disaster management and business continuity policy …

DISASTER MANAGEMENT AND BUSINESS

CONTINUITY POLICY AND PROCEDURES MANUAL

© 2021

BRAEMEG SACCO Society Limited

Disaster Management and Business Continuity Policy

i

ABBREVIATIONS

ATM - Automated Teller Machine

BCP - Business Continuity Plan

BOSA - Back Office Service Activity

CEO - Chief Executive Officer

CS - Co-operative Society

CDC - Centre for Disease Control

DNS - Domain Name Server

EFT - Electronic Funds Transfer

ICT - Information Communication Technology

IS - Information System

MSCA - Micro Savings and Credit Activity

SACCO - Savings and Credit Co-operative

UPS - Uninterruptible Power Supply

WPS - Wireless Priority Service



ii

TABLE OF CONTENTS

ABBREVIATIONS ................................................................................... i

TABLE OF CONTENTS ............................................................................ ii

1.0 INTRODUCTION ............................................................................... 5 1.1 Distribution of the Plan ........................................................................................... 6

1.2 Risk Management..................................................................................................... 6

1.3 Business Impact Analysis ........................................................................................ 7

1.4 Business Continuity Teams ..................................................................................... 9

1.5 Assessing the Damage ........................................................................................... 10

1.6 Declaring a Disaster ............................................................................................... 10

1.7 Command Centre Team ......................................................................................... 10

1.8 Command Centre Locations .................................................................................. 11

1.9 Virtual Command Centre Information ................................................................. 11

1.10 Business Resumption Team Procedures ........................................................... 12

2.0 BUSINESS RECOVERY ...................................................................... 14 2.1 Overview ................................................................................................................. 14

2.2 Information System Business Continuity Preparations ..................................... 15

2.3 Backups ................................................................................................................... 15

2.4 Alternate Processing Sites ..................................................................................... 15

2.5 Recovering .............................................................................................................. 15

2.5.1 Recovering the Core Processing System .................................................... 15

2.5.2 Recovering Printers and PCs ..................................................................... 16

2.5.3 Recovering Software and Operating Systems ............................................ 16

2.5.4 Recovering the Website............................................................................. 17

2.5.5 Recovering the Intranet ............................................................................ 17

2.5.6 Recovering Server ..................................................................................... 17

2.5.7 Recovering Email ...................................................................................... 18

2.5.8 Recovering the Domain Controller ............................................................ 18

2.5.9 Recovering Server ..................................................................................... 18

2.5.10 Recovering ATM Network ....................................................................... 19

2.5.11 Recovering Web Filter ............................................................................. 19

2.5.12 Recovering Telephone System/Voicemail System ................................... 19

3.0 INFORMATION SYSTEMS SECURITY ................................................... 21

3.1 Introduction ........................................................................................................... 21

3.2. Scope ...................................................................................................................... 21

3.3 Prevention .............................................................................................................. 22

3.3.1 Access to Computer server room ............................................................. 22

3.3.2 Access to Computers ................................................................................ 22

3.3.3 Passwords ................................................................................................ 23

3.3.4 Power Back Up ......................................................................................... 23

3.3.5 Antivirus, Spy Wares Worm, Firewalls ..................................................... 24



iii

3.3.6 Data and Information Security ................................................................. 24

3.3.7 Preventive Maintenance ........................................................................... 26

3.3.8 Hard Disk storage of the Computer Server ............................................... 26 3.4 Detection ................................................................................................................. 27

3.5 Deterrence .............................................................................................................. 27

3.6 Disaster Recovery .................................................................................................. 28

3.7 Correction Procedures .......................................................................................... 28

4.0 HUMAN RESOURCE AND ADMINISTRATIVE ISSUES .............................. 30

4.1 Employee Priorities ............................................................................................... 30

4.2 Reduced Workforce Considerations .................................................................... 30

4.3 Employee Call List .................................................................................................. 31

4.4 Management Succession ....................................................................................... 31

4.6 BRAEMEG SACCO’s Media Policy .......................................................................... 32

4.7 Local and Regional Authorities ............................................................................. 33

4.8 BRAEMEG SACCO Advocate Contact Information ............................................... 33

4.9 Insurance Coverage ............................................................................................... 33

4.10 Emergency Supplies ............................................................................................ 33

5.0 HUMAN CAUSED DISASTER ..............................................................35 5.1 Extortion ................................................................................................................. 35

5.1.1 Handling Extortion ................................................................................... 35

5.1.2 Employee Hostage Procedures ................................................................. 36

5.2 Robbery .................................................................................................................. 36

5.2.1 Precautions .............................................................................................. 36

5.2.2 During a Robbery: .................................................................................... 36

5.2.3 After Robber Exits: .................................................................................... 37

6.0 NATURAL DISASTER....................................................................... 40

6.1 Earthquake........................................................................................................... 40

6.1.1 Earthquake Preparedness ........................................................................ 40 6.2 Fire .......................................................................................................................... 41

6.2.1 During a fire: ............................................................................................. 41

6.2.2 Computer server room Emergency Procedures ....................................... 42

6.2.3 Fire Extinguishers .................................................................................... 43

6.3 Flood ....................................................................................................................... 43

6.4 Landslides ............................................................................................................... 44

6.5 Thunderstorm ........................................................................................................ 45

6.6 Droughts ................................................................................................................. 45

7.0 PANDEMIC .................................................................................... 46 7.1 Influenza ................................................................................................................. 46

7.2 Preparedness.......................................................................................................... 46

7.3 Terrorism ............................................................................................................... 47

7.4 Chemical Attacks .................................................................................................... 47

7.4.1 Different Types of Chemical Agents .......................................................... 48



iv

7.4.2 Response to Chemical Attacks .................................................................. 48

7.4.3 Biological Threats .................................................................................... 48

7.4.4 Suspicious Unopened Letter ..................................................................... 49

7.4.5 Envelope with Powder and Powder Spills out onto Surface ..................... 49

7.4.6 Room Contamination by Aerosolization: .................................................. 50

7.4.7 Identifying Suspicious Packages and Letters ............................................. 51

8.0 TECHNOLOGICAL DISASTER .............................................................53 8.1 Introduction ........................................................................................................... 53

8.2 Computerized Information Systems Threats ...................................................... 53

8.2.1. Human Errors .......................................................................................... 53

8.2.2 Technical Errors ....................................................................................... 54

8.2.3 Deliberate Actions ..................................................................................... 55

8.2.4 Commercial Espionage .............................................................................. 55

8.2.5 Malicious Damage .................................................................................... 56

9.0 SECURITY AND SAFETY .................................................................... 57

9.1 Purpose ................................................................................................................... 57

9.2 Building and Ground Security ............................................................................... 57

9.3 Inside Building Security ........................................................................................ 58

9.4 Safety Precaution ................................................................................................... 58

9.5 Emergency Measures ............................................................................................. 58

9.6 Property, Plant, Furniture and Equipment Security ........................................... 59

9.7 Police Investigation ............................................................................................... 59

BOARD APPROVAL OF POLICY .............................................................. 59

APPENDIX ......................................................................................... 60

1.0 Damage Assessment Form .......................................................................... 60

2.0 Recovery Script ........................................................................................... 62

3.0 Services Impacted ....................................................................................... 63

4.0 ATM Information ........................................................................................ 64

1.0 INTRODUCTION

The main purpose for which BRAEMEG SACCO was registered is to improve the

economic well-being of her members. The Society operates a BOSA. In order to

continue offering more quality member-oriented services the Board the Society

shall implement the Disaster Management and Business Continuity Policy.

The core business of the society is to provide a savings avenue to members and

advancing loans to them. This is still the focus of the society. Diversification

opportunities will be looked into within the context of the core business. The

feeling of the society is that success will come from concentrating on this initial core

business.

Like any other institution, the growth of BRAEMEG SACCO has come with a lot of

challenges which includes competition from other financial institutions. These have

helped re-define the Sacco’s destiny as reflected in its strategic plan.

Primary financial services include savings and loans. The heavy dependence of

BRAEMEG SACCO upon technology and automated systems creates a vital need for a

comprehensive business recovery plan. The possibilities for a disaster are endless

ranging from natural disasters to human error and destruction. Although most

disasters cannot be prevented, we can anticipate them and plan for recovery.

This policy outlines the arrangements and procedures, which would be put into

effect following a disaster. It assumes partial destruction of any of our possible

branch offices of BRAEMEG SACCO; however, portions of the policy can be

implemented, as applicable, depending upon the actual circumstances. The Manual

affords only a temporary solution and does not attempt to cover minute details of

every conceivable situation. Its purpose is to set forth the basic information

necessary to set up temporary operations until further arrangements, based on

actual circumstances, can be made.

