Nominet Business Continuity
Nominet Business Continuity Statement
Nominet’s BCM policy sets out the framework we will use in the event of disruption to the business to recover and maintain our business critical functions and processes. This policy has been designed to prepare Nominet to cope with the effects of an emergency or crisis.
Business Continuity Objectives
The objectives of our business continuity plan are:
(A) to promote organisational resilience by ensuring that Nominet and its subsidiaries can continue to provide key services thus ensuring that:
- The impact to operations is minimised, so maintaining the quality of operations and meeting the expectations of key stakeholders nationally and internationally;
- Revenues are maintained and do not suffer significant deterioration;
- Customer expectations and quality of services continue to be met or managed in such a way that customers are retained and confidence in our services is maintained; and
- Reputation and image to stakeholders, suppliers and our customers are not adversely affected.
(B) to ensure that we apply best practice business continuity practices by:
- Understanding the critical functions and activities of Nominet and its subsidiaries
- Analysing and responding to the risks to the company group
- Providing a detailed, prioritised and timetabled response to an emergency situation
- Identifying the key roles, responsibilities and contacts required to effectively respond to an emergency
- Preparing advance arrangements for the recovery of infrastructure components and the relocation or reorganisation of operations to allow critical processes to continue within their defined recovery time
The Business Continuity Plan (BCP) covers all areas of our operations and all staff and departments have a role to play. The plan details the response actions that Nominet will take if our office location is physically inaccessible, as well as dealing with lesser failures and other scenarios.
The BCP covers our office location (Minerva House, Edmund Halley Road, Oxford, OX4 4DQ) and the following core services:
- all TLD zonefiles that we host
- all domain name register databases that we manage
- all public WHOIS services that we provide
- nominet.org.uk and nic.uk domains and services hosted on them
- registry systems
- customer services
- online services for registrants & registrars
- public register search service
- NRS – Nominet ICANN accredited registrar service for .cymru and .wales
Business Continuity Capability & Planning
- We will conduct a risk assessment as often as necessary and at least annually to identify risks that could adversely affect the business.
- We will identify our mission critical activities by performing a business impact analysis and we will define recovery time objectives for each mission critical activity. This is reviewed annually.
- We will develop business continuity strategies that provide for the continuity of the mission critical activities within the designated recovery time objectives. These strategies should include a description of how to provide the resources required to carry out the mission critical activities, including, but not limited to, staff, IT requirements, vital records, specialised equipment, dependencies (e.g. suppliers, vendors, business partners, other business processes within Nominet) and working space.
- We will identify, train, and empower members of staff to deal with business continuity matters.
- We will define crisis management and emergency response procedures to manage a crisis or incident and document these in a crisis management plan and an emergency response plan, respectively.
- We will document all business continuity strategies and recovery plans, pre-planned actions, advance arrangements, organisation and activation procedures in a business continuity plan.
- We will carry out an exercise of our business continuity plan as often as necessary, and at least once per year. The minimum acceptable exercise will be a tabletop exercise.
- We will maintain and update the contents of our business continuity plan whenever there is a significant change to our business operations and at least annually to ensure that it remains fit for purpose and up to date.
Integration of Business Continuity within Business Operations
- All business continuity activity will be performed to support the strategic organisational objectives with regard to operations, revenues, customers and reputation.
- Our change management process will consider the implications of any change on our business continuity programme.
Responsibility for implementing Business Continuity
- Department managers are responsible for implementing these policies within their areas of responsibility.
- The Board is responsible for oversight and scrutiny of business continuity strategies and organisation.
- Department managers are responsible for ensuring that their sections of our business continuity plan are maintained up to date and fit for purpose at all times. Changes are made through the Business Continuity Planning Team that meets quarterly to review the business continuity plan and any business continuity activity. Changes are submitted to the SMT for final sign off.
- Each SMT member together with the managers in their departments will identify the members of their team who will join the Business Recovery Team in an incident who will be responsible for executing the business continuity recovery plans to recover or maintain mission critical activities when the business continuity plan is activated.
- SMT will sign off all changes to the business continuity plan and will review the results of every business continuity exercise or incident to confirm the plan’s adequacy and to acknowledge the risks that have been identified and understood by the business.