ppl - incident management plan (updated 7th april 2011)

Pakistan Petroleum Limited

Business Continuity Management

Incident Management Plan

April 7, 2011

M. Yousuf Adil Saleem & Co.Chartered Accountants

Member ofDeloitte Touche Tohmatsu

DOCUMENT RELEASE NOTICE

This ‘PPL Incident Management Plan’ document is released for use in BCM with effect from _____

_____________________.

This document is subject to PPL Document Control Procedures.

The updated copies of the document will be sent to the distribution list. The holder of a copy is

responsible for discarding the previous copy and using the latest one.

Prepared By: BCM Coordinator Date: ________

(________________________________)

Reviewed By: BCM Leader Date: ________

(________________________________)

Approved & Authorized By: Managing Director Date: ________

(________________________________)

Pakistan Petroleum Limited – Incident Management PlanApril 2011

Authors and Reviewers

Version Date Author / Reviewer Comments

Approvers and Authorisers

Version Role Approver / Authoriser Function Date Signature

Distribution List

Sr. # Name Purpose

1

2

3

4

5

6

7

8

9

10


STATEMENT OF CONFIDENTIALITY

This documentation is the property of Pakistan Petroleum Limited (PPL). This document contains ideas and information that is intellectual proprietary and confidential to PPL, which shall not be disclosed outside PPL, transmitted, duplicated, used in whole or part other than for its intended purpose. Any use or disclosure in whole or part of this information without written permission of PPL is prohibited.

April 2011

Pakistan Petroleum Limited


ABOUT THIS DOCUMENT

Overview

The purpose of this document is to provide an effective, predefined framework and process to enable Pakistan Petroleum Limited to response to emergency incidents.

Management’s ultimate goal should be to minimize damage to the organization through containment of the incident and proper restoration of all business processes. It should be noted that safety of Human life should always remain the number one priority.

Incident response involves assigning responsibility for evaluating, responding, and managing the incidents and developing guidelines for employees to follow regarding escalation and reporting procedures.


ACRONYMS

Acronym Description

PPL Pakistan Petroleum Limited

IMP Incident Management Plan

DRP Disaster Recovery Plan

BCM Business Continuity Management

IRT Incidence Response Team


Table of Contents1. Defining Incident...........................................................................................................................................8

2. Incident Levels..............................................................................................................................................9

3. Incident Response Teams............................................................................................................................10

3.1 Composition of IRT................................................................................................................................10

3.2 Scope of IRTs.........................................................................................................................................10

3.3 Distribution of IRTs................................................................................................................................11

4. Responsibilities of Incident Response Teams..............................................................................................12

4.1 Action Plan of IRT Coordinator..............................................................................................................13

4.1.1 For Office Locations.......................................................................................................................13

4.1.2 For Field Locations.........................................................................................................................13

4.2 Action Plan of First Aid Team................................................................................................................13

4.3 Action Plan of Fire Fighting Team..........................................................................................................13

4.4 Action Plan of IT Support Team.............................................................................................................13

4.5 Action Plan of Administration Team......................................................................................................13

4.6 Action Plan of Security Team.................................................................................................................13

5. Notification and Activation of BCP..............................................................................................................15


1. Defining IncidentIncident is defined as any event that has already impacted or has the potential to negatively affect the business operations of the PPL. Incident situation that can affect the business operations, subject to certain pre-defined criterion, may lead to the activation of the Incident Management Plan. The incident or disruption can be any of the following:

Country Wide – A disaster affecting the entire country. e.g. pandemic across Pakistan

Location Wide – A disaster affecting a geographical location. e.g. terrorism / sabotage, earthquake, flood, sandstorm in any of the cities where PPL has offices and / or fields.

Site Specific – A disaster affecting only a specific site e.g. physical damage to the Head Office at PIDC, Karachi caused by terrorism, fire, smoke, water, or structural damage.


2. Incident LevelsIncident Levels are based on the amount of damage to the infrastructure of PPL and the estimated amount of time required for restoring normal operations. Damage Assessment team will perform this assessment and the incident level will be declared by the Crisis Management Team Leader in consultation with the BCM Steering Committee. The levels also indicate the type and length of time the alternate processing facilities will be needed. Incident declaration at PPL shall conform to one of the Incident Levels described in the following table:

Sr. No.

