BSBCON601B - Develop and maintain business continuity plans
Assessor Resource
BSBCON601B Develop and maintain business continuity plans
Assessment tool
Version 1.0 Issue Date: March 2024
This unit is for individuals working in positions of authority who are approved to implement change across the division, business area, program area or project area.
This unit addresses the knowledge and processes necessary to develop and maintain business continuity requirements. Business continuity awareness and planning help the organisation to identify barriers and/or interruptions, and to determine how the organisation will achieve critical business objectives (even at diminished capacity) until full functionality is restored.
The focus is on risk and vulnerability assessment, business impact assessments, and business continuity and communication plans.
This unit describes the performance outcomes, skills and knowledge required to work within the business continuity framework to develop and implement business continuity plans in order for an organisation to manage risk and ensure business resilience when faced with a disruptive event.
You may want to include more information here about the target group and the purpose of the assessments (eg formative, summative, recognition)
Prerequisites
Not applicable.
Employability Skills
This unit contains employability skills.
Evidence Required
List the assessment methods to be used and the context and resources required for assessment. Copy and paste the relevant sections from the evidence guide below and then re-write these in plain English.
The evidence guide provides advice on assessment and must be read in conjunction with the performance criteria, required skills and knowledge, range statement and the Assessment Guidelines for the Training Package.
Critical aspects for assessment and evidence required to demonstrate competency in this unit
Evidence of the following is essential:
knowledge of the organisation’s overall business continuity framework and how it interrelates with the critical business functions
development and implementation of a business continuity plan that includes appropriate links to emergency response, disaster recovery plans and detailed continuity and recovery strategies
effective management of the communication and staff development activities relating to business continuity risk and vulnerability assessment.
Context of and specific resources for assessment
Assessment must ensure:
access to workplace business continuity documentation
access to feedback from teams and management.
Method of assessment
A range of assessment methods should be used to assess practical skills and knowledge. The following examples are appropriate for this unit:
direct questioning combined with review of portfolios of evidence and third party workplace reports of on-the-job performance by the participant
work based projects or case studies
observation of presentations
oral or written questioning to assess knowledge of business continuity management framework and business continuity plans
review of documented critical success factors, and goals or objectives for area
review of risks prioritised for risk treatment and disruption scenarios
evaluation of business impact assessment
evaluation of business continuity and communication strategies and plans.
Guidance information for assessment
Holistic assessment with other units relevant to the industry sector, workplace and job role is recommended.
Submission Requirements
List each assessment task's title, type (eg project, observation/demonstration, essay, assingnment, checklist) and due date here
Assessment task 1: [title] Due date:
(add new lines for each of the assessment tasks)
Assessment Tasks
Copy and paste from the following data to produce each assessment task. Write these in plain English and spell out how, when and where the task is to be carried out, under what conditions, and what resources are needed. Include guidelines about how well the candidate has to perform a task for it to be judged satisfactory.
Required skills
analytical skills to analyse relevant workplace information and data, and to make observations and connections between workplace tasks and interactions in relation to people, activities, equipment, environment and systems
communication, teamwork and leadership skills to:
read and interpret an organisation’s reports, policies and procedures in order to develop business continuity management plan/s
effectively communicate and work with a diverse range of individuals at all levels during and after a disruptive event
effectively negotiate the trust and confidence of colleagues and stakeholders
effectively undertake detailed business impact assessment activities across the spectrum of the organisation’s stakeholders
information technology skills to effectively respond to information technology issues
initiative and enterprise skills to generate a range of options in response to a disruptive event
planning and organisational skills to participate in or to establish the organisation’s improvement and planning processes
presentation skills to develop and present reports or presentations that deal with complex ideas and concepts, and to articulate information and ideas clearly
research skills to undertake the necessary background research for risk and vulnerability assessment, business impact assessment and business continuity plan
risk management and project planning skills to effectively develop and execute potentially complex business continuity planning strategies and plans
stress management skills to work effectively and positively under the pressure of a major incident or situation within the workplace.
