BRITISH

TRANSPORT NOT PROTECTIVELY MARKED

POLICE BRITISH TRANSPORT POLICE

BUSINESS CONTINUITY MANAGEMENT

STANDARD OPERATING PROCEDURE (SOP)

STANDARD OPERATING PROCEDURE

REFERENCE SOP/192/09

PROTECTIVE MARKING NOT PROTECTIVELY MARKED

PORTFOLIO OPERATIONS PORTFOLIO

OWNER ACC OPERATIONS

START DATE 2 June 2010

REVIEW DATE 2 June 2011

THIS POLICY REPLACES: This is a new SOP. Previously Business Continuity

Management (BCM) only featured as part of the document
entitled ‘The Management Strategy-the Civil Contingencies
Act 2004 including Business Continuity and Pandemic Flu’.

VERSION DATE REASON FOR AMENDMENT AMENDED BY

2.6 June 2010 NEW SOP A. Rahman

Business Continuity SOP Page 1 of 16 Standard Operating Procedure

SOP Ref: SOP/192/09 NOT PROTECTIVELY MARKED Version 2.6 Date May 2010
 BRITISH
TRANSPORT NOT PROTECTIVELY MARKED
POLICE BRITISH TRANSPORT POLICE

CONTENTS

1. INTRODUCTION 3

2. KNOWLEDGE 4

3. OVERVIEW OF BCM STRUCTURE 5

4. OVERVIEW OF THE BCM FRAMEWORK 6

5. UNDERSTANDING THE ORGANISATION 6

6. DETERMINING BCM STRATEGIES 7

7. DEVELOP AND IMPLEMENT A BCM RESPONSE 7

8. EXERCISING, MAINTAINING AND REVIEWING 7

9. EMBEDDING BCM WITHIN THE ORGANISATION’S CULTURE 9

10. RESPONDING TO A DISRUPTIVE EVENT 11

11. REFERENCES AND LEGISLATION 13

12. APPENDICES 14

Business Continuity SOP Page 2 of 16 Standard Operating Procedure

SOP Ref: SOP/192/09 NOT PROTECTIVELY MARKED Version 2.6 Date May 2010
 BRITISH
TRANSPORT NOT PROTECTIVELY MARKED
POLICE BRITISH TRANSPORT POLICE

1 INTRODUCTION

1.1 This procedure enforces and is subject to the conditions of the Business Continuity
Management Policy (Policy/192/09).

1.2 This procedure applies to England, Wales and Scotland.

1.3 This procedure applies to all BTP Employees.

1.4 British Transport Police (BTP) operates a comprehensive Business Continuity

Management Programme (BCMP) in order to fulfil its obligations under the Civil
Contingencies Act 2004 as a Category 1 responder, in line with good business practice.

1.5 The Civil Contingencies Act 2004 defines BTP as a Category 1 Responder; an agency
at the core of the response to emergencies. Under the 2004 Act, Category 1
responders are required to undertake the civil protection duties. BTP is therefore
required to:
 Assess the risk of emergencies occurring and use this to inform contingency
planning;
 Put in place emergency plans;
 Put in place Business Continuity Management arrangements;
 Put in place arrangements to make information available to the public about civil
protection matters and maintain arrangements to warn, inform and advise the public
in the event of an emergency;
 Share information with other local responders to enhance co-ordination;
 Co-operate with other local responders to enhance co-ordination and efficiency.

Business Continuity SOP Page 3 of 16 Standard Operating Procedure

SOP Ref: SOP/192/09 NOT PROTECTIVELY MARKED Version 2.6 Date May 2010
 BRITISH
TRANSPORT NOT PROTECTIVELY MARKED
POLICE BRITISH TRANSPORT POLICE

1.6 The purpose of the BCMP is to provide a framework through which BTP can develop,
exercise and maintain business continuity plans in alignment with BS25999 and the
Business Continuity Institute (BCI) ‘Good Practice Guidelines 2008’

1.7 All plans will be securely held within a central repository system (eSecurus)
independent of BTP’s IT infrastructure. To comply with the BTP Records Management
Policy, any plan printed as back-up must be dated then destroyed as soon as it is
superseded.

1.8 Authorised users will gain access to their plans through a unique ID and password,
issued by the Force Business Continuity Manager (FBCM) or the system.

