BC 010103 BCP Policy Statement
The Board should issue a clear policy statement on Business Continuity Planning. At a minimum, this statement should contain the following instructions:
- The organisation should develop a comprehensive Business Continuity Plan.
- A formal risk assessment should be undertaken in order to determine the requirements for the Business Continuity Plan.
- The Business Continuity Plan should cover all essential and critical business activities.
- The Business Continuity Plan should be periodically tested in a simulated environment to ensure that it can be implemented in emergency situations and that the management and staff understand how it is to be executed.
- All staff must be made aware of the Business Continuity Plan and their own respective roles.
- The Business Continuity Plan is to be kept up to date to take into account changing circumstances.
A similar policy statement to this should be communicated to all management and staff as part of its information security policy management process.
(To complete the relevant section of the Business Continuity Plan, click here)