Business Continuity Policy
The Business Continuity policy supplies the framework for and governance, it provides an overview of the principles of the organization and the context for how the BCP team will proceed.
The contents of a policy include:
- mission statement
The business continuity policy should draw on any existing policies if they exist and are relevant. In drawing up a policy, the business continuity team should examine the overall objectives and functions, including any business objectives, of the organization drawing on standard “good practices” of similar organizations and professional standards bodies.
Although top-tier management is actually responsible for business continuity policy it is the BCP team that will produce and revises it when required such as when the operating environment in which the organization operates changes significantly, such as a major expansion in operations or a change in location.
The process of drawing up a policy includes these steps:
- Identify and document the components of the policy.
- Identify and define policies of the organization that the BCP might affect.
- Identify pertinent legislation, laws, regulations, and standards.
- Identify “good industry practice” guidelines by consulting with industry experts.
- Perform a gap analysis. Find out where the organization currently is in terms of continuity planning, and spell out where it wants to be at the end of the BCP process.
- Compose a draft of the new policy.
- Have different departments within the organization review the draft.
- Put the feedback from the departments into a revised draft.
- Get the approval of top management on the new policy.
- Publish a final draft, and distribute it throughout the organization.