Nominet Business Continuity
Nominet Business Continuity Policy Statement
v4.5 published 28 November 2018
Nominet’s Business Continuity Management System (BCMS) sets out the framework we will use in the event of disruption to the business to recover and maintain our critical functions and services. The core elements of the BCMS are the Business Continuity Policy (BCP), Crisis Management Plan (CMP), Business Impact Analysis (BIA) and Business Continuity Incident Plans (BCIP) which have been designed to prepare Nominet to cope with the effects of an emergency or crisis.
Business Continuity Objectives
Our Business Continuity objectives are:
- to provide Nominet and its subsidiaries with an effective framework for minimising the impact of a disruptive event so that critical operations can be maintained with minimal disruption to users through deploying well-prepared and managed response activity;
- to ensure Nominet’s resilience by protecting critical assets and data through a co-ordinated approach to business continuity management and service recovery;
- to understand the critical functions and activities of Nominet and its subsidiaries and maintain the capability to resume these operations within agreed recovery timeframes;
The BCMS details the response actions that Nominet will take if our Minerva House office location is physically inaccessible, as well as dealing with lesser failures and other scenarios.
The BCMS covers our office location (Minerva House, Edmund Halley Road, Oxford, OX4 4DQ) and the following core services:
- TLD DNS services (including all zonefiles)
- nominet.uk, nominet.org.uk and nic.uk domains and services hosted on them
- Registry systems (Database, WHOIS, EPP, Data Escrow)
- DNS services including DNSSEC, UK Government Protective Domain Name System (PDNS) and NTX Secure managed DNS
- DNS monitoring and analysis services; NTX platform
- Dynamic spectrum management services (WaveDB for TV Whitespace)
- Customer services; Telephony and Online Services for registrants & registrars
- Nominet’s internal operations systems supporting; Finance, HR, collaboration and productivity
Integration of Business Continuity within Business Operations
- All business continuity activity will be performed to support the strategic organisational objectives with regards to operations, revenues, customers and reputation.
- Our change management process will consider the implications of any change on our business continuity programme.
Business Continuity Capability & Planning
- We will conduct a risk assessment as often as necessary and at least annually to identify risks that could adversely affect the business.
- We will identify our mission critical activities by performing a business impact analysis and we will define recovery time objectives for each mission critical activity. This is reviewed annually.
- We will develop business continuity strategies that provide for the continuity of the mission critical activities within the designated recovery time objectives. These strategies should include a description of how to provide the resources required to carry out the mission critical activities, including, but not limited to, staff, IT requirements, vital records, specialised equipment, dependencies (e.g. suppliers, vendors, business partners, other business processes within Nominet) and working space.
- We will identify, train, and empower members of staff to deal with business continuity matters.
- We will define crisis management and emergency response procedures to manage a crisis or incident and document these in a crisis management plan and an emergency response plan, respectively.
- We will document all business continuity strategies and recovery plans, pre-planned actions, advance arrangements, organisation and activation procedures in a business continuity plan.
- We will carry out an exercise of our business continuity plan as often as necessary, and at least once per year. The minimum acceptable exercise will be a tabletop exercise.
- We will maintain and update the contents of our BCP, CMP, BIA and BCIP whenever there is a significant change to our business operations and review the materials at least annually to ensure that they remain fit for purpose and up to date.
Responsibility for implementing Business Continuity
- Department managers are responsible for implementing these policies within their areas of responsibility.
- The Board is responsible for oversight and scrutiny of business continuity strategies and organisation.
- Department managers are responsible for ensuring that their sections of the BCP and CMP are maintained fit for purpose at all times. Changes are made through the Business Continuity Planning Team (BCPT) that meets quarterly to review the business continuity plan and any business continuity activity. Significant changes are submitted to the C-team for final sign off.
- Each C-team member together with the managers in their departments will identify the members of their team who will join the Business Recovery Team in the event of an incident.
- The BCPT will review the results of business continuity exercises and incidents to confirm the plan’s adequacy and to acknowledge that any risks that have been identified are understood by the business.
- The C-team will review the BCMS annually to assess its adequacy and effectiveness.