Each functional area is responsible for updating, maintaining, testing, and

communicating their respective portion of the plan on an ongoing basis. Changes to

this plan will be forwarded to the Human Resource Manager who will distribute the

revised Manual to every departmental area.



6

Each departmental head is expected to study and have an understanding of this

plan. They will review it periodically, with their staff, and keep a copy at his/her

residence. As new equipment is added to different departments, they need to keep

records of contacts, equipment and locations of equipment for future reference.

Additionally, this Business Continuity Policy must reflect any changes that might

occur within the department at the earliest opportunity. Staff meetings should be

held from time to time to go over this plan so as to have questions that may arise

answered. Management Staff will also review this plan in depth at least annually at

which time refinements; changes and updates will be made as necessary.

1.1 Distribution of the Plan

Each departmental head will maintain a copy of the BCP (in paper format) in his/her

office, as well as, place of residence. This allows for quick response and mobilization

of staff in the event of a disaster. Additionally, an electronic copy of the BCP is

maintained on the network. Access to the document is restricted to an as-needed

basis.

Additional paper copies of the Business Continuity Policy are located off-site from

the main office (in BRAEMEG SACCO).

1.2 Risk Management

In accordance with the SACCO Regulatory guidelines, the management of the Society

must conduct a roundtable test of its Business Continuity Plan. It is believed this

method of testing is a fairly comprehensive way to review several events and

determine a plan of action.

The Following Management staff and vendors shall be members of the Disaster

Management team and shall conduct regular roundtable sessions:

Area/Firm Represented Person

C.E.O



7

Finance Department

Credit Department

Marketing Department

ICT Department

Consulting Group

1.3 Business Impact Analysis

The business continuity planning team has identified the following business

functions and resources as vital elements of normal operations, with related

timeframes for recovery.

Red = High Priority, Yellow = Medium Priority, Green = Low Priority:

Function/Resource Timeframe for

Recovery Financial Impact

Computers High

Correspondent Accounts 8 Hours High

Debit Cards 8 Hours High

Network 8 Hours Medium

Telephone capability (telephone lines) 8 Hours Medium

Cash Delivery 24 Hours High

Core Processing 24 Hours High

Courier 24 Hours High

Firewall 24 Hours High

General Ledger 24 Hours High

Internet Access 24 Hours High

New Accounts 24 Hours High

Outgoing Cash Letter 24 Hours High

Power/Electricity (main office) 24 Hours High

Routers, hubs, switches 24 Hours High

Teller Operations 24 Hours High



8



CD origination (forms) 24 Hours Medium

Email 24 Hours Medium

Mail operations (overnight, DHL, FedEx,

Securicor) 24 Hours Medium

Mortgage Processing 24 Hours Medium

Official Cheques 24 Hours Medium

Processing loan draws 24 Hours Medium

Security System (Branch) 24 Hours Medium

Telephone system 24 Hours Medium

Web Site 24 Hours Medium

Wire operations (incoming) 24 Hours Medium

Wire operations (outgoing) 24 Hours Medium

Posting Payroll 24 Hours Medium

Safe Deposit Boxes 24 Hours Medium

ATM (switch) 48 Hours High

Image Item Capture 48 Hours High

Copier 48 Hours Low

Fax 48 Hours Low

Mobile Banking 48 Hours High

Disbursing loan proceeds 72 Hours Medium

Loan origination (forms) 72 Hours Medium

Security System (main office) 24 Hours High

Electronic Bill Payment 72 Hours Low

Internet Banking (business) 72 Hours Low

ATM (hardware down, actual ATM) 5 Days High

Posting loan payments 5 Days Medium



9



Mail operations 5 Days Low

Document Imaging 7 Days Medium

PCs and printers 7 Days Medium

Cell Phones 7 Days Low

Image Statements 7 Days Low

Payroll 2 Weeks Medium

Report Archive 2 Weeks Low

Accounts Payable 30 Days Medium

Asset Liability Management 30 Days Medium

Email function 30 Days Low

The above timeframes represent the maximum estimated time that this service or

function could be unavailable without severely impacting the Society’s operation.

This exercise establishes a priority list that can be used to allocate resources during

recovery. Clearly, other services and functions exist at the Society; however, the

business continuity planning team has identified those listed above as the most

critical.

Preventative Measures

The best way to plan for a disaster is to employ measures designed to mitigate risk

and prevent disaster.

1.4 Business Continuity Teams

To ensure adequate representation from all areas of the Society, the Board of

Directors has appointed the following Disaster Assessment Team. The Human

Resource Manager /C.E.O will be responsible for notifying the members of the

Damage Assessment Team.



10

Title Name CONTACTS

C.E.O

Finance Manager

Loans Officer

Marketing Officer

ICT Manager

1.5 Assessing the Damage

i. Upon the knowledge that a disaster has occurred, the C.E.O will contact all

members of the Damage Assessment Team will meet at the affected site but

for safety reasons, no one is to proceed with the assessment until a qualified

building safety inspector has deemed the structure is safe for entering.

ii. Team members are to inspect the equipment and determine what needs to

be replaced and what can be repaired to attain skeletal operations. Some

items to be inspected are, but not limited to: Alarm System, Safe, Phone and

Data lines, PC’s and Printers, Modems, routers, switches, office furnishings,

forms and general office supplies. See the Appendix for a sample Damage

Assessment Form.

1.6 Declaring a Disaster

In the event of a disaster, the C.E.O is given authority to initiate and implement this

plan. In his absence the Accountant will activate the Business Continuity Plan.

1.7 Command Centre Team

All Departmental Managers will be contacted by the Human Resource

Manager/C.E.O to meet at the designated Command Centre, at which time staff

assignments will be reviewed and any additional instructions given. Contact

information shall be availed on a regular basis.



11

1.8 Command Centre Locations

The Command Centre Team will coordinate business continuity and business

resumption efforts from the Head office. Physical and virtual command Centres may

be utilized. Web-based resources, such as internet mail groups, secure message

boards, may be utilized as a tool of the virtual command Centre.

Primary:

Preference will be given to utilizing current space at the main office in Braemeg. In

the event the main office is unavailable, any branch location with analog phones and

available space will be considered. Most of the above listed staff has laptops

available to allow for remote computing.

Secondary:

In the event Braemeg SACCO decides to utilize a virtual command Centre (solely, or

in conjunction with a physical command Centre), a teleconference line will be

opened and maintained by Information System staff.

1.9 Virtual Command Centre Information

The following information will be used to setup a conference line for Braemeg

SACCO. IT staff will be responsible for opening the conference line and ensuring its

availability

Communications

Select members of the Command Centre Team and supporting recovery teams shall

be provided with calling privileges. WPS (Wireless Priority Service) is restricted to

individual wireless/cellular telephones (cell phones). Cell phones must be

registered with the Service Provider and require a paid subscription to the wireless

telecommunications service providing wireless service to the cell phone.



12

1.10 Business Resumption Team Procedures

Recovery efforts have been disbursed among several key personnel. They will lead

recovery efforts as outlined below.

Name Area Role Details

C.E.O

Notification

of

Membership

Immediately place a notification in all

newspapers as to the length of the disaster and

what steps are being taken to accommodate

Administrative

Secretary

Telephone

Service

Contact Service Provider and have calls

redirected to an alternate number.

Mail and

Services

Contact staff to make arrangements for pick-up

and delivery of mail and inter-office items. In-

house staff will be used to function as couriers.

Credit

Manager

Lending

Operation

A loan officer will be available for loan

approvals.

Finance

Manager Investments

The Finance Manager will be re-located to

another location (his/her home, or another

location). The Finance Manager will perform the

following tasks:

Contact financial institutions and provide

necessary contact information.

Any transactions will be tracked on a

preprinted ledger form until such time they

can be recorded in the GL system.

Monthly: email complete listing of

investments on BRAEMEG SACCO

Quarterly: email all financials (e.g., balance

sheet, income statement) generated from the



13

System. Physical copies will be stored at the

accountants residence.

ICT Manager Forms

Electronic copies of all core processing forms are

maintained on the network and a USB device at

the Society Data Centre in a fire resistant

cabinet. Extra copy of USB is stored in

BRAEMEG Vault.



14

2.0 BUSINESS RECOVERY

2.1 Overview

BRAEMEG SACCO has taken several initiatives to ensure the Society is able to

provide continued services to its members. Technological preparedness is only part

of the plan. Non-technical elements, such as insurance coverage, succession plans,

and emergency supplies assist in developing a well-rounded business continuity

plan.