Incident Level

Criteria

1 I

Level-I incidents occur more frequently in day to day operations. The severity level is considered low because the effects are often isolated to small set of critical business processes. The cause of the disruption is often failure of a single component, system or service.

Level-I incidents can be handled within the departmental/sectional resources.

2 II

Level-II incidents occur less frequently, but have a higher impact compared to the Level-I incident. This kind of event disrupts normal operations of some but not all critical business units. The operational disruptions result from major failure of multiple systems and equipment.

Level-II incidents require the assistance of other sections/departments at the site. Resolution of such incidents should require involvement of Departmental Heads and few of Functional Heads only.

3 III

The possibility of occurrence of Level-III incident is very small but the extent of the impact is significantly larger as compared to the other levels. Such incidents disrupt normal operations of most or all of the critical business processes. The operational disruptions are the result of inaccessibility or failure of most or all of the systems and equipments at a site.

Level-III incidents require the notification and assistance from the highest level of the management including all the Functional Heads.

Table 1: Incident Level Criteria

As level I and level II incidents are more of department level instead of organization level, resumption plans of relevant departments will be used for the recovery of department’s operations. These plans should be available in the Standard Operating Manuals of the departments at offices and fields.

For level III incident, the BCP will be invoked, and business resumption will be carried out using the Business Recovery Plans for each of the PPL’s departments respectively.

In case of a disaster, in which critical components like building, equipment and human resource are totally unavailable at the same time, BCP cannot be invoked. For such disasters, the decision lies with the Board of Directors or the Government to decide the course of action.


3. Incident Response Teams3.1 Composition of IRT

Incident Response Teams are responsible for immediately responding to incidents that disrupt the business activities. The incident response teams comprise of various personnel to cater variety of incidents such as fire, sabotage, natural disaster, operational incidents and IT, building, health related issues, etc.

Figure 1: Incident Response Teams

3.2 Scope of IRTs

The incident response teams will broadly handle five types of incidents, namely:

Human Injury (to be handled by First Aid Team)

o Slight-severe Injuries to staff or visitors due to a terrorist activity or an incident

o Health problem to staff or visitors


Incident Response Teams

IRT Coordinator

First Aid Team

Security Team

IT Support Team

Fire Fighting Team

Admin Team

o Injuries due to a natural disaster

Fire (to be handled by Fire Fighting Team)

o Localized Fire which can be handled by hand-held fire extinguishers

Administrative issues (to be handled by Admin Team)

o Lift not working

o Communication systems not working

o Advisory for Earthquake, Storm, Flood

o Air-conditioning not working in part of the building

o Electricity failure

o Natural disaster affecting the building

Security Issues (to be handled by Security Team)

o Theft

o Terrorism

o Sabotage

o Civil disorder / riots

IT Incident (to be handled by IT Support Team)

o Network Connectivity Failure

o Virus Attack

o Peripherals not working

o Security breach

o Cyber attack making the network insecure or unavailable to the PPL users

Building Accessibility & Security Issues (to be handled by Admin and Security Teams)

o Terrorist activity affecting the building or making it inaccessible

o Sabotage activity making the building inaccessible

The above list just gives an idea of the various types of incidents to be handled by the Incident Response Teams, and is not all inclusive.

3.3 Distribution of IRTs

Each office location has got one IRT while the field locations may have more than one IRT.

Head Office, West Wharf Office, Islamabad Office have got one IRT.

Adhi, Chachar, Hala and Mazarani have got one IRT which is same as the Emergency Response Team already established at these fields and is led by the Production Engineering Incharge of the field.

Kandhkot has got two IRTs, one each for the Field and the Compression plant. Both IRTs are led by the PEIC of Kandhkot.

PEICs of Adhi, Chachar, Hala, Kandhkot and Mazarani act as IRT Coordinators for their fields and are responsible for maintaining all the communication related to business continuity management with the BCM Coordinator and the CMT.

Sui has got six IRTs. One each for SFGCS, SPP, Production & Engineering departments, one IRT for Admin, HR & IR departments and one IRT for the rest of the departments. IRT Coordinator of each of these teams report to Manager Sui who acts as IRT Coordinator of the Sui Field. He maintains all the communication related to business continuity management with the BCM Coordinator and the CMT.


4. Responsibilities of Incident Response Teams

Overall responsibilities of the Incident Response Teams are as follows:

Attend the incident immediately after reporting of incident.

