Elements and Performance Criteria
- Conduct risk and vulnerability assessments
- Identify the relationship between corporate risk and organisation’s business continuity management framework
- Analyse and determine internal and external risk context by collecting information relating to the organisation’s priorities, operations and environment
- Analyse and identify potential internal and external sources of disruption to the organisation’s priorities, operations and environment
- Develop and report business impact assessment/s
- Identify the organisation’s critical business functions and its dependencies and interdependencies, and analyse and evaluate risks through business impact assessment/s
- Develop risk and disruption scenarios through business impact assessment/s
- Validate risk and disruption scenarios through business impact assessment/s
- Analyse, validate and report on the outcomes of business impact assessment/s to management
- Develop, implement and report risk treatments
- Determine interdependencies and develop response strategies
- Develop the organisation’s emergency response, continuity and recovery strategies
- Consult and seek endorsement on organisation’s emergency response, continuity and recovery strategies from management and other appropriate personnel
- Identify and manage synergies and conflicts in resource availability and access in conjunction with management
- Coordinate the organisation’s emergency response, continuity and recovery strategies
- Establish business continuity plan
- Consult relevant personnel and seek support for the development of the organisation’s business continuity plan/s
- Ensure content of business continuity plan is comprehensive and meets, where applicable, requirements of regulations, standards, industry practice and geographical dispersion
- Document and analyse feedback received through consultation and finalise business continuity plan
- Demonstrate accountability for organisation’s business continuity plan/s
- Establish communication plan within organisation’s planning framework
- Identify stakeholders and determine objective and scope of communication plan for periods before, during and after disruptions occur
- Determine organisation’s communication capabilities in line with objectives and scope, and identify gaps and options for meeting shortfalls
- Develop and implement across the organisation, appropriate risk and incident monitoring, reporting and escalation processes
- Deliver business continuity professional development activities
- Promote application of business continuity management framework and plan to all relevant personnel on an ongoing basis
- Provide staff with appropriate information on cyclical review process of the business continuity management plan
- Conduct business continuity management plan exercises in line with organisation’s policies and procedures
- Conduct post-exercise debriefs, complete post-exercise reviews and update business continuity strategies and plans as required
- Manage and record staff learning and development on the business continuity management framework in accordance with organisational requirements, and framework policies and procedures
- Report on the outcomes of staff learning and development, and business continuity framework exercises to relevant personnel
- Establish communication plan within organisation’s planning framework
- Identify stakeholders and determine objective and scope of communication plan for periods before, during and after disruptions occur
- Determine organisation’s communication capabilities in line with objectives and scope, and identify gaps and options for meeting shortfalls
- Develop and implement across the organisation, appropriate risk and incident monitoring, reporting and escalation processes