Because technology is being utilized, the Information Systems Department (IS) must

remain at the core of all disaster recovery procedures in every departmental area. It

is therefore necessary that all computer equipment be accounted for. Additionally, a

log of all phone lines, and data circuit IDs must be maintained for reference and

troubleshooting. Detailed inventories are available in the Appendix.

Critical functions have been identified and addressed with specific recovery steps

detailed below. Functionality will be restored, in most cases, according to the

Business Impact Analysis. In the event of hardware failure, replacements will be

obtained from vendors on an as-needed basis.

Restoring services would not be possible without data. Critical servers’ data is

backed up on a daily basis. Data is written to hard drives and to an off-site server at

the Society’s co-location facility. Tapes are moved off-site nightly.

The website, www.braemegsacco.co.ke, is to be hosted internally by the Society.

Backup images are maintained in multiple locations in the event the website must

be hosted elsewhere. A simple DNS redirect would be required to route traffic to the

new location.

Card services (debit and credit card transactions) are processed in-house via

Payment Systems for Society’s. In the event normal processing cannot be completed,

Payment Systems will provide space in their office for BRAEMEG SACCO employees

to work. Also, the Society is in the process of building a relationship (a reciprocal

agreement) with another Society in the area to run dual systems temporarily if

needed.



15

Other ancillary systems have been detailed in the following sections.

2.2 Information System Business Continuity Preparations

Co-Location Facility

A secure co-location facility shall be set up for disaster recovery and business

continuity, which provides a secure environment to house critical data.

BRAEMEG SACCO UPS Systems

Three Uninterruptible Power Supply (UPS) systems are to be installed at the

BRAEMEG SACCO Data Centre.

2.3 Backups

Network servers

Internet/intranet web servers

2.4 Alternate Processing Sites

The following sites have been designated as alternate locations for processing.

Administration (Accounting, Finance, Executive Staff, Wires, etc.) will

relocate to available branch or other designated remote location.

Information Systems will relocate to the BRAEMEG SACCO Data Centre.

Branch operations will move to any other available branch.

Office (Call Centre) will relocate to available branch.

The Service Provider will reroute the hunt group number to another branch.

2.5 Recovering

2.5.1 Recovering the Core Processing System

Mainframe System

Determine the condition of the unit. Contact Service Provider.

Obtain the most recent offline backups, transaction logging and system tapes,

which are stored in a fire-resistant cabinet in the BRAEMEG SACCO Data

Centre. Proceed to reload the files.



16

Machine replacement turn-around time – For mission critical solutions that

cannot accept the potential days of down time, Service Provider offers on-site

Repair or 24x7 same day service.

Credit Retrieval System—works with existing system. Service Provider

would have to reconfigure a replacement message server. Any PC can be

utilized for this. In the meantime we can access software online to pull credit

manually.

Audio Response Unit (ARU)—contacts Service Provider for replacement unit.

2.5.2 Recovering Printers and PCs

Determine the utility of the printers and PCs. Order necessary parts from Service

provider of computers or printers or routers:

a) ID Scanner

b) Signature Pad

c) Receipt Printer

d) Cheque Printer

e) Network Printer

Acquire spare PCs and printers from other branches to attain skeletal operations.

2.5.3 Recovering Software and Operating Systems

The IS Department possesses all the necessary software for all PCs. Software

is distributed between the locations of BRAEMEG SACCO in branch locations

and kept in fire-resistant cabinets. Additional software is also kept in the

miscellaneous drive on our network and a backup copy stored in a portable

drive kept at the BRAEMEG SACCO Data Centre.

Information System staff will assess the damaged PC hardware and salvage

as much as possible.



17

2.5.4 Recovering the Website

The web site server is located in our data Centre at our Society offices. The server

runs the Microsoft Windows operating system and is continuously patched. All non-

essential applications and ports are shutdown for security purposes.

Hardware/Software Failure – In the event that there is an unrecoverable

hardware/software failure a new server can quickly be built and put in the place of

the existing server. The web site is currently backed up and kept on two separate

systems that would allow for quick recovery. Backup images are also stored nightly

to a storage server located at our Service Provider facility.

Internet Connection Failure - In the event that the Internet connection is down for

an extended period of time we can move our web site to another hosting provider.

BRAEMEG SACCO has contacts with various web-hosting companies that can easily

support our web site in the event of an extended Internet connection failure.

2.5.5 Recovering the Intranet

Currently the Intranet server is located in the Society data Room. The server runs

the Windows operating system and is patched on a regular basis. All non-essential

applications and ports are shutdown for security purposes.

The intranet application is scheduled currently to back up on a daily basis to our

Domain Controller. The Domain Controller is backed up daily. It is also being

backed-up to our secured co-location nightly.

2.5.6 Recovering Server

Currently the Server is located in the Society Data Room. The server runs the

windows operating system and is patched on a regular basis. All non-essential

applications and ports are shutdown for security purposes.

The application server is scheduled to be backed up on a daily basis. This daily tape

is then taken off site nightly to a fire-resistant cabinet at the Society. Backup images



18

are also stored nightly to a storage server located at our Service Provider. The

Server can be rerouted within 30 minutes of a disaster. In the event of a

hardware/software system failure the application software can be loaded and the

tape restored to one of our other Windows servers.

2.5.7 Recovering Email

Currently the email server is located in our BRAEMEG SACCO Data Centre. The

server runs the Windows operating system. This server is continually patched. All

non-essential applications and ports are shutdown for security purposes. The email

application server is scheduled to be backed up to tape on a daily basis. This daily

tape is then taken off site nightly.

2.5.8 Recovering the Domain Controller

Currently the domain controller is located in our Data Room. The server runs a

Microsoft Windows 2010 operating system. All non-essential services are shutdown

for security purposes. There is no outside connectivity to this server.

The Microsoft server is scheduled to be backed up to tape on a daily basis. This

daily tape is then taken off-site daily to a fire-resistant safe at the Society. In the

event of a hardware/software system failure all data can be restored to a like

Microsoft system.

The Microsoft server primarily houses spreadsheet and word documents needed by

the Society, no application software is running on the domain controller. As a

secondary backup to the tape system, files from the Microsoft server are copied to

the Backup server located at the co-location for immediate access in the event of a

Microsoft system failure.

2.5.9 Recovering Server

The server is located in the Society Server room. If server goes down, software

automatically reroutes documents to be saved to another drive on the server or the



19

individual PC. Contact Service Provider for support or replacement.

2.5.10 Recovering ATM Network

This is controlled by the Network Provider. If the network goes down, the Network

Provider will stand in with a specified amount until system restored.

2.5.11 Recovering Web Filter

The Sacco shall remove connection from the network and put cables back in

appropriate locations.

2.5.12 Recovering Telephone System/Voicemail System

Call Service Provider for replacement or repair.

Contact List and Important Information – Information Systems

Vendor Name of Person

Email Telephone/Cell Phone

Core Banking System Vendor

External Backup Storage

Other Support Systems

Business Repair

Telephone Company

Air conditioning and Heating

Software

Data mail Services

Micro Image

Network

Customer Care



20

Vendor Name of Person

Email Telephone/Cell Phone

Print Solutions

Communication Provider

Financial Services

Power -Exposed Power Lines

Server

Data Solutions



21

3.0 INFORMATION SYSTEMS SECURITY

3.1 Introduction

Security is the protection of data from accidental or deliberate threats, which might

cause unauthorised modification, disclosure, or destruction of data and the

protection of the Information System from the degradation of non-availability of

services. The Society shall ensure that I.S services are protected from any

identifiable threat.

3.2. Scope

A breach of security can be accidental or deliberate. Threats can be caused by the

Information system itself (e.g. a component malfunction, bug in the Software,

people) or natural disasters. Security covers a wide managerial scope which

includes technical issues related to the computer system, psychological and

behavioural factors in the Society and its employees and protection against the

unpredictable occurrences of the natural world. Human errors or omissions can be

just as dangerous as deliberate acts.

The Policy shall therefore cover the following:

a) Prevention

b) Detection

c) Deterrence

d) Recovery Procedures

e) Correction

f) Threats to Computerised Systems

g) Data and System Integrity

h) Documentation standards

i) Purchasing controls

j) Software Piracy and Licensing



22

3.3 Prevention

This shall require the Society to take measures to prevent any of the threats to the

Computer system from occurring. While in reality it is impossible to prevent all

threats cost effectively, the society should take the possible measures for such

prevention.

