Disaster Recovery. Example Policy. Author: A Heathcote Date: 24/05/2017 Version: 1.0
|
|
- Justin Wiggins
- 6 years ago
- Views:
Transcription
1 Example Policy Author: A Heathcote Date: 24/05/2017 Version: 1.0 Copyright 2017 Health and Social Care Information Centre. The Health and Social Care Information Centre is a non-departmental body created by statute, also known as NHS Digital.
2 Contents 1 Purpose 3 2 Scope 3 3 Applicability 3 4 Guidance 3 Terminology 3 Policy 3 General 4 Disaster Recovery Plan 4 Responsibilities 5 Training and Awareness 5 Management and Implementation 6 Testing 6 5 Key Words 6 Copyright 2017 Health and Social Care Information Centre. 2
3 1 Purpose The purpose of this Disaster Recovery Example Policy is to provide exemplar guidance in line with HMG and private sector best practice for the production of an organisation wide Disaster Recovery Policy. This is in order to allow the reader to produce the necessary policy and guidance for their business area and to ensure that the applicable and relevant security controls are set in place in line with the Department for Health, the wider NHS, health and social care and HMG requirements. 2 Scope The drafting of any policy governing the production of a Disaster Recovery Policy for NHS systems, devices or applications and information deployed in support of NHS or health and social care business functions. 3 Applicability This Example Policy is applicable to and designed for use by any NHS, health and social care or associated organisations that use or have access to NHS systems and/or information at any level. 4 Guidance This Example Policy provides guidance on the production of a Disaster Recovery Policy. The Example Policy is in italics with areas for insertion shown as <> and the rationale for each paragraph or section, where required, in [.]. Terminology Term SHALL SHOULD MAY Definition This term is used to state a Mandatory requirement of this policy This term is used to state a Recommended requirement of this policy This term is used to state an Optional requirement Policy The Disaster Recovery Policy shall be used to enable <insert name of organisation> to produce, implement, test and manage the necessary disaster recovery measures on <insert name of organisation> IT systems to enable a structured recovery post an IT or information loss incident. This policy supports and is linked to the <insert name of organisation> Business Continuity and Forensic Readiness policies. [The aim of this section is to state the objectives and aims of the disaster recovery policy. If applicable for the organisation it may be required to relate it to the overall business continuity approach for the organisation.] Copyright 2017 Health and Social Care Information Centre. 3
4 General <Insert name of organisation> Information Asset Owners (IAOs) and the associated Business Owner, with the Senior Information Risk Owner (SIRO) shall: Identify, locate and prioritise NHS and other Government data/information for its importance to <insert name of organisation> and the wider NHS business functions. This will be driven by the Business Continuity requirements. Identify the single points of failure within the <insert name of organisation> IT networks and IT systems. Identify the essential data stores, data bearers and software (operating systems and applications) for the <insert name of organisation> business. [This section should be used to identify the core requirements of disaster recovery as they apply to the organisation. For larger organisations with their own IT the identification of where the critical information is held and points of failure should be possible from within the IT services/operations; however, where the IT is outsourced, particularly for smaller organisations, the policy will need to either require the outsourced provider to identify these elements or state that any contract with the provider will require these objectives to be met.] Using the above information, the <insert name of organisation> IAOs and the SIRO with the Chief Information Security Officer (CISO) shall: Ensure that <insert name of organisation> has a comprehensive backup process that supports the identified and prioritised data stores, bearers and essential software. Produce a Disaster Recovery Plan that meets the business continuity requirements and will enable forensic recovery to take place if required. The requirements of the Disaster Recovery Plan shall be related to the Business Continuity Plan and the Backup policy to ensure the approach is holistic. [This part of the section relates to the requirement for disaster recovery/back-up plans to be produced. For larger organisations, the Disaster Recovery Plan will probably be produced in-house and relate to business continuity. For smaller organisations, the disaster recovery and back-up plans may be possible to be joined; it is also likely that as the IT is provided by an outsourced third party provider the policy will require the plans to be part of the contract. Within smaller organisations the roles of SIRO and CISO, maybe also ISAO, will be within the information governance lead function.] Disaster Recovery Plan A Disaster Recovery Plan shall be produced to enable data and IT systems/functionality to be recovered in a structured and managed manner post an incident. The Disaster Recovery Plan shall support the requirements of Business Continuity. The Plan shall be regularly tested, this should be at least annually. The Plan should cover: Ownership which post owns and controls the plan Responsibilities identification of roles and their responsibilities Identification of critical assets with priority order for recovery/business functionality Copyright 2017 Health and Social Care Information Centre. 4
