Defra taps £40k consultancy to create crisis-response plan
Department seeks new business continuity templates and definitions for issues including strikes, cyberattacks and UK-wide power cuts
The Department for Environment, Food and Rural Affairs is to create a business-continuity and disaster-recovery playbook to help understand the potential impact and guide its response to a range of scenarios – including cyberattacks, strikes, and UK-wide power outages.
Newly published procurement information reveals that, on 2 May, Defra entered into a three-month engagement with consultancy KPMG, which will support the creation of “templates” to help guide the department’s response to disasters and the measurement of their impact.
The text of the contract reveals that the first of the deal’s three “deliverables” is to create four “business impact analysis” templates that allow Defra to consistently assess the operational effects of major incidents. These plans must be aligned to guidelines as set out by industry body the Business Continuity Institute.
- Government’s cyber plan delivers ‘a complete revolution in how we provide assurance’
- EXCL: Government red team security unit to test departmental defences with hostile reconnaissance
- CCS deploys phishing simulation to help find security weak spots
The first of the quartet of templates will address initial disaster response, followed by three documents to conduct analysis of: products and services; processes; and activity.
The second task for KPMG will be to create “reusable templates” setting out an “overarching plan” for recovery activities to be undertaken by the department in the event of a disaster. These plans should address measures to be taken at the level of individual Defra directorates – which includes operations focused on the environment, food and biosecurity, and science and analysis. These documents will be informed by existing plans and operations, but the consultancy will be asked to conduct “interviews with practitioners to determine gaps [and] issues with the current templates and processes”.
The final objective for KPMG will be to create seven templates, each of which will represent a “definition of [a] credible scenario that [is] tailored to the Defra context”. This will include outline descriptions – encompassing between three and five PowerPoint slides – of seven incidents the department believes could have a major impact on its operations.
The scenarios include: a cyberattack; a terrorist incident; an issue with the department’s supply chain; a nationwide power outage; a loss of key premises; a loss of key personnel; and nationwide industrial action.
Defra’s contract with the consultancy, which was awarded via the G-Cloud 13 framework, runs until 1 August and is valued at £40,000.
Share this page
CONTRIBUTIONS FROM READERS
Please login to post a comment or register for a free account.
Authorities have complained about the lack of time taken to be notified by IT firm and wrongly being told personal data was not put at risk
Authority claims it is taking ‘swift and decisive action’ in response to incident it claims affected several councils
Minister reveals small number of interested parties in deal to deliver, design and support nationwide service
Department invests in technology from specialist start-up
Related Sponsored Articles
The traditional reactive approach to cybersecurity, which involves responding to attacks after they have occurred, is no longer sufficient. Murielle Gonzalez reports on a webinar looking at...