Skip
  • Who-we-are-banner

    Business Continuity Policy

This statement covers Business Continuity (BC) preparedness and response for the Firm.

1. Scope

BC for Charles Russell Speechlys covers any type of incident which has the potential to cause significant disruption to the Firm and its ability to operate. This includes traditional threats, such as building problems and IT failure, and emerging and growing threats, such as terrorism and information security attacks.

2. Principles and Values

Standards and associated behaviours for BC should be based on protecting key resources and services. Top priority will be the safety, security and welfare of staff and other stakeholders affected by a BC incident.

BC impact during an incident will be measured in terms of:

  • staff and stakeholders (including on-site visitors) – health and welfare; security (physical and cyber);
  • operational/service provision – service levels maintained to an acceptable level;
  • financial stability – critical financial processes maintained, including payroll and supplier payments;
  • regulatory breach – (aim for) zero regulatory breach; and
  • reputation protection – effective communication and engagement with all stakeholders, the public, and the media.

3. Business Continuity Governance

The following are in place to manage our BC response and measure the effectiveness of BC:

  • Business Continuity Policy Statement (this document);
  • response plans at senior management and operational level. Uses traditional bronze, silver, gold structure;
  • specialist 'expert plans' to support specific scenarios, including technical IT and information security responses;
  • communications plan, covering internal and external audiences (including media);
  • off-site/work place recovery facility (for building issues);
  • post incident review process;
  • tracking document – status of all Charles Russell Speechlys BC plans, including last update and exercise;
  • analysis of specific requirements – for example, critical IT systems;
  • exercise schedule and programme – exercising should take place twice yearly; and
  • supplier continuity process (ie, assurance from critical suppliers of their BC capability).

4. Ownership and Accountability

The COO has ultimate responsibility for BC and OpCom are accountable for the appropriate level of response and resilience.

This means ensuring the rules, structures and processes are in place to support a proportionate response, and a framework which encourages a 'resilience' approach based on cost-vs-risk-speed.

Key roles and responsibilities within BC and resilience:

  • ownership and accountability – COO and OpCom;
  • governance, programme planning, delivery and facilitation – Sponsor (COO), Programme Lead (Director of ICS) and Business Continuity Partner (Databarracks);
  • strategic impact planning, and directorate response and recovery – senior managers;
  • team level impact planning, and team and individual response – all staff/all levels, led by line managers;
  • operational risk-BC link – General Counsel/Head of Corporate Risk and Governance and Business Continuity Partner (Databarracks);
  • expert planning and support - Incident Controllers within IT, Information Security, Facilities, Health and Safety, ACS and Human Resources (HR);
  • communications planning and support – Communications Team;
  • media statements and interviews – COO in the first instance, CPO in the second instance or a relevant member of the Central Management team*;
  • supplier planning and management – Head of Procurement & Internal Supplier Relationship Managers; and
  • supplier BC capability and response – all critical suppliers, especially within IT and Facilities.

5. Priorities

Firm priorities during an incident will vary according to the nature and timing of an incident. However, the following are the highest generic priorities for the Firm. The order of importance will depend on the incident:

  • people - staff duty of care (HR) and stakeholder duty of care;
  • external reputation - internal and external communications processes (including media management);
  • switchboard/direct lines - telephony and systems;
  • legal and enforcement - imminent court cases;
  • payroll and expenses;
  • finance/cashiers - cash flow (billing and cash collection) and bank deadlines;
  • IT Service Desk and Support - support for IT failures; and
  • information Security – cyber-attack response.

Note: Most critical times of year for Charles Russell Speechlys are financial year end, January for Tax returns, and calendar year end for transactional teams. Priorities during this period may change and will be dictated by the impact on the business at this time.

6. Linked Disciplines

Several business disciplines are closely linked to BC. For BC to function effectively, planning and incident response must be a collaborative approach with the following teams:

  • IT Operations and IT Disaster Recovery;
  • Information Security;
  • Cyber Security;
  • Facilities/Building Management;
  • Health and Safety;
  • Human Resources;
  • Operational & Legal Risk (legal implications of an incident);
  • Communications; and
  • Finance.

The success of BC capability relies on the input and support from others in the Firm, and it is the Programme Leads’ responsibility to establish and maintain strong relationships with representatives of the above support teams.

7. Link with the External Professional Bodies

Depending on the nature of the incident, the relevant regulator may need to be informed. This will be decided by the Programme Lead and the Head of Corporate Risk and Governance.

Back to top