Policy
Policy Name
Business Continuity Policy

Overview
Business Continuity ensures business services will be available as needed.

Statement
To ensure service continuity, the following plans and processes must be documented, maintained and periodically tested to ensure acceptable levels of service in the event of a business service disruption:
  • Business Continuity Plan (BCP) that include:
    • Roles, responsibilities and contact information for BCP participants and business process owners
    • Ensure impacted business partners are informed
    • Business Impact Analysis (BIA) that defines the criticality and priority (e.g. Recovery Time Objective in days) of each business function, based on financial, brand and regulation impact
    • Documented potential threats (e.g. earthquake, fire, flood) 
    • BCP fallback and resumption procedures that are tested annually
    • Employee awareness and communication of BCP activities.
  • Disaster Recovery Plans (DRP): each critical business function must have documented DRP that ensures adequate levels of recovery of technology that supports business processes and services (e.g. failover and recovery steps to recover applications and services).

Justification
The following benefits will be achieved:
  • Business services adequately maintained
  • Ensure information resources are available and protected from business disruptions
  • Ensure service continuity processes are documented and tested periodically to ensure effectiveness

Scope
All employees, contractors, agents and third-parties

Consequeces for Noncompliance
Noncompliance to this policy can result in disciplinary action up to and including termination of employment or contract.

Topics
Business Continuity Plan (BCP)
Disaster Recovery Plan