Both Sides of The Coin: The Story of The Central Bank of Barbados 1972-2017

131 the Royal Barbados Police Force and the Defence Force. This programme assisted staff in safely evacuating the building on the day of the earth tremor in November 2007. (See pages 124-125). With the passage of time, a Business Continuity Plan was prepared and a member of staff certified as a Business Continuity Planner. A threat assessment and business impact analysis was also undertaken in order to determine which departments were most critical to a restart of business operations after a disaster. During 2013, a decision was taken to overhaul the entire approach to business continuity; the governance structure was strengthened, guidelines were established on responses to a range of emergency situations and an awareness programme to raise its profile was launched. Information security As a result of its mandate, the Bank is the recipient and custodian of an abundance of sensitive and confidential financial information. Accordingly, the Bank’s risk management programme includes procedures intended to protect the information it possesses. During 1996, a consultant assessed the security of the IT system and made some useful recommendations and two years later the MIS Department issued a number of documents that sensitised the staff to the need to take greater care with the handling of sensitive information. Between 2000 and 2003, another secutity audit took place, an information security officer was appointed with a mandate to develop and police information security policies and guidelines and an Intrusion Detection System was implemented. The main outcome of a major security audit in 2008 was the establishment of an Information Security Governance Committee (ISGC) with oversight of information security in the Bank. This was complemented by a new information security policy. An opportunity to underscore the importance of information security occurred during 2013 when some of the leading firms in the IT security business, including Chapter 4: Maturity, Modernisation and Issues of Governance: 1987 and Beyond