View Current

Business Continuity Management Policy

This is the current version of this document. To view historic versions, click the link in the document's navigation bar.

Section 1 - Purpose and Scope

Purpose

(1) This Policy outlines the University's commitment and approach to Business Continuity Management.

Scope

(2) This Policy applies across all University operations.

(3) Educational collaboration partners are required to conduct their own Business Continuity Management.

Top of Page

Section 2 - Associated Documents

(4) This Policy should be read in conjunction with the:

  1. Business Continuity Management Framework;
  2. Business Continuity Plan;
  3. Enterprise Risk Management Policy;
  4. Emergency and Crisis Management Policy;
  5. Emergency Management Plan and Emergency Procedures;
  6. Disaster Recovery Plan;
  7. Student Critical Incident Management Policy; and
  8. Work Health and Safety Policy and Workplace Health and Safety Risk Management Procedures.
Top of Page

Section 3 - Definitions

(5) For the purpose of this Policy the following definitions apply:

  1. Business Continuity Management means the development, implementation and maintenance of policies, frameworks and plans, to assist the University to manage a Disruption to its business operations and to build entity resilience.
  2. Business Continuity means the capability of the University to continue to deliver services at acceptable levels following a Disruption.
  3. Business Continuity Plan means documented processes that guide the University to respond, recover, resume and restore to a pre-defined level of operation following a Disruption.
  4. Critical Business Functions means the business functions without which the University cannot remain viable.
  5. Disruption means an incident that interrupts Critical Business Functions, whether anticipated or not.
  6. Maximum Tolerable Period of Disruption (MTPD) means the period after which the University’s viability will be irrevocably threatened if a Critical Business Function cannot be resumed.
  7. Minimum Acceptable Service Level (MASL) means the minimum level of service for a Critical Business Function that is acceptable to the University during a Disruption.
Top of Page

Section 4 - Policy Statement

(6) The University is committed to the efficient and orderly resumption of its Critical Business Functions in the event of a Disruption.

(7) The University maintains a Business Continuity Framework that guides the development of a Business Continuity Plan and identifies priorities for the restoration and reinstatement of Critical Business Functions.

(8) The Business Continuity Plan will be activated following a Disruption to one or more Critical Business Functions.

(9) In the event of a Disruption, the University will work to reinstate operations at a capacity or level that is sufficient to perform and maintain Critical Business Functions.

(10) The University recognises that following a Disruption non-critical business functions will operate at a reduced level and require time to resume full capability, capacity and performance.

(11) The University will test, maintain and update the Business Continuity Framework and Business Continuity Plan on a regular basis.

(12) All staff should have an awareness and understanding of business continuity management and any business continuity plans for critical business functions within their work unit. Business Continuity Management should be considered during planning and as part of change processes

Top of Page

Section 5 -  Responsibilities

Vice Chancellors Group (VCG)

(13) The VCG is responsible for identifying:

  1. the University's critical business functions;
  2. the Maximum Tolerable Period of Disruption; and  
  3. Minimum Acceptable Service Levels.

(14) The VCG reviews the list of critical business functions annually.

Vice President (Operations)

(15) The Vice President (Operations) is responsible for:

  1. managing the University’s Business Continuity as outlined in this Policy and the Business Continuity Framework and Plan;
  2. conducting an annual review of the Business Continuity Framework and Plan; 
  3. annual testing of the Business Continuity Plan; and
  4. reporting periodically to the Audit and Risk Management Committee on the University’s Business Continuity Management.

Executive Members and Heads of Work Units

(16) Executive members and Heads of Work Units are responsible for:

  1. the development, implementation, maintenance and review of Business Continuity  Plans for the critical business functions within their area of responsibility; and
  2. ensuring their staff understand business continuity principles and any business continuity plans for their work unit.

Director, Property Services

(17) The Director, Property Services is responsible for:

  1. the development, implementation, maintenance and review of the campus closure Business Continuity Plan;
  2. coordinating the annual review of the Business Continuity Framework and Plan; and
  3. providing support and assistance to staff to implement the Business Continuity Framework.

Chief Information Officer 

(18) The Chief Information Officer is responsible for the development, implementation, maintenance and review of the Disaster Recovery Plan.