Guideline - Business Continuity Plan
1. Introduction:
The Business Continuity Plan is a component of the Risk and Business Management suite. This suite
includes:
 Risk Management – including risk registers
 Business Continuity Plans – including business impact analysis
 Emergency Response Plans
 Health and Safety Plans
“Business continuity management provides the availability of processes and resources in
order to ensure the continued achievement of critical objectives1
This means that we must consider:
 Clearly defining and understanding our critical objectives – “Our key deliverables”.
 Identifying what could prevent us from delivering our critical objectives – “What are the
barriers and risks”?
 Evaluating and measuring our risk controls – “Identifying residual risk”
 Determining how Victoria will continue to achieve its critical objectives in the event of
interruptions.
The following steps describe how business continuity takes a holistic risk management approach.
2. Content and Guidelines
The Business Continuity Plan is made of three stages:
 Assessing risks;
 Analysing the impact of an adverse event on a business and its primary objectives and
functions; and
 Documenting the necessary tasks and roles (in order of priority) which will enable the
business to recover from the adverse event.
2.1 Risk assessment
Managers are responsible for assessing risk and escalating where appropriate as part of their
business as usual responsibilities. Assessing risk is about identifying the threats and barriers
that may be present in our operating environment and considering organisational
interdependencies which may be complex and varied in the University setting. Refer to the
Guidelines – Risk Register.
1
Business continuity management – handbook HB 221:2004
Document version March 2013
1
2.2 Business Impact Analysis
The Business Impact Analysis is an integral component of the Business Continuity Plan. It
provides the background upon which a plan is developed. In the analysis managers are
responsible for identifying the key business processes (functions) and analysing the impacts
of a business disruption event to service delivery. The manager should identify the business
goals, and define the critical functions, components, assets and resources required to
achieve the intended outcome.






Key considerations include:
The damage to Victoria (or the individual business unit) resulting from an intolerable adverse
event.
Determine whether the deliverable is required by legislation.
The different levels of disaster (this should be recorded in the Emergency Response Plan).
Identify the importance or criticality of the functions.
Confirm whether they affect the critical or long term success of the University.
Understand and define the recovery time objective for each function and prioritise recovery.
Each manager should define the recovery requirements for the functions identified above and
the infrastructure and resources required to enable Victoria to continue to function at a
minimum acceptable level.
Recovery requirements:
 The timeframe in which the items above must resume or be replaced.
 The business requirements for recovery of the above.
 The technical requirements for the above.
 The manual process in place that will mitigate loss of the above. (This will also be recorded
in the unit’s risk management plan).
 Identification of dependencies. These may be internal or external.
A sample impact analysis is included as Appendix 1
2.3 Guidelines for Business Continuity Plans – Appendix 2
Managers should consider the following components when developing their Business Continuity
Plan (BCP):
a. Ensure that the business objectives are clearly understood and recorded. This can be
informed by an annual business plan or similar.
b. Define the scope of the BCP. What are the limitations? Consider the critical business
requirements or deliverables and BAU requirements. This can be informed by the business
impact analysis described above.
c. Ensure that the recovery time objective is defined.
d. Ensure that the BCP is properly coordinated to take into account information derived from
the risk register and Emergency Response Plan. BCM is a component in the risk
management process.
e. Ensure that any assumptions made during the planning process are sufficiently explained
and documented.
f. Record members of the BCM team and ensure that their roles are clearly defined. It is
important that this is included in training and testing the plan. Consider delegated authority
within the team.
2
g. If an internal audit has been completed in relation to BCM, ensure that recommendations
are addressed.
h. If a project plan is required ensure that deliverables, responsibilities, budget and milestones
are recorded and managed.
i. Implement a process for independent review of the plan – the Safety and Risk team will
review the plan annually.
j. Consider back up processes, alternative accommodation and off site storage.
k. To ensure that the plan remains current implement a programme of periodic testing and
review the plan in line with organisational changes.
l.
Supporting documentation and processes may include:
a. Risk management plan and risk register.
b. Emergency response plan.
c. Safety plan
References
AS/NZS ISO 31000:2009. Risk management – Principles and guidelines.
AS/NZS 5050:2010. Business continuity – Managing disruption – related risk
HB 221:2004. Handbook. Business Continuity Management
3
Appendix 1 – Business Impact Analysis (Sample)
Business unit:
Responsible
manager:
BIA prepared
by:
Business
objective/goal
Date: 20/03/13
Title:
Telephone #:
Title:
Telephone #:
Business
function
Key process1
Key assets
<8 hrs.
Provide mail
service to VUW
Mail collection
and delivery
Receive mail
Mail room
X
Sort mail
Staff
Premises
X
Dispatch mail
Sorting system
Staff
Trolleys
Road vehicle
Franking m/c
Courier service
Contractor staff
and contract.
Mailroom staff and
Campus
Operations
Administrators.
Computer
system/network
Staff
Record and recover
costs for courier
services
Recovery requirements3
Recovery Time Objective
1–3
days
3–5
days
>5
days
Alternative premises sufficient to
store mail bags and satchels.
Alternative premises with sufficient
space to sort bags of mail.
Second staff from Caretakers team.
Alternative premises with sufficient
space to organise mail satchels and
delivery rounds.
Second staff from Caretakers team.
Hire or loan road vehicle (Get home
safe van)
Replacement trolley, hire or
procure.
Replacement or hire franking m/c.
Substitute franking m/c with
postage stamps.
Availability of alternative
contractor.
Caretakers and Administrators are
trained to process courier items.
X
X
X
Align with ITS BCP
Second staff from Caretakers team
or Admin staff from Campus
4
Supervision to Mail
room staff
Business unit:
Responsible
manager:
BIA prepared
by:
Business
objective/goal
Supervisor
Date: 20/03/13
Title:
Telephone #:
Title:
Telephone #:
Business
function
Key process1
Key assets
X
Teaching,
Learning &
Research
Campus A


