View Current

Business Continuity Management Policy

This is the current version of this document. You can provide feedback on this policy to the enquiries contact - refer to the Status and Details on the document's navigation bar.

Section 1 - Audience

(1) This policy applies to all staff and areas of the University.

Top of Page

Section 2 - Executive Summary

(2) Business continuity management (BCM) is an important component of the University's risk management program. BCM is the development, implementation and maintenance of policies, procedures, plans and strategies that assist the University to resume business operations in the event of an emergency, crisis or disruption-related incident.

(3) Effective business continuity management builds operational resilience and provides assurance to the University Council, Risk Committee and Vice-Chancellor that disruption related risks are clearly identified and managed appropriately, with consideration to Council's risk appetite and objectives.

Top of Page

Section 3 - Purpose

(4) The University is committed to business continuity management and has integrated the process for effective business continuity management, roles, and responsibilities into operations as outlined in the Business Continuity Management Framework

(5) This Policy, the Business Continuity Management Framework and/or other supporting documents provide guidance to ensure that appropriate plans are in place to manage disruptive incidents. These documents facilitate a consistent approach and culture to business continuity management across the University.

(6) Sound business continuity management minimises business interruption through identification of major disruption-related risks that could impact critical business processes and the development and implementation of preventative and responsive recovery strategies and plans. 

Top of Page

Section 4 - Scope

(7) The University has established and maintains an Emergency Planning Committee to facilitate the operational elements of the Business Continuity Management Framework

Top of Page

Section 5 - Principles

(8) This policy and the Business Continuity Management Framework has been prepared based on the International Standard which has been adopted by Standards Australia, AS/ISO 22301:2012 (Societal Security – Business Continuity Management Systems), and The Business Continuity Institute’s – Good Practice Guidelines (GPG) 2018 Edition.

Top of Page

Section 6 - Details

(9) The Council's responsibilities for risk are set out in the University of Newcastle Act 1989 No 68 and in the statement of primary responsibilities adopted by Council. Business continuity management forms an important component of the risk management process.

(10) The Risk Committee has delegated authority to oversee and regularly review the management of risks. This includes the process for business continuity management.

(11) The Vice-Chancellor is responsible for ensuring that a business continuity management program is established and providing leadership on the implementation and maintenance of the Business Continuity Management Framework in line with the Council's risk appetite.

(12) Executive Committee provides advice to the Vice-Chancellor on matters of business continuity management and provides leadership in portfolio areas. In addition, each Executive Manager is responsible for the sustainability of key critical business processes within their unit.

(13) The Emergency Planning Committee is responsible for overseeing the development, implementation and maintenance of the University's emergency planning, critical incident and business continuity management program. This includes testing the University's responsiveness to potential threats and emergency situations on an ongoing basis, and supporting the post incident review (PIR) process.

(14) The Critical Incident Team (CIT) is responsible for the coordination and management of a disruptive event that has a significant impact on health and safety or other operations. The CIT has delegated authority to make decisions, direct staff and students, communicate with key stakeholders including the media and authorise expenditure. Where incidents occur at the University and are ultimately controlled through State or Federal agencies, the CIT coordinate the University response to those agencies.

(15) The management of business continuity is the responsibility of all staff and is incorporated into academic, strategic and operational planning and review processes at all levels across the University. University Leaders are responsible for the implementation of the Business Continuity Management Framework within their respective areas of responsibility.

(16) The Director, Assurance Services is responsible for facilitating the development, implementation, review and continuous improvement of the Business Continuity Management Framework, including programs and tools for the continued availability of critical business activities and resources.

(17) The Business Continuity Management Framework provides the guidelines to assist University staff to understand their obligations under this policy. 

Top of Page

Section 7 - Related Documents

(18) Business Continuity Management Framework

(19) Risk Management Policy

(20) Risk Management Framework

Top of Page

Section 8 - Review Process

(21) The Director, Assurance Services is responsible for review of this policy at least annually.