Required knowledge
AS/NZS ISO 31000:2009 Risk Management - Principles and Guidelines
Australian/New Zealand Standard Handbook AS/NZS 50:50 2010 Business Continuity: managing disruption related risk
organisation’s policies and procedures, including business continuity strategies
overall operations of the organisation, including existing data and information systems, paper and digital recordkeeping systems
past and current internal, external and industry disruptions
relevant legislation and regulations that impact on business continuity, such as OHS, environment, duty of care, contract, company, freedom of information, industrial relations, emergency management, privacy and confidentiality, due diligence, records management
types of available insurance, what is required and insurance providers in relation to business continuity planning
types of available recoverable services.
The range statement relates to the unit of competency as a whole. It allows for different work environments and situations that may affect performance. Bold italicised wording, if used in the performance criteria, is detailed below. Essential operating conditions that may be present with training and assessment (depending on the work situation, needs of the candidate, accessibility of the item, and local industry and regional contexts) may also be included.
professional negligence – threat of major legal action against directors.
Organisations may include:
commercial enterprises
community
government
non-commercial enterprises
not-for-profit
religious organisations.
Risk may include:
aeronautical
armed hold-up
biological
chemical
civil disturbance
disability/death of key person
economic
electronic
erosion
explosion
fire
fraud
hazardous materials
industrial accident
infrastructure failure
market failure
natural disaster
operational collapse – insolvency
pandemic
pollution
privacy and confidentiality
radiological/nuclear
robbery and/or major vandalism
sabotage
structure failure
terrorism
transport accident
war
water
weather/climate change.
Critical business functions may include:
business objectives
customer service functions
financial systems
human resource functions
management
OHS
organisational structure
payroll
records management.
Dependencies may include:
office furniture
office supplies
personnel
support activities
systems and applications
vital records.
Interdependencies may include:
communications
outsourcer and third party suppliers
power
sanitation
security
transport
water.
Business impact assessment/smay include:
breach/reduction of customer service standards
cost/impact on existing and/or increased finance
escalating losses over time
impact of loss of business/resources
loss of revenue
potential fines/penalties/litigation costs
reputation/brand damage
statutory/regulatory breaches.
Disruption scenarios may include:
damage to/loss of critical infrastructure
information and intelligence – unavailable
equipment and other assets – unavailable
litigation
loss of access to building
loss of access to precinct
loss of access to records and organisational information systems
loss of building
loss of communications – voice
loss of communications– data
loss of distribution chain
loss of information technology systems
loss of number and availability of staff, including key staff
not meeting legal and business requirements
partnership dependencies – denial of access to goods and services from suppliers, outsourcers.
Management may include:
chief executive officer
company board
delegated business continuity management director/officer
department managers
directors
supervisors.
Risk treatment may include:
activating evacuation plan
activating lockdown procedures
activating workplace emergency management plan
personnel working from home
relocation of facilities
temporarily suspending activities
transferring activities.
Emergency response strategies may include:
contact lists to report incident/s
documentation/reporting/recording procedures
evacuation plan
location of evacuation assembly point
lock down procedures
names and responsibilities of wardens
personnel instructions for evacuation
process for accounting personnel
workplace emergency management plan.
Continuity strategies may include:
action required to resume critical business activities to pre-disruption capacity
contact lists of critical personnel and stakeholders
counselling
critical business activities and prioritisation of when they can/need to resume
list of resources
relocation to alternative worksite
resource replacement
treatment for critical business activities.
Recovery strategies may include:
customer confidence/relationship management
damage assessment
market re-establishment
process for assessing loss and filing insurance claims
relocation of business to original location
salvage and restoration of records, infrastructure and premises.
Resources may include:
critical written and/or electronic records
emergency services
facilities and/or accommodation
finances
information technology infrastructure and applications management
insurance
personnel
plant and equipment
premises
telecommunications.
Business continuity plan/s may include:
introduction
organisational details
objectives
purpose
critical business functions
assumptions
processes
activation and stand down
responsibility
version control and maintenance
operational requirements
critical success factors
interdependencies
outage times
compliance
people
structure
roles and responsibilities
contact details
continuity arrangements
accommodation
resources
workarounds and alternate solutions
continuity management tasks
communications
other plans
checklists
maps and drawings.