1.9 Level of access/privileges are linked to the BCMP role and set within the parameters
outlined below:

Role Access Level

Force Business Continuity Manager (FBCM)
Head of Civil Contingencies Unit
Civil Contingencies Unit Administrator
Business Continuity Co-ordinator (BCCo)
Business Continuity Area Champion (BCC)
- System Set-up and customisation.
- Set up access and privileges.
- Able to View/Edit/Delete any plan.
- Able to produce relevant reports and
stats.
- Same as FBCM.
- Access to all plans.
- Set up user accounts and password.
- Amend/update all plans.
- Access to all Plans within their Area.
- Able to edit/delete/update/ modify
contents of all plans within their
Area.
- Able to view all other plans.
- Able to view all plans related to their
Area

Business Continuity SOP Page 4 of 16 Standard Operating Procedure

SOP Ref: SOP/192/09 NOT PROTECTIVELY MARKED Version 2.6 Date May 2010
 BRITISH
TRANSPORT NOT PROTECTIVELY MARKED
POLICE BRITISH TRANSPORT POLICE

Plan Owner/Deputy - Able to access individual plan only.

Force Control Room London/Birmingham - Able to view all plans only.

1.10 The BTP BCMP is fully endorsed by the British Transport Police Authority BTPA,
Strategic Command Team (SCT) and the Force Management Team (FMT).

2. KNOWLEDGE
2.1 Terms and Definitions
2.1.1 A full glossary of business continuity terms and definitions can be found in Appendix A.

3. OVERVIEW OF BCM STRUCTURE

3.1.1 BTP will operate a comprehensive BCMP in order to fulfil its obligations under the Civil
Contingencies Act 2004 (CCA 2004) as a Category 1 responder, in line with good
business practice. The structure set up to achieve this can be found in Appendix B.

Business Continuity SOP Page 5 of 16 Standard Operating Procedure

SOP Ref: SOP/192/09 NOT PROTECTIVELY MARKED Version 2.6 Date May 2010
 BRITISH
TRANSPORT NOT PROTECTIVELY MARKED
POLICE BRITISH TRANSPORT POLICE

3.1.2 BTP’s BCMP is based on the Business Continuity (BC) Lifecycle:

Figure 1. Business Continuity Life Cycle – Source BCI

3.1.3 BCMP will be reviewed by FMT through quarterly reports from the FBCM and on a
monthly basis by Corporate Assurance Group (CAG) on an Area/FHQ Department
basis in the course of the year.

3.1.4 Area/FHQ Department will review BC progress monthly as a standing item on their
AMT/SMT meeting agenda.

4. OVERVIEW OF THE BC FRAMEWORK

4.4.1 The framework sets out to provide a standard, reproducible process for the
development, testing and maintenance of initial response, business continuity and
business recovery plans at FHQ, Area HQ and Police Stations.

Business Continuity SOP Page 6 of 16 Standard Operating Procedure

SOP Ref: SOP/192/09 NOT PROTECTIVELY MARKED Version 2.6 Date May 2010
 BRITISH
TRANSPORT NOT PROTECTIVELY MARKED
POLICE BRITISH TRANSPORT POLICE

4.4.2 The BCMP incorporates all aspects of the BC Lifecycle as follows:

 Understanding the Organisation (Business Impact Analysis/Risk Assessment).
 Determining BCM Strategies (Alternative options and tactics).
 Developing and Implementing BCM Response (Business Continuity Plans).
 Exercising, Maintaining and Reviewing.
 Embedding BCM within the Organisation’s Culture (Training and Awareness).

5. UNDERSTANDING THE ORGANISATION

5.1 Business Impact Analysis (BIA): BTP has developed a specific methodology for
Business Impact Analysis to capture and evaluate business processes, dependencies
and four key resources such as People, Premises, Processes and Partners.

5.2 The BIA tool is integrated within the BCM system (e-Securus) termed “What If
Analysis?” This forms the basis of BC plan creation process.

5.3 Completion of the BIA for a department or location is the responsibility of the identified
Plan Owner, who is accountable to the Area Commander and/or Portfolio/Departmental
Head for compliance.

5.4 The BIA requires Plan Owners to detail information such as:
 Business Processes.
 Prioritisation of processes using objective assessment criteria – which allows
priorities and Recovery Time Objectives (RTO) to be calculated for each process.
 Determining Critical Working Periods.
 Application usage in support of business processes.
 Staff skills assessment and priority in recovery mode.
 Number of workstations required at recovery site over set timeframes
 Special Considerations under the Disability Discrimination Act (DDA)

Business Continuity SOP Page 7 of 16 Standard Operating Procedure

SOP Ref: SOP/192/09 NOT PROTECTIVELY MARKED Version 2.6 Date May 2010
 BRITISH
TRANSPORT NOT PROTECTIVELY MARKED
POLICE BRITISH TRANSPORT POLICE

 Internal dependencies – other BTP departments.