3.3.1 Access to Computer server room

The computer server room shall be out of bounds and access shall be only to

authorised personnel namely:

a) The Chief Executive Officer

b) ICT Manager who shall have the relevant qualification to head the

Department

c) Data Entry Personnel

d) Computer system support personnel

e) Cleaning staff personnel

f) Other persons as authorised by the Chief Executive Officer or the Systems

Administrator.

The following should not be allowed in the computer server room:

a) Members

b) Representatives

c) Visitors

The Computer server room should always be under lock and key unless the

Computer server room personnel are present.

3.3.2 Access to Computers

a) Each user shall be given access rights to Computers by the ICT Manager

through user passwords to access Computers and the Network

b) Users shall ensure they log out of the computer or network when they are



23

not working

c) Users shall protect their computers and their work through the use of screen

savers with passwords giving adequate idle time not exceeding 10 minutes

d) The ICT Manager shall deny access to the server for all users on Sundays

except where special arrangements have been made with the consultation

with the Chief Executive Officer

3.3.3 Passwords

a) Passwords are security codes that are known only to the users who have

been assigned to get access to a computer or a software application with

their unique identification.

b) Users should not reveal their passwords to anyone including the ICT

Manager

c) Where a user password has been revealed to a second party, the user shall be

held fully responsible of any system and data changes carried out using his

user name or code.

d) Users should change their passwords regularly and especially where the

password has been revealed to a second party. The password shall be

inactive after a period of three months.

e) The password and log in names for all staff that have left the Society should

be deleted.

3.3.4 Power Back Up

a) Electricity power blackout and power surges can affect operations of the

computer system, corrupt data, cause equipment failure etc.

b) The Society shall ensure there is consistent supply of power to the machine

through the use of UPS, Power inverter, Generators etc

c) The power backup system should be serviced regularly to ensure that they

are in good working conditions



24

3.3.5 Antivirus, Spy Wares Worm, Firewalls

a) The Society shall purchase up to date Antivirus Software and Anti Spy Wares

to safe guard against Anti-Virus and Spy ware infection

b) All external electronic storage media should be scanned before being used in

any of the Society computers.

c) Firewalls should be installed to filter any unwanted data coming through the

network i.e. the internet and any other dedicated links(s).

3.3.6 Data and Information Security

a) Data and information security policy shall refer to procedures, processes and

mechanisms to be followed in ensuring the integrity, reliability, resilience

and availability of data and information within the Society.

b) An adequate and comprehensive backup recovery plan shall be in place to

ensure business continuity in case of a disaster. This plan shall be tested and

reviewed frequently to ensure that it remains relevant and applicable with

changing times

c) No external data storage medium e.g. diskettes, CDs, Flash memory shall be

used on any Society computer unless authorized by the IT section.

Otherwise, the issuance and distribution of these media shall be made by the

IT section

d) No user is allowed to copy any data and/or software from the Society’s

premises without authority

e) Adequate controls, checks, audits and logs shall be kept by systems to

enhance recovery of data

f) Procedures shall be in place to ensure that the system rights and privileges of

employees who leave the society are immediately removed

g) All computers shall be connected to Uninterrupted Power Supply (UPS) units

to protect them against power surges and outages



25

h) Sensitive data that is transmitted outside the society’s intranet via public

networks shall be encrypted to enhance security

i) The Society shall use Data Control accounts in posting all members personal

accounts and should be reconciled daily by the concerned staff in- charge of

these accounts

j) Where remittance has been received from an Employer, data must be posted

to control accounts

k) Data posted to control accounts must be cleared within a day and where

members are many should not exceed 5 working days.

l) Users should save most of their office documents in their Personal computers

in a Folder ‘My Documents’. Sub folders within ‘My Documents are

encouraged to ensure ease of managing personal data and information files.

m) Users should determine what is critical to their office documents and as such

liaise with the ICT Manager for external data backup.

n) The ICT Manager shall ensure regular data backups are taken both internally

and externally on the Society Critical application namely CMIS in all the

Society office premises in the Society.

o) Daily data backups of critical application should be taken at least once daily

and as frequently as need arises.

p) External data Backup of the critical application should be taken at least once

in five days and should be stored in a remote place outside the premises in

which it was taken.

q) The critical application requires File indexing of the database otherwise

‘House Keeping’. The ICT Manager shall ensure Housekeeping is done at least

once per day or as per arising need.

r) The ICT Manager shall ensure that data backup for the database is taken

before performing ‘Housekeeping’ procedures.

s) No user should be logged into the system when data back and housekeeping

are being carried out.



26

t) Copies of anti-virus software shall be kept by the IT section and any requests

and/or updates as pertains to virus-related queries should be directed to the

section. All external media shall be handed over to the IT section for virus

scanning to certify that they are safe for use in the network

3.3.7 Preventive Maintenance

a) The Society shall carry out regular preventive maintenance for Computer

hardware not less than four times a year.

b) During preventive maintenance, cleaning and dusting of equipment shall be

done. Users in consultation with the ICT Manager should report any

problems experienced to the computer consultants carrying the exercise.

c) The Computer consultants carrying the preventive maintenance shall be

from among those short-listed by the Society.

d) A detailed report shall be prepared by the Computer consultants at the

conclusion of the exercise to deal with any equipment failure and

hardware/software problems.

e) The ICT Manager shall be required to act on the recommendations of the

report accordingly and advise the Chief Executive Officer on the action to be

taken.

f) The Society may out-source the services of a Consultant for maintenance

/repairing of the computers

3.3.8 Hard Disk storage of the Computer Server

a) The Hard disk is the main storage for all critical data and programs. It is

therefore necessary to ensure there is sufficient working space to prevent

any errors that may lead to data loss.

b) Avoid saving office application documents in the main server

c) Take regular external data backups using reliable mass storage media

d) Delete regular old files that are no longer in use



27

3.4 Detection

Detection is being made aware that there is/was an attempted breach of security.

Techniques for detection may be combined with prevention techniques. The society

shall take such measures and employ techniques that shall detect such security

threats.

a) The use of Anti-Virus and Spy wares

b) Maintenance of system logs to unauthorised attempts to gain access to a

computer system.

c) Monitor on a regular basis amount of free disk space

d) Monitor the use of control accounts to ensure data is posted to the correct

accounts.

e) Control accounts that have not been cleared for more than 10 days should be

subjected to investigation and action taken.

3.5 Deterrence

Deterrence is a measure that is undertaken to discourage the possibility of a breach

of security.

The Society shall take all meaningful and cost-effective measures to implement

deterrence.

a) Lock the computer server room to ensure access is only during regulated

working hours

b) Take disciplinary action on staff who leave their computers on after working

hours

c) Take disciplinary action on staff member who leave computers and software

application while logged on.

d) Severe disciplinary action should be taken on staff involved with Computer

frauds.



28

3.6 Disaster Recovery

The measures to be taken shall depend on the nature and extent of the Disaster and

it shall be the responsibility of the ICT Manager to ensure that recovery strategies

are in place and implemented.

a) Evaluate the nature and extent of the disaster taking immediate action on

what the ICT Manager can be able to do.

b) Inform the Chief Executive Officer of the nature and extent of the disaster

making the relevant recommendation where necessary

c) Restore the most recent data backup taken before system crash

d) Advise the users on data to be re-keyed since the last back up was taken

e) Set up another machine as the server for the main database

f) Consultation to be made with the Chairman and the Chief Executive Officer to

purchase new machines or software or repairs with immediate effect and

seek ratification from the Board during the normal scheduled meeting.

g) Contact any of the short-listed suppliers for supply, installation of new

machines or repair and maintenance of concerned equipment.

h) Run the current Anti-Virus or Anti Spy ware available.

i) Transfer data to another machine and then ‘Format’ delete the hard disk of

the affected machine. Install the operating system and other relevant

software.

3.7 Correction Procedures

Correction procedures are those carried out to make right what had gone wrong.

Not everything that went wrong can be corrected.

The Society shall put corrective measures in place to ensure that correction is done

immediately.

a) Operating system that has crashed or corrupted should be re-installed

b) Data that has been posted to the wrong account should be reversed

immediately and then posted to the correct account.



29

c) Control accounts in the database should always have zero figures. Any

amounts that remain in the control accounts should be thoroughly

investigated and appropriate action taken on the staff concerned.



30

4.0 HUMAN RESOURCE AND ADMINISTRATIVE ISSUES

4.1 Employee Priorities

BRAEMEG SACCO Management realizes that, in some disasters, employees will be

unable to assist in the Society’s recovery efforts until personal issues are resolved.

