Add to collection(s) Add to saved
  1. No category
Uploaded by Bogdan Pata

Business Continuity Policy

advertisement 
Business Continuity Policy
Topic
The standard describes the Business Continuity Policy endorsed by Company Top Management,
highlights its scope, governance, general context and the main internal and external references for
Business Continuity Management in Company.
Objective
Express the Company Top management commitment to Business Continuity activities within Company
Group companies.
Ensure all Business Continuity activities are implemented and maintained in an agreed and consistent
manner using the Business Continuity Management Program framework.
Clarify the expected Business Continuity capability level deemed appropriate for Company Group based
on Company Group vision, dynamic business needs and challenges.
Target Group
This document is essential for all Company employees as part of the Group, in particular managers and
employees directly involved in the Business Continuity Management Program, in charge with Business
Continuity Plans design and execution.
Index of content
1.
Introduction
3
2.
Content
4
3.
Internal Reference Links 5
4.
External Reference Links
5.
Obsolete Regulations
6.
Certification Standards 5
7.
Terms & Abbreviations 6
8.
Keywords / Search Criteria
9.
Annexes
10.
Amendments from Previous Version
11.
Transitory provisions
5
5
6
6
6
6
1.
Introduction
1.1.
Definitions
Organizational Resilience is the management system able to enhance prevention, preparedness
(readiness), mitigation, response, continuity and recovery from disruptive incidents. It reflects the ability
of an organization to resist being affected by an event or the ability to return to an acceptable level of
performance in an acceptable period of time after being affected by an event. It is the adaptive capacity
of an organization in a complex and changing environment, assisting the value creation and protection in
a complex and ever changing environment
2.Business Continuity is the organization capability to continue the delivery of products or services at
acceptable predefined levels.
Business Continuity Management is an ongoing process to identify threats, impacts to operations and
provide a suitable framework to safeguard organization interests & value-creating activities.
Business Continuity Management Program encompass the planning, co-ordination and the
implementation of Business Continuity specific projects, continual improvement cycle, specific
documentation management and the process of embedding Business Continuity into the organizational
culture.
Continuity Plan (aka “Business Continuity Plan”, “Strategic Fallback Options”, “Contingency Planning” or
“Continuity Planning”) is the combination of strategic processes, controls and resources made available
to ensure that the organization continues to meet its critical objectives. This may include:
a. Reduce business disruption, maintain service and production continuity.
b. Ensure maximum control over possible supply chain reactions.
c. Control potential reputational and financial liabilities
d. Use the integrated Group business potential to minimize the impact.
Activity - a process or a set of processes undertaken by an organization or on its behalf that produces or
supports one or more products or services.
Business Impact Analysis – identification of critical business assets, functions, processes and resources
and evaluation of potential damage or loss that may be caused to the organization resulting from
disruption; the process of analyzing activities and the effect that a business disruption might have upon
them.
Stakeholders - a person or group having an interest in the performance or success of an organization. It
consists of the persons and groups with an interest in an organization, its activities and its achievements.
Preparedness (Readiness) - activities, programs and systems developed and implemented prior to an
incident able to be used to support and enhance mitigation of, response to, and recovery from
disruptions, disaster or emergencies.
Prevention - measures enabling an organization to avoid preclude or limit the impact of a disruption1.
Pre-defined Scenario - based on a specific set of applicable threats, the impact scenarios are designed
assuming pre-scripted “surprises” in order to develop the Business Continuity and Business Recovery
plans. A scenario is expected to impact strategically and operationally the business value chain elements
with company widespread contamination risks and/or opportunities.
1.2.
Intended Purpose of this Standard
The intended purpose of this standard is to state the Company Top management commitment to
Business Continuity within Company.
1ASIS SPC1.1-2009
2ISO/CD 22316:2017
3ISO 22301:2012
2.
Content
2.1.
Business Continuity Policy
Company is committed to meeting its obligations towards stakeholders, in particular but not limited to
shareholders, employees and customers. Hence, Company Business Continuity Policy is vital in order to:
•
Build and maintain an organization-wide culture of commitment and ownership regarding
continuity of our business on each and every level of the organization from top management down to
the floor operational staff.