 External dependencies – businesses and public bodies (Partners).

5.5 Risk Assessment: Risks should be assessed according to BTP’s agreed Risk
Management Policy and SOP.

6. DETERMINING BCM STRATEGIES

6.1 Once the Recovery Time Objective for each critical activity or processes have been
determined, the next step is to develop a recovery strategy to meet it. This involves
identifying ways to mitigate the loss of the resources that have been highlighted during
the BIA stage.

6.2 Appendix C contains some of the options that could be used in plans to protect
resources and to maintain business continuity. This should not be seen as an
exhaustive list.

7. DEVELOP AND IMPLEMENT BCM RESPONSE

7.1 Business Continuity Plans
7.1.1 Each plan must be drawn up using the template found on the Force BC system as
outlined under Appendix D.

7.1.2 FHQ functions delivered out-based on Areas will be included in FHQ Plan Owner’s
arrangements, unless specific local Area-based arrangements are put in place by Area
plan owners.

Business Continuity SOP Page 8 of 16 Standard Operating Procedure

SOP Ref: SOP/192/09 NOT PROTECTIVELY MARKED Version 2.6 Date May 2010
 BRITISH
TRANSPORT NOT PROTECTIVELY MARKED
POLICE BRITISH TRANSPORT POLICE

8. EXERCISING, MAINTAINING and REVIEWING

8.1 Exercising
8.1.1 Plans will be exercised/tested as directed by SCT to determine the following:
 Plans are fit for purpose.
 Plans are reliable.
 Provide assurance.
 Confirm assumptions.
 Opportunity for role rehearsal (Individual/Groups).
 Gap analysis/identify areas for development.
 Raise Awareness.

8.1.2 A schedule of testing and exercises will be maintained by the BCCos for each Area and
the FBCM for FHQ Departments. The BCCos and the FBCM will work with their
respective Plan Owners to facilitate testing and exercising of plans.

8.1.3 Post exercise debriefs will be carried out to ensure lessons identified are incorporated
and improvements made to plans.

8.1.4 Exercise and Testing Guidance for Business Continuity Plan Owners can be found in
Appendix E.

8.2 Reviewing and Maintaining

8.2.1 Reviewing all BC Plans and related documentation is to be carried out at least on a
Quarterly basis and is the responsibility of the Plan Owner. The purpose of reviewing is
two fold:
 To ensure the plan remains current and up to date.
 To maintain a State of Readiness.

Business Continuity SOP Page 9 of 16 Standard Operating Procedure

SOP Ref: SOP/192/09 NOT PROTECTIVELY MARKED Version 2.6 Date May 2010
 BRITISH
TRANSPORT NOT PROTECTIVELY MARKED
POLICE BRITISH TRANSPORT POLICE

8.2.2 A schedule of Maintenance will be overseen by the Area BCCo for their respective
Area. The FBCM will oversee the FHQ Departments. Plan Owners are responsible for
maintenance of their plan(s) and related documents. Where necessary they will consult
with the Area BCCo. The following types of maintenance and frequency of updates are
set within the programme:
 Cascade Lists – update quarterly.
 Business Impact Analysis – annually.
 Risk Assessment – annually.
 Business Recovery Strategy – revisited annually, following update of BIA.
 Post exercise / invocation plan update - following an exercise and/or invocation.

9. EMBEDDING BCM WITHIN ORGANISATION’S CULTURE

9.1 Training
9.1.1 Training will be provided in accordance to the BTP’s BCMP. Training will be linked to
individual roles. Appendix F contains details of BTP’s BCMP Training.

9.1.2 The FBCM will work in partnership with the Area BCCos to ensure appropriate training
has been given to those who have a key role within the BTP’s BCMP.

9.2 Awareness
9.2.1 Raising business continuity awareness amongst BTP staff is essential to the
embedding process. Levels of awareness will range from knowledge of BTP’s BC
Policy and Procedures, to individual roles during normal business and in a disruption.

9.2.2 The SCT lead for BC will review BC preparedness formally, quarterly at the FMT.
Each Area AMT/SMT will review BC as a statutory item at each meeting.

