Business Continuity Policy

1. Introduction
[organization] is committed to protecting the welfare of staff, contractors and visitors onsite and to
the continued delivery of products and services to customers at acceptable levels, following a
disruptive incident. [organization] strive to meet all legal and regulatory requirements and
continually improve business continuity so that our customers have an exceptional, uninterrupted,
experience when engaging with our business.

2. Aims and scope

High level business continuity programme aims:
1. Minimize the risk of disruptive incidents to time critical activities, required to deliver
products and services, through collaboration with relevant disciplines.
2. Establish appropriate business continuity targets and solutions for prioritized activities
needed to continue the delivery of products and services following a disruptive incident.
3. Embed business continuity across [organization] so that it becomes business-as-usual and
continuously improve the programme.

[products/services] to customers delivered at [location] are within scope; this includes [all
departments] and [Tier 1 suppliers]. [insert exclusions from scope with brief justification].

3. Business Continuity Management System

The business continuity programme will be delivered using the [Plan, Do, Check, Act model from ISO
22301]. Responsibilities include:

Board
 Allocate executive responsibility for business continuity.
 Approve the business continuity policy and ensure the objectives of the programme align with
the strategic direction of [organization].
 Communicate the importance of business continuity to staff and the need to conform to the
requirements of the Business Continuity Management System (BCMS).
 Provide direction and strategic support during crises when necessary.
 Participate in business continuity exercises and promote continual improvement.

Executive Director
 Appoint one or more persons to be responsible for the BCMS with appropriate authority and
competency to establish, implement, maintain and improve the BCMS.
 Oversee the development and monitor the implementation of the BCMS to ensure it achieves
its intended outcomes.
 Ensure the resources and budget needed for the BCMS are made available.
 Conduct quarterly reviews of the performance of the business continuity programme.

Business Continuity Steering Group

 Agree policies and targets for the BCMS that are compatible with the strategic direction of
[organization].
 Monitor the performance of the BCMS and support corrective action within areas of
responsibility.

Document owner: [insert] Page 1 of 3

Version: [insert]
Effective date: [insert]
Date of next review: [insert]
 Communicate the importance of effective business continuity management and of conforming
to the requirements.
 Promote continual improvement.

Business Continuity Manager

 Establish a BCMS that [e.g. aligns with or meets the requirements of ISO 22301].
 Develop the business continuity processes and procedures required to deliver the BCMS.
 Support and coordinate planning across departments. This includes:
o Provision of business continuity templates.
o Provision of training materials for completing the templates.
o Collaboration with relevant disciplines to address risk.
o Support and advice regarding appropriate business continuity solutions.
o Guidance for validating business continuity plans.
o Monitoring the progress of business continuity planning.
 Establish, maintain and improve a [crisis] management plan and exercise the plan once
annually.
 Establish performance metrics and provide regular updates to the Executive Director.
 Provide quarterly reports to the Business Continuity Steering Group.

Department Heads
 Understand the most serious risks that could disrupt prioritized activities and provide direction
on business continuity planning priorities.
 Ensure the department resources needed for the BCMS are available by assigning responsibility
for business continuity planning within areas of responsibility.
 Integrate business continuity into department business processes.
 Approve business continuity plans within areas of responsibility.

Department Business Continuity Leads

 Complete and maintain a business impact analysis for the department. This will be reviewed
once annually and immediately after any significant change to the department.
 Identify and regularly review risks to prioritized activities and establish the controls necessary to
bring the risk within [organization] risk appetite.
 Design and develop appropriate business continuity solutions to continue the delivery of
prioritized activities following a disruptive incident. Business continuity solutions will be
documented in a business continuity plan and reviewed according to a defined schedule.
 Support business continuity awareness activities within the department.
 Validate the business continuity plan using tests and exercises to an agreed schedule.

All staff
 Report incidents to the relevant area.
 Understand relevant business continuity plans and associated roles and responsibilities.

4. Legal and regulatory requirements

To ensure [organization] remains compliant with laws and regulations, [x] maintains a register which
is monitored by [x]. [x] are notified of planned changes when they occur and changes are reviewed
in the quarterly Business Continuity Steering Group meetings.

5. Related policies
The BCMS will compliment and comply with other internal policies including, but not limited to, [Risk
Management, Health & Safety, Information Security, Data Protection and Security].
Document owner: [insert] Page 2 of 3
Version: [insert]
Effective date: [insert]
Date of next review: [insert]
6. Document control
Version history
Version Amendments Author Date

Approval history
Version Approved by Status Date of approval

Document owner: [insert] Page 3 of 3

Version: [insert]
Effective date: [insert]
Date of next review: [insert]