Operational Crisis procedure

Date June 2017

Version V1.1
Validated by
Issuer Business Continuity & Crisis Management

This procedure relates to …. Crisis management framework, with a focus on operational crisis.

It’s aim is to provide information on:

 Situations when it is necessary to notify an alert;

 Ways to escalate alerts
 Roles of the stakeholders
 Crisis cell

Content

1. Crisis management framework

2. When to alert ?
3. How to alert ?
4. Crisis management stakeholders
5. Synopsis of the operational crisis cell
6. Appendix
 1 Crisis Management Framework
The crisis management framework of the “Enterprise“ is based on:

An alert escalation process

Crisis committees

Management crisis committee At top management level, this committee is empowered to manage
major and global crisis.

Communication board This committee is driven by the head of Marketing and Communication
and meets each time the crisis committee is activated.

Operational committee This committee whose composition are flexible are:

- Called during major crises to implement decisions taken by the
management crisis committee

Business continuity & crisis management team

This team is in charge of receiving alerts and organizing the coordination of the crisis management process
2 When to alert?
The first hours or minutes are critical in the management of crisis situation.

Alerting rapidly and efficiently will allow us to:

- Limit immediate impacts of incident

- Inform our clients that we have taken the incident into account and of the means we are
mobilizing to manage it.

The Business continuity & crisis management team should be informed immediately in the following
situations :

Severe injury
Business continuity
- Unavailability or severe malfunction of a critical IT application
including cyber attack
- Unavailability of datacenter or building
- Significant impact on client’s activities
- Unavailability partial or total of staff

Media impacts - High and / or negative media impacts, probable or established

Criminal Established treat or act of ill will

Intent terrorism Industrial espionage
Bomb threat

Global crisis Natural disaster: flooding, earth quake, tsunami, hurricane

Pandemic
War, Revolution
Crisis situation among our partners, clients, financial authorities,
competitions.

This procedure focuses on operational crisis only.

3 How to alert ?
The Business continuity & crisis management may be contacted:

- At anytime
- By email or by phone (in case of no reply after 10 minutes)

Alerting by telephone is required;

- In case of emergency
- Outside working hours (evening, weekend and public holidays )

List of contact in case of Crisis Emergency

Contact Email list Phone number

Responsible or coordinator

Business& Crisis
management
Management for escalation
purpose

When an alert is triggered, the Crisis management team informs the securities services team.

For IT crisis, the head of IT in business lines (or delegates) can be also called to request a crisis cell
activation.

According to the nature and the extent of the crisis, the support team may activate:

- The crisis committee

- An operational crisis committee is rise up to determine operational actions and strategic
procedures to fix the problem.

4 Crisis management skateholders

4.1 Business continuity & crisis management team
The Business continuity & crisis management team management team manages the crisis
management framework of “ the Entreprise “ and holds ownership of the process.

The Business continuity & crisis management team: *

 Maintains the crisis management framework of “ the Entreprise “ and keeps it operational
 Ensures awareness of relevant staff about the crisis management framework
 Keeps minutes of previous crisis
 During a crisis, it main mission are to:

 Trigger the crisis cell

 Coordinate the IT Team
 Organize meetings /conf call during the crisis period
 Consolidate all elements useful to drive the crisis
 Look for and mobilize experts in relation of the situation,
 Maintain contact with managers, stakeholders
 Understanding and analyzing experience and post mortem after crisis operation

4.2 Crisis Manager

The crisis manager leads the crisis cell. He is in charge of :

 Conducting task force meetings

 Identifying the key problems with IT team in order to get relevant informations
business impact, root cause, urgency and resolution
 Validating decisions and actions taken
 Coordinating each action with IT Team to fix the problem within 48hrs and inform end
users after crisis cell closure.

4.3 IT
The IT helpdesk provides useful functional and technical elements and information to help the
understanding of the issue. For all issue related to IT production, the IT staff must attend the call
with “the enterprise IT”.
 Inform customers about their involved issues
 Describe the post mortem

4.4 Business lines /Operations – Functions

BL /Ops & Funcions provide information on the clients and business impacts along with the
workaround implemented.
 All BLs /Functions must attend the first meeting/call and minimum in order to check for
any side effects on their perimeter
 Each BL/function must design a sing point of contact SPOC in order to consolidate
impacts in its perimeter
 They validate the business aspects of customer communication

4.5 Global Client services (GCS)

The Global client services centralize the customer feedback and questions.
 This service is in charge of customer communication and relation
 GCS get information from stakeholders

4.6 Client Service Manager (CSM)

 The CSM is in charge of communication for customers , they are responsible to validate and take
account of the customers needs.

4.7 Communications
The global communications team is always informed about a crisis.
 The communications team reviews all communications (no matter the audience
internally and externally) to ensure that the key messages are compliant with the
“Enterprise “ guidelines.
 When there is a need for communication to external audiences other than customers,
the team is in charge to inform them.

4.8 Internal crisis contacts management

Each stakeholder is responsible for providing and maintaining the list of contacts to be
included in the crisis management process. Each stakeholder must have at least one of two
correspondence in each region (EMEA/UK ) in order to provide 24/7 organisation. The objective
is to manage global crisis any time in any place. These contacts must be provided with a mailing
list (list such as MLIST<city>Enterprise Crisis Team) upon responsibility of the local crisis
manager. See appendix for more details.

5 Sypnosis of the operational crisis cell

5.1 Triggering of the crisis cell and first meeting

Upon validation of the triggering of an operational crisis cell, the Crisis team sends an invitation to
the crisis network in coordination with the crisis team leader.The invitation message should contain
as much information as possible in order to help the Crisis Management to warn their customers
about the issue.

During the first meeting, the crisis cell leader identifies the key members who will closely work with
him/her during the entire crisis cell.

5.2 Meetings
Each meeting must follow the following steps:

 Technical Update

 Locations and operations roundtable for business impacts and workaround

 CSM for the clients feedback and requests
  Formalization of next steps and actions to be conducted, including clients communication

5.3 Closure of the crisis cell and post-mortem production

When the issue has been resolved and the situation has been brought under control, a last
meeting or a general communication closes the crisis cell.

From that closure operation, the crisis cell leader is responsible fir the client post-mortem (PM)
production.
 A document includes; an executive summary, the root cause, a synthetic synopsis
concerning the client’s impact assessment and an action plan;
 It must be released within 48h
 All key people identified during the first meeting are involved
 A first meeting must be held within the next half business day in order to draft the PM.
 The PM is described by the GCS (Global client services) with elements provided by all
stakeholders. The informations gathered in the document should be easy to understand
for a non-specialist, particularly for IT sections. The communication must not contain
internal information such as application or team name.
 Client’s communication must be in appendix of the PM.

IT must produce a technical post-mortem within 2 weeks in order to document the

issue, root cause and to design and implement a corrective action plan.

The Business Continuity & Crisis Management team (BC & CM) must forward the closing
message to the revelant team in order to feed the risk and incident databases.

5.4 Appendix

Mailing list
Global coordination User Mlist crisis

5.5 AllShare
 An all Share link is dedicated to store templates, post-mortem and other documents relating to
crisis process.
Link: https://allshare ….

5.6 Post-mortem template

A post-mortem template is available on the “Operational Crises Cell” Allshare.