Business Continuity Policy
The business success of A-GRC is reliant upon the preservation of its critical business activities to ensure that services are delivered internally to A-GRC employees and externally to Clients.
A-GRC sets out the framework for how it;
- responds to business disruptions in its critical business activities.
- manages the continuation of these activities.
- manages their subsequent restoration.
The scope of business continuity at A-GRC is to provide resilience for its critical business activities through the implementation of controls that minimise the impact of a disruption on its business products, services, employees and infrastructure.
It is A-GRC policy to:
- regard business continuity as a key organisational activity and maintain a comprehensive business continuity programme to implement and manage this.
- identify the critical business activities of A-GRC through business impact analysis on the events that could cause significant business disruption.
- implement an appropriate business continuity strategy, or strategies, that meets A-GRC’s needs.
- develop and implement plans to manage business disruptions that cover A-GRC’s information systems, business premises and employees.
- regularly test business continuity plans to ensure that they:
- maintain or rapidly recover critical activities.
- maintain the availability of key resources to support critical activities.
- prevent or limit the disruption to employees and Clients.
- define the responsibilities of employees involved in business continuity activities and provide training to ensure that these responsibilities can be carried out successfully.
- provide training to raise employee awareness of business continuity.
- regularly review A-GRC business continuity activities, policies, plans, tests, and responsibilities to ensure that the business continuity strategy, or strategies, remains appropriate to its needs.
This policy, and the subordinate policies, processes, and procedures to this document, provides a clear statement of our commitment to ensure that critical A-GRC business activities can be maintained during a disruption. This policy is subordinate to the A-GRC Information Security Policy which also gives further guidance on risk management and information assurance.
A-GRC has implemented ISO 22301 to manage its business continuity operations and this is managed by our IMS.
A Business Continuity Management System (BCMS) provides the framework for the implementation of this policy within A-GRC, and is supported by a comprehensive set of processes and procedures. This system is regularly reviewed to ensure it remains effective and that all critical business activities are covered.
This policy is issued, reviewed at least annually and maintained by the Business Continuity Manager, who also provides advice and guidance on its implementation and ensures compliance.
All A-GRC employees shall comply with this policy.
Dated: 1 January 2018