5 Capabilities identified internal and external capabilities Resources allocation of tasks to resources, internal and external Task flow including: Points of contact Relationship to incident management team Recovery processes and actions in a structured order Recording of recovery actions taken and time when assets recovered/restored. Post Action Review lessons learnt. Test Schedule. [The size and complexity of the Disaster Recovery Plan will vary according to the size and type of information processed by the organisation, and whether it is outsourced. The above outline is the recommended minimum policy requirement for such a Plan; however, for smaller organisations where the IT is outsourced the policy may need to be altered to reflect that the above requirements should be contractually required form their provider.] Responsibilities The following roles shall undertake the responsibilities listed: Senior Information Risk Owner (SIRO) coordinate the development and maintenance of the Disaster Recovery Plan ensuring it relates to the <insert name of organisation> Business Continuity Plan. Disaster Recovery Plan Manager maintains the Plan on behalf of the SIRO ensuring that testing is undertaken. A post shall be allocated for this role. Information Asset Owners (IAOs) and Business Owners ensure that the requirements from the Disaster Recovery planning are adequately considered and documented for all information assets of which they have ownership; and, enable the recovery to be enacted. Line Managers - ensure that staff follow the <insert name of organisation> Disaster Recovery Plan procedures. Chief Information Security Officer (CISO) management of disaster recovery procedures relating to IT and information security. [For smaller organisations, the roles of SIRO and CISO may be undertaken as a secondary role by senior partners or the owners of the business; provided the individual/role identified is one that is in a position to make informed, executive decisions that are appropriate for the SIRO and CISO functions. These roles may be part of the information governance lead; as may be the case for the IAO role(s) where the size does not merit individual SIRO, CISO and IAO roles.] Training and Awareness Personnel who are required to undertake specific technical and functional roles associated with disaster recovery shall be trained and formally qualified to complete this specialist function. Copyright 2017 Health and Social Care Information Centre. 5
6 All <insert name of organisation> staff, including third parties, shall be made aware of the requirements of the <insert name of organisation> Disaster Recovery Plan and its Procedures. [A policy should outline the requirement for personnel to be appropriately trained and made aware of the disaster recovery requirements. The specific training and roles which require it, or the necessity to mandate in third party contracts that the provider (e.g. IT provider) has trained and appropriately skilled people, would be detailed in the actual Disaster Recovery Plan.] Management and Implementation The Disaster Recovery Policy and the resulting Disaster Recovery Plan shall be reviewed and re-issued annually or upon identification of a change in procedure or lesson learnt. The effectiveness of the Policy and Plan shall be monitored through audits and tests (external and internal) and from lessons learnt during any business continuity activity. [It is essential that the Plan is reviewed and audited, as well as tested regularly, and the requirement for this should be included in the Policy. The actual processes should be covered in the Disaster Recovery Plan.] Testing On behalf of the SIRO the Disaster Recovery Plan Manager shall coordinate and manage testing which should follow the below levels and is recommended to be at least annually at each level: Table Top Walkthrough Real-time Live Test [Testing is critical to ensure that the Plan is fit for purpose; it is recommended that this is mandated in the Policy, or if third party providers are utilised it is mandated as a contractual requirement.] 5 Key Words Backup, Business Continuity, CISO, Data Recovery, Disaster Recovery, Forensic Readiness, IAO, Single Points of Failure, SIRO, Copyright 2017 Health and Social Care Information Centre. 6
Cyber ERM Proposal Form
Cyber ERM Proposal Form This document allows Chubb to gather the needed information to assess the risks related to the information systems of the prospective insured. Please note that completing this proposal
More informationNHS WOLVERHAMPTON CITY CLINICAL COMMISSIONING GROUP
NHS WOLVERHAMPTON CITY CLINICAL COMMISSIONING GROUP INFORMATION ASSET RISK ASSESSMENT PROCEDURE 1 Document Description Document Type Procedure Service NHS Wolverhampton CCG (Wolverhampton CCG) Application
More informationOFFICIAL. Date 14 March 2019 COSLA Conference Centre, Edinburgh. Chris Brown, Strategic Financial Planning & Budgeting Lead Recommendation to
Agenda Item 10.2 Meeting Date Location COSLA Conference Centre, Edinburgh Title of Paper 2019/20 Budget Progress Report Presented By Chris Brown, Strategic Financial Planning & Budgeting Lead Recommendation
More informationPersonal Health Budgets Mandatory Data
