disclosure
statement
 

Continuity management

Development, implementation and testing of business continuity system.

Guidelines:

Activities may include, but are not limited to:

Identifying potential threats and assessing their impact on the business

Developing incident response plans and procedures

Ensuring that critical business functions can continue at the planned level of outage

Ensuring that an acceptable level of service can be restored after an outage

Developing organizational resiliency

Ensuring that continuity is built into systems, processes and practices

Ensuring that continuity is embedded in systems, processes and practices

Ensuring continuous delivery, deployment and integration of applications and infrastructure without adverse impact or service disruption.

Incidents can have a variety of causes, including (but not limited to) cyberattacks, data breaches, organized crime, fires, floods, natural disasters, pandemics, health emergencies, and supply chain disruption.

Continuity Management: Level 2

Maintains records of all relevant testing and training and ensures all documentation is available. Records actions taken and consequences after an incident or real-world continuity plan testing to report lessons learned.

Continuity Management: Level 3.

Applies a structured approach to develop and document the details of a business continuity plan. Maintains documentation of business continuity and disaster recovery plans. Supports development of test plan and continuity management exercises.

Continuity Management: Level 4.

Contributes to the development of continuity management plans. Identifies information and communication systems that support critical business processes. Coordinates business impact analysis and risk assessment. Coordinates the planning, development, and testing of contingency plans.

Continuity Management: level 5.

Leads the development, implementation, and testing of continuity management plans. Manages relationships with individuals and groups with authority over critical business processes and supporting systems. Assesses critical risks and identifies priority areas for improvement. Reviews continuity management plans and procedures to ensure that they address risks and that agreed levels of continuity can be maintained.

Continuity management: level 6

Defines the continuity management strategy for the organization. Provides organizational commitment, funding, and resources for continuity management. Leads continuity management exercises. Communicates policies, governance, scope, and roles related to continuity management. Has defined authority and responsibility for continuity management actions and decisions.