Business Continuity Management Policy

Purpose

The purpose of this policy is to affirm the University's commitment to business continuity management.

Through the adoption of business continuity best practices the University of Otago will achieve its objective to restore its critical administrative, academic, and research activities as soon as possible following a major disruptive event.

This Business Continuity Management Policy forms part of the Business Continuity Management Framework at the University of Otago, which is aligned to the Business Continuity Management Systems standard ISO22301:2012.

Organisational scope

This policy applies to all staff and to all activities of the University.

The University is not responsible for developing business continuity management policy for its related entities. The Boards of related entities will be responsible for establishing their own business continuity management framework and processes.

Definitions

Business Continuity

The capability of the organization to continue delivery of products or services at acceptable predefined levels following a disruptive incident.

Business Continuity Management

The process that identifies potential threats to an organisation and the impacts to business operations those threats, if realised, might cause, and which provides a framework for building organisational resilience with the capability of an effective response that safeguards the interests of its key stakeholders, reputation, and brand activities.

Business Continuity Plan

Documented procedures that guide the University to respond, recover, resume, and restore to a pre-defined level of operation following disruption.

Business Impact Analysis

The process of analysing activities and the effect that a business disruption might have upon them.

Related Entity

An organisation that is related to the University through partial or full control/ownership.

Content

1. The University is committed to carrying out its activities with the highest regard for the health and safety of its staff, students, and the public, and to protecting its assets and reputation.
2. The University of Otago will therefore:
   1. Establish Business Continuity Plans to ensure business continuity for its key administrative, academic and research activities.
   2. Annually review and update the plans, including the periodic maintenance of the Business Impact Analyses upon which they are based. The process to be followed to complete a Business Impact Analysis and its related Business Continuity Plan is detailed in the Business Continuity Framework.
   3. Review the plans following any major operational or structural changes.
   4. Undertake regular plan validation exercises for staff training and evaluation purposes.
   5. Require management to develop, maintain and devolve business continuity planning within their areas of responsibility.
   6. Encourage the active participation of staff in business continuity matters and ensure that key personnel are able to perform competently during a major disruptive event.
3. These initiatives will be coordinated with activities detailed in the University's:
   1. Emergency Management Plan, which provides for a first response to a critical disruption.
   2. Information Technology Services Disaster Recovery Plan, which focuses on the resumption of critical information technology systems and data.

Related policies, procedures and forms

• Business Continuity Management Framework
• Emergency Management Policy
• Emergency Management Plan
• Risk Management Policy
• Risk Management Framework

Contact for further information

If you have any queries regarding the content of this policy or need further clarification, please contact:

Mark Cartwright
Head, Office of Risk, Assurance and Compliance
Email mark.cartwright@otago.ac.nz