Business Continuity Policy
Business Continuity Management (BCM) is concerned with ensuring that an organisation can continue operating its critical activities in the event of a serious incident.
For the protection of the College’s Mission, Vision and Themes the College is committed to Business Continuity Management in all its activities and requires staff, students, contractors and other employers who work at the College and, where appropriate, suppliers and other stakeholders to contribute to a plan that engages in the four phases of BCM:
The scope of College activities is such that no plan can hope to anticipate every possible emergency situation that might affect the College and any attempt to do so is unlikely to be either cost-effective or worthwhile. The plan does not therefore seek to address any particular scenarios, but instead sets out to create a resilient organisation and a generic plan which will allow the College a flexible response to tackle any situation which may arise. Line management are expected to implement appropriate measures (examples might include, data backup; uninterruptable power supply to protect sensitive equipment from loss of power; dispersed storage or facilities) to improve the resilience of their activities so that in the event of an incident their activities are protected and recovery more expeditiously accomplished.
A key element of the above philosophy is the ability to assemble the people most appropriate to the management of the incident or crisis and this requires robust call out procedures. All staff that may be required to assist during an incident are required to provide their contact details to allow them to be contacted during both normal working and non-working hours.
Members of the Provost’s Board are responsible for their organisations’ compliance with the College’s BCM Plan. Organisations that are not legally part of the College but which occupy College premises must also comply with the BCM Plan. As identified above, every level of line management is responsible for arranging the implementation of the preparation necessary to provide an appropriate degree of resilience to the activities for which they are responsible. To facilitate this both non-academic and academic departments are expected to complete an Activity Impact Analysis. These measures should be routinely discussed and reviewed during normal management meetings. At a minimum, plans and preparation should be reviewed biennially and also during the introduction of any major new activity or project.
The Risk Management Department is responsible for maintaining and reviewing the BCP and supporting materials, including alignment with partner’s processes on shared sites. They are also available to provide advice as required and are responsible for arranging appropriate training.
Guidance and procedures are available on the Risk and Business Continuity website.
This Policy will be reviewed biennially by the Risk and Business Continuity Steering Committee and after any major incident.
Revised June 2015