BCM Policy and Guidelines Template

A Business Continuity Management (BCM) Policy defines an organizations strategy in relation to Business Continuity Planning. The acceptance of the policy confirms the organizations commitment to define and document all of the procedures and processes that must be implemented, maintained and tested in order to achieve the levels of recoverability required by the business.

Business Continuity Management is designed to:-

  • Prevent or reduce the likelihood of unscheduled disruptions to the business functions and critical services by the consideration of prudent levels of protection and redundancy for key business processes; and
  • Provide the information, procedures and processes required to achieve the recovery of key business processes to alternate premises within predefined timeframes.

Our Business Continuity Management Policy & Guidelines document is of the highest quality and will assist you to meet your organizations administrative, operational and compliance requirements.

Suitable for most industries:

  • Banks and Credit Unions
  • Legal Practices
  • Professional Consultants
  • Local, State & Federal Government
  • Debt Collection
  • Security providers and Services
  • Contact & Call Centres
  • Schools & Education Facilities
  • Health Sector
  • IT&T Service Providers
  • Franchises
  • Consulting Practices
  • Media production
  • Industrial & Manufacturing
  • Professional Services
  • Non-Profit
  • Insurance Providers
  • Retail & More

If you need a risk free high quality guide that provides the processes, procedures and guidance to help you plan for a crisis, and pass the most rigorous auditing requirements, this document is your solution!

Here’s An Overview of the Policy & Guide:

The BCM Policy & Guide is broken down into logical sections, and sub-sections; it easy to follow and is aligned to industry best practices.

The guide clearly provides you with the key processes & steps required to manage an enterprise wide business continuity program, and also provides with example Deliverables and Measures of Success.

Below is an outline of the major sections contained within the 25 Page Policy and Guideline document

Business Continuity Program Management Structure

  • Develop and Publish Business Continuity Policy (Detailed Sample Policy is Included)
  • Agree Program Management Structure
  • Assign Roles and Responsibilities

Business Impact Analysis

  • Identify all critical business functions
  • Identify the essential aspects of the critical business functions including all dependencies (information, infrastructure, support facilities, key personnel, technology, etc).
  • Assess the likely disruption to business in the event of loss of each of these elements for various periods of time.
  • Assess the cost of the disruption and the effect on the business and the recovery timescale for each business unit.

Threat And Risk Assessment

  • Identify the physical threats of disruption to the business.
  • Evaluate the measures in place to reduce the risk or the impact of such threats.
  • Implement any measures that should be taken to reduce the risk or the impact of such threats.

Response Strategy Development

  • Determine the minimum resources required to continue essential operations in each critical business area in the event of disruption.
  • Review the effectiveness of existing contingency arrangements (if any).
  • Identify and evaluate alternative recovery strategies.
  • Select the appropriate strategy.
  • Determine the availability and location of all alternate supplies, plant, equipment, resources, facilities, systems and staff required for the selected strategy.

Plan Development for Chosen Strategy

  • Prepare and document detailed procedures and tasks required to effect the strategy selected.
  • Assign responsibility for carrying out the procedures and tasks and ensure the plan and individual responsibilities are known and understood by all involved.
  • Ensure that the plan is captured in a form that can be retained, easily retrieved, and readily updated

Testing and Exercising the Plan(s)

  • Test the availability of the alternative facilities or resources.
  • Test the timescales.
  • Test the contactability of staff involved.
  • Test their understanding and ability to carry out the responsibilities allocated under the plan.
  • Update or modify the plan in the light of the results.

Audit and Maintain Plans

  • Periodically check the plan, evaluate its viability and currency and assess the state of readiness of staff involved.
  • Below is a short excerpt taken form the sample Business Continuity Management Policy:
  • The policy should include coverage for all the business functions and units of the organization.

POLICY REQUIREMENTS

In order to achieve the objective of having a Business Continuity Plan, the following policy attributes are required:-

  • The Business Continuity Management Structure is to manage the business continuity program on an ongoing basis. This structure is to include a Business Continuity Sponsor from within Senior Management, a Business Continuity Manager, and a Crisis Management Team that consists of members of the Senior Management.
  • Business Impact Analyses (BIA’s) are to be conducted on all business units. These analyses will determine the level of continuity planning that is required by each unit, as well as define the period of time after which outages of business process become unacceptable. The BIA will provide the cost / impact justification necessary to support the implementation of the various business continuity strategies.
  • Potential Areas of Risk are to be identified as a component of the continuity program. Potential risk items are to be assessed for either mitigation or acceptance. Acceptance of risk items will occur at the Senior Management level. The mitigation or elimination of potential risk areas will be cost justified by the potential impact of the failure of the particular risk item.
  • Business Continuity Strategies are to be developed which reflect the requirements identified in the BIA’s. Strategies are to be reviewed on an on-going basis to ensure that they continue to remain effective taking into consideration changing business requirements.
  • Business Continuity Plans are to be developed, documented and maintained to ensure that business continuity strategies can be readily actioned. The plans are to enable the resumption of critical business processes at alternate locations within the time periods specified in the BIA process.
  • Education and Training is to be provided to all staff on the overall response to a disaster incident. The education should be performed regularly so that all staff are reminded of what will happen and what will be expected of them in a disaster or crisis situation. All new staff should be exposed to the education as part of their induction program.
  • Ongoing Testing of Continuity Capability will be carried out in order to prove its overall fitness for purpose as defined by the BIA process, as well as to identify errors and issues with existing plans, documentation, and procedures.
  • The Recovery Capability is to be maintained in a constant state of readiness so as to provide the best possible means of recovering from a catastrophic incident affecting any of business locations.

BUSINESS CONTINUITY MANAGEMENT STRUCTURE

The following structure is to be maintained to support Business Continuity Planning on an ongoing basis:-

Key Roles:

  • The Business Continuity Sponsor;
  • The Crisis Management Team; and
  • The Business Continuity Manager.
  • The Business Continuity Sponsor
  • The Business Continuity Sponsor (BC Sponsor) will be a member of Senior Management. The Sponsor will serve as the Senior Management interface on all Business Continuity related issues.

The Business Continuity Sponsor should have the following capabilities:-

  • The BC Sponsor should have the authority to assign business unit priorities and associated workloads in relation to continuity planning initiatives;
  • The BC Sponsor should have the authority to formally approve exposures to the business continuity capability of the organization; and the BC Champion should have an overall understanding of business continuity management principles and the processes.

The Crisis Management Team

The Crisis Management Team is to consist of members of Senior Management, and will be chaired by the CEO. In the absence of the CEO, the meeting is to be chaired with the delegated authority of the CEO.

The Business Continuity Manager

This position is a direct report of the Business Continuity Sponsor and is an integral part of the Crisis Management Team assisting that team in all facets of disaster avoidance, prevention and continuity.