Manage Disaster Business Continuity
URN: SFSSCM8
Business Sectors (Suites): Security Management
Developed by: Skills for Security
Approved on:
01 Jan 2017
Overview
This NOS sets out the skills, knowledge and understanding for you to manage disaster business continuity.
This NOS is aimed at security managers and those who are involved in the provision of security advice.
This NOS covers the following activities:
Plan and prepare for disaster recovery activities
Manage disaster recovery
Performance criteria
You must be able to:
Plan and prepare for disaster recovery activities
1. ensure regular training and testing of staff to carry out action plans for crises and disasters
2. simulate systems or equipment failure to assess emergency response of staff
3. prepare for access denial to site
4. ensure casualty, counselling and rehabilitation strategies are in place for when necessary
5. ensure suppliers and locations are in place for the maintenance of business critical functions
6. agree data recovery processes are in place with relevant persons
7. carry out regular reviews of action plans, amending as necessary
8. maintain confidentiality and security of information relating to Disaster Recovery strategy
9. identify suitable sufficient resources to support your disaster recovery strategy
Manage disaster recovery
10. identify threats that could cause disruption to business continuity
11. assess the risk to service delivery based on valid reliable and current information and data
12. develop a proposed disaster recovery strategy commensurate with identified threat and risk
13. balance proposed disaster recovery strategy with your operational requirements
14. make sure the scope of threat to the client and the limitations of the disaster recovery strategy are understood by appropriate persons
15. determine suitable sufficient resources to support your disaster recovery strategy
16. agree with appropriate persons a plan of action
Knowledge and Understanding
You need to know and understand:
Legal and organisational requirements
1. current relevant legislation, regulations, codes of practice, standards and guidelines relating to your role
2. current organisational information protection procedures and measures
3. the client's business objectives
Plan and prepare for disaster recovery activities
4. how and when to activate the business recovery strategy
5. how and who to contact following system or equipment failure
6. how and why it is important to carry out evacuation, invacuation and relocation drills on a regular basis
7. how and why it is important to ensure regular training and testing of staff
8. the limitations of your role and your responsibilities regarding disaster management
9. how and with who to agree data recovery processes
10. how and why you should carry out regular review of action plans
11. how to establish suppliers and locations to maintain the business critical functions
Manage disaster recovery
12. recording and reporting requirements
13. how and why it is important to identify threats that could cause disruption to business critical functions
14. how and why it is important to assess the risk to business continuity
15. why you should develop and balance a proposed disaster recovery strategy against your operational requirements
16. the abilities of team members and their individual roles and responsibilities
17. the client's business objectives
18. how and with who to agree a plan of action
Confidentiality of information
19. how and why you should maintain the security and confidentiality of information
20. how and why it is important to maintain confidentiality and security of information relating to disaster recovery strategies
Scope/range
Scope Performance
Scope Knowledge
Values
Behaviours
Skills
Glossary
In these National Occupational Standards;
appropriate persons: someone who may wish to be informed and includes but not exclusive to; clients, contractors, consultants, sub-contractors, suppliers, staff, client's press officer, senior manager
critical functions: an activity or service that is considered essential to the core business of the client
plan of action: clear definition and direction as to whether immediate, deferred or referral action is required
relevant persons: someone who may be required to be informed and includes but not exclusive to; stakeholders, managers, workforce, suppliers, contractors, partners, agencies supervisor, manager, client, law enforcement agencies, statutory bodies, agencies
risk: the likelihood of an event occurring presenting the potential to affect any person, property or other asset entailing a degree of damage, harm or loss
threat: an indication of the potential for damage, harm or loss
Links To Other NOS
External Links
Version Number
2
Indicative Review Date
01 Jan 2020
Validity
Current
Status
Original
Originating Organisation
Skills for Security
Original URN
SFS SCM 8
Relevant Occupations
Elementary Occupations, Elementary Security Occupations, Security Manager
SOC Code
Keywords
Businesses; continuity; disasters; planning; recovery