Personal Health Budgets Mandatory Data Guidance Published June 2017 C opyright 2017 Health and Social Care Information Centre. The Health and Social Care Information Centre is a non-departmental body created
More informationRISK MANAGEMENT POLICY
B A R R A M U N D I L I M I T E D RISK MANAGEMENT POLICY February 2018 THE OBJECTIVES OF RI SK MANAGEMENT Risk management is the systematic process of managing an organisation's risk exposures to achieve
More informationInformation Asset Risk Assessment Procedure
Information Asset Risk Assessment Procedure UNIQUE REF NUMBER: AC/IG/012/V1.2 DOCUMENT STATUS: Approved by Audit Committee 19 June 2013 DATE ISSUED: June 2013 DATE TO BE REVIEWED: June 2014 1 P age AMENDMENT
More informationAnnexure B. To the [directors of name of benefit administrator] 1 and to the Registrar of Pension Funds
Annexure B Report of the Independent Auditor of [name of administrator] on the Conditions in respect of Benefit Administrators on behalf of Pension Funds To the [directors of name of administrator] 1 and
More informationCITY UNIVERSITY OF HONG KONG Business Continuity Management Standard
CITY UNIVERSITY OF HONG KONG Business Continuity Management Standard (Approved by the Information Strategy and Governance Committee in December 2013; revision 1.1 approved by Chief Information Officer
More informationInformation security policy
Information security policy Policy objectives 1 This policy is intended to establish the necessary policies, procedures and an organisational structure that will protect NMC s information assets and critical
More informationDRAFT FOR DISCUSSION. Guidelines for Research and Development Plans 2009
DRAFT FOR DISCUSSION Guidelines for Research and Development Plans 2009 I, [Insert name of Chairman], Chairman of Innovation Australia, acting on behalf of Innovation Australia, make these Guidelines under
More informationUNIFORM SYSTEM OF ACCOUNTS FOR THE LODGING INDUSTRY
UNIFORM SYSTEM OF ACCOUNTS FOR THE LODGING INDUSTRY A man on Uniform Howard Field s guide to the new edition of the Uniform System of Accounts for the Lodging Industry. The guide is not intended to be
More informationThe Annual Audit Letter for Birmingham City Council
The Annual Audit Letter for Birmingham City Council Year ended 31 March 2014 October 2014 Mark Stocks Director T 0121 232 5437 E mark.c.stocks@uk.gt.com Richard Percival Senior Manager T 0121 232 5434
More informationFacilities and Equipment Policy
[insert organisation name/logo] Facilities and Equipment Policy Document Status: Date Issued: Lead Author: Approved by: Draft or Final [date] [name and position] [insert organisation name] Board of Directors
More informationIT Risk in Credit Unions - Thematic Review Findings
IT Risk in Credit Unions - Thematic Review Findings January 2018 Central Bank of Ireland Findings from IT Thematic Review in Credit Unions Page 2 Table of Contents 1. Executive Summary... 3 1.1 Purpose...
More informationInformation Management Business Area. National Policing Information Risk Escalation Policy V1.0
Information Management Business Area National Policing Information Risk Escalation Policy V1.0 January 2015 Introduction 1. This policy sets out the National Policing Information Risk Escalation Policy
More informationDATA PROCESSING ANNEX
Page 1 (5) 1 BACKGROUND AND PURPOSE DATA PROCESSING ANNEX 1.1 The terms of this Annex shall apply to the Agreement between Solibri Oy and/or its Subsidiary/Subsidiaries (Solibri Oy and the Subsidiaries
More informationBUDGET SYSTEM LAW. / Official Gazette of the Republic of Serbia No. 9, 26 February 2002/ I. GENERAL PROVISIONS. Article 1
BUDGET SYSTEM LAW / Official Gazette of the Republic of Serbia No. 9, 26 February 2002/ I. GENERAL PROVISIONS Content and Scope of the Law Article 1 This Law shall regulate the planning, preparation and
More informationRisk Management Strategy
Risk Management Strategy 2016 2019 Version: 6 Policy Lead/Author & Deputy Director of Quality position: Ward / Department: Nursing Directorate Replacing Document: Version 5 Approving Committee Quality
More informationVulnerable consumers in regulated industries
Report by the Comptroller and Auditor General Ofwat, Ofgem, Ofcom and the Financial Conduct Authority Vulnerable consumers in regulated industries HC 1061 SESSION 2016-17 31 MARCH 2017 4 Key facts Vulnerable
More informationInternal Audit Incident Management Review
PHWQSC 22.13.02 Internal Audit Incident Management Review Author: Keith Cox Date: 08/04/2015 Version: 1 Sponsoring Executive Director: Keith Cox Who will present: Keith Cox Date of Committee / Board meeting:
More informationDISCUSSION DOCUMENT ASSURANCE REPORTING ON PENSION TRUSTEES
DISCUSSION DOCUMENT ASSURANCE REPORTING ON PENSION TRUSTEES (December 2011 AAF Pension Trustee Supplement 1 to ICAEW AAF 02/07) Background The Occupational Pension Schemes (Independent Trustee) Regulations
More informationREPORT BY THE COMPTROLLER AND AUDITOR GENERAL HC 1698 SESSION MAY HM Treasury and Cabinet Office. Assurance for major projects
REPORT BY THE COMPTROLLER AND AUDITOR GENERAL HC 1698 SESSION 2010 2012 2 MAY 2012 HM Treasury and Cabinet Office Assurance for major projects 4 Key facts Assurance for major projects Key facts 205 projects
More informationNHS Standard Contract 2016/17 General Conditions (full length)
NHS Standard Contract 2016/17 General Conditions (full length) NHS Standard Contract 2016/17 General Conditions First published: March 2016 Updated: 13 April 2016 This updated version, published on 13
More informationIntroduction. What is AAR?
