Business Continuity - Smith Institute

Purpose

This procedure sets out the requirements and processes of business continuity management for the Smith Institute. It encompasses planning and preparation to ensure that the Institute can continue to operate in case of serious incidents and is able to recover to an operational state within a reasonably short period.

Risk Management

Specific risks to the Institute’s continuity are addressed by the Executive Group in the Smith Institute’s corporate Risk Register.

The Risk Register is reviewed monthly.

Project managers record and manage the risks to any individual project.

Administrative Continuity

All administrative tasks and sources of information required to complete them are fully documented with a supporting plan.

Staff Continuity

The Smith Institute has highly qualified and experienced staff who, at all levels in the organisation, work in teams to oversee and manage the business, deliver projects for clients, and carry out business administration.

Physical Infrastructure Continuity

All staff operate from home offices as well as the company’s office in Oxford.

To create resilience to failures in or loss of physical infrastructure, backup processes for potentially affected services or information are maintained at a location physically remote from that of normal use, and are available for use within defined timescales.

IT Infrastructure Continuity

The Smith Institute’s IT infrastructure uses cloud services with a Service Level Agreement of 99.9% uptime.

All data stored on computers and mobile devices, concerning Smith Institute business and that of its clients is encrypted. Data stored on computers is regularly backed-up to off-line encrypted storage.

Incident Response

Any incident that places the Institute’s business continuity at risk must be dealt with to the ability of the person who discovers it, then reported to a relevant first responder, depending on the nature of the incident.

Depending on the type of incident affecting business continuity, response priority will be given to (i) ensuring the safety of people, (ii) ensuring the interests of customers and (iii) minimising the loss of the Institute’s property and materials.

Services are restored by reassigning work to other members of staff where that is appropriate, or by replacement of hardware and/or software.

Any significant disruption of supply of services by the Smith Institute will be brought to the attention of the client(s) affected, with a proposed solution designed to minimise the impact on the client.