Building A
Building B
Recovery requirements3
Recovery Time Objective
<8 hrs.
Provide education
to Victoria
students
Operations team.
Record costs on paper record.
Provide cover from Caretakers
team.
1–3
days
3–5
days
>5
days

X

Campus IMT assemble Room
10 or alternative location
Remote administration &
management via email / cell
phones and laptops.
Blackboard & VUW mailman
mail lists
Temporary Physical teaching
spaces
Temporary AV equipment –
laptop data projectors and PA
speakers
Remote lectures via Blackboard



Alternative computer lab
Computer Backup data
Other non-computer teaching


Lectures, Seminars &
Tutoring
Digital Media
program teaching
and project work
 Lecture
theatres
 Seminar
rooms,
 Studios
 Computer
Tutorial suites
 Academic staff
 BA level 4
Digital Media
Lab
X


X
5
 Digital Media
Domain



Computing
Modelling project
work / home work
 Faculty Domain
 Staff Network
 Faculty IT Staff
X






Physical Modelling
project work / home
work
Business and
Administrative
management and
support of the
Faculty
Administration
& Management
(leadership,
communication
& services)
Student
Administration &
Support
 3D Modelling
workshops
 Workshop staff
 IT equipment
 IT CSU
applications
(i.e. Banner)
 Admin office
environment
X
X
environments for lectures
Backup & cross trained staff
Relationship with OEM
suppliers
Relationship with key subcontractors & recruitment
agencies
Alternative computer suites
Backup data availability
Portability of licences / backup
of computer images and
software
Backup & cross trained staff
Relationship with OEM
suppliers
Relationship with key subcontractors & recruitment
agencies

Alternative 3D modelling
workshop
 Alternative forms of modelling
i.e. cardboard
 Backup & cross trained staff
 Relationship with OEM
suppliers
 Relationship with key subcontractors & recruitment
agencies
 Remote administration &
management via email / cell
phones and laptops.
 Communication via Blackboard,
VUW mailman mail lists & staff
cell phones
6
Course / Curriculum
Management &
timetabling
School Business &
Financial
Management
 Admin staff
 Admin team &
School PA’s
 CMIS-Banner
 Dean
 HoS
 Faculty
Manager
 Technical
Services
Manager
X
X
 CMIS to be central depository of
timetable information
 School Syllabus & University
Calendar to be master record of
course offerings and
requirements
 Backup Academic Management
– Deputy HoS, PAs, Associate
Deans
 Backup general staff manger –
from other faculties Employer
issues & strategy /planning will
need to be escalated up during
this time, and operations
delegated down.
1. Rank key process. Critical business functions.
2. Ref. also recovery plan and crisis management plan where appropriate.
7
Appendix 2
Business Continuity Plan – Guideline for Managers.
1.
Cover page
Name of the organisation, service or school
Author
Approval
Date
Document control information
2. Table of contents
3. Recovery plan
3.1 Roles and responsibilities of key staff who will need to perform functions and make
decisions during the recovery stage to BAU.
3.2 Identify how the service or school will respond to a business interruption.
4. Technical recovery plan
4.1 Identify technical or specialist business functions such as ITS, Payroll, Finance.
4.2 Document contingency plans
4.3 Document recovery plans
4.4 Identify alternate recovery options
5. Supporting documentation
5.1 Document a list of procedures and processes.
5.2 Ensure relevant documentation to support the BCP is safely stored.
5.3 Link also to the Crisis Management Framework and Emergency Response Plan.
6.0 Contact information.
6.1 Detail a list of employees, contractors and suppliers.
6.2 Document the technical and business relationship between VUW support services,
suppliers and schools?
6.3 Identify key staff required to populate the recovery teams and those who will be
charged with making decisions during the recovery phase. This will include reference to
appropriate delegations.
6.4 Identify the roles and responsibilities of the recovery team.
6.5 Record the key resources, infrastructure, tasks and responsibilities required to
support the critical business functions in the event of a disruption.
8