Introduction The HSE has developed a number of review methodologies which will assist in the provision of a graduated and proportionate response to the review of incidents 1 as identified in the HSE s
More informationFinansinspektionen s Regulatory Code
Finansinspektionen s Regulatory Code Publisher: Finansinspektionen, Sweden, www.fi.se ISSN 1102-7460 Finansinspektionen s Regulations and General Guidelines regarding the management of operational risks;
More informationRecordkeeping for Business Activities Carried out by Contractors RECORDKEEPING GUIDE G17 DATE ISSUED: JUNE 2009
Recordkeeping for Business Activities Carried out by Contractors RECORDKEEPING GUIDE G17 DATE ISSUED: JUNE 2009 REVIEW DATE: 2011 PAGE 2 JUNE 2009: Recordkeeping for Business Activities Carried out by
More informationFinal report Technical advice on third country regulatory equivalence under EMIR Hong Kong
Final report Technical advice on third country regulatory equivalence under EMIR Hong Kong 1 September 2013 ESMA/2013/1160 Date:1 September 2013 ESMA/2013/BS/1160 Table of Contents Table of contents 2
More information17. Reduction. 17 REDUCTION p1
17. Reduction Summary Reduction involves identifying and analysing risks to life and property from hazards, taking steps to eliminate those risks if practicable, and, if not, reducing the magnitude of
More informationGUIDE TO THE DRAFTING OF POLICY DOCUMENTS
GUIDE TO THE DRAFTING OF POLICY DOCUMENTS To be used in conjunction with the Policy Framework and the Policy Template Policy Title: [for ease of searching, policy title should not start with University
More informationSection 6 IMPLEMENTATION, MONITORING AND EVALUATION
Section 6 IMPLEMENTATION, MONITORING AND EVALUATION This section seeks to explain the responsibilities that the Department, Agencies and other public bodies have once a proposal has been appraised. It
More informationTPB(PN)D38/2017: Outsourcing, offshoring and the Code of Professional Conduct
12 October 2017 Tax Practitioners Board GPO Box 1620 SYDNEY NSW 2001 Email: tpbsubmissions@tpb.gov.au Dear Sir / Madam TPB(PN)D38/2017: Outsourcing, offshoring and the Code of Professional Conduct The
More informationAUSTRALIAN BUDGET
MAY 2015 AUSTRALIAN TAX UPDATE AUSTRALIAN BUDGET 2015-2016 INTRODUCTION The Australian Government has released a measured but significant 2015-2016 Federal Budget. The three main tax changes include a
More informationGO/GN3519. Guidance on Accident and Incident Investigation. Rail Industry Guidance Note for GO/RT3119
GN Published by: Block 2 Angel Square 1 Torrens Street London EC1V 1NY Copyright 2012 Rail Safety and Standards Board Limited GO/GN3519 Issue Three: December 2012 Rail Industry Guidance Note for GO/RT3119
More informationPerpetual s Risk Management Framework
Perpetual s Risk Management Framework Perpetual s Risk Management Framework Context Perpetual Limited (Perpetual) is a diversified financial services firm, listed on the Australian Securities Exchange.