•
As a key organizational activity, a comprehensive Management Program implementing BC in
Company should be executed in accordance with best known organizational practices, as an integrated
part of the Group Business Continuity initiatives.
•
Address continuously changing business needs and ensure the BC strategy and Plans are revised
periodically to appropriately reflect them.
•
Define and clarify the specific responsibilities of every and each of the employees involved in
Business Continuity response teams, provide training and practical exercises to ensure these
responsibilities can be carried out successfully.
2.2.
Purpose
The purpose of this policy is to provide a structure through which:
•
Critical services and activities undertaken by Divisions and Business Units will be identified and
the potential supply chain impact evaluated.
•
Plans will be developed to ensure continuity of critical services and activities at a minimum predetermined, acceptable level, following either a supply or support chain’s disruption.
•
Business Continuity plans activation procedure is clear, known, easy to follow, flexible and
manageable, subject to continuous exercising and revision.
•
Management responsibility and planning responsibilities are clearly defined and assigned,
fulfilled and accomplished according to all stakeholders’ expectations.
2.3.
Scope
This policy applies to all Business and Support Divisions within Company. It should take into
consideration the Group capabilities and possible impact, as well as the business teams’ integration at
the Group level.
It applies to entire Company supply chain, including outsourced contractors, JVs, collaboration and
integration with external entities initiatives.
2.4.
Benefits
An effective BCM Program will enable Company to:
•
Continue to provide critical services and activities in times of disruption.
•
Make best use of personnel and resources when a serious disruption occurred.
•
Reduce the period of disruption and the costs associated with it.
•
Resume the normal working more efficiently and effectively after disruption.
•
Comply with internal and external regulations, standards and obligations.
•
Improve organization resilience by reducing the likelihood of a full stop activity due to totally
unpredicted disruption levels.
2.5.
Responsibility
The Top management of Company owns this policy
The Corporate Resilience is the professional leading organization for Business Continuity Management
Program in charge to organize periodic reviews and exercise, best industry practices inclusion as well as
business needs’ re-assessment.
The Business Continuity Responsible and Business Continuity Team will monitor the standards and policy
compliance, provide support and guidance to the various Business Continuity Plans owners, organize the
frame for periodic BC exercises and for the debrief and lesson learned sessions afterwards.
A Business Continuity Plan has a unique owner as the person accountable for it; the responsible,
consulted and informed lists will be maintained and updated as needed.
2.6.
Documents and document management provisions
All documents related to the Business Continuity activities shall be electronically stored, maintained and
reviewed on Business Continuity Management Program. The printed copies of specific Business
Continuity plans will be provided to the Governance entities with specific responsibilities as well as for
the personnel with responsibilities on plan implementation need-basis only.
3.
Internal Reference Links
4.
External Reference Links
BS 25999, AS/NZS 5050, CSA Z1600, ASIS/BSI BCM.01
Business Continuity national standards
ASIS SPC.1, BS 65000, SI 24000, Organizational Resilience Standards
ISO 73:2009
Risk Management – Vocabulary – Guidelines for use in standards
5.
Obsolete Regulations
6.
Certification Standards
ISO 22301:2012 Societal security – Business Continuity Management Systems
ASIS SPC.1:2009Organizational Resilience: Security, Preparedness and Continuity Management Systems
ISO/CD 22316:2017
Organizational Resilience - Principles and guidelines
7.
Terms & Abbreviations
OR
Organizational Resilience
BC
Business Continuity
BCM
Business Continuity Management
BCMP Business Continuity Management Program
BCP
Continuity Plan (aka “Business Continuity Plan”, “Strategic Fallback Options”, “Contingency
Planning”)
BIA
Business Impact Analysis
8.
Keywords / Search Criteria
9.
Annexes
9.1 Business Continuity General Context Analysis (PESTELO)
9.2 Activity Cell Content Overview
9.3 Business Impact Analysis Overview
9.4 Stakeholders Map Structure Overview
Related documents
Unit 10: Course Summary and Final Exam
Unit 10: Course Summary and Final Exam
MINITASK BASIC
MINITASK BASIC
Limits and Continuity 1 Review from Calculus 1
Limits and Continuity 1 Review from Calculus 1
the role of other service providers notes
the role of other service providers notes
Download
advertisement