1 Risks to the BCMS and Opportunities for the BCMS..................................................... 15

from BCMS-DOC-06-1 Business Continuity Management Plan

by CertiKit Limited

Business Continuity Management Plan

Financial Year 20xx/xx

DOCUMENT REF

BCMS-DOC-06-1

VERSION

DATED [Insert date] DOCUMENT AUTHOR [Insert name] DOCUMENT OWNER [Insert name/role]

Revision history

VERSION DATE REVISION AUTHOR SUMMARY OF CHANGES

Distribution

NAME TITLE

Approval

NAME POSITION SIGNATURE DATE

1 Introduction ............................................................................................................... 8 2 Business continuity objectives.................................................................................... 9 3 Plan to achieve objectives ........................................................................................ 11 4 Resources to manage and improve the BCMS........................................................... 13 4.1 Human resources....................................................................................................... 13 4.2 Technical resources.................................................................................................... 13 4.3 Information resources................................................................................................ 14 4.4 Financial resources..................................................................................................... 14 5 Risks and opportunities for the BCMS ...................................................................... 15 5.1 Risks to the BCMS and Opportunities for the BCMS..................................................... 15 6 Conclusion................................................................................................................ 17

Tables

Table 1: Business continuity objectives....................................................................................... 10 Table 2: Plan to achieve objectives ............................................................................................. 12 Table 3: Human resources required to run the BCMS .................................................................. 13 Table 4: Risks to the BCMS and Opportunities for the BCMS........................................................ 16

1 Introduction

[Organization Name] is committed to establishing effective business continuity plans to protect its key business activities and meet its obligations to its stakeholders.

As part of this commitment the organization has established a Business Continuity Management System (BCMS) which complies with the requirements of the ISO22301 international standard for business continuity and will be seeking certification to this standard in the near future.

In line with the standard, it is essential that our business continuity objectives are consistent with our policies, measurable where practicable, communicated effectively within the organization (and outside where appropriate) and updated as part of the BCMS management review process.

Objectives will be based on a clear understanding of our business continuity requirements, including those from interested parties, and will consider the results of business impact and risk assessments carried out at various levels within the organization.

This document sets out the organization’s business continuity objectives and plans for the financial year YY/YY, including

• Who will be responsible • What will be done • What resources will be required • When it will be completed • How the results will be evaluated

This document should be read in conjunction with the following other components of the BCMS which give background information about the organization’s business continuity policy and requirements:

• BC Context, Requirements and Scope • Business Continuity Policy • Business Impact Analysis Tool

2 Business continuity objectives

In order to assess whether the BCMS is working as intended it is essential that clear objectives are defined, and a system of monitoring and measurement established to record progress against targets.

High-level objectives for business continuity are described in the BCMS document BC Context, Requirements and Scope and the overall framework for setting lower-level objectives is defined in the Business Continuity Policy, also a key component of the BCMS.

Methods for determining to what extent objectives are being met are set out in the document Process for Monitoring, Measurement, Analysis and Evaluation.

As part of the BCMS management review process, objectives for business continuity are regularly set, reviewed and updated in the following major areas:

• Quality: generally, how well the organization’s business activities are protected by the BCMS • Capability: the knowledge, skills and experience available, mainly internally but also to some extent externally to the organization • Cost: financial resources required to maintain and improve the BCMS • Resource utilisation: how effectively organizational resources are employed • Risk reduction: the degree to which known risks are treated to within acceptable limits • Other: appropriate objectives that do not fall into any of the above areas

In discussion with the management team and based upon documented requirements, [Organization Name] has agreed specific objectives in the area of business continuity as shown in Table 1.

Achievement against these objectives will be tracked as part of regular management reviews of the BCMS.