Assessor Resource

BSBCON601B
Develop and maintain business continuity plans

Assessment tool

Version 1.0
Issue Date: March 2024


This unit is for individuals working in positions of authority who are approved to implement change across the division, business area, program area or project area.

This unit addresses the knowledge and processes necessary to develop and maintain business continuity requirements. Business continuity awareness and planning help the organisation to identify barriers and/or interruptions, and to determine how the organisation will achieve critical business objectives (even at diminished capacity) until full functionality is restored.

The focus is on risk and vulnerability assessment, business impact assessments, and business continuity and communication plans.

This unit describes the performance outcomes, skills and knowledge required to work within the business continuity framework to develop and implement business continuity plans in order for an organisation to manage risk and ensure business resilience when faced with a disruptive event.

You may want to include more information here about the target group and the purpose of the assessments (eg formative, summative, recognition)

Prerequisites

Not applicable.


Employability Skills

This unit contains employability skills.




Evidence Required

List the assessment methods to be used and the context and resources required for assessment. Copy and paste the relevant sections from the evidence guide below and then re-write these in plain English.

The evidence guide provides advice on assessment and must be read in conjunction with the performance criteria, required skills and knowledge, range statement and the Assessment Guidelines for the Training Package.

Critical aspects for assessment and evidence required to demonstrate competency in this unit

Evidence of the following is essential:

knowledge of the organisation’s overall business continuity framework and how it interrelates with the critical business functions

development and implementation of a business continuity plan that includes appropriate links to emergency response, disaster recovery plans and detailed continuity and recovery strategies

effective management of the communication and staff development activities relating to business continuity risk and vulnerability assessment.

Context of and specific resources for assessment

Assessment must ensure:

access to workplace business continuity documentation

access to feedback from teams and management.

Method of assessment

A range of assessment methods should be used to assess practical skills and knowledge. The following examples are appropriate for this unit:

direct questioning combined with review of portfolios of evidence and third party workplace reports of on-the-job performance by the participant

work based projects or case studies

observation of presentations

oral or written questioning to assess knowledge of business continuity management framework and business continuity plans

review of documented critical success factors, and goals or objectives for area

review of risks prioritised for risk treatment and disruption scenarios

evaluation of business impact assessment

evaluation of business continuity and communication strategies and plans.

Guidance information for assessment

Holistic assessment with other units relevant to the industry sector, workplace and job role is recommended.


Submission Requirements

List each assessment task's title, type (eg project, observation/demonstration, essay, assingnment, checklist) and due date here

Assessment task 1: [title]      Due date:

(add new lines for each of the assessment tasks)


Assessment Tasks

Copy and paste from the following data to produce each assessment task. Write these in plain English and spell out how, when and where the task is to be carried out, under what conditions, and what resources are needed. Include guidelines about how well the candidate has to perform a task for it to be judged satisfactory.

Required skills

analytical skills to analyse relevant workplace information and data, and to make observations and connections between workplace tasks and interactions in relation to people, activities, equipment, environment and systems

communication, teamwork and leadership skills to:

read and interpret an organisation’s reports, policies and procedures in order to develop business continuity management plan/s

effectively communicate and work with a diverse range of individuals at all levels during and after a disruptive event

effectively negotiate the trust and confidence of colleagues and stakeholders

effectively undertake detailed business impact assessment activities across the spectrum of the organisation’s stakeholders

information technology skills to effectively respond to information technology issues

initiative and enterprise skills to generate a range of options in response to a disruptive event

planning and organisational skills to participate in or to establish the organisation’s improvement and planning processes

presentation skills to develop and present reports or presentations that deal with complex ideas and concepts, and to articulate information and ideas clearly

research skills to undertake the necessary background research for risk and vulnerability assessment, business impact assessment and business continuity plan

risk management and project planning skills to effectively develop and execute potentially complex business continuity planning strategies and plans

stress management skills to work effectively and positively under the pressure of a major incident or situation within the workplace.

