Business Continuity Policy

Reaping the benefits of a business continuity capability begins with a carefully drafted business continuity policy. The nature, scale and complexity of your organization’s operations determine the kind of policies that are required. Organizational culture also has an important role to play. Nevertheless, it is good practice to include the following key elements while outlining your company’s business continuity policy.

Accountability – Your business continuity policy must state explicitly who will take responsibility for making decisions and putting together resources while developing a BCM program.

Roles & Responsibilities – The execution of different business continuity tasks before, during and after a disruption must be assigned to individuals who are best suited for completing the tasks.

Analysis – Your business continuity policy must identify the regulatory standards that are most relevant to your organization’s resiliency objectives. It must also assess the requirements for conducting risk assessments and business impact analyses.

Statutory, Compliance and Contractual Evaluation – Organizations must identify the federal, state and local laws that are applicable to their business. This section must also include potential areas of conflict between the organization’s contractual obligations to customers and business continuity strategies.

Business continuity execution – The practicalities of implementing a business continuity plan must also be included in the business continuity policy. During this stage, the organization must also identify feasible strategies for managing crisis and emergency situations.

Maintenance – Your business continuity policy must outline the methodologies to be adopted for managing plans through regular updates, enhancements and modifications.

Testing – You must also identify how your organization plans to test your business continuity capability and with what frequency. The goals, objectives and evaluation criteria of testing exercises must also be established at this stage.

Training & Awareness – Your organization must identify gaps between the existing skill sets of your staff and the required skills for executing business continuity plans based on which training programs and awareness initiatives are designed.

Internal Audit – Your business continuity policy must also include guidelines for internally auditing business continuity processes as well as the requirements for the same.

Resources – Policies and procedures evolve over time and your business continuity team must have a readily accessible list of reliable reference material related to standards, compliance norms and best practices.