At the PPF we seek to ensure that our operations are resilient, both internally and within our supply chain. In practice this means combining the insights and outputs from operational risk, operational resilience and business continuity activities, so that we can both understand the risks and threats which might give cause to operational strain or severe disruption and ensure we have mitigants to prevent or minimise disruption where we can and be well prepared, to respond and recover quickly.
Much of the work we have completed over the last 12 months has been to align ourselves to the FCA/ PRA Operational Resilience Policy Standard. One of the key requirements of which is to identify our Important Business Services – those which, if disrupted, could cause detriment to our staff, members or the viability of the PPF.
Our Important Business Services are:
- Paying members
- Servicing members
- Making investments
For each of these Important Business Services, we have mapped potential dependencies and sources of disruption so that we understand clearly where there is reliance on systems, people, suppliers, facilities and processes. We have identified the relative impacts of disruption and the maximum tolerable disruption period for each of the Important Business Services. To test our assumptions, we have run desktop exercises to play through potential scenarios, alongside our standard business continuity testing schedule, including a full-scale simulation exercise for our Emergency Response Team.
We continually benchmark ourselves against industry good practice for operational resilience and business continuity, and are pleased to say that we are working in line with regulatory timelines. We also align with government good practice, participating in the DWP Cross Government Business Continuity Forum and local Croydon Resilience meetings and exercises.