Purpose and Objectives
To establish a planned management process that identifies potential impacts which threaten Company, and to establish the framework to provide for the availability of business processes and resources in order to ensure the continued achievement of Company‘s critical objectives. It is a vital component of enterprise risk management which itself forms an integral part of corporate governance.
Scope
Applies to all Company employees, Contractors, Customers/Clients, volunteers and visitors to facilities controlled by Company. The policy extends to all current and future activities, and new opportunities.
Aims to ensure that robust business continuity management arrangements are developed and applied to all key services that are proportionate to their significance and the risks of disruption that may impact them.
Encompasses both the explanation of the business continuity management strategy, and requires the establishment of the framework for implementing the Policy’s principles, and templates for staff to develop arrangements and plans within their own areas
Policy Statement
Company , in its need for business continuity management, aims to:
- facilitate and review business continuity management across the enterprise through the Management Review Committee;
- integrate business continuity management into the risk management culture of Company , and
- foster an environment where Senior Managers/Managers assume responsibility for managing business continuity.
To secure its commitment to implement business continuity management, Company aims to:
- identify and prioritise the types of events that could cause a disaster for the organisation and give a broad indication of the consequences of such events and their likelihood;
- identify vulnerable areas where risk treatment needs to be proactively developed;
- understand the key business imperatives of the Company and to,
- implement business continuity management across all critical business processes of the Company in accordance with recognised best practice.
To secure its commitment to training and knowledge development in the areas of business continuity management, Company aims to:
- ensure that appropriate people understand the need for business continuity, what the plans are, and how to use them; and to,
- ensure that stakeholders have access to appropriate information, theoretical and practical training opportunities in the area of business continuity management.
To secure its commitment to monitoring performance and reviewing the progress of business continuity management, Company aims to:
- ensure that an acceptable level of performance is maintained as the Company and its environment change over time;
- formally update plans regularly, based on an approach, deployment, results, and improvement cycle;
- monitor for changes to environmental, strategic, resource, and stakeholder conditions which will trigger a review and update of the plans; and to,
- undertake assurance activities to provide verification and validation that business continuity management activities and the documented plans are appropriate to the needs of the Company.
The objectives of business continuity management are to:
- minimise the impact of disruptions to services upon the Company community through
- effective planning and the efficient restoration of services following an incident;
- ensure the Company meets its statutory and regulatory responsibilities and that it adheres to accepted best practice;
The Business Continuity Management Policy of the Company is established to:
- ensure the implementation of a business management process for ensuring the continuity of critical business functions (Business Continuity Planning);
- ensure an organised and effective approach to isolated events that could seriously impact critical business processes (Disaster Recovery Planning), and to,
- efficiently and effectively manage events that may impact the Company ‘s reputation (Emergency/Crisis Management Planning).
Guiding Principles
Continual Improvement
The Company will adopt the principles of the Approach, Deployment, Results, and Improvement (ADRI) cycle to establish and continually improve the business continuity management framework.
Statement of Commitment to Business Continuity
The Company recognises the need for business continuity management to feature as an integral consideration in strategic and operational planning, enterprise risk management, and operational management and decision-making throughout the organisation. To facilitate this, Company will develop and maintain a Business Continuity Management Framework.
Implementation
The Company is committed to implementing effective business continuity management as a critical component of successful corporate governance. Proactive plans will be adopted to ensure that critical business processes can recover and continue should a serious incident occur. Company staff must implement business continuity management according to the business continuity management framework, relevant legislative requirements, and appropriate business continuity management standards.
Continuous Improvement
Company is committed to investing the time, capital, tools and techniques to ensure that business continuity management is a fully embedded business management process. All staff, particularly middle managers with advisory and decision-making responsibilities, will be provided with opportunities to obtain a sound understanding of business continuity management and the requisite skills to implement business continuity effectively.
Monitor and Review
Company will regularly monitor and review the progress made in developing an appropriate culture of business continuity management and the performance of business continuity, disaster recovery and crisis management strategies throughout the organisation as a basis for continuous improvement.
