Annual Report and Accounts 2009-10 - Welfare Reform impact ...
Annual Report and Accounts 2009-10 - Welfare Reform impact ...
Annual Report and Accounts 2009-10 - Welfare Reform impact ...
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Strategic aim 5<br />
Business continuity in<br />
24-48<br />
hours.<br />
Risk management<br />
We regularly review the principal<br />
risks that threaten the achievement<br />
of our policies, aims <strong>and</strong> objectives.<br />
These reviews identify the controls<br />
in place to manage those risks at<br />
strategic level, directorate level,<br />
<strong>and</strong> programme <strong>and</strong> project level.<br />
Potential risks are reported to the<br />
SMB. The SMB then consider these<br />
risks for inclusion in the Strategic<br />
Risk Register.<br />
Business continuity<br />
We constantly analyse risks <strong>and</strong><br />
threats that could disrupt our<br />
business – on a small <strong>and</strong> larger<br />
scale. Our aim is to safeguard our<br />
people <strong>and</strong> continue to deliver our<br />
business for our users.<br />
As part of the ongoing improvement<br />
to business continuity, we reviewed<br />
our plans <strong>and</strong> successfully tested<br />
our disaster recovery suite.<br />
The test established we could<br />
continue business, at predetermined<br />
levels, within 24-48 hours. The<br />
results of the test were reported to<br />
the Board of Trustees <strong>and</strong> the SMB.<br />
Data security <strong>and</strong> data h<strong>and</strong>ling<br />
This year we introduced additional<br />
measures to ensure that data<br />
security continues to conform to<br />
Cabinet Office guidance.<br />
We introduced a stronger focus on<br />
our ‘clear desk’ policy. We provided<br />
sufficient lockable furniture so that<br />
all user files <strong>and</strong> business-sensitive<br />
materials are securely locked away<br />
each night.<br />
All bulk <strong>and</strong> sensitive external<br />
data transfers are governed by<br />
strict policy. Data transfers require<br />
authorisation by the individual<br />
information asset owner <strong>and</strong><br />
the senior information <strong>and</strong> risk<br />
owner (SIRO).<br />
All transfers <strong>and</strong> data losses are<br />
routinely reported to the Audit<br />
Committee. The SIRO presented<br />
his annual report to the Audit<br />
Committee in February 20<strong>10</strong> for<br />
sign-off by the Chair of the Audit<br />
Committee.<br />
29 <strong>Annual</strong> <strong>Report</strong> <strong>and</strong> <strong>Accounts</strong> <strong>2009</strong>-<strong>10</strong>