For this reason, Society management suggests that Society employees follow these

priorities:

i. Call the Society’s emergency phone number and advise the Emergency

Coordinator of your location, safety, phone number, issues that you must

resolve, estimated time to resolve these issues, and other pertinent

information.

ii. Locate loved ones and determine their safety and condition. If local

telephone links are unavailable, establish a third-party relay with a friend or

relative whose contact is in another geographical region. Sometimes calls

cannot be made within the same area code, but outgoing calls can be made

and incoming calls can be received. It will be each employee’s responsibility

to establish this “third party relay.”

iii. Ascertain the condition of homes, travel routes and utilities and report to

work when it is safe to do so, and when you are prepared to assist in disaster

recovery efforts.

4.2 Reduced Workforce Considerations

From a disaster recovery standpoint, one of the advantages of our operation is the

fact that our employees “wear many hats” and are cross-trained in many different

jobs. This will prepare us to work with fewer people should a disaster occur and

employees suffer injuries or possibly lose their lives.

Each department manager will be responsible for adequate cross-training within his

or her department.



31

4.3 Employee Call List

See the Employee Call Roster within the BRAEMEG SACCO Policy and Procedures

Manual.

Management Staff

Position Name Tel

C.E.O

Accountant

Accounts Assistant

Internal Auditor

Marketing Manager

Human Resource Manager

Executive Secretary

4.4 Management Succession

In the event a critical role within the Society becomes unavailable for an extended

period of time, the most recent Organizational Chart on file with the Human

Resources Department will be used for determining succession of those key roles.

The Board of Directors may provide oversight as deemed necessary.

The C.E.O shall be responsible for public relations following a disaster event and

will immediately prepare and issue news releases regarding the situation to radio,

newspaper, and television media. It is extremely important that the Society’s

members and employees be made aware of the disaster and be given sufficient

information and assurance, on a continuous basis, to prevent them from losing faith



32

in the Society. Available Society locations must be emphasized and temporary

telephone numbers must be publicized.

It must be emphasized that only Chairman and the Chief Executive Officer, or their

designee, has the authority to communicate to the public regarding a disaster event.

All personnel are to refer media questions to the CEO and should refrain from

answering such questions; this will help to eliminate inconsistent statements

regarding the disaster event.

Do’s and Don’ts of Media relations

DO DON’T

Give all media equal access to

information.

Speculate about the incident.

Give local and national media equal

time.

Allow unauthorized personnel to release

information.

Try to observe media deadlines. Cover up facts or mislead the media.

Escort media representatives to

ensure safety. Place blame for the incident.

Keep records of information released.

Provide press releases when possible.

4.6 BRAEMEG SACCO’s Media Policy

The Society maintains a Communications and Social Media Policy that is regularly

communicated to employees, staff, and contractors.

Employees shall not make statements of any kind to any member of the media no

matter how insignificant the comment or event may appear. This includes

statements that are “off the record.” If any member of staff is contacted by a

reporter, they shall refer them immediately to the Marketing Manager. If s/he is not

available, and the situation seems to require an immediate response, the call may be



33

referred to the Customer Care Officer.

4.7 Local and Regional Authorities

All areas served by BRAEMEG SACCO have Police 999 services available. Dialing

999 will staff into contact with appropriate emergency services based on the

location from which they are calling:

Location Police Fire Ambulance

General Authorities and Suppliers

Phone

Police Station

Health Department

Electricity Supply

Water Supply

Poison Control and Toxic Chemicals Centre

Disaster Management

Highway Patrol

Local Authority

4.8 BRAEMEG SACCO Advocate Contact Information

< >

4.9 Insurance Coverage

All of Society’s Insurance Policies are accessible through the main contact number.

4.10 Emergency Supplies

Pandemic kit with instructions issued by the board.

2 to 4 Flashlights per branch depending on size of branch and employees.



34

First Aid kit fully stocked.

Battery operated calculator.

Water

Batteries

Sanitizer Spray

Tissues

New Membership Applications

Credit Card Applications

All Emergency supplies will be kept in a location that all staff will have access to in

case of an emergency.



35

5.0 HUMAN CAUSED DISASTER

5.1 Extortion

Extortion is the act of obtaining money by force or undue illegal power over the

victim. In financial services, extortion is usually in the form of a threat by phone to

kill or do bodily harm to a family member if the employee does not provide the

extortionist with a large amount of the Society’s funds. If an extortion attempt is

made, immediately notify an executive officer of the Society and the Police.

A criminal may attempt to extort funds by kidnapping an employee or a member of

an employee’s family from the employee’s home. Employees should protect

themselves and family members by using a home security device such as a

monitored alarm and should follow precautions such as not opening the door for

strangers, requiring identification of all utility or repair workers, and changing

routines to prevent habits from being known by strangers. Instruct children to

never talk to or admit strangers to the home and teach them how to call the police

whenever anyone or anything is suspicious around the house.

5.1.1 Handling Extortion

Remain calm.

Indicate your willingness to cooperate.

Ask to speak with the abducted person.

Write the caller’s instructions down (amount and where to make delivery).

You may try to decide with the caller to accept half the ransom now, and the

other half when the victim calls to tell you that he or she is safe (this may aid

in the safety of the victim).

Immediately after the call, contact the Security Officer so he/she can call the Police.

Do not notify local authorities in an extortion case until and unless instructed to do

so by the Police. Make every attempt to verify that the family member was really

kidnapped. This could take some time; that is why it is important to notify the

Security Officer so that the efforts of many can get more things done.



36

5.1.2 Employee Hostage Procedures

If an employee is brought to the Society as a hostage by a criminal, Do Not Set

Off the Alarm.

Do exactly as the criminal demands.

Notify the Security Officer.

If possible without detection, another employee should call the Police and

give the address of the family being held (this may have to be done after the

criminal and hostage leave).

Follow robbery procedures regarding observations, descriptions, type of

transportation and preservation of the holdup area.

If a hostage is taken during a robbery, follow the same procedures as when a

hostage is brought to the Society.

5.2 Robbery

5.2.1 Precautions

Tellers must develop an awareness of security and exercise good security habits at

all times. Be alert for suspicious persons loitering in or near the building. Be

familiar with the location and usage of alarms and other security equipment. To

minimize loss exposure, always observe the audit and securities rules and keep

teller bus cash within limits.

Tellers should never discuss with outsiders any aspect of the security systems, its

physical make-up or anything about amounts of cash or details of cash handling.

Outsiders are defined as anyone not employed by the Society.

5.2.2 During a Robbery:

The most important consideration during a robbery is to remain calm and avoid any

action which might increase danger to yourself or others. Obey every instruction

from the robber and avoid actions that may incite or antagonize the robber.

Give the robber only the amount of money he demands. Make sure to include the



37

bait money in the cash given out if at all possible without endangering your safety.

Trip the alarm when it can be done safely.

Observe everything possible about the robber’s appearance, weapon, and means of

escape. If the robber presents a hold-up note, try to keep it in your possession. If

safety permits, observe the direction of the robber’s escape and description and

license number on the escape vehicle.

5.2.3 After Robber Exits:

Remain Calm. Activate the alarm again and alert the nearest Society official. The

officer will notify the police. Immediately lock any remaining cash in your bus and

isolate the teller’s area. Do not allow anyone except the police to handle or touch

the teller’s area, the note, or any object the robber leaves behind. Do Not talk to

other tellers or witnesses until completing a written description of the robber, or

making a statement to the police. Do not discuss details of the crime or robber

description with anyone except law enforcement officers. Record your own

observations, not what someone tells you. Use a separate form for each robber.

Please refer to the Teller Manual for further information.

The robbery may be reported by radio, television or press before business closing

hours. Therefore, after police have concluded their investigation, allow employees

to contact relatives in an orderly manner.



