Appendix O8 Business Continuity Planning.pdf
(
12 KB
)
Pobierz
Appendix O8:
Guideline for Business Continuity Planning
1.
Introduction
This is a Guideline for planning and rehearsing those steps necessary to protect the business when things go
wrong. Business Continuity Planning examines the entire business, looking at strategic, operational, and
tactical business processes and the ways in which the business as a whole would need to respond to
disruption to these processes. It creates a capacity to respond successfully to both known
and
unknown
threats.
For clarity, the related terms
disaster recovery
and
contingency planning
will also be defined.
Disaster recovery is
the act of planning for the restoration of systems and facilities after a major incident, for
example the loss of telecommunications, power, buildings, or major computing facilities. It is essentially a
reactive process.
Contingency planning is
the act of planning for the continued operation of systems and facilities in the event of
a known adverse incident or fault condition occurring, for example, by providing, in advance, additional
redundant capacity h1 case a critical facility fails. It is a proactive process that takes place at the operational
level and can be seen as building a capacity to respond to very specific types of threat.
Business Continuity Planning includes consideration of contingency planning and disaster recovery, but is
wider in scope than these activities.
2.
The Requirement for Business Continuity Planning
Regulatory authorities require evidence that the safety of products and the security of critical data are not at
risk in the case of failure or breakdown. A process of Business Continuity Planning illustrates that the user
company is actively protecting its ability to continue to supply the public, and to comply with the regulatory
requirements at all times.
The EU GMP Annex 11 on Computerised Systems requires that there should
be "adequate alternative
arrangements for systems which need to be operated in the event of a breakdown"
(see Section 13. I,
reference 13, of the Main Body of GAMP 4). These arrangements should provide for alternative workaround
procedures to be implemented and followed, to replace the absent system functionality and allow the safe
continuance of business during the failure.
Regulators, and internal and external auditors, require evidence that Business Continuity Plans have been
created and rehearsed, including records that the alternative processes have been suitably documented and
personnel adequately trained. Companies should be able to demonstrate that they can ensure that critical
services and processes can continue, that the restoration of workforce, facilities and equipment occurs in a
timely fashion and that there is a timely resumption of essential business functions.
3.
The Elements of Business Continuity Planning
•
The following elements are required for a successful Business Continuity Planning exercise:
•
Project initiation and management
•
Risk Assessment and control
•
Criticality analysis
•
Developing business continuity strategies
•
Emergency response and operations
•
Developing and implementing Business Continuity Plans
•
Awareness and training programmes
•
Maintaining and rehearsing Business Continuity Plans
3.1
Project Initiation and Management
•
Establishing the need for business continuity planning and management
•
Obtaining senior management support, preferably at board level
•
Organizing, initiating, and managing the project
3.2
Risk Assessment and Control
•
Determining the adverse events and environmental surroundings (risks) that could adversely affect the
organization and its facilities with disruption or disaster
•
Assessing the
impact
each such event would have and the
probability
of it occurring
•
Establishing the controls required to prevent each event, or to minimize its impact and potential
consequential losses
•
Completing a cost-benefit analysis to justify the investment in controls to mitigate the identified risks
3.3
Criticality Analysis
•
Establishing the key business critical functions (e.g.~ GxP regulated functions), recovery priorities and
inter-dependencies
•
Identifying those adverse events, the impact of which will adversely affect those critical functions
3.4
Developing Business Continuity Strategies
•
Determining and guiding the selection of alternative strategies for recovery of critical business and
information technologies to meet the recovery priorities, while maintaining the organization's ability to
perform its critical functions
3.5
Emergency Response and Operations
•
Developing and implementing Standard Operating Procedures for responding to and stabilizing the
situation following an incident, including escalation processes
•
Where appropriate, implementing Standard Operating Procedures for the establishment and
management of an emergency operations centre, to be used as a command centre during the
emergency
•
Determining a suitable strategy for ensuring availability of these procedures during an emergency,
including the location of procedures at off site locations and the Change Control processes associated
with such a strategy
3.6
Developing and Implementing Business Continuity Plans
•
Designing, developing and Implementing the Business Continuity Plans that resume normal (or
acceptable) service levels to meet the recovery time priorities
•
Identifying the inter-dependencies between Business Continuity Plans at the strategic, tactical, and
operational levels to ensure that the initiation of one Business Continuity Plan does not adversely affect
any other part of business.
•
Identifying clear ownership of each Business Continuity Plan and the triggers for both initiation and
escalation
•
Identifying organizational resources required for the planning and implementation of Business
Continuity Plans
3.7
Awareness and Training Programmes
•
Preparing a programme to create corporate awareness and enhance the skills required to develop,
implement, maintain, rehearse, and ultimately execute the Business Continuity Plan
3.8
Maintaining and Rehearsing Business Continuity Plans
•
Pre-plan and coordinate rehearsals: documenting and evaluating the results of each rehearsal,
incorporating the Iessons learned into the Business Continuity Plan
•
Developing processes to maintain the currency of the Business Continuity Plan and the continuity
capability in accordance with corporate strategy and regulatory requirements
•
Publicizing the results of each rehearsal to affected stakeholders (no rehearsal is a failure)
Plik z chomika:
Gasiu
Inne pliki z tego folderu:
Appendix D1 URS.pdf
(14 KB)
Appendix D2 FS.pdf
(10 KB)
Appendix D3 HDS.pdf
(8 KB)
Appendix D4 SDS and SMDS.pdf
(11 KB)
Appendix D6 Testing of an Automated System.pdf
(30 KB)
Inne foldery tego chomika:
Pliki dostępne do 21.01.2024
Pliki dostępne do 27.02.2021
Bajki
BIOMEDICAL ENGINEERING (inżynieria biomedyczna)
Energy 2000
Zgłoś jeśli
naruszono regulamin