Business Continuity Management Policy

Document Number000891
Date Approved6 February 2009
Date Last Amended30 November 2010
      

1.      Introduction

Business Continuity Management (BCM) is critical to responsible management practice and an important element in the University’s integrated approach to risk management.

Business Continuity Management deals specifically with business disruption risks.

The University of Newcastle recognises that some events may exceed the capacity of routine management methods and structure. This policy and associated documents aim to provide a mechanism for the development of contingent capacity and plans that will enable management to focus on maintaining and resuming the University’s most critical functions; whilst  working in a planned way toward eventual restoration of operations and ensuring unaffected operations are able to continue.

This policy reinforces the University’s Risk Management Policy and aligns the University’s management practice with Standards Australia AS/NZS 5050:2010Business Continuity- Managing disruption-related risk. The policy is supported by the Business Continuity Management Framework document and Guidelines for the Development of Business Impact Analysis and Business Continuity Plans and should be read in conjunction with those documents.

2.      Scope

This policy applies to all functions of the University and to all members of the University community involved in the delivery of these functions including staff, students, visitors and contractors.

The functions of the University’s controlled entities are excluded from the scope of this policy. 

3.      Definitions

In the context of this document:

Business Continuity Management (BCM) means a whole of organisation process for managing the University’s operations to ensure that critical functions can, in the event of a material disruption arising from internal or external events, be maintained, or restored in a timely fashion with minimal impact to staff, students and the general community.

Business Continuity Plans (BCP) - collate the instructions / actions that underpin the business continuity management strategy for the University’s critical functions.  It is used to manage incidents.  The BCP details continuity / interim actions to be immediately implemented to achieve the highest level of operational performance with the resources available and  taking into account the specifics of the interruption situation.

Business Impact Analysis is a series of analyses to determine function criticality and to gather information about critical functions, their dependencies and resource requirements. 

The University’s BCM framework incorporates Emergency Management, Critical Incident Management, Business Recovery and Disaster Recovery. For definitions of other key BCM terminology, refer to the University of Newcastle’s Business Continuity Management Framework.

4.      Policy Intent

This policy provides the principles and responsibilities for responding to disruptions from internal or external events in a way that ensures critical functions are maintained or restored in a timely fashion, whilst minimising the impact to staff, students, and the general community.

   4.1    Policy Objectives

The Business Continuity Management Policy seeks to:

  1. ensure the continuity of critical business functions;
  2. allocate BCM roles and responsibilities to staff in the event of a critical incident;
  3. allocate management responsibility for the implementation, monitoring and review of BCM documentation;   
  4. provide  a consistent approach to BCM aligned to the Standards Australia AS/NZ 5050:2010 - Business continuity – Managing disruption-related risk; and
  5. integrate BCM within  the University’s Risk Management Framework, Critical Incident Management Policy and Procedure, IT Disaster Recovery Policy and Emergency Procedures.  

5.      Principles

  1. Business Continuity Management is an integral element in the University’s Risk Management processes.
  2. Business continuity will be managed in accord with the procedures set out in the University’s Business Continuity Management Framework. Those procedures will include Business Impact Analysis and the development of Business Continuity Plans.

6.      Responsibilities

  1. The University Council is responsible for overseeing the management and assessment of risk across the University. On the advice of the Audit and Risk Management Committee it will set the policy for the University’s business continuity management.
  2. The Risk and Assurance Services Unit (RAS) is responsible for the implementation of business continuity management including the oversight of appropriate documentation, training, testing and monitoring of the BCM program.
  3. Faculty and Division Senior Executives are the Business Continuity Plan Owners with responsibility for ensuring that all critical functions under their responsibility have Business Continuity Plans established, maintained and reviewed. RAS will assist in this process.
  4. Each critical function within a Faculty or Division will have an appointed Function Owner with responsibility for the implementation of continuity arrangements should the critical function be interrupted.
  5. All staff of the University are expected to recognise the importance of business continuity, to be familiar with the provisions of this policy and to support the processes that will appropriately manage a serious disruption to University operations and business.

7.     Business Continuity Management Framework

Guidelines for the development of Business Impact Analysis and Business Continuity Plans

Business Continuity Management Training Modules

Business Continuity Management Testing Framework

Risk Management Policy - 000601

Risk Management Framework

Critical Incident Management Policy - 000828

Critical Incident Management Procedure - 000829

Emergency Response Procedures

 

.

 


[1] HB 221 - a supplement to the Australian/New Zealand Standard for Risk Management AS 4360:2004

Approval AuthorityVice-Chancellor
Date Approved6 February 2009
Date Last Amended30 November 2010
Policy SponsorDeputy Vice Chancellor (Services)
Policy OwnerDirector Corporate Services
Policy ContactManager, Risk & Insurance
Amendment History

Amended November 2010 to incorporate introduction of AS/NZ 5050:2010, approved by Vice-Chancellor 30 November 2010

Amended Policy Owner 24 March 2010