38

Robber Description Form:

Time of Robbery am pm # of Robbers:

Robber #

Race White Black Native American Hispanic Asian Other

Sex Male Female

Age

Estimated Height

Estimated Weight

Complexion Light Medium Dark

Hair Bald Partially Bald Short

Medium Long Very Long Colour:

Beard No Yes Colour:

Moustache No Yes Colour:

Sideburns No Yes: Short Med. Long Colour:

Glasses No Yes: Regular Sunglasses Colour:

Size Frames Small Medium Large

Type of Frame White Plastic Colour:

Shape of Frame Regular Round Square Rectangle

Hat No Yes Colour:

Shirt or blouse type

Work Sport Other Colour:

Pants type & colour

Work Sport Dress Other Colour:

Shoes type & colour

Work Sport Dress Other Colour:

Coat No Yes Colour:

Coat type Business Suit Sport Overcoat Raincoat

Coat Style Button Zipper Other:

Coat Length Hip Level Knee Level Other

Gloves No Yes Colour:

Mask or disguise No Yes

If yes, describe:

Weapon None Seen Gun Knife Other:

If gun, type Rifle Shotgun Pistol Revolver Auto

Gun colour Black Chrome Blue

Speech Coarse Refined High-pitched Low-pitched Accent Other Describe speech:

Other details:



39

Robbery Publicity

While security measures are taken to prevent a robbery, the Society should be

prepared. Interviews of employees by the media should not be allowed.

Protection of Witnesses:

Request that the press protect the identities of employees or other witnesses.

Restricted Areas

Do not permit the press to enter the building or work areas to photograph or

examine the crime scene.

Police Clearance

Consult with police authorities before releasing information to the press to make

certain the information does not interfere with the investigation.

Reportable Information

Media Contacts: Chief Executive Officer and Operations Manager.

Time of robbery, description of bandit, and method of operation.

A brief statement that the financial institution has insurance against holdup

losses.

Photos of exterior of the building.

Confidential Information that will not be reported

Names, addresses, and photographs of employees or other witnesses.

The amount of money taken in the holdup. Loss may be described as

“undetermined amount.”

Details of security procedures followed by personnel.

Details of protective devices, such as types and locations of alarm activators,

the time setting of vault-locking mechanisms or failure of any security device.



40

Any action of employees or customers that may be viewed negatively.

6.0 NATURAL DISASTER

6.1 Earthquake

Earthquakes are a shaking or trembling of the earth, caused by underground

volcanic forces or by breaking and beneath the surface.

While the probability of an earthquake occurring is not great, the possibility of an

earthquake does exist. Accordingly, management includes earthquake preparedness

information in this plan.

6.1.1 Earthquake Preparedness

Secure top-heavy furniture and office equipment with anchors, brackets, latches or

Velcro bases. Know how to turn off the gas, electricity and water. Keep on hand a

battery-powered radio, a flashlight, fresh batteries, fire extinguishers and a first-aid

kit.

If you are indoors when the quake strikes:

Move away from windows, ceiling fixtures, mirrors, and tall furniture.

Stand at an inner wall or in a central doorway or get under a desk or table.

Protect your head and neck with your arms.

Do not head for the exits or elevators of a multi-story building. It’s better not

to go outside.

If you are outdoors when the quake strikes:

Try to move away from power poles and other objects that might fall.

If possible, get to an open area.

If you are in a car, pull over until the tremors stop. Keep away from

overpasses, bridges, power lines. Stay in the car.

When the quake is over:

Turn on the radio for instructions.

Use the telephone only for an emergency so lines and circuits will be clear.

Do not use your car unless there is an emergency.



41

If you smell gas, turn it off at the main valve, open windows, and leave.

If there is no incoming water and you have none stored, you can get

emergency supplies from the water heater, toilet tanks, or canned fruits. Boil

doubtful water for 20 minutes before drinking or cooking with it.

Don’t flush toilets until you know that sewage lines are intact

Be careful opening cabinets or closets; items may have shifted.

Check the building for structural damage.

Leave a message at your home telling family members and other where you

can be found.

Be prepared for aftershocks

6.2 Fire

Install smoke detectors and fire extinguishers in appropriate locations. Preferably,

your smoke detectors will be wired into the security system.

All utility shutoffs should be clearly identified for emergency response

personnel.

Map out an escape plan in advance and hold periodic drills.

Have a gathering point outside the building where a head count can be taken

(Fire Assembly Point). Each section shall have a Fire Marshall whose

responsibility is to coordinate and control evacuation procedures for the

section.

Post fire emergency numbers near telephones.

6.2.1 During a fire:

If a fire appears to be an immediate threat to human life, activate the fire alarm if

possible and leave the building immediately, then call 999. When exiting the

building use designated exits, depending on the safest route, and do not use

elevators. Close any stairway doors as you exit. Do not attempt to return through

these exits. When you arrive at the street, proceed to the designated emergency



42

meeting location for your specific branch. Do not re-enter the building unless you

are directed to do so by a member of the Emergency Assessment Team. Remain at

the designated meeting site, a safe distance from the building, until you are directed

to return to your work area.

Important: Under no circumstances should you endanger yourself. You

should seek a place of safety unless completely free of all danger.

Get everyone out of the building and call the fire department.

Close all doors behind you as you leave the building.

When passing through a smoke-filled area, walk in a crouched position with

your head close to the floor. Try to cover your face with a damp cloth.

If your clothes catch on fire, Stop Drop and Roll! Wrap yourself in a coat or

blanket and roll on the floor.

Before leaving a room, feel the door. If it’s hot or if you see smoke, don’t open

it. If the door is cool, put your foot against it, avert your face, and open it

slightly. If heat or smoke rush in, shut the door. Leave by another exit or wait

at a window for rescue. Stuff bedding or clothes at the bottom of the door,

open the window slightly for fresh air, and hang out clothes or a sheet to

attract rescuers.

Once out of the building, don’t go back for personal effects unless you are in a

mission to rescue another person.

If the fire does not appear to be a threat to human life, place the appropriate

emergency telephone call and, if appropriate, use fire extinguishers located on each

floor of all company properties. If possible, place important documents and

computer storage media in the vaults. If a fire develops beyond your control, follow

the evacuation procedures above.

6.2.2 Computer server room Emergency Procedures

In the event a fire occurs in the computer server room , the operator on duty is to



43

make a quick survey of the area to determine the extent of the fire. If the fire is

limited to an area that can be extinguished readily with a manual fire extinguisher

(i.e. fire limited to a trash can), the operator is to do so. In the case of an extensive

fire in the computer server room, the operator on duty is to follow the written

procedures that are located in the computer server room. Where there is no threat

to human life or threat of human injury, the following procedures are to be followed

and supervised by the senior employee on duty:

Remove all items (checks, deposits, tickets) captured or not captured to the

vault or the designated meeting site.

In an orderly fashion, shut down the computers and remove all data modules

to a vault or designated meeting site if feasible.

Remove all printed reports, optical disks, control and balance sheets, and

other paper data in the same fashion, as time permits.

6.2.3 Fire Extinguishers

Have the proper class of fire extinguisher on hand, mounted in a conspicuous area

where every employee is aware of its location and proper use.

The letter rating of a fire extinguisher indicates which type of fire it can put out:

Class A - combustible solids such as wood, paper, fabrics, or trash.

Class B - grease and other flammable liquids

Class C - electrical (does not conduct electricity).

Do Not Use Water On Class B Or C Fires!!!

Have extinguishers inspected on a regular basis by qualified fire protection experts.

6.3 Flood

A flood occurs any time a body of water rises to cover what is usually dry land.

Floods have many causes, including

Heavy rainfall.

Hurricanes.



44

Coastal storms.

Dam and levee failure.

6.3.1 Flood Prediction

The risk of damage or injury resulting from floods cannot be downplayed.

If flooding is eminent, take the following precautions:

Move valuable items to higher ground. Some furniture and equipment can be

raised using blocks of concrete or wood.

Rinse sinks and jugs with household bleach and fill with clean water for

drinking.

Shut off the electric power and gas valve.

Listen to a portable radio for information and instructions. Especially

important is information on which roadways are impassible. Inform

employees if their route home is impassible and encourage them to stay

there until it is safe to drive home.

Do not attempt to drive through water. Two feet of water will carry away

most automobiles.

If water is rising quickly in the building, open first floor windows to let out

water and proceed to the top floor. Take emergency food, water, warm

clothing, portable radio and a flashlight.

After a flood, check the building for structural damage.

If you smell gas, open all doors and windows, leave the building, and report

the leak to the gas company.

Throw out any food that has been touched by floodwaters.

Boil all drinking and cooking water for 20 minutes.

6.4 Landslides

The main cause of such a disaster is topography of the area, depth and nature of the

rock formation and type of soil within the area. Sandy soils are more prone to



45

landslide that red clay soil.

Landslides can be avoided by carrying out environmental conservation. Areas,

which are prone to landslides, should not be allocated to developers and

consideration should be given to relocate to safer grounds those already settled in

such areas.

The losses caused by landslides have a major impact on infrastructure works such

as power transmission, water supplies and irrigation facilities.