Stakeholders may include:
chief executive officer
company board
customers
directors
families/next-of-kin
funders
local community
media
personnel
professional bodies
shareholders
relevant government minister/s and department/s
regulators
sponsors
suppliers.
Communication plan may include:
accessibility
assumptions
audience
boundaries
business continuity terminology
capability
equipment
hierarchical organisational chart of internal and external emergency services personnel/delegates
mode
monitoring procedures
radio silence
reporting and recording procedures
sensitivities.
Exercises may include:
drills
discussion exercises
modelling
planned walkthroughs
scenario planning and exercising
simulated exercises
testing.
Copy and paste from the following performance criteria to create an observation checklist for each task. When you have finished writing your assessment tool every one of these must have been addressed, preferably several times in a variety of contexts. To ensure this occurs download the assessment matrix for the unit; enter each assessment task as a column header and place check marks against each performance criteria that task addresses.
Observation Checklist
Tasks to be observed according to workplace/college/TAFE policy and procedures, relevant legislation and Codes of Practice
Yes
No
Comments/feedback
Identify the relationship between corporate risk and the organisation’s business continuity management framework
Analyse and determine internal and external risk context by collecting information that relates to the organisation’s priorities, operations and environment
Analyse and identify potential internal and external sources of disruption to the organisation’s priorities, operations and environment
Identify the organisation’s critical business functions and their dependencies and interdependencies, and analyse and evaluate risks through the business impact assessment/s
Develop risk and disruption scenarios through the business impact assessment/s
Validate risk and disruption scenarios through the business impact assessment/s
Analyse, validate and report on the outcomes of the business impact assessment/s to management
Develop and implement risk treatments
Participate in risk treatment review
Report on risk treatment review to management and relevant appropriate personnel
Update risk treatment review in line with feedback provided by relevant personnel
Develop the organisation’s emergency response, continuity and recovery strategies
Consult and seek endorsement on the organisation’s emergency response, continuity and recovery strategies from management and other appropriate personnel
Identify and manage synergies and conflicts in resourceavailability and access in conjunction with management
Coordinate the organisation’s emergency response, continuity and recovery strategies
Consult relevant personnel and seek support for the development of the organisation’s business continuity plan/s
Ensure content of business continuity plan is comprehensive and meets, where applicable, the requirements of regulations, standards, industry practice and geographical dispersion
Document and analyse feedback received through consultation and finalise business continuity plan
Demonstrate accountability for the organisation’s business continuity plan/s
Identify stakeholders and determine objective and scope of communication plan for periods before, during and after disruptions occur
Determine organisation’s communication capabilities in line with objectives and scope, and identify gaps and options for meeting shortfalls
Develop and implement across the organisation, appropriate risk and incident monitoring, reporting and escalation processes
Promote the application of the business continuity management framework and plan to all relevant personnel on an ongoing basis
Provide staff with appropriate information relating to the cyclical review process of the business continuity management plan
Conduct business continuity management plan exercises in line with the organisation’s policies and procedures
Conduct post exercise debriefs, complete post exercise reviews and update business continuity strategies and plans as required
Manage and record staff learning and development in relation to the business continuity management framework in accordance with organisational requirements, and framework policies and procedures
Report on the outcomes of staff learning and development, and business continuity framework exercises to relevant personnel
Forms
Assessment Cover Sheet
BSBCON601B - Develop and maintain business continuity plans
Assessment task 1: [title]
Student name:
Student ID:
I declare that the assessment tasks submitted for this unit are my own work.
Student signature:
Result: Competent Not yet competent
Feedback to student
Assessor name:
Signature:
Date:
Assessment Record Sheet
BSBCON601B - Develop and maintain business continuity plans
Student name:
Student ID:
Assessment task 1: [title] Result: Competent Not yet competent
(add lines for each task)
Feedback to student:
Overall assessment result: Competent Not yet competent