Developing, implementing and testing a business continuity framework.
Activities may include — but are not limited to:
- identifying potential threats and assessing their business impact
- developing plans and procedures to respond to an incident
- ensuring critical business functions can continue with a planned level of disruption
- ensuring an acceptable level of service can be restored after a disruption
- developing organisational resilience
- assuring that continuity is being designed into systems, processes and ways of working
- implementing continuity management practices for cloud-based services
- enabling continuous delivery, deployment and integration of applications and infrastructure without adverse impact or disruption to service.
Incidents have a variety of causes, including — but not limited to — cyber-attacks, data breaches, organised crime, fires, floods, natural disasters, pandemics, health emergencies and supply chain failure.
|Level 2: Assist|
Maintains records of all related testing and training and ensures the availability of all documentation.
Records the actions taken and the consequences following an incident or live testing of a continuity plan for a lessons-learned report.
|Level 3: Apply|
Applies a structured approach to develop and document the detail for a continuity plan.
Maintains documentation of business continuity and disaster recovery plans.
Supports the development of a test plan and implementation of continuity management exercises.
|Level 4: Enable|
Contributes to the development of continuity management plans.
Identifies information and communication systems that support critical business processes.
Coordinates the business impact analysis and the assessment of risks.
Coordinates the planning, designing, and testing of contingency plans
|Level 5: Ensure, advise|
Manages the development, implementation and testing of continuity management plans.
Manages the relationship with individuals and teams who have authority for critical business processes and supporting systems.
Evaluates the critical risks and identifies priority areas for improvement.
Tests continuity management plans and procedures to ensure they address exposure to risk and that agreed levels of continuity can be maintained.
|Level 6: Initiate, influence|
Sets the strategy for continuity management across the organisation.
Secures organisational commitment, funding and resources for continuity management.
Leads continuity management exercises.
Communicates the policy, governance, scope, and roles involved in continuity management. Has defined authority and accountability for the actions and decisions for continuity management