Updated BCP

Adrian Clarke <adclarke@nibtt.net>

Fri 21/07/2023 1:40 PM
To:Gary Awai <gawai@nibtt.net>;Marilyn Gordon <mgordon@nibtt.net>;Gregory Marchan <gmarchan@nibtt.net>
Cc:Candice George <cageorge@nibtt.net>;Niala Persad-Poliah <npersad@nibtt.net>;Brendon Nelson <bnelson@nibtt.net>;Andy Sean Edwards
<asedwards@nibtt.net>;Renee Camillo-Castillo <rccastillo@nibtt.net>

1 attachments (432 KB)

RBU Annual Plans FY2024 Final.pdf;

Dear ARCC members:

Please find attached the updated risk plan. Included is a brief description of what maintenance of the BCR and DRP entails. Since updates to
the plan to keep it relevant are just one element included in the annual maintenance process, changing the description of the plan from
"maintenance" to "update" is inappropriate.

I can also confirm that the DRP is not a draft document. The DRP was approved in 2016 as part of the business continuity framework and is
updated and tested every year. I will ask the BCP Manager to again offer refresher training for Executives who request it. I have also included
correspondence from the BCM manager to further clarify the matter.

I have also included below correspondence from the BCM manager to further clarify the matter.

It must be noted that, after the implementation of the Empower project, the current BCP will be reviewed to ensure that any new business
systems and processes meet established standards. As part of the BCP/DRP maintenance process, any changes or updates required will be
incorporated.

Should any member have further questions or queries, I am available to assist.

Regards,
Adrian Clarke
Executive Manager Risk
Mobile 1(868) 782-3229
Tel: 1 (868) 625-2171 Ext. 1250
email: adclarke@nibtt.net
Adrian Clarke
Executive Manager Risk
Mobile 1(868) 782-3229
Tel: 1 (868) 625-2171 Ext. 1250
email: adclarke@nibtt.net

From: Moses Mohammed <mmohammed@nibtt.net>

Sent: Friday, 21 July 2023 1:25 pm
To: Adrian Clarke <adclarke@nibtt.net>
Cc: Halima Morris <hmorris@nibtt.net>
Subject: Maintain BCP - Defined

1.Business Continuity Plan (BCP)

A documented collection of procedures and information that is developed, compiled, and maintained in readiness for use in an incident to
enable an organization to continue to deliver its critical products and services at an acceptable predefined level.

Source: https://drii.org/resources/viewglossary

Our Plans have already been developed and compiled, so our current responsibility is to maintain them so that they are ready for immediate
use.

2. Business continuity and disaster recovery are not set-and-forget initiatives. Business objectives and processes change frequently,
employees move into and out of roles, and technology is in a constant state of flux. So once you have your initial business continuity and
disaster recovery plans established, integrated, and fully tested, you move into maintenance mode. During this phase, your focus becomes
anticipating and adapting to changes and ensuring your continuity and recovery plan stay up-to-date and functional.

source: https://www.arcserve.com/blog/how-maintain-and-test-business-continuity-and-disaster-recovery-plan

3. A business continuity plan (BCP) is a living, evolving document. Designed to be activated when unplanned disruption strikes, it must be
flexible enough to guide actions regardless of the specifics of the situation. In a fast-changing environment, business continuity plan
maintenance is an essential part of the business continuity programme and a key component of organisational risk management. Businesses
must test, review and adapt the plan regularly to meet emerging risks and challenges. It is an ongoing process, not a point-in-time exercise.
Source: https://www.diligent.com/en-gb/blog/business-continuity-plan-maintenance-a-step-by-step-guide/

4. This document specifies the structure and requirements for implementing and maintaining a business continuity management system
(BCMS) that develops business continuity appropriate to the amount and type of impact that the organization may or may not accept
following a disruption.
Source: https://www.iso.org/obp/ui/en/#iso:std:iso:22301:ed-2:v1:en

5. TTS/ISO 22301:2022, Security and Resilience – Business Continuity Management Systems – Requirements
$600.00

This document specifies requirements to implement, maintain and improve a management system to protect against, reduce the likelihood
of the occurrence of, prepare for, respond to and recover from disruptions when they arise.

Source: https://gottbs.com/product/tts-iso-223012022-security-and-resilience-business-continuity-management-systems-requirements/

All above descriptions point to 'maintaining' a BCP after it has been developed and implemented. There is no recommendation to 'upgrade'
or 'update' any plan as keeping the Plans relevant and up-to-date are inherent in the definition of 'maintenance'.

Moses Mohammed
Manager Business Continuity Planning
Risk Business Unit
Phone: 868 625-2171/8 ext 1254
Cell: 868 725-8597
Email: mmohammed@nibtt.net