Business Continuity Policy
The business success of BCRM is reliant upon the preservation of its critical business activities to ensure that services are delivered internally to BCRM employees and externally to Clients.
BCRM sets out the framework for how it:
- responds to business disruptions in its critical business activities;
- manages the continuation of these activities
- manages their subsequent restoration.
The scope of business continuity at BCRM is to provide resilience for its critical business activities through the implementation of controls that minimise the impact of a disruption on its business products, services, employees and infrastructure.
It is BCRM policy to:
- regard business continuity as a key organisational activity and maintain a comprehensive business continuity programme to implement and manage this;
- identify the critical business activities of BCRM through business impact analysis on the events that could cause significant business disruption;
- implement an appropriate business continuity strategy, or strategies, that meets BCRM’s needs;
- develop and implement plans to manage business disruptions that cover BCRM’s information systems, business premises and employees;
- regularly test business continuity plans to ensure that they:
- maintain or rapidly recover critical activities;
- maintain the availability of key resources to support critical activities;
- prevent or limit the disruption to employees and Clients.
- define the responsibilities of employees involved in business continuity activities and provide training to ensure that these responsibilities can be carried out successfully;
- provide training to raise employee awareness of business continuity;
- regularly review BCRM business continuity activities, policies, plans, tests, and responsibilities to ensure that the business continuity strategy, or strategies, remains appropriate to its needs.
This policy, and the subordinate policies, processes, and procedures to this document, provides a clear statement of our commitment to ensure that critical BCRM business activities can be maintained during a disruption. This policy is subordinate to the BCRM Information Security Policy which also gives further guidance on risk management and information assurance.
BCRM has implemented ISO 22301 to manage its business continuity operations and this is managed by our IMS.
A Business Continuity Management System (BCMS) provides the framework for the implementation of this policy within BCRM, and is supported by a comprehensive set of processes and procedures. This system is regularly reviewed to ensure it remains effective and that all critical business activities are covered.
This policy is issued, reviewed at least annually and maintained by the Business Continuity Manager, who also provides advice and guidance on its implementation and ensures compliance.
All BCRM employees shall comply with this policy.
David Lilburn Watson
Dated: 1 January 2017