Roles and Responsibilities
Roles and responsibilities for business continuity management will be clearly defined and understood by senior management, Senior Managers/Managers and other stakeholders.
Senior Leadership
Business continuity must first and foremost be managed at the corporate level as part of the Company‘s good governance and corporate management processes. The Executive Management’s Committee will facilitate the introduction and monitoring of business continuity management into key areas of the Company‘s activities.
Maintenance of the Business Continuity Framework
The Manager Company’s responsible for ensuring that a sound business continuity management framework based on recognised standards exists, that the framework is regularly reviewed, improved, and that it is implemented effectively.
Continuity Plan Development
Senior Managers are accountable for the Company‘s key business processes and, assisted by Managers/Team Leaders, will ensure the development of business continuity plans for all associated business functions.
Emergency Response Management
Human Resources, is responsible for maintaining plans to respond to emergencies affecting the Company employee and for the provision of advice and assistance to the business continuity management framework.
Disaster Recovery Plan
Line Managers have delegated responsibility for the development of disaster recovery plans for the resources identified by Senior Managers/Managers as being vital to critical business processes.
Risk Assessment
Risks which could give rise to disruptions to critical services will be formally identified and assessed.
Integration
Business continuity management arrangements will be consistent with and integrated into, the Company‘s planning, quality and risk management arrangements.
Knowledge Management
Appropriate training will be provided for associated staff, and regular exercises are undertaken to validate and improve business continuity management plans.
New Systems
Business continuity management considerations will be taken into account in the planning stages for all new business processes and systems.
Procedure
Formal Structure
Roles and responsibilities for business continuity management will be clearly defined and understood by senior management, managers, and other key stakeholders.
Dedicated Manager
The Manager, Company, champions and coordinates the Company’s business continuity framework.
Delegated Responsibility
Development of disaster recovery plans for infrastructure required for critical business functions is a delegated line management responsibility. It is the responsibility of all line managers to continually monitor their areas of responsibility to ensure that disaster recovery requirements are identified and managed. Line managers should ensure that they contribute to the whole-of Company business continuity management process on behalf of their areas of responsibility.
Staged Implementation
Development of plans will be undertaken in a staged approach for the key organisational processes identified in the Company Quality Policy. The priority will be considered and endorsed by the Management Review Committee in line with current Company objectives and resource planning.
Monitoring & Reporting
Ensure business continuity management processes are incorporated into the quality assurance and improvement systems of the Company .
Distribution of the Plans
The business continuity management plans will be sensitive documents as they will be the key to all implemented security measures and contain private information.
Secure Access
Security objectives and a restricted access control environment for the plan will be documented and implemented in accordance with the sensitivity of the documents.
Availability During Disaster Events
Arrangements will be made to ensure that sufficient copies and location of the plans is instigated to ensure that relevant plans will be readily available in the event of a disaster event.
Testing of the Plans
Testing of the documented plans will be conducted at appropriate intervals.
Assurance
A regular review of business continuity management activities will be undertaken by the Audit, Risk and Business Improvement Committee.
Review
On the advice of the Company management will regularly monitor and review the progress of the effective implementation of this business continuity management framework throughout the Company and at least report annually to the CEO.
Guidance
Through its monitoring, review and reporting functions, Management will ensure that the Company maintains a consistent approach to business continuity commensurate with the Company‘s objectives.
Documentation
The framework and associated plans shall be appropriately documented to the extent required for the effective and efficient administration of business continuity management. Documentation will be controlled so as to inform part of the auditable quality management process.
Compliance
A representation and compliance statement will be provided by the Manager (Business Continuity and Risk management) and each Senior Managers/Managers as formal acknowledgement of their responsibility to comply with business continuity management policies and procedures.
Each employee associated with activation of a documented plan will have included in his/her Position Description, a responsibility for business continuity, and Annual Performance Appraisals should include an appropriate assessment thereof.
Staff development
Management shall ensure that staff have available to them appropriate information and training opportunities in business continuity as appropriate to their position and role within the business continuity management framework.