It’s about being prepared for anything

Natural disasters or major incidents happen with little or no warning, so it’s essential to plan for the worst, but hope for the best. Good preparation ensures business continuity for Southern Cross.

Business Continuity Management (BCM) enables us to continue providing services to members, business customers, and healthcare providers. By embedding appropriate levels of resilience, it also helps protect our business assets, such as our IT infrastructure.

gettyimages-1226682544-612x612
Since 2018, Southern Cross has embraced ‘active working’ and work-from-home flexibility. This offers significant remote working capability proven through live load testing, i.e. allowing multiple users to access our systems simultaneously. We also host our Information Technology (IT) systems and data on highly available and secure data centres located in different geographic regions, mitigating single point of failure risk.
 
The key practices in our Risk and Business Continuity Management Programme include:
gettyimages-1194847491-612x612

Risk management and compliance

We establish Southern Cross’ risk appetite, i.e. the level of risk we’re prepared to accept. We then ensure we have effective risk management frameworks, policies and procedures in place to manage risk in line with this.


   

Development and continual improvement of plans

In the event of any disruption to our services, it’s essential that we minimise customer impact. Business Continuity Plans (BCPs) enable us to prepare for the types of significant disruptions that could impact Southern Cross.

As part of this, we develop, implement and maintain BCPs for critical processes. By having a Society-wide crisis plan and a Disaster Recovery Programme (DRP) that includes annual testing, and best practice framework, we have the tools in place to recover key services.

GettyImages-1008099654
   
GettyImages-915800230

Governance

Through our dedicated Risk Management team and business risk leads, we aim to continuously improve our BCPs and DRPs by implementing best practice frameworks and tools. The team is also responsible for:

  • compiling test and incident debrief reports
  • submitting to the Risk and Compliance team - ensuring resultant observations and lessons learned are clearly assigned and monitored through to completion to support continual improvement
  • ensuring BCM development programme actions are logged and closed in a timely manner
  • reviewing and signing off the crisis plan annually, ensuring it is fit for purpose
Our Operational Risk Forum (ORF) ensures appropriate executive oversight of the programme, agreeing and monitoring the annual programme.
   

Awareness and training programme

When a disruption occurs, our Gold (executive), Silver (operational), and Bronze (business units) crisis teams lead the response, depending on the level of the issue. To make sure they have the right knowledge and skills to effectively perform these activities, we provide ongoing training on BCM, the Society Crisis Plan and crisis text tool. This training is provided through one on one and group training sessions.

GettyImages-1193287564
   
GettyImages-1150199550

Testing

To assess the effectiveness and capability of our plans, business units regularly coordinate tests of key elements of the BCP, including physical relocation, call trees and other disruption scenarios over time, including system loss and pandemic.

This preparation helps ensure our plans successfully click into action when called upon. In addition, we perform an Annual Disaster Recovery test to prove our ability to fail over all critical systems to our disaster recovery site including any integration elements with cloud-based systems. 


Related information

 

Security operations


Learn more >

Member privacy statement


Learn more >

Security governance


Learn more >

It’s about being prepared for anything

Natural disasters or major incidents happen with little or no warning, so it’s essential to plan for the worst, but hope for the best. Good preparation ensures business continuity for Southern Cross.

Business Continuity Management (BCM) enables us to continue providing services to members, business customers, and healthcare providers. By embedding appropriate levels of resilience, it also helps protect our business assets, such as our IT infrastructure.

gettyimages-1226682544-612x612

Since 2018, Southern Cross has embraced ‘active working’ and work-from-home flexibility. This offers significant remote working capability proven through live load testing, i.e. allowing multiple users to access our systems simultaneously. We also host our Information Technology (IT) systems and data on highly available and secure data centres located in different geographic regions, mitigating single point of failure risk.

The key practices in our Risk and Business Continuity Management Programme include:


Risk management and compliance

We establish Southern Cross’ risk appetite, i.e. the level of risk we’re prepared to accept. We then ensure we have effective risk management frameworks, policies and procedures in place to manage risk in line with this.

gettyimages-1194847491-612x612


Development and continual improvement of plans

In the event of any disruption to our services, it’s essential that we minimise customer impact. Business Continuity Plans (BCPs) enable us to prepare for the types of significant disruptions that could impact Southern Cross.

As part of this, we develop, implement and maintain BCPs for critical processes. By having a Society-wide crisis plan and a Disaster Recovery Programme (DRP) that includes annual testing, and best practice framework, we have the tools in place to recover key services.

GettyImages-1008099654


Governance

Through our dedicated Risk Management team and business risk leads, we aim to continuously improve our BCPs and DRPs by implementing best practice frameworks and tools. The team is also responsible for:

  • compiling test and incident debrief reports
  • submitting to the Risk and Compliance team - ensuring resultant observations and lessons learned are clearly assigned and monitored through to completion to support continual improvement
  • ensuring BCM development programme actions are logged and closed in a timely manner
  • reviewing and signing off the crisis plan annually, ensuring it is fit for purpose

Our Operational Risk Forum (ORF) ensures appropriate executive oversight of the programme, agreeing and monitoring the annual programme.

GettyImages-915800230


Awareness and training programme

When a disruption occurs, our Gold (executive), Silver (operational), and Bronze (business units) crisis teams lead the response, depending on the level of the issue. To make sure they have the right knowledge and skills to effectively perform these activities, we provide ongoing training on BCM, the Society Crisis Plan and crisis text tool. This training is provided through one on one and group training sessions.


Testing

To assess the effectiveness and capability of our plans, business units regularly coordinate tests of key elements of the BCP, including physical relocation, call trees and other disruption scenarios over time, including system loss and pandemic.

This preparation helps ensure our plans successfully click into action when called upon. In addition, we perform an Annual Disaster Recovery test to prove our ability to fail over all critical systems to our disaster recovery site including any integration elements with cloud-based systems. 

GettyImages-1150199550

Related information

 

Security operations


Learn more >
 

Member privacy statement


Learn more >
 

Security governance


Learn more >