truck Services
SolicitorsRichard Griffiths
Balanced Solutions (Server)Roger Twine
Richard SteedmanSales Director
Vehicle SupportAdams Morey
AccountantsMoore Stephens
Page 5
10. 0.Define and prioritise the critical functions of the business.
Vulnerability Analysis Chart
Type of Emergency Probability
Business Impact
Risk Score
MitigationRequired
Fire Low High Medium Monitored fire alarm. 3 separate warehouses with a policy of stocking key product across 2 sites. High security. Maintenance of statutory fire fighting equipment and training. Unit 2 has spare office space sufficient to accommodate office staff. This has broadband and an analogue line to divert phone calls to.
Flooding Low Medium Low Main threat is from burst pipes. Heating is left on when building is empty in cold weather. All buildings outside flood plain areas.
CrimeActivity
Medium Low Low Unit 1 (ADMIN) has security shutters and all units have steel security doors. Perimeter and motion alarm in all buildings monitored by a security company. Bunded fuel tank is inside a secure building. Yard area where vehicles are parked has an 8 feet high security fence with flood lighting with motion sensor alarms and monitored CCTV.
Loss ofKey Staff
Medium Low Low Cross training is carried out to ensure key tasks can be carried out without key staff.
TelephoneFailure
Low Medium Medium Divert to mobile phones. Analogue line available for short term diversion.
Loss ofElectricity
Low High Medium Battery back-up of minimum 15 minutes allowing a controlled shut down.
I.T. Failure(Virus)
Low High Medium Firewalls are in place, on the server, and on individual PC’s to prevent virus attack.
I.T. FailureVISMA(ERP)
Low High Medium VISDATA provides remote support to address most problems. On-site support is available within hours if needed.
I.T. FailureSuper Office
(CRM)
Low High Medium SUPEROFFICE provides support.
I.T. FailureServer(Virus)
Low Medium Low A new server can be acquired within 6 hours and thehourly back-up has a copy of the configuration allowing rapid set-up of a new server.
Loss ofData
Medium Medium Medium Two separate back-ups are carried out, one is hourlyand one is daily.
BroadbandFailure
Low Medium Low Broadband is supplied via a leased line which has a
redundant capability. Aspire Technology Solutions are
contracted to give immediate remote back up.
RoadAccessBlocked
Low Medium Low There are a number of routes to TVP so this scenario is unlikely and would be short-lived due to the public importance of the access.
High Medium High HighMedium Low Medium High
Low Low Low MediumLow Medium High
Impa
ct
ProbabilityPage 6
Business Asset Tolerance Levels
Tolerance Level Definition Asset or Function
Critical Requires redundant capabilities to operate. Tolerance is very low. Cost of interruption is very high.
Server Broadband
Vital Function can be performed manually for only a very brief period of time.Higher tolerance to interruption.Lower costs.Significant catching up would be required.
VISMA ERP systemTelephone system
Sensitive Function can be performed manually for only a brief period of time.High tolerance to interruption.Low costs.Considerable catching up would be required.
PrinterComputer (PC)Super office CRM systemDelivery vehicles x 7Fax machineForklifts x 3
Non-critical Function may be interrupted for an extended period of time.Little or no cost.Little or no catching up would be required.
PhotocopierElectronic Scoreboard
Page 7
The following business impact analysis is an assessment of the impacts upon the organisation in the event of losing individual critical components/work areas. An impact analysis form has been completed below as an example. Blank copies are available from the Admin Director.
Function: Accounts Department
Location / Address Watt Road, Churchfields Industrial Estate, Salisbury. SP2 7UDNumber of Staff 3
Duration If this function failed, what would the impact be within each timescale?
24 Hours As far as orders being fulfilled it would be minimal as personnel in the Operations Dept. can release accounts on stop and sufficient information is made generally available to facilitate a decision whether to hold an order by any member of the management team.
3 Days Ditto
1 Week There will be problems with account payments not being processed and noted on the ledger. Customers may be held on stop even though they have made a payment.
4 Weeks Cash-flow will be impacted. Suppliers haven’t received payment so Purchasing cannot replenish stocks. Accounts statements to customers will not be sent out. Overdue accounts are not chased for payment. Credit notes and account queries will not be processed. There will be acute customer dissatisfaction and frustration.
2 Months (or more)
Business will be paralyzed due to lack of cash, stock and credibility with customers. Customers will be looking elsewhere for packaging supplies. Negative publicity from the press and social media. Key staff may look elsewhere for jobs.
Who you depend upon to deliver this function? (list parties / suppliers / stakeholders)
Who is dependent upon this function? (list key customers / stakeholders)
Ian Steedman (Finance Director)Barbara Lowres (Accounts Manager)Kathleen Reynolds (Accounts)
All customersPurchasingOperationsPartners / MembersSales & Marketing
Page 8
What information do we need and will we access it?(i.e. Microsoft software, VISMA, Super Office CRM, Adobe Creative Suite ect...)
Information / Records Hardcopy / Computerised Software needed toaccess files
Location of backup copies
Sales Ledger Computerized VISMA ERP Off-site (ask Managing Director)
Purchase Ledger Computerized VISMA ERP Off-site (ask Managing Director)
customer contact records
Computerized Super Office CRM Off-site (ask Managing Director)
Duration What equipment do you require to deliver this function? (i.e. computers, desks, chairs, stationary, forms, telephones and lines, ect...)
Equipment Units
24 hours Computers, desks and chairs, access to Visma accounting system software. Office space
3
3 days Ditto1 week Ditto4 weeks Ditto2 months (or more) Ditto
Business Impact Analysis - continued
Duration What staff or skills do we require to deliver this critical function?
Number of Staff Skills required by staff
24 hours 1 High level of expertise in the Visma software, and thorough knowledge of processes.
3 days 2 As above.1 week 24 weeks 3 Finance Director will be needed to oversee cash- flow and
payments to suppliers.
2 months (or more)
How long, if at all could our Business operate without this function 1 week maximum
Assessment carried out by: Michael Steedman
Assessment completed on: 27th October 2017
Where will this function relocate to if access were denied to the normal place of operations?
Unit 2 Watt Road where there are spare offices. However 90% of this function can be carried out remotely providing the Operations Dept. are functioning and able to liaise with Accounts.
Page 9
11. 0. Notification Tree
TVP staff member (potential or actual crisis in progress)
Managing Director
Member of the management
team
TeamLeaders
EmergencyServices
All TVP staff Sub contractors
Issue statement to the media(if needed)
In the event of a crisis, or a situation which, if left, would become a crisis, then the Managing Director should be notified. If he/she cannot be contacted then one of the management team should be advised.
The MD (or management team member) will advise Team Leaders and issue instructions, and will confirm that, where appropriate, that the emergency services have been called. A media statement will be drafted and sent if needed.
Page 10
12. 0.
13. 0.
Emergency Response Checklist
Log of Actions Taken
Action Tick
Consider the welfare of staff and visitors
Start a log of actions taken
Liaise with Emergency services if appropriate
Identify any damage
Identify functions disrupted
Convene response/recovery team
Provide information to staff
Decide on a course of action
Communicate decisions to staff and stakeholders
Provide public information to maintain reputation and business
Agree a debrief
Review Business Continuity Plan
Action By: Time:
Page 11
top related