6.5 Thunderstorm

During a thunderstorm:

Avoid touching any metal object if it’s lightning. Rubber sole shoes and

rubber tires provide absolutely no protection from lightning.

Avoid using the phone except for an emergency. Telephone lines can conduct

electricity.

6.6 Droughts

Droughts in the country have led to malnutrition and ultimately deaths. Due to the

acute water and food shortages, use of water bowsers and distribution of relief food

are usually the alternatives. The other cause of drought is evaporation from open -

surface. In this regard, boreholes are preferred to water pans especially in areas

where there are high temperatures. Water should therefore be conserved.



46

7.0 PANDEMIC

7.1 Influenza

In the event of pandemic influenza/Covid-19, businesses will play a key role in

protecting employees' health and safety as well as limiting the negative impact to

the economy and society. Planning for pandemic influenza is critical. As with any

catastrophe, having a contingency plan is essential.

7.2 Preparedness

The Society will be prepared in the event of a pandemic epidemic. Preparedness

includes, but is not limited to,

Monitoring for outbreaks and the associated stages

Activating stages of the plan based upon the pandemic threat stage

Training employees on proper hygiene and social distancing techniques

Wearing of masks at all times.

Consideration given to providing flu vaccinations for influenza

Utilizing social distancing techniques during various stages of outbreaks.

Social distancing techniques include using ATMs and drive-through teller

stations instead of the lobby or utilizing remote processing where available

e,g mobile banking/lending, labelling sits in the banking halls to allow a one

meter distance from one seat to another.

Encouraging employees to use allocated sick days when they aren’t feeling

well

Reporting to and updating relevant authorities as necessary

In case an infection is dictated within the organisation, contact tracing should

be done and the close contacts asked to go for testing and at least 14-day

isolation period.

Disinfect the workplace regularly.



47

Provide sanitizers and ensure the organisation has running water and soap

at all times.

Cross-training employees

Maintaining cleaning supplies, medical supplies, and hygiene supplies

Organizational polices

The Society will continue to monitor this threat and update the Business Continuity

Plan accordingly.

7.3 Terrorism

Terrorism is defined as “premeditated, politically motivated violence perpetrated

against noncombatant targets by sub-national groups or clandestine agents, usually

intended to influence an audience.” Terrorism has four key elements:

i. “It is premeditated---planned in advance, rather than an impulsive act of

rage.

ii. It is political---not criminal, like the violence that groups such as the mafia

use to get money, but designed to change the existing political order.

iii. It is aimed at civilians---not at military targets or combat-ready troops.

iv. It is carried out by sub-national groups---not by the army of a country.”

The society will continue to monitor terrorism threats and will remain aware of the

potential for terrorist actions impacting the Society or its customers.

The society will observe all applicable regulations and laws designed to combat

terrorism by preventing and detecting money laundering and other illicit activities.

7.4 Chemical Attacks

Chemical attacks refer to the terrorist act of releasing chemicals in an effort to harm

or kill people. Although some chemical agents act through the skin or eyes, most

chemical warfare agents must be inhaled to harm people.



48

7.4.1 Different Types of Chemical Agents

Chemical agents may come in liquid, gas, aerosol-spray or dry powder form. The

deadliest types of chemical agents are nerve agents which attack the body’s nervous

system. Choking agents such as chlorine and phosgene attack the lungs. Blood

agents such as cyanide carry tissue-killing poisons throughout the body.

7.4.2 Response to Chemical Attacks

Most experts agree that the best response to a chemical attack is to:

Flee the contaminated area while shielding your eyes and skin as much as possible,

and minimizing the amount of the chemical agent inhaled.

Most experts’ advice against acquiring gas masks because the masks require

practice and training to use safely, and the masks would have to be worn constantly

to provide true protection against an attack that occurred without warning.

First responders such as police, firefighters, and paramedics are best equipped to

handle chemical attacks. They would cordon off the area and establish a “hot zone”

where contamination is highest.

While antidotes exist for some chemical agents, they are not always absolute “cures”

sometimes only pulling victims back from the brink of death. Unfortunately, other

than the simple instructions above, there is relatively little that one can do to avoid a

chemical attack.

7.4.3 Biological Threats

Centre for Disease Control (CDC) Health Advisory

Do Not Panic

Anthrax organisms can cause infection in the skin, gastrointestinal system, or the

lungs. To do, so the organism must be rubbed into abraded skin, swallowed, or

inhaled as a fine, aerosolized mist. Disease can be prevented after exposure to the

anthrax spores by early treatment with the appropriate antibiotics. Anthrax is not



49

spread from one person to another person.

For anthrax to be effective as a covert agent, it must be aerosolized into very small

particles. This is difficult to do, and requires a great deal of technical skill and special

equipment. If these small particles are inhaled, life-threatening lung infection can

occur, but prompt recognition and treatment are effective.

7.4.4 Suspicious Unopened Letter

Packages Marked with Threatening Message Such As “Anthrax”:

1. Do not shake or empty the contents of any suspicious envelope or package.

2. Place the envelope or package in a plastic bag or some other type of

container to prevent leakage of contents.

3. If you do not have any container, then cover the envelope or package with

anything (e.g., clothing, paper, trash can, etc.) and do not remove this cover.

4. Then leave the room and close the door, or section off the area to prevent

others from entering (i.e., keep others away).

5. Wash your hands with soap and water to prevent spreading any powder to

your face.

6. What to do next…

If you are at Home, then report the incident to local police.

If you are at Work, then report the incident to local police, and notify

your building security official or an available supervisor.

7. LIST all people who were in the room or area when this suspicious letter or

package was recognized. Give this list to both the local public health

authorities and law enforcement officials for follow-up investigations and

advice.

7.4.5 Envelope with Powder and Powder Spills out onto Surface

1. DO NOT try to clean up the powder. Cover the spilled contents immediately

with anything (e.g. clothing, paper, trash can) and do not remove this cover!



50

2. Leave the room and close the door, or section off the area to prevent others

from entering (i.e., keep others away).

3. WASH your hands with soap and water to prevent spreading any powder to

your face.

4. What to do next:

If you are at Home, then report the incident to local police.

If you are at Work, then report the incident to local police, and notify

your building security official or an available supervisor.

5. Remove heavily contaminated clothing as soon as possible and place in a

plastic bag, or some other container that can be sealed. This clothing bag

should be given to the emergency responders for proper handling.

6. Shower with soap and water as soon as possible. Do Not Use Bleach Or

Other Disinfectant On Your Skin.

7. If possible, list all people who were in the room or area, especially those who

had actual contact with the powder. Give this list to both the local public

health authorities so that proper instructions can be given for medical

follow-up, and to law enforcement officials for further investigation.

7.4.6 Room Contamination by Aerosolization:

For example: small device triggered, warning that air handling system is

contaminated, or warning that a biological agent released in a public space.

1. Turn off local fans or ventilation units in the area.

2. Leave area immediately.

3. Close the door, or section off the area to prevent others from entering (i.e.,

keep others away).

4. What to do next…

5. If you are at Home, then dial “999” to report the incident to local police and

the local POLICE field office.



51

6. If you are at Work, then dial “999” to report the incident to local police and

the local POLICE field office, and notify your building security official or an

available supervisor.

7. Shut down air handling system in the building, if possible.

8. If possible, list all people who were in the room or area. Give this list to both

the local public health authorities so that proper instructions can be given for

medical follow-up, and to law enforcement officials for further investigation.

7.4.7 Identifying Suspicious Packages and Letters

Some characteristics of suspicious packages and letters include the following…

Excessive postage.

Handwritten or poorly typed addresses.

Incorrect titles.

Title, but no name.

Misspellings of common words.

Oily stains, discolorations or odor.

No return address.

Excessive weight.

Lopsided or uneven envelope.

Protruding wires or aluminum foil.

Excessive security material such as masking tape, string, etc.

Visual distractions.

Ticking sound.

Marked with restrictive endorsements, such as “Personal” or “Confidential.”

Shows a city or state in the postmark that does not match the return address.



52

Source: Bureau of Alcohol, Tobacco and Firearms (BATF)



53

8.0 TECHNOLOGICAL DISASTER

8.1 Introduction

Technological disasters are those events that render the Society’s systems non-

functional and include intentional damage such as hacking and virus infection and

unintentional damage such as disk or system failure and inadvertent destruction of

data.

To prepare for technological disasters, the Society has employed the following

measures against intentional damage:

Virus Protection

Anti-Spyware

Raid technology on servers

Distribution of servers and critical functions

Firewall with Intrusion Prevention module

Daily backups to tape and off-site server

Co-location space with Service Provider

To prepare for unintentional damage to data, the Society employs system features

including access control to sensitive data, uninterruptible power supplies for critical

systems, and thorough backups of systems and data.