Required knowledge

AS/NZS ISO 31000:2009 Risk Management - Principles and Guidelines

Australian/New Zealand Standard Handbook AS/NZS 50:50 2010 Business Continuity: managing disruption related risk

organisation’s policies and procedures, including business continuity strategies

overall operations of the organisation, including existing data and information systems, paper and digital recordkeeping systems

past and current internal, external and industry disruptions

relevant legislation and regulations that impact on business continuity, such as OHS, environment, duty of care, contract, company, freedom of information, industrial relations, emergency management, privacy and confidentiality, due diligence, records management

types of available insurance, what is required and insurance providers in relation to business continuity planning

types of available recoverable services.

The range statement relates to the unit of competency as a whole. It allows for different work environments and situations that may affect performance. Bold italicised wording, if used in the performance criteria, is detailed below. Essential operating conditions that may be present with training and assessment (depending on the work situation, needs of the candidate, accessibility of the item, and local industry and regional contexts) may also be included.

Corporate risk may include:

electronic information security

espionage/commercial confidence/sensitivity breach

governance

insolvency

major fraud

professional negligence – threat of major legal action against directors.

Organisations may include:

commercial enterprises

community

government

non-commercial enterprises

not-for-profit

religious organisations.

Risk may include:

aeronautical

armed hold-up

biological

chemical

civil disturbance

disability/death of key person

economic

electronic

erosion

explosion

fire

fraud

hazardous materials

industrial accident

infrastructure failure

market failure

natural disaster

operational collapse – insolvency

pandemic

pollution

privacy and confidentiality

radiological/nuclear

robbery and/or major vandalism

sabotage

structure failure

terrorism

transport accident

war

water

weather/climate change.

Critical business functions may include:

business objectives

customer service functions

financial systems

human resource functions

management

OHS

organisational structure

payroll

records management.

Dependencies may include:

office furniture

office supplies

personnel

support activities

systems and applications

vital records.

Interdependencies may include:

communications

outsourcer and third party suppliers

power

sanitation

security

transport

water.

Business impact assessment/smay include:

breach/reduction of customer service standards

cost/impact on existing and/or increased finance

escalating losses over time

impact of loss of business/resources

loss of revenue

potential fines/penalties/litigation costs

reputation/brand damage

statutory/regulatory breaches.

Disruption scenarios may include:

damage to/loss of critical infrastructure

information and intelligence – unavailable

equipment and other assets – unavailable

litigation

loss of access to building

loss of access to precinct

loss of access to records and organisational information systems

loss of building

loss of communications – voice

loss of communications– data

loss of distribution chain

loss of information technology systems

loss of number and availability of staff, including key staff

not meeting legal and business requirements

partnership dependencies – denial of access to goods and services from suppliers, outsourcers.

Management may include:

chief executive officer

company board

delegated business continuity management director/officer

department managers

directors

supervisors.

Risk treatment may include:

activating evacuation plan

activating lockdown procedures

activating workplace emergency management plan

personnel working from home

relocation of facilities

temporarily suspending activities

transferring activities.

Emergency response strategies may include:

contact lists to report incident/s

documentation/reporting/recording procedures

evacuation plan

location of evacuation assembly point

lock down procedures

names and responsibilities of wardens

personnel instructions for evacuation

process for accounting personnel

workplace emergency management plan.

Continuity strategies may include:

action required to resume critical business activities to pre-disruption capacity

contact lists of critical personnel and stakeholders

counselling

critical business activities and prioritisation of when they can/need to resume

list of resources

relocation to alternative worksite

resource replacement

treatment for critical business activities.

Recovery strategies may include:

customer confidence/relationship management

damage assessment

market re-establishment

process for assessing loss and filing insurance claims

relocation of business to original location

salvage and restoration of records, infrastructure and premises.

Resources may include:

critical written and/or electronic records

emergency services

facilities and/or accommodation

finances

information technology infrastructure and applications management

insurance

personnel

plant and equipment

premises

telecommunications.

Business continuity plan/s may include:

introduction

organisational details

objectives

purpose

critical business functions

assumptions

processes

activation and stand down

responsibility

version control and maintenance

operational requirements

critical success factors

interdependencies

outage times

compliance

people

structure

roles and responsibilities

contact details

continuity arrangements

accommodation

resources

workarounds and alternate solutions

continuity management tasks

communications

other plans

checklists

maps and drawings.

