Business continuity (reviewed September 2024)

Purpose and Scope:
The Training and Skills Organisation (TSO) is committed to ensuring that its operations remain functional and resilient in the face of disruptions, whether due to cyber incidents, natural disasters, or other unforeseen events. This Business Continuity Plan (BCP) outlines the procedures and resources necessary to maintain critical operations, protect stakeholders, and minimize downtime. The plan covers essential functions, key personnel, communication protocols, and recovery strategies.

Risk assessment and impact analysis:
To effectively manage potential risks, TSO conducts regular assessments to identify vulnerabilities and the potential impact of various disruptions. This includes evaluating threats such as cyberattacks, data breaches, and technical failures, alongside physical risks like fire or flooding. By prioritizing these risks, we can develop targeted strategies to mitigate their effects, ensuring that critical services such as training programs and marketing support remain accessible to clients and stakeholders.

Response and recovery strategy:
In the event of a disruption, TSO will activate its Business Continuity response. This includes:

1.        Assessing the situation

2.        Implementing any immediate measures.

3.        Communicating with users via email (if available).

4.        Reporting the issue to suppliers.

5.        Evaluating communications response and triggering if necessary.

Recovery strategies will include data backups, alternative work arrangements, and access to emergency resources. We utilise cloud-based systems to ensure that essential operations can continue remotely, allowing us to restore services as quickly as possible.

Training and Maintenance:
Regular training is conducted to ensure that all employees and contractors understand their roles and work effectively to reduce vulnerabilities. The BCP will be reviewed and updated annually or following any significant incidents to incorporate lessons learned and changes in operations. By fostering a culture of preparedness and resilience, TSO aims to minimise the impact of disruptions and maintain continuity in delivering high-quality training and marketing services.

Resilience

1.        A hard copy of all key supplier contacts is maintained securely. This includes any service level agreements such as those with SquareSpace, our website hosting platform.

2.        We have developed an incident response plan to quickly address and mitigate any cyber incidents or outages and this plan will be updated via a lessons learnt exercise should the plan need to be triggered at any point.

3.        User Education: TSO educates employees, contractors and users about cybersecurity best practices to minimise the risk of human error leading to vulnerabilities.

4.        Compliance - The TSO follows industry best practices for cybersecurity and is registered with the ICO so will report any data breaches in line with its requirements by law.

 

 Cybersecurity measures

  1. Firewalls: Robust firewalls are in place to monitor and control incoming and outgoing network traffic.

  2. Regular software updates: We routinely ensure all software, plugins, and content management systems (CMS) are updated to patch vulnerabilities.

  3. SSL encryption:  We hold SSL certificates to encrypt data transmitted between the server and users, protecting sensitive information.

  4. Regular security audits: We conduct periodic security assessments and penetration testing to identify and address vulnerabilities.

  5. Back-up solutions: TSO maintains regular backups of website data and files completed each quarter and stored securely on a separate cloud-based server, to enable quick recovery in case of an incident.

 

 Traffic management measures

  1. Content Delivery Network (CDN): We access a CDN to distribute traffic across multiple servers, improving load times and reducing server strain during surges.

  2. Load balancing: TSO works with a hosting site that operates load balancers to distribute incoming traffic evenly across servers, ensuring no single server becomes a bottleneck.

  3. Scalable hosting solutions: TSO has opted for a cloud hosting solution that offers scalable resources to handle increased traffic seamlessly.

  4. Traffic analysis and monitoring: TSO monitors traffic headlines and patterns using analytics tools and adjusts resources proactively in anticipation of traffic spikes.

  5. Staging environment: A staging environment for testing updates and changes is maintained to assure website performance during peak times.