More informationHIPAA Compliance Guide
This document provides an overview of the Health Insurance Portability and Accountability Act (HIPAA) compliance requirements. It covers the relevant legislation, required procedures, and ways that your
More informationInformation Technology
Mission Statement Information Technology The Department of Information Technology will ensure the citizens, Board of County Supervisors, County Executive and County agencies receive an excellent return
More informationEffective Assurance Frameworks
Effective Assurance Frameworks NIGEL IRELAND, HEAD O F BARCUD S HARED S E R VICES @ barcudss w w w.barcudsharedservices.org.uk Today What an Assurance Framework is How an Assurance Framework can add value
More informationRisk Management Policy
Risk Management Policy 1 Purpose and scope of this Policy 1.1 CSG Limited (CSG) is committed to managing its risks in a consistent and practical manner. Effective risk management is directly focussed on
More informationPolicy and Resources Committee 21 March 2017
Policy and Resources Committee 21 March 2017 Title Future of Barnet Public Health Service Report of Wards Status Urgent Key Enclosures Officer contact details Dawn Wakeling, Adults and Health Commissioning
More informationINTERNATIONAL SOS. Data Retention, Archiving and Destruction Policy. Version 1.10
INTERNATIONAL SOS Data Retention, Archiving and Destruction Policy Document Owner: LCIS Division Document Manager: Group General Counsel Effective: January 2009 Updated: March 2017 2017 All copyright in
More informationNHS SOUTH LINCOLNSHIRE CLINICAL COMMISSIONING GROUP AUDIT & RISK COMMITTEE TERMS OF REFERENCE
Appendix I NHS SOUTH LINCOLNSHIRE CLINICAL COMMISSIONING GROUP 1. GOVERNANCE NOTE AUDIT & RISK COMMITTEE TERMS OF REFERENCE South Lincolnshire and South West Lincolnshire CCGs have each established their
More informationRECORDS MANAGEMENT GUIDANCE & RETENTION SCHEDULE
RECORDS MANAGEMENT GUIDANCE & RETENTION SCHEDULE Purpose This document is to be used as guidance for the retention of all records across the organisation. Included is a retention schedule in two formats,
More informationMPA/MPS Capital Strategy
Appendix 1 MPA/MPS Capital Strategy 2005 2010 July 2004 Draft Page 1 of 13 Contents Section 1 Context sheet Page General 3 Capital and Revenue Budgets 3 Section 2 Capital Strategy Introduction 5 Strategic
More informationDraft Privacy Impact Assessment - Amendments to Chapter 4 of the AML/CTF Rules 25 November 2015
Draft Privacy Impact Assessment - Amendments to Chapter 4 of the AML/CTF Rules 25 November 2015 AUSTRAC has released the Draft Privacy Impact Assessment Amendments to Chapter 4 of the Anti-Money Laundering
More informationAPPENDIX 1. Transport for the North. Risk Management Strategy
APPENDIX 1 Transport for the North Risk Management Strategy Document Details Document Reference: Version: 1.4 Issue Date: 21 st March 2017 Review Date: 27 TH March 2017 Document Author: Haddy Njie TfN
More informationBERMUDA ECONOMIC SUBSTANCE REGULATIONS 2018 BR 154 / 2018
QUO FA T A F U E R N T BERMUDA BR 154 / 2018 TABLE OF CONTENTS 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 Citation Interpretation Economic substance requirements Minimum economic substance requirements
More informationRegulations and guidelines 1/2012
Regulations and guidelines 1/2012 Outsourcing in supervised entities belonging to the financial sector J. No. FIVA 2/01.00/2018 Issued 23.2.2012 Valid from 1.4.2012 FINANCIAL SUPERVISORY AUTHORITY tel.
More informationINFORMATION AND CYBER SECURITY POLICY V1.1
Future Generali 1 INFORMATION AND CYBER SECURITY V1.1 Future Generali 2 Revision History Revision / Version No. 1.0 1.1 Rollout Date Location of change 14-07- 2017 Mumbai 25.04.20 18 Thane Changed by Original
More informationCode of audit practice 2010
The statutory responsibilities and powers of appointed auditors are set out in the Audit Commission Act 1998. In discharging these specific statutory responsibilities and powers, auditors are required
More informationSolent NHS Trust Shadow Historical Due Diligence Paper for Trust Board June 2011
Solent NHS Trust Shadow Historical Due Diligence Paper for Trust Board June 2011 Summary This paper sets out the programme for shadow due diligence in July. Board members are asked to note the timetable,
More informationED 9 Joint Arrangements
September 2007 ED 9 EXPOSURE DRAFT ED 9 Joint Arrangements Comments to be received by 11 January 2008 Exposure Draft ED 9 JOINT ARRANGEMENTS Comments to be received by 11 January 2008 ED 9 Joint Arrangements
More informationRisk Management Policy and Strategy
Risk Management Policy and Strategy Version: 2.1 Bodies consulted: Approved by: Directors and Managers responsible for risk Board of Directors Date Approved: 28 March 2017 Lead Manager: Lead Director:
More informationRisk Management Policy
Version: 2.0 New or Replacement: Policy number: Document author(s): Replacement ULHT-MD-GOV-RM-PMIMSI Paul White, Risk Manager Contributor(s): Members of the Trust Board & Senior Leadership Team Approved
More informationPOWER OF CHOICE IMPLEMENTATION PROGRAM INDUSTRY PLAN RISK & ISSUE MANAGEMENT
POWER OF CHOICE IMPLEMENTATION PROGRAM INDUSTRY PLAN RISK & ISSUE MANAGEMENT Published: June 2016 IMPORTANT NOTICE This document or the information in it may be subsequently updated or amended. This document
More informationMinistry of Economic Affairs and Communications. Estonian Safety Investigation Bureau. Report of the railway accidents. investigated in 2012
Ministry of Economic Affairs and Communications Report of the railway accidents investigated in 2012 Tallinn 2013 Public railways in the Republic of Estonia 2 Preface to the report This annual report is
More informationTrustis Limited Platinum CSC Health Services Certificate Policy
Trustis Limited Platinum CSC Health Services Certificate Policy Copyright Trustis Limited 1999-2016. All Rights Reserved. Trustis Limited. Building 273. Greenham Business Park. Greenham Common. Thatcham.