Business Continuity SOP Page 10 of 16 Standard Operating Procedure

SOP Ref: SOP/192/09 NOT PROTECTIVELY MARKED Version 2.6 Date May 2010
 BRITISH
TRANSPORT NOT PROTECTIVELY MARKED
POLICE BRITISH TRANSPORT POLICE

9.2.3 Raising levels of awareness will be joint effort between the FBCM, Area BCCo’s, Area
BC Champions and Plan Owners.
9.2.4 The following methods to raise BC awareness should be considered and implemented:
 One-to-one briefing
 Briefing at local team meetings
 Briefing at local AMT/SMT meetings
 Internal publications (e.g. Intranet/eweeklies)
 Use of Leaflets and Wallet Cards.
 Workshops and/or PowerPoint presentations.

9.2.5 Details of awareness methods used will be maintained by the Area BCCo and the
FBCM.

9.3 Quality Assurance

9.3.1 As part of the BCMP, standard tools and templates will be used to create plans across
the force. The FBCM and the Area BCCo’s on an annual basis at least review the
templates.

9.3.2 The tools and templates will be used by Plan Owners to meet the minimum
requirements of the BCMP.

9.4 Record Keeping and Reporting

9.4.1 The FBCM will report progress for testing, training, awareness and maintenance to
FMT on quarterly basis.

9.4.2 The FBCM will report to CAG on ‘State-of-Readiness’ for particular Area(s)/ FHQ
Department(s) as requested by the Head of Risk Management and Insurance on a
monthly basis.

Business Continuity SOP Page 11 of 16 Standard Operating Procedure

SOP Ref: SOP/192/09 NOT PROTECTIVELY MARKED Version 2.6 Date May 2010
 BRITISH
TRANSPORT NOT PROTECTIVELY MARKED
POLICE BRITISH TRANSPORT POLICE

9.5 Audit and Compliance

9.5.1 The Force Business Continuity Group will perform regular sample audits of plans
across the Force to ensure they are fit for purpose and meet all guidance set out within
the programme.

9.5.2 This internal audit will measure four key areas of compliance:
 Format – ensure all documentation is held in the correct location and in the
appropriate format.
 Content – quality assure the content of the plan to ensure all required elements are
present and fit for purpose.
 Testing – review recent testing approach, results, scope and lessons learnt.
 Staff Awareness – interview with members of staff to ascertain understanding of
the local plan and arrangements.

9.5.3 Periodically the Civil Contingencies Unit will undertake internal reviews, to support local
planning, ensure continuous improvement and share good practice across BTP. Area
BCCo’s will assist with peer group reviews as appropriate as part of this process.

9.5.4 As a minimum, the FBCM will perform two audits per annum, reporting findings to Plan
Owners, Area Commanders and Department Head and ACC Operations.

9.5.5 The BCMP will be subject to any external statutory audit.

10. RESPONDING TO A DISRUPTIVE EVENT

10.1 Business Continuity Gold Group (BCGG)
10.1.1 In the event of major disruption(s) a BCGG will take on a “GOLD” function chaired by
the “On Call” Chief Officer, ACC or nominated deputy. The group will convene at a
suitable location and provide conference call facilities for non-FHQ based staff to
Business Continuity SOP Page 12 of 16 Standard Operating Procedure
SOP Ref: SOP/192/09 NOT PROTECTIVELY MARKED Version 2.6 Date May 2010
 BRITISH
TRANSPORT NOT PROTECTIVELY MARKED
POLICE BRITISH TRANSPORT POLICE

contribute as necessary. Based on a dynamic impact assessment, BCGG will decide

on the appropriate strategy for the relevant Silver to deliver. The BCGG is guided by
formal terms of reference (see Appendix G).

10.2 Area/Department Business Continuity Silver Group (A/DBCSG)

10.2.1 In the event of major disruption(s) an A/DBCSG will take on a “Silver” role chaired by
the Area Commander / Department Head or a nominated SMT member to; coordinate
the tactical response to and recovery from the major disruption affecting local service
delivery. A/DBCSG will report to “Gold” on matters that cannot be resolved at Area/
Department level and require BCGG resolution. The A/DBCSG is guided by terms of
reference (see Appendix H).

10.3 Corporate Support

10.3.1 FHQ resources will be made available to provide specialist advice and assistance
where the scope of the disruption exceeds any local capability. They will report to Gold
but work closely with Silver to provide corporate solutions. FHQ Corporate support
may be provided by the following FHQ departments where necessary:
 HR Department – Assist with People related matters such as: Staff Welfare, Health
& Safety, Recruitments and general HR Policy and Procedures etc.
 Finance and Corporate Services Department – F&CS will assist with Premises and
Partners related matters such as: long-term fallback arrangements, Site Security,
damage impact assessment; activate emergency sub-account, increase
transactions spend limits; Insurance and Claims; identifying alternative supplier(s)
and setting up emergency contracts etc.
 Technology Department – will assist with the Process related matters such as:
recovering Force’s IT and Communications, Application/Software, set up temporary
IT accounts and access and Information Security etc.
 Media & Marketing – assist with advise on all matters related to internal/external
communication.
Business Continuity SOP Page 13 of 16 Standard Operating Procedure
SOP Ref: SOP/192/09 NOT PROTECTIVELY MARKED Version 2.6 Date May 2010
 BRITISH
TRANSPORT NOT PROTECTIVELY MARKED
POLICE BRITISH TRANSPORT POLICE

10.4 BCGG Activation and Response Criteria

10.4.1 A ‘BCGG’ will be activated in the event of a disruption affecting: People, Premises,
Processes and/or Partners which has caused or is likely to cause a significant or
sustained reduction in the delivery of any key services or functions of BTP.

10.4.2 Where the scope of the disruptive event has a lower potential for impact, or is solely
confined to a single Area/Department of BTP, an A/DBSG will be convened by the Area
Commander/Head of Department and supported by other Area/Departmental staff (see
Appendix I).

10.5 Plan Activation Process

10.5.1 The Plan Owner is ultimately responsible for activating their Plan.

10.5.2 In the event that Plan owners/Deputies are unavailable, the Force Control Room Duty
officer will assess the situation, in accordance with the Command and Control guide
and where appropriate will contact and inform: The Duty “On Call” Chief Officer and/or
the following:
 The senior “On Call” officer for the Area.
 The relevant Area Commander, Head of Department and Plan Owner.
 Force Business Continuity Manager.
 Chief Inspector Civil Contingencies Unit.

10.5.3 With the approval of the Duty “On Call” Chief Officer, the BCGG will be activated and
coordinated by the FBCM or a nominated member of the Civil Contingencies Unit to
determine the appropriate response for BTP.

10.5.4 Depending on the nature of the disruptive event, some or all of the stakeholders listed
in Appendix I will participate in the response, as directed by the “On Call” Chief Officer.

Business Continuity SOP Page 14 of 16 Standard Operating Procedure

SOP Ref: SOP/192/09 NOT PROTECTIVELY MARKED Version 2.6 Date May 2010
 BRITISH
TRANSPORT NOT PROTECTIVELY MARKED
POLICE BRITISH TRANSPORT POLICE

10.5.5 Where appropriate, BCGG will require Areas or FHQ Departments to establish a
structure to cascade instructions, actions and policy decisions through a corresponding
A/DBCSG for the affected Area(s) or Department(s) to manage the tactical response to
the disruptive event and recovery.

11. REFERENCES AND LEGISLATION

11.1 The BCMP complies with obligation under the Civil Contingencies Act 2004, in which
BTP is defined as a Category 1 responder.

11.2 Links to sites for Civil Contingencies Act:

www.cabinetoffice.gov.uk
www.ukresilience.info/
www.NSCWIP.info/
www.EPCollege.gov.uk
www.Londonprepared.gov.uk
www.environment-agency.gov.uk

11.3 Links to sites for Business Continuity:

www.thebci.org
www.EPcollege.gov.
www.continuitycentral.com
www.the-eps.org

12. APPENDICES
The documents listed below are available on the Intranet and the BC Planning Software
(eSecurus) to those with access rights.
 Appendix A – Glossary of Terms
 Appendix B – BC Roles and Responsibility
 Appendix C – Response and Recovery Strategies

Business Continuity SOP Page 15 of 16 Standard Operating Procedure

SOP Ref: SOP/192/09 NOT PROTECTIVELY MARKED Version 2.6 Date May 2010
 BRITISH
TRANSPORT NOT PROTECTIVELY MARKED
POLICE BRITISH TRANSPORT POLICE

 Appendix D – Planning Requirements

 Appendix E – Exercising and Testing Guidance for a Business Continuity Plan
 Appendix F – Business Continuity Training Programme
 Appendix G – Force BC Gold Group – Terms of Reference
 Appendix H – Area BC Silver Group –Terms of Reference
 Appendix I – BC Gold Group Agenda

Business Continuity SOP Page 16 of 16 Standard Operating Procedure

SOP Ref: SOP/192/09 NOT PROTECTIVELY MARKED Version 2.6 Date May 2010