This Business Continuity Management Policy describes the business continuity management policy of an organisation. It sets out the objectives and principles of a policy for developing, implementing, maintaining and improving on a business continuity management process in accordance with best practice approach.
This Business Continuity Management Policy is suitable for organisations of all sizes and complies with the guidelines of the International Standard for Business Continuity Management Systems.
- Purpose. 2
- Scope. 2
- Policy statement 2
- Objectives. 2
- Principles. 3
- Management responsibility. 3
- Organisation responsibilities. 4
- Business continuity requirements. 6
- Breach reporting. 6
- Document information. 7
Business continuity management identifies potential threats to an organisation which may impact on business operations and provides a plan for managing, controlling and monitoring such threats.
The purpose of this Business Continuity Management Policy (Policy) is to establish a business continuity management policy which will enable [Organisation name] to:
- identify [Organisation name]’s objectives for business continuity and the external and internal issues relevant to such objectives;
- identify potential impacts of events that may cause disruptions to business operations of [Organisation name];
- identify resources and business processes which may be available to ensure continued achievement of [Organisation name]’s critical business objectives;
- identify alternatives in the event of a lack of resources; and
- create a plan for use by [Organisation name] and all staff to implement in the event of a disruption.
This Policy forms part of [Organisation name]’s risk management policies and procedures.
This Business Continuity Management Policy applies to all directors, officers, employees, consultants and contractors of [Organisation name]. This Policy extends to all current and future activities of [Organisation name], and to any new opportunities [Organisation name] may encounter from time to time.
[Organisation name] is committed to developing, implementing, maintaining and improving on a business continuity management system in accordance with the International Standard for Business Continuity Management Systems.
This Business Continuity Management Policy is consistent with [Organisation name]’s Code of Conduct which represents and upholds [Organisation name]’s commitment to integrity, fairness and ethical behaviour.
[Note – an organisation code of conduct sets out the principles by which the organisation should be governed and describes rules of behaviours which employees are generally required to comply with.]
[Organisation name]’s objectives in developing this Business Continuity Management Policy are as follows:
- identify the activities, functions, services, products, partnerships, supply chains, relationships with interested parties;
- identify and prioritise the types of events that could cause a disruption to [Organisation name]’s business;
- identify severity of consequences and likelihood of the events;
- identify [Organisation name]’s risk appetite;
- identify vulnerable areas where risk treatment needs to be proactively developed;
- understand the key business imperatives of [Organisation name];
- assess business continuity risks and apply an appropriate risk treatment option to each identified risk;
- define the purpose of the business continuity management system;
- define business continuity processes and procedures required to meet [Organisation name]’s legal and regulatory obligations, commitments and internal codes of conduct; and
- ensure that this Policy and [Organisation name]’s overall governance, risk management and compliance policies and procedures are aligned.
[Organisation name] has defined 4 overarching principles for [Organisation name]’s business continuity management system.
- The business continuity system’s objectives:
- must be consistent with this Policy;
- take into account minimum level of products and services acceptable to [Organisation name] to achieve its critical objectives;
- be measurable;
- take into account [Organisation name]’s regulatory and legal compliance obligations, and its internal codes of conduct, policies and procedures; and
- must be monitored and updated as appropriate.
- [Organisation name] must ensure that the following is implemented in accordance with best practice standards:
- business continuity management process for continuation of critical business functions (Business Continuity Management Plan);
- organised and effective approach to isolated events that may have a serious impact on business operations (Disaster Recovery Plan); and
- effective management of events requiring emergency responses (Critical Incident Management Plan).
- [Organisation name]’s leaders and top management must express a commitment to:
- demonstrate leadership with respect to the business continuity management system; and
- implement, monitor and improve on the system.
- [Organisation name] must ensure adequate training and awareness programs are implemented for all individuals covered by the scope of this Policy.