More informationGuidance Statement GS 002 Special Considerations in the Audit of Risk Management Requirements for Registrable Superannuation Entities and Licensees
GS 002 (September 2010) Guidance Statement GS 002 Special Considerations in the Audit of Risk Management Requirements for Registrable Superannuation Entities and Issued by the Auditing and Assurance Standards
More informationFinancial Services Authority
Financial Services Authority FINAL NOTICE To: Of: Zurich Insurance Plc, UK branch The Zurich Centre 3000 Parkway Whiteley Fareham PO15 7JZ Date 19 August 2010 TAKE NOTICE: The Financial Services Authority
More informationRisk Management Policy
Risk Management Policy Version: 3 Board Endorsement: 11 January 2014 Last Review Date: 3 January 2014 Next Review Date: July 2014 Risk Management Policy 1 Table of Contents 1 Introduction... 3 2 Overview...
More informationCyber ERM Proposal Form
Cyber ERM Proposal Form This document allows Chubb to gather the needed information to assess the risks related to the information systems of the prospective insured. Please note that completing this proposal
More informationANNEX. DAC code Sector Economic and Development Planning
ANNEX 1. IDTIFICATION Title Total cost Aid method management mode Technical Cooperation Facility 1.5M (2.4% of NIP) Project approach partially decentralised management DAC code 15010 Sector Economic and
More informationAnalysis of Insurance Undertakings Preparedness for Solvency II. October 2010
Analysis of Insurance Undertakings Preparedness for Solvency II October 2010 Contents Introduction...2 1. General...3 1.1 Analyses in insurance undertakings and schedule of preparations...3 1.2 IT systems
More informationNHS Newcastle Gateshead Clinical Commissioning Group Audit Committee Terms of Reference
NHS Newcastle Gateshead Clinical Commissioning Group Audit Committee Terms of Reference 1. Introduction The audit committee of the Clinical Commissioning Group is a statutory committee established as a
More informationRisk Management Strategy January NHS Education for Scotland RISK MANAGEMENT STRATEGY
NHS Education for Scotland RISK MANAGEMENT STRATEGY January 2016 1 Contents 1. NES STATEMENT ON RISK MANAGEMENT 2 RISK MANAGEMENT STRATEGY 3 RISK MANAGEMENT STRUCTURES 4 RISK MANAGEMENT PROCESSES 5 RISK
More informationIFRIC DRAFT INTERPRETATION D13
IFRIC International Financial Reporting Interpretations Committee International Accounting Standards Board IFRIC DRAFT INTERPRETATION D13 Service Concession Arrangements The Financial Asset Model Comments
More informationGROUP RECORDS MANAGEMENT POLICY SUMMARY FOR THIRD PARTY SUPPLIERS
GROUP RECORDS MANAGEMENT POLICY SUMMARY FOR THIRD PARTY SUPPLIERS RATIONALE Lloyds Banking Group (the Group) and its Third Party Suppliers (suppliers) have moral, legal and regulatory obligations to create,
More informationGuidelines. on major incident reporting under Directive (EU) 2015/2366 (PSD2) EBA/GL/2017/10 19/12/2017
EBA/GL/2017/10 19/12/2017 Guidelines on major incident reporting under Directive (EU) 2015/2366 (PSD2) 1. Compliance and reporting obligations Status of these Guidelines 1. This document contains Guidelines
More informationREPORT BY THE COMPTROLLER AND AUDITOR GENERAL HC 996 SESSION FEBRUARY Cabinet Office. Improving government procurement
REPORT BY THE COMPTROLLER AND AUDITOR GENERAL HC 996 SESSION 2012-13 27 FEBRUARY 2013 Cabinet Office Improving government procurement 4 Key facts Improving government procurement Key facts 45bn central
More informationLosses and Special Payments Procedure
Losses and Special Payments Procedure This is a controlled document. It should not be altered in any way without the express permission of the author or their representative. Date: September 2014 Page
More informationCITY OF WALKER REQUEST FOR PROPOSAL AUDITING SERVICES 3/17/2014
CITY OF WALKER REQUEST FOR PROPOSAL AUDITING SERVICES 3/17/2014 The City of Walker is requesting proposals from qualified firms of Certified Public Accountants to audit its financial statements for the
More informationLaw. on Payment Services and Payment Systems * Chapter One GENERAL PROVISIONS. Section I Subject and Negative Scope. Subject
Law on Payment Services and Payment Systems 1 Law on Payment Services and Payment Systems * (Adopted by the 40th National Assembly on 12 March 2009; published in the Darjaven Vestnik, issue 23 of 27 March