Stakeholders may include:

chief executive officer

company board

customers

directors

families/next-of-kin

funders

local community

media

personnel

professional bodies

shareholders

relevant government minister/s and department/s

regulators

sponsors

suppliers.

Communication plan may include:

accessibility

assumptions

audience

boundaries

business continuity terminology

capability

equipment

hierarchical organisational chart of internal and external emergency services personnel/delegates

mode

monitoring procedures

radio silence

reporting and recording procedures

sensitivities.

Exercises may include:

drills

discussion exercises

modelling

planned walkthroughs

scenario planning and exercising

simulated exercises

testing.

Copy and paste from the following performance criteria to create an observation checklist for each task. When you have finished writing your assessment tool every one of these must have been addressed, preferably several times in a variety of contexts. To ensure this occurs download the assessment matrix for the unit; enter each assessment task as a column header and place check marks against each performance criteria that task addresses.

Observation Checklist

Tasks to be observed according to workplace/college/TAFE policy and procedures, relevant legislation and Codes of Practice Yes No Comments/feedback
Identify the relationship between corporate risk and the organisation’s business continuity management framework 
Analyse and determine internal and external risk context by collecting information that relates to the organisation’s priorities, operations and environment 
Analyse and identify potential internal and external sources of disruption to the organisation’s priorities, operations and environment 
Identify the organisation’s critical business functions and their dependencies and interdependencies, and analyse and evaluate risks through the business impact assessment/s 
Develop risk and disruption scenarios through the business impact assessment/s 
Validate risk and disruption scenarios through the business impact assessment/s 
Analyse, validate and report on the outcomes of the business impact assessment/s to management 
Develop and implement risk treatments 
Participate in risk treatment review 
Report on risk treatment review to management and relevant appropriate personnel 
Update risk treatment review in line with feedback provided by relevant personnel 
Develop the organisation’s emergency response, continuity and recovery strategies 
Consult and seek endorsement on the organisation’s emergency response, continuity and recovery strategies from management and other appropriate personnel 
Identify and manage synergies and conflicts in resourceavailability and access in conjunction with management 
Coordinate the organisation’s emergency response, continuity and recovery strategies 
Consult relevant personnel and seek support for the development of the organisation’s business continuity plan/s 
Ensure content of business continuity plan is comprehensive and meets, where applicable, the requirements of regulations, standards, industry practice and geographical dispersion 
Document and analyse feedback received through consultation and finalise business continuity plan 
Demonstrate accountability for the organisation’s business continuity plan/s 
Identify stakeholders and determine objective and scope of communication plan for periods before, during and after disruptions occur 
Determine organisation’s communication capabilities in line with objectives and scope, and identify gaps and options for meeting shortfalls 
Develop and implement across the organisation, appropriate risk and incident monitoring, reporting and escalation processes 
Promote the application of the business continuity management framework and plan to all relevant personnel on an ongoing basis 
Provide staff with appropriate information relating to the cyclical review process of the business continuity management plan 
Conduct business continuity management plan exercises in line with the organisation’s policies and procedures 
Conduct post exercise debriefs, complete post exercise reviews and update business continuity strategies and plans as required 
Manage and record staff learning and development in relation to the business continuity management framework in accordance with organisational requirements, and framework policies and procedures 
Report on the outcomes of staff learning and development, and business continuity framework exercises to relevant personnel 

Forms

Assessment Cover Sheet

BSBCON601B - Develop and maintain business continuity plans
Assessment task 1: [title]

Student name:

Student ID:

I declare that the assessment tasks submitted for this unit are my own work.

Student signature:

Result: Competent Not yet competent

Feedback to student

 

 

 

 

 

 

 

 

Assessor name:

Signature:

Date:


Assessment Record Sheet

BSBCON601B - Develop and maintain business continuity plans

Student name:

Student ID:

Assessment task 1: [title] Result: Competent Not yet competent

(add lines for each task)

Feedback to student:

 

 

 

 

 

 

 

 

Overall assessment result: Competent Not yet competent

Assessor name:

Signature:

Date:

Student signature:

Date: