Establishing a BCM Policy

To establish a Business Continuity Management (BCM) policy, the first step is to gain approvals from top management, to formally establish and communicate their commitment to BCM in the organisation.

But what precisely should a BCM policy include? As BC requirements can vary significantly between organisations, and even between departments within the same company, it is important the policy is appropriate to the purpose of the organisation.

The BCM Policy is an important document, setting out the scope and governance of the Business Continuity programme. It should also provide the context which the BC team can use to implement and action the project.

LetРІР‚в„ўs look at some objectives and key components that every organisation can leverage to form part of a comprehensive policy.

Components of a BCM Policy

Aim & Scope of Policy

Policy aims and scope will detail your vision for how the Business Continuity Management System (BCMS) should operate under both normal operating conditions and during business interruption events where you will need to recover critical activities within predefined time periods. It can also include detail of who is responsible for the BCMS and other vital activities during these times. It would be best practice to outline how you aim to achieve and maintain the vision by the plans, processes and strategies you will put in place. It is important that the policy includes a commitment to continual improvement of the organisationРІР‚в„ўs BCMS.

Purpose & Approach

The purpose and approach will outline if the policy is based on ISO 22301 requirements, definitions from industry associations/professional institutes (e.g. BCI) or a companyРІР‚в„ўs own standards. It is important that a clear definition exists with no ambiguity in meaning and provides those responsible for BCM with a clear scope, authority and area of responsibility.

The policy should ensure that BC/Crisis Management (CM) is controlled within a management system, with clear lines of responsibility and accountability.

BCMS Objectives

Your overarching BCMS objectives, in response to a Business Continuity or Crisis incident, may cover key objectives such as

• the preservation of life,
• maintaining operations of key products or services,
• and restoration of reputation loss.

Whilst there are no statutory or regulatory requirements for it, this section may also include any requirements of its key stakeholders and any objectives in respect to these stakeholders.

For example, to minimise any disruption to international clients.

During an ISO certification audit, you would be measured against your key objectives.

Roles & Responsibilities

Who shall maintain compliance?
Who shall oversee the deployment, implementation and training within the BCMS?
Have you established a Business Continuity Steering Group?

The management style of the company and the culture of the organisation will determine to the greater degree the extent of roles and responsibilities across the business.

Communicating, Accessing & Reviewing

These will depend again very much on the individual organisation but whatever strategy is decided upon, it should be communicated in the policy statement.

Plans to exercise, corrective actions, annual reviews and continuous improvement aims should all be linked to the policy and continually assessed.

Management Commitment

The organisationРІР‚в„ўs BCM Policy should be set out at top management/board level.

This signals to the rest of the company that any BCM project has their full support, helping establish employee support and participation.

The policy statement should be signed and dated by the appropriate board-level sponsor, CEO or equivalent.

The representative who will be tasked with enforcing the policy and those who will support the representative should be named, and the authorities that these individuals have to ensure that they can carry out their duties can also be outlined.

Conclusion

Your BCM Policy should be reviewed regularly and assessed, e.g. through internal/external audits, to ensure it is current and appropriate.

Our BCM software is designed to alleviate and assist with the day to day management of an organisation's Business Continuity Management System by automating key functions and ensuring that all information, documentation and contacts are stored in one place. Plans are managed in one integrated, dynamic template system, which allows consistency across the board for the creation, updating and maintenance of each plan.

To find out more about the features and benefits of our leading software, contact us to arrange a product demonstration today!