Evaluate the severity of incident.

In case the building is affected, select an incident command post near the building. This site selection shall be on the basis of wind directions and probability of secondary hazards etc.

Deploy appropriate team to cater incident and resolve it.

Take a decision on requirement and priorities of evacuation and organize the resources to execute the same.

Inform BCM Coordinator, or any member of the BCM Team in case of unavailability of BCM Coordinator, about the incident.

Figure 2: Coordination of Incident Response Teams


4.1 Action Plan of IRT Coordinator

4.1.1 For Office Locations

The IRT Coordinator will coordinate the activities of the five incident response teams. His role in an incident will be to oversee the operations performed by the relevant teams, providing guidance, monitoring their activities and communicating with & updating the BCM Coordinator with the latest situation and developments.

It must be highlighted here that the teams will respond to any incident on their own, as it is not the role of IRT Coordinator to activate the incident management plan and mobilize the incident response teams.

4.1.2 For Field Locations

The distribution of IRTs and their coordinators for the fields is given in Section 3.3 of this document.

All the fields, except Sui, have got one IRT Coordinator who is the PEIC of the field. Sui has got six IRT Coordinators at departmental level, due to geographical distribution of their locations, and one Field IRT Coordinator who is designated as Manager Sui. The Departmental IRT Coordinators will be actively involved with their teams in handling the incidences while the Field IRT Coordinator (Manager Sui) will provide overall guidance and coordination at field and corporate level, and shall maintain communication with the BCM Coordinator.

4.2 Action Plan of First Aid Team

The First Aid team, nominated by Crisis Management Team for each location, will be responsible for handling all medical emergencies, by providing first aid and initial treatment to staff before arrival of external medical services.

4.3 Action Plan of Fire Fighting Team

The Fire Fighting teams, nominated by Crisis Management Team for each location, will be responsible for the initial fire fighting using the firefighting equipment to ensure a safe passage for evacuation.

4.4 Action Plan of IT Support Team

The IT Support team, nominated by Crisis Management Team, will follow the IT Disaster Recovery Plan and IT manuals in case of an IT incident.

4.5 Action Plan of Administration Team

The Administration team, nominated by Crisis Management Team for each location, will be responsible for all administrative issues related to the PPL premises like power outage, water supply outage, small-scale damage to building, etc.

4.6 Action Plan of Security Team

The Security team, nominated by Crisis Management Team for each location, will be responsible for all security arrangements at PPL premises in case of any incident. This includes security on all entry / exit points of PPL premises, security within the buildings and coordination with local security authorities.


Please refer to Annexure D “HSE Documents – Emergency Response Plans” and ‘Security plans’ for Head Office, West Wharf office, Islamabad office and PPL fields: Adhi, Chachar, Hala, Kandhkot, Mazarani, and Sui.


5. Notification and Activation of BCPAny incident is triggered by an event notification from a PPL employee, an external source or some internal alarm mechanism to inform the IRT Coordinator, who will assess the situation and inform the CMT, through BCM Coordinator, about the event.

For detailed notification & activation process of BCP, please refer to the “Business Continuity Plan” document.


Deloitte Global Profile

Deloitte refers to one or more of Deloitte Touché Tohmatsu Limited, a UK private company limited by guarantee, and its network of member firms, each of which is a legally separate and independent entity. Please see www.deloitte.com/about for a detailed description of the legal structure of Deloitte Touché Tohmatsu Limited and its member firms.

“Deloitte” is the brand under which tens of thousands of dedicated professionals in independent firms throughout the world collaborate to provide audit, consulting, financial advisory, risk management, and tax services to selected clients. These firms are members of Deloitte Touche Tohmatsu Limited (DTTL), a UK private company limited by guarantee. Each member firm provides services in a particular geographic area and is subject to the laws and professional regulations of the particular country or countries in which it operates. DTTL does not itself provide services to clients. DTTL and each DTTL member firm are separate and distinct legal entities, which cannot obligate each other. DTTL and each DTTL member firm are liable only for their own acts or omissions and not those of each other. Each DTTL member firm is structured differently in accordance with national laws, regulations, customary practice, and other factors, and may secure the provision of professional services in its territory through subsidiaries, affiliates, and/or other entities

© 2011 M. Yousuf Adil Saleem & Co. Chartered Accountant