Business Continuity Policy
Business Continuity is the capability of the organization to continue delivery of services at acceptable predefined levels following a disruptive incident (ISO 22301).
For the protection of the College’s Mission, Vision and Themes the College is committed to Business Continuity in all its activities and requires staff, students, contractors and other employers who work at the College and, where appropriate, suppliers and other stakeholders to contribute to a plan that engages in the four phases:
The scope of College activities is such that no plan can hope to anticipate every possible emergency situation that might affect the College and any attempt to do so is unlikely to be either cost-effective or worthwhile. The plan does not therefore seek to address any particular scenarios, but instead sets out to create a resilient organisation and a generic plan which will allow the College a flexible response to tackle any situation which may arise. Line management are expected to implement appropriate measures (examples might include, data backup; uninterruptable power supply to protect sensitive equipment from loss of power; dispersed storage or facilities) to improve the resilience of their activities so that in the event of an incident their services are protected and recovery more expeditiously accomplished.
A key element of the above philosophy is the ability to assemble the people most appropriate to the management of the incident or crisis and this requires robust call out procedures. All staff that may be required to assist during an incident are required to provide their contact details to allow them to be contacted during both normal working and non-working hours.
Members of the Provost’s Board are responsible for their organisations’ compliance with the College’s Business Continuity Plan. Organisations that are not legally part of the College but which occupy College premises must also comply with the Business Continuity Plan. As identified above, every level of line management is responsible for arranging the implementation of the preparation necessary to provide an appropriate degree of resilience to the activities for which they are responsible. To facilitate this both non-academic and academic departments are expected to complete an Impact Analysis. These measures should be routinely discussed and reviewed during normal management meetings. At a minimum, plans and preparation should be reviewed biennially and also during the introduction of any major new activity or project.
The Head of Business Continuity is responsible for maintaining and reviewing Business Continuity Plans and supporting materials, including alignment with partner’s processes on shared sites. Provision of advice and training will also be provided.
This Policy will be reviewed biennially by the Risk and Business Continuity Steering Committee and after any major incident.