More informationAESOP:Guidelines for effective communication between Critical infrastructure operators and the public during crisis situations
AESOP:Guidelines for effective communication between Critical infrastructure operators and the public during crisis situations Dr Paul Reilly & Dr Elisa Serafinelli University of Sheffield IMPROVER Workshop
More informationNEW ZEALAND SOCIETY OF ACTUARIES PROFESSIONAL STANDARD NO. 91 ECONOMIC VALUATIONS MANDATORY STATUS EFFECTIVE DATE 1 JULY 2010
NEW ZEALAND SOCIETY OF ACTUARIES PROFESSIONAL STANDARD NO. 91 ECONOMIC VALUATIONS MANDATORY STATUS EFFECTIVE DATE 1 JULY 2010 1. Introduction... 2 2. Effective Date... 3 3. Definitions... 3 4. Professional
More informationIndependent review commissioned by Ministry of Social Development. Security Response Programme Final Review
commissioned by Ministry of Social Development Security Response Programme Final Review 2 Contents Part 1 Executive summary... 3 Part 2 Findings and observations... 8 Appendix One Definitions... 29 Appendix
More informationNOAC National Oversight and Audit Commission Statement of Strategic Intent
NOAC National Oversight and Audit Commission Statement of Strategic Intent 2015-16 December 2014 Preface This Statement of Strategic Intent outlines the National Oversight and Audit Commission s (NOAC)
More informationAS TABLED IN THE HOUSE OF ASSEMBLY
AS TABLED IN THE HOUSE OF ASSEMBLY A BILL entitled INSURANCE AMENDMENT (NO. 3) ACT 2018 TABLE OF CONTENTS 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 Citation Amends section 1 Amends section 4 Amends
More informationIFRS 16 Leases Exposure draft 18(01)
HFMA response July 2018 IFRS 16 Leases Exposure draft 18(01) Who are we The Healthcare Financial Management Association (HFMA) is the representative body for finance staff in healthcare. For the past 60
More informationDD May Ms Louise Ellman MP Chair, Transport Select Committee House of Commons London SW1AOAA
1\131 Association of British Insurers One America Square, 17 Crosswall, London EC3N 2LB T: 020 7600 3333 I abi.org.uk Ms Louise Ellman MP Chair, Transport Select Committee House of Commons London SW1AOAA
More informationGovernment Soft Landings
Cabinet Office Government Soft Landings Section 4 - Capital Cost and Operating Cost 02 Government Soft Landings Section 4 - Capital Cost and operating Cost 4.0 Capital Cost and Operating Cost (the Economic
More informationPolicy and Procedure Development Handbook
Policy and Procedure Development Handbook Preface This handbook is made available to you by the Regional Policy Advisory Council (RPAC). RPAC s mandate includes the constant review and clarification of
More informationHealth Committee. From Dr Sarah Wollaston MP, Chair. The Rt Hon Jeremy Hunt MP Secretary of State for Health Department of Health. Letter by to
Health Committee House of Commons London SW1A 0AA Tel 020 7219 6182 Fax 020 7219 5171 Email healthcom@parliament.uk www.parliament.uk/healthcom From Dr Sarah Wollaston MP, Chair The Rt Hon Jeremy Hunt
More informationRisk Management Plan PURPOSE: SCOPE:
Management Plan Authority Source: Vice-Chancellor Approval Date: 16/05/2018 Publication Date: 17/05/2018 Review Date: 17/05/2021 Effective Date: 16/05/2018 Custodian: General Counsel and University Secretary
More informationCybersecurity Threats: What Retirement Plan Sponsors and Fiduciaries Need to Know and Do
ARTICLE Cybersecurity Threats: What Retirement Plan Sponsors and Fiduciaries Need to Know and Do By Gene Griggs and Saad Gul This article analyzes cybersecurity issues for retirement plans. Introduction
More informationThe draft National Health Service Pension Scheme & Additional Voluntary Contribution (Amendment) Regulations 2018
The draft National Health Service Pension Scheme & Additional Voluntary Contribution (Amendment) Regulations 2018 Consultation Document & Explanatory Notes November 2017 DH ID box Title: The draft National
More informationBUILDING INFORMATION MODELLING (BIM) PROTOCOL SECOND EDITION. Standard Protocol for use in projects using Building Information Models
BUILDING INFORMATION MODELLING (BIM) PROTOCOL SECOND EDITION Standard Protocol for use in projects using Building Information Models Construction Industry Council I The BIM Protocol has been drafted by
More informationREQUEST FOR PROPOSAL FOR ACTUARIAL SERVICES RFP
