A Business Continuity Policy is not only a required document for many of the new business continuity standards, is considered best practice throughout the industry.  Two elements are important in order to ensure in developing a business continuity policy: 1) that the policy is well thought out and covers all the requirements of your particular organizations needs as well as whatever standard you chose to follow, 2) that a process in implemented that ensures that the policy is reviewed, updated and approved annually by executive management of your organization.  Let’s examine these 2 points in more detail.

Business Continuity Policy – Required Elements

Independent of whatever standard you might be following every business continuity policy should have the following elements:

  • Scope Statement
  • Designation of Senior Management Leader as well as a statement of senior managements support
  • Designation of responsibility to build the plan and expectations of assistance from others in the organization
  • Requirement for a budget to build and maintain the business continuity system
  • Standard or Best Practice that is to be followed when developing the plan
  • How emergency/crisis management is to be handled
  • What role IT will have in the development, testing and maintenance of the plan
  • Testing and rehearsal requirements and timing
  • Maintenance requirements and timing

Business Continuity Policy – Process Definition

We have all seen great policies developed and then sit on the shelf or get lost.  Frequently organizations take a lot of time to develop good policies but then never develop a process to maintain the policy.  Maintenance of the business continuity policy ideally should fall not only to the individual responsible for developing the plan but also the representative from senior management responsible for oversight of the plan.  This process should include:

  • A review cycle – typically annually
  • A method to solicit comments and changes to the current policy
  • Designation of approval authority
  • A distribution method that includes destruction of older versions of the policy

Pin It on Pinterest