Defra taps £40k consultancy to create crisis-response plan

Written by Sam Trendall on 4 May 2023 in News

Department seeks new business continuity templates and definitions for issues including strikes, cyberattacks and UK-wide power cuts

Credit: PublicDomainPictures/Pixabay

The Department for Environment, Food and Rural Affairs is to create a business-continuity and disaster-recovery playbook to help understand the potential impact and guide its response to a range of scenarios – including cyberattacks, strikes, and UK-wide power outages.

Newly published procurement information reveals that, on 2 May, Defra entered into a three-month engagement with consultancy KPMG, which will support the creation of “templates” to help guide the department’s response to disasters and the measurement of their impact.

The text of the contract reveals that the first of the deal’s three “deliverables” is to create four “business impact analysis” templates that allow Defra to consistently assess the operational effects of major incidents. These plans must be aligned to guidelines as set out by industry body the Business Continuity Institute.

Related content

The first of the quartet of templates will address initial disaster response, followed by three documents to conduct analysis of: products and services; processes; and activity.

The second task for KPMG will be to create “reusable templates” setting out an “overarching plan” for recovery activities to be undertaken by the department in the event of a disaster. These plans should address measures to be taken at the level of individual Defra directorates – which includes operations focused on the environment, food and biosecurity, and science and analysis. These documents will be informed by existing plans and operations, but the consultancy will be asked to conduct “interviews with practitioners to determine gaps [and] issues with the current templates and processes”.

The final objective for KPMG will be to create seven templates, each of which will represent a “definition of [a] credible scenario that [is] tailored to the Defra context”. This will include outline descriptions – encompassing between three and five PowerPoint slides – of seven incidents the department believes could have a major impact on its operations.

The scenarios include: a cyberattack; a terrorist incident; an issue with the department’s supply chain; a nationwide power outage; a loss of key premises; a loss of key personnel; and nationwide industrial action.

Defra’s contract with the consultancy, which was awarded via the G-Cloud 13 framework, runs until 1 August and is valued at £40,000.


About the author

Sam Trendall is editor of PublicTechnology. He can be reached on


Share this page




Please login to post a comment or register for a free account.

Related Articles

‘Extremely concerned and disappointed’ – more councils caught up in Capita breach
24 May 2023

Authorities have complained about the lack of time taken to be notified by IT firm and wrongly being told personal data was not put at risk 

Rochford District Council pins data breach on Capita’s ‘unsafe storage’
17 May 2023

Authority claims it is taking ‘swift and decisive action’ in response to incident it claims affected several councils

Only two firms bid for £5m deal to support Emergency Alerts
9 May 2023

Minister reveals small number of interested parties in deal to deliver, design and support nationwide service

Cabinet Office invests in ‘honeypot’ cyber traps to help protect network
2 May 2023

Department invests in technology from specialist start-up

Related Sponsored Articles

Proactive defence: A new take on cyber security
16 May 2023

The traditional reactive approach to cybersecurity, which involves responding to attacks after they have occurred, is no longer sufficient. Murielle Gonzalez reports on a webinar looking at...