Manage Disaster Business Continuity

URN: SFSSCM8
Business Sectors (Suites): Security Management
Developed by: Skills for Security
Approved on: 01 Jan 2017

Overview

​This NOS sets out the skills, knowledge and understanding for you to manage disaster business continuity.
This NOS is aimed at security managers and those who are involved in the provision of security advice.
This NOS covers the following activities:
Plan and prepare for disaster recovery activities
Manage disaster recovery


Performance criteria

You must be able to:

Plan and prepare for disaster recovery activities


1. ensure regular training and testing of staff to carry out action plans for crises and disasters
2. simulate systems or equipment failure to assess emergency response of staff
3. prepare for access denial to site
4. ensure casualty, counselling and rehabilitation strategies are in place for when necessary
5. ensure suppliers and locations are in place for the maintenance of business critical functions
6. agree data recovery processes are in place with relevant persons
7. carry out regular reviews of action plans, amending as necessary 
8. maintain confidentiality and security of information relating to Disaster Recovery strategy 
9. identify suitable sufficient resources to support your disaster recovery strategy

Manage disaster recovery

10. identify threats that could cause disruption to business continuity 
11. assess the risk to service delivery based on valid reliable and current information and data
12. develop a proposed disaster recovery strategy commensurate with identified threat and risk
13. balance proposed disaster recovery strategy with your operational requirements
14. make sure the scope of threat to the client and the limitations of the disaster recovery strategy are understood by appropriate persons 
15. determine suitable sufficient resources to support your disaster recovery strategy
16. agree with appropriate persons a plan of action


Knowledge and Understanding

You need to know and understand:

Legal and organisational requirements


1. current relevant legislation, regulations, codes of practice, standards and guidelines relating to your role 
2. current organisational information protection procedures and measures
3. the client's business objectives

Plan and prepare for disaster recovery activities

4. how and when to activate the business recovery strategy
5. how and who to contact following system or equipment failure
6. how and why it is important to carry out evacuation, invacuation and relocation drills on a regular basis
7. how and why it is important to ensure regular training and testing of staff
8. the limitations of your role and your responsibilities regarding disaster management
9. how and with who to agree data recovery processes
10. how and why you should carry out regular review of action plans
11. how to establish suppliers and locations to maintain the business critical functions

Manage disaster recovery

12. recording and reporting requirements
13. how and why it is important to identify threats that could cause disruption to business critical functions
14. how and why it is important to assess the risk to business continuity 
15. why you should develop and balance a proposed disaster recovery strategy against your operational requirements
16. the abilities of team members and their individual roles and responsibilities
17. the client's business objectives
18. how and with who to agree a plan of action

Confidentiality of information

19. how and why you should maintain the security and confidentiality of information 
20. how and why it is important to maintain confidentiality and security of information relating to disaster recovery strategies


Scope/range


Scope Performance


Scope Knowledge


Values


Behaviours


Skills


Glossary

​In these National Occupational Standards;


appropriate persons: someone who may wish to be informed and includes but not exclusive to; clients, contractors, consultants, sub-contractors, suppliers, staff, client's press officer, senior manager

critical functions: an activity or service that is considered essential to the core business of the client   

plan of action: clear definition and direction as to whether immediate, deferred or referral action is required

relevant persons: someone who may be required to be informed and includes but not exclusive to; stakeholders, managers, workforce, suppliers, contractors, partners, agencies supervisor, manager, client, law enforcement agencies, statutory bodies, agencies

risk: the likelihood of an event occurring presenting the potential to affect any person, property or other asset entailing a degree of damage, harm or loss

threat: an indication of the potential for damage, harm or loss


Links To Other NOS


External Links


Version Number

2

Indicative Review Date

01 Jan 2020

Validity

Current

Status

Original

Originating Organisation

Skills for Security

Original URN

SFS SCM 8

Relevant Occupations

Elementary Occupations, Elementary Security Occupations, Security Manager

SOC Code


Keywords

Businesses; continuity; disasters; planning; recovery