BUSINESS CONTINUITY MANAGEMENT POLICY

Transcription

1 BUSINESS CONTINUITY MANAGEMENT POLICY Date first approved: Date of effect: Date last amended: Date of Next Review: 14 July 2009 On Approval 14 March March 2020 First Approved by: Custodian title & e- mail address: Author: Responsible Division & Unit: Supporting documents, procedures & forms: Relevant Legislation & External Documents: Administrative Committee Chief Finance Officer UOW Business Continuity Coordinator Business Improvement & Assurance Division Business Continuity Management Guidelines Business Continuity Templates Risk Management Policy Risk Management Guidelines UOW Emergency Management Plan IMTS Disaster Recovery Plan Critical Incident Guidelines Delegations of Authority Policy Business Continuity Management Group Terms of Reference AS/NZS 5050:2010 Business continuity-managing disruption-related risk ISO 22301: 2012 Societal security Business continuity management systems ISO 22313: 2013 Societal security Business continuity systems Guidance AS/NZS ISO 31000:2009 Risk management Principles and guidelines Audience: Public accessible to anyone Submit your feedback on this policy document using the Policy Feedback Facility.

2 Contents 1 Purpose of Policy 1 2 Definitions 1 3 Application & Scope 1 4 Objectives 1 5 Business Continuity Principles 2 6 Business Continuity Risk Management Relationships 2 7 Version Control and Change History 3

3 1 2 Purpose of Policy 2. Business Continuity Management aims to achieve the framework for resilience and response capability in order to safeguard people and operations as well as to uphold confidence in the organisation. The purpose of this Policy is to ensure that UOW is well equipped to respond to a wide variety of disruptions in order to support the continuing availability of processes and resources to achieve its business objectives. Definitions Word/Term Business Continuity Framework Business Continuity Plan (BCP) Business Impact Analysis (BIA) UOW Support Units Definition The overall collection of management processes and documents that establishes, implements, operates, monitors, reviews, maintains and improves business continuity. A collection of procedures and information that is developed, compiled and maintained in readiness for use in an incident, emergency or disaster to facilitate resumption of those processes that are essential to the delivery of outputs and achievement of key business objectives. The process of identifying and assessing the risks of impacts that interrupt business processes and determining priorities in the resumption of normal operations. These units include (but are not limited to) the Business Continuity Management Group (BCMG), Workplace Health and Safety (WHS), Information Management and Technology Services (IMTS), Security, Facilities Management Division (FMD), Staff Services, Student Services Division (SSD), Government Relations, Strategic Marketing and Communications Unit and Business Improvement and Assurance Division. 3 4 Application & Scope This policy applies to all faculties, divisions and significant University activities including regional campuses and controlled entities. 2. This Policy is supported by the Business Continuity Management Guidelines and is an integral component of the Business Continuity Framework. Objectives In the event of a disruption to its business processes, UOW aims to meet the following objectives: a. to provide timely availability of all key resources necessary to operate critical business processes to an acceptable level of operation; b. to ensure University community health, welfare and confidence; c. to maintain customer/staff/student/stakeholder contact and confidence; d. to fulfil regulatory requirements; and BIA-BC-POL- 001 Business Continuity Management Policy March 2017 Page 1

4 e. to control expenditure and reduce any extraordinary costs caused by an event. 5 6 Business Continuity Principles Business continuity principles require that a complete, organised and effective Business Continuity Framework is in place that establishes, implements, operates, monitors, reviews, maintains and continually improves viable, responsive and practical business continuity processes for UOW, in alignment with the University s Risk Management Framework. The University is committed to the establishment and maintenance of Business Continuity Plans (BCP) for each Faculty, Division and Unit where necessary, to maintain continuity of critical business functions within acceptable timeframes. All Plans should incorporate the specified requirements which are set out in the BCP template, including resource requirements and recovery strategies. A Business Impact Analysis (BIA) is the primary data collection tool in the development of the Plans. The BIA determines business continuity priorities, in accordance with a risk-based assessment, and includes specified requirements which are set out in the BIA template. Regular testing, knowledge development and awareness programs are to be undertaken as required to ensure that staff are familiar with the Business Continuity Framework. Business Continuity Management Relationships The Business Continuity Framework is informed by the University s Risk Framework. It contains integrated relationships with the UOW Emergency Management Plan (EMP) and Information Management and Technology Services (IMTS) Disaster Recovery Plans (IT- DRP) depending on the type and severity of the incident. The Business Continuity Management Group (BCMG) will oversee and monitor the Business Continuity Governance operations, which includes an indirect relationship with the Emergency Management Group (EMG) and receiving reports from the Senior Executive Emergency Management Group (SEEMG). The following diagram depicts the broad structure of Business Continuity Management at the University: BIA-BC-POL- 001 Business Continuity Management Policy March 2017 Page 2

5 Eme rg ency Manageme nt Cris is Ma nagement Business Continuity IT Disaster Reco very University Council Risk Audit & Compliance Committee (RACC) Vice Chanc ello r s Adviso ry Group (VCAG) Senior Execu tive Emergency Man agement Group (SEEMG) Emergen cy Planning Group (EP G) Emergency Man agement Coordinators across d iv/ fac c ampuses Media & Commun ic atio ns Vice Cha ncellor provides Strategic direction and dec is io n making Busines s Continuity Managemen t Group C risis Advis ory P anel (CAP) Risk Mana gement Group (RMG) Business Imp rov ement & As surance Division (BIAD) Manager Business Assuranc e UOW Busine ss Continuity Coordinator Informa tion Ma nagemen t and Tec hnology Services (IMTS) Disas ter Re covery The Business Continuity Management Group is the overarching governance body for the University of Wollongong s Business Continuity Management Policy and framework, and oversees development of supporting Guidelines, plans and programs. 7 Version Control and Change History Version Control Date Effective Approved By Amendment 1 1 December 2004 Vice Principal(Administration) UOW Internal Audit Manager First Version 2 27 April 2006 UOW Internal Audit Manager Update distribution list 3 14 July 2009 Administrative Committee Major Revision of Policy 4 16 January 2012 Vice-Principal (Administration) Updated to reflect divisional name change from Buildings and Grounds to Facilities Management Division May 2012 Vice-Principal (Administration) Updated to reflect the transfer of BCMS responsibilities from UOWIA to Finance and the document registration sequence BIA-BC-POL- 001 Business Continuity Management Policy March 2017 Page 3

6 6 20 Sept 2012 DVP Finance & IT for VP(A) Triennial Scheduled Review and name change from OHS to WHS 7 11 Sept 2013 Chief Administrative Officer Updated to reflect title change from VPA to CAO 8 9 February March 2017 Vice-Chancellor Vice-Chancellor Triennial Scheduled Review minor updating and alignment to UOW Risk Management Policy and Guidelines Reviewed to reflect the agreed changes to the BCM Framework BIA-BC-POL- 001 Business Continuity Management Policy March 2017 Page 4