REQUEST FOR PROPOSAL FOR ACTUARIAL SERVICES RFP 2016-1 Statement of Objectives The Fort Worth Employees Retirement Fund ( FWERF or the Fund ) is searching for an actuarial firm to conduct actuarial valuations
More informationEmerging legal and regulatory risks
Emerging legal and regulatory risks Presentation for AusCERT2016 Matthew Pokarier and Ben Di Marco Structure Regulatory risks Third-party liability Actions by affected individuals Actions by banks and
More informationThe DCA Certification Scheme: Guidelines for DATA CENTRES
The DCA Certification Scheme: Guidelines for DATA CENTRES 2015, Data Centre Alliance Limited (www.datacentrealliance.org). All rights reserved. This publication may not be reproduced in Whole or in part;
More informationINTERNAL AUDIT DIVISION AUDIT REPORT 2013/091. Audit of the United Nations Peacebuilding Support Office
INTERNAL AUDIT DIVISION AUDIT REPORT 2013/091 Audit of the United Nations Peacebuilding Support Office Overall results relating to the effective support of the Peacebuilding Support Office to the Peacebuilding
More informationPension Trustees. Final Countdown to the GDPR
Pension Trustees Final Countdown to the GDPR Introduction The General Data Protection Regulation (GDPR) will come into force in all EU Member States in May 2018. It is not a radical departure from the
More informationConsolidated Annual Activity Report (CAAR) of
Annex 2 Template for Consolidated Annual Activity Report Consolidated Annual Activity Report (CAAR) of Year (aaaa) [In pursuance of FR 1605/2002, FFR No 1271 1 /2013] 1 REGULATION (EU) No
More informationIFPHK Response to the consultation paper on the proposed establishment of an investor education council and a financial dispute resolution centre
Institute of Financial Planners of Hong Kong The premier professional body representing financial planners who uphold the highest standards in financial planning that benefit the public IFPHK Response
More informationClaims Policy. Choice, Responsiveness, Integration & Shared Care
Claims Policy Choice, Responsiveness, Integration & Shared Care Worcestershire Mental Health Partnership NHS Trust Information Reader Box Document Type: Document Purpose: Unique identifier: Title: Target
More informationThe Annual Audit Letter for Staffordshire and Stoke on Trent Partnership NHS Trust
The Annual Audit Letter for Staffordshire and Stoke on Trent Partnership NHS Trust Year ended 31 March 2016 28 July 2016 James Cook Director T 0121 232 5343 E james.a.cook@uk.gt.com Andrew Reid Senior
More informationPayment system reform proposals for 2019/20. A joint publication by NHS England and NHS Improvement
Payment system reform proposals for 2019/20 A joint publication by NHS England and NHS Improvement October 2018 Payment system reform proposals for 2019/20 A joint publication by NHS England and NHS Improvement
More informationRisk Registers. Providing evidence, if required, that the Trust is compliant with the Management of Health and Safety Regulations 1999;
Risk Registers Appendix 1 What is a Risk Register? A Risk Register is a log of risks of all kinds that threaten the delivery of objectives and the delivery of services. It should be a live document which
More informationSCHEDULE 1 SERVICE DESCRIPTION
SCHEDULE 1 SERVICE DESCRIPTION . Introduction Service Description a) Accreditation Process The Service Provider ( SP ) wishing to be approved by Borsa Italiana as an accredited Service Provider who can
More informationNEW JERSEY ENVIRONMENTAL INFRASTRUCTURE TRUST POLICY AND PROCEDURE. Compliance with Rule 15c2-12 for all outstanding and new bond issues
NEW JERSEY ENVIRONMENTAL INFRASTRUCTURE TRUST POLICY AND PROCEDURE NO. SUBJECT: POLICY: 1.24 Secondary Market Disclosure Compliance Policies Continuing Disclosure Requirements Compliance with Rule 15c2-12
More informationRISK MANAGEMENT POLICY October 2015
RISK MANAGEMENT POLICY October 2015 1. INTRODUCTION 1.1 The primary objective of risk management is to ensure that the risks facing the business are appropriately managed. 1.2 Paringa Resources Limited
More informationIntroduction to Capital Planning Management Systems
Introduction to Capital Planning Management Systems Scottish Healthcare Conference 2013 Michael Kwok, P.Eng. MBA Senior Vice President, Professional Services Ray Dufresne, AIA Vice President, Consulting
More information