The Society’s Information Security Program contains more information regarding

the preventive measures employed by management to mitigate technological risk

and safeguard confidential member information.

8.2 Computerized Information Systems Threats

BRAEMEG SACCO recognizes that its computerised information system may be

threatened by a number of errors including:

8.2.1. Human Errors

This is the risk with highest incidence as it’s the people who interact with the

system on a daily basis. Human errors may include:



54

a) Entering incorrect data from the source document.

b) Executing a command at the wrong place or time.

c) Failing to carry out instructions in respect of security procedures.

In dealing with human errors therefore:

a) The society shall employ qualified staff and train existing staff members to

work on the computerised information system to reduce chances of

occurrence.

b) Controls should be put to ensure that correct data is entered into the system

c) Staffs that are prone to make mistakes should be subjected to closer

supervision and where necessary disciplinary action should be taken against

them for deliberate errors and those due to negligence.

d) Human errors related to control accounts should be viewed with suspicion as

can easily lead to frauds.

8.2.2 Technical Errors

This is the second most common risk after human error. Technical errors involve

malfunctioning of hardware, system software, application software or

communication software.

a) The Society shall purchase branded equipment that meets acceptable

international market standards for office use and shall ensure it is kept in a

safe place secure from any damage and in accordance to manufacturer’s

specifications so that they function optimally.

b) Equipment whose manufacturer’s warranty has expired may require to be

subjected to a consistent qualified hardware maintenance company as

determined by the Tender committee.

c) The society shall buy and install original software that is properly licensed,

registered and with the appropriate documentation. Authorised backup

copies shall be made and kept in a secure place. Should the existing ones be



55

corrupted and damaged in any way, backup copies shall be available.

8.2.3 Deliberate Actions

Given the nature of the business of the Society i.e. receiving savings, issuing and

recovering loans, and the scope for fraud, there is need for particular consideration.

This is because data held on electronic media is not immediately legible and it may

be difficult to obtain evidence of unauthorised data modification. Staff with proper

knowledge of existing system may be involved in fraudulent activities.

a) The Society should employ honest staff with integrity.

b) Control Accounts should be monitored on a daily basis.

c) All data entry transactions should have supporting documents

d) Data entry transactions that have no supporting documents shall be

interpreted to mean they are not authorised transactions.

e) All unauthorised transactions shall be treated as deliberate actions unless

proved otherwise.

f) The Computer system should have a security log that shall keep track of all

users who have made changes and accessed the system.

8.2.4 Commercial Espionage

Commercial espionage is involved with data/information getting into the wrong

hands with the intention of using it for other purposes than what was intended.

a) The Society shall regulate the use of external storage media to only the ICT

Manager and the Manager or staff authorised by them.

b) The use of diskettes, Compact disk, Data tapes, flash disks etc in the Society is

therefore prohibited except for express authority from the ICT Manager or

the Chief Executive Officer.

c) Severe disciplinary action should be taken against any staff involved in

commercial espionage.



56

8.2.5 Malicious Damage

Malicious damage is likely to be caused by disaffected employees or consultants

destroying data or software. Sabotage would fall into this category. This may be

quite risky as its execution may not leave a trace of what happened and who did it.

The destruction could take the form of introduction of viruses, software piracy,

deletion of data, inserting garbage data into the system etc.

a) Staff employed shall be those who are honest. These should be regularly

trained and the Society should endeavour to retain their services.

b) Consulting firms should be of reputable firm that is reliable. A good working

relationship should be cultivated and consistency exercised.

c) The policy of prevention and data recovery should be implemented and

reviewed from time to time.



57

9.0 SECURITY AND SAFETY

9.1 Purpose

BRAEMEG SACCO security and safety measures are essential to effective operations,

its employees and visitor’s well-being and minimal loss of property.

The security and safety procedures described in this section, are to be implemented

in all Society facilities and followed by all Society staff, and as applicable, visitors.

9.2 Building and Ground Security

a) Designated office attendants are responsible for ensuring Society office

facilities and ground security through:

b) Logging in the road tag and description of cars entering Society grounds

c) Asking and directing the occupants of the cars to enter the front gates of the

Society facility and register at the Receptionist/Administrative Secretary’s

desk

d) Stopping persons entering Society grounds and directing them to the

Receptionist/Administrative Secretary

e) Inspecting, at periodic intervals after the official closing of Society facilities

for the day, all gates, doors and windows are locked.

f) Notifying police immediately of any disturbances on Society property as well

as the Human Resource and Administration Officer

g) Bringing to the attention of the appropriate Society staff member any safety

hazards that may exist on Society grounds or on the outside of the Society

facilities. Such safety hazards may include:

Broken locks on gates, windows, and doors

Loose bricks, cement on driveway or building

Exposed electrical wires

Fallen trees, branches

Loose tools or other objects which people may step on



58

9.3 Inside Building Security

a) Office attendant must ensure at the end of the day that:

b) All doors and windows are locked

c) Curtains are pulled

d) All electrical equipment and appliances are switched off

e) Water taps are closed securely

f) All cigarettes, pipe ashes have been extinguished

g) Any other hazards that may be identified are eliminated

9.4 Safety Precaution

a) All Society facilities are required to have appropriate fire extinguishers

which are checked by authorized personnel at least, every 3 months

b) No firearms or explosive materials are to be maintained on the Society

property

c) All Society facilities are to maintain a fully equipped First Aid Kits and to post

in a conspicuous location telephone numbers to call in case of an emergency,

such as police, fire brigade, nearest hospital and/or clinic

d) At least one staff member in Society facility should know and practice First

Aid procedures

e) Any staff member having health problems requiring special medication

should notify the Human Resource and Administration Officer so that

appropriate measures can be taken in case of an emergency

9.5 Emergency Measures

Within the Society facilities, the senior ranking staff member present during an

emergency becomes the “officer in charge”. Under emergency conditions, all staff

members and visitors, present in all Society facilities, shall carry out the instructions

of the officer in charge.



59

9.6 Property, Plant, Furniture and Equipment Security

Procedures described under Chapter 8 of Property, Plant, Furniture and Equipment,

ensure the security and safety of such items. At no time, shall any Property, Plant,

Furniture and Equipment be removed from Society facilities without implementing

the applicable procedures and authorization process.

9.7 Police Investigation

a) If an incident does occur requiring police attendance, all staff members are

required to give full information and comply in all matters directed by the

police investigation

b) All incidents are to be reported immediately through Human Resource and

Administration Officer to the Chief Executive Officer

c) As described earlier, police are to be notified immediately of an emergency

BOARD APPROVAL OF POLICY

This document was discussed and approved for implementation as a policy and

procedures of the Society in respect to Disaster Management and Business

Continuity with effect from 2020.

It is approved under Minute Number of Board of Directors

Meeting held on

APPROVED BY:

National Chairman Date

Vice Chairman Date

Hon. Secretary Date

Rowland Njagi

Josephat Okora

James Anyika

10th March 2021

10th March 2021

10th March 2021



60

Treasurer Date

Chief Executive Officer Date

APPENDIX

1.0 Damage Assessment Form

Form Instructions

This form will be used as a general guide in disaster recovery for selected

firm business functions.

Please insert the information necessary for recovery, completing each table

as thoroughly as you can.

If you have specific recovery procedures (e.g., how to restore to server),

please insert them or attach the procedure(s).

After completing the form, save it using the following filename guideline (e.g.,

disaster recovery plan – nightly update.doc), and email the document to

the firm’s disaster response coordinator, _____________________.

People

(Who is needed for the recovery effort?)

Name Role Home Phone # Home Email Mobile Phone

#

10th March 2021

10th March 2021



61



62

2.0 Recovery Script

(What steps need to be taken to restore?)

Priority Business

Function or

System

List steps or procedures to follow for disaster

recovery

Locations

(Which locations could be impacted?)

Location Telephone Number Address (Street Address, City, Town,

Code)



63

3.0 Services Impacted

(Which services could be impacted?)

Records Needed for Recovery

(What records will be needed for recovery? Consider paper and magnetic

media.)

Software Needed for Restoration

(What software applications and operating systems will be needed to recover?)



64

Hardware Needed for Restoration (e.g., computers, printers, copiers, etc.)

(What hardware will be needed to run the software needed above and recover

the business function or system?)

4.0 ATM Information

ATM COMMUNICATION ADDRESSES