AS NZS 5050:2010 pdf free download – Business continuity一 Managing disruption-related risk.
NOTES Whether conducted by internal or esternal sources. the independence of an audit is
determined by the status of the engaging party the result of an audit will be an assessment against the initial criteria and it will usually provide suggestions for system improvements based on what thc auditors have observed.
13.4 Business impact analysis (1114)
Detailed risk analysis thai examines the nature and extent of disruptions and the likelihood of the resulting consequences.
NOTE: May include consideration of the organization’a business functions, people. processes. infrastructure, resources, information. interdependencics and the nature and extent of capability loss over lime.
13.5 Business lanetion
Single process or combination of processes contributing to a linal definable output or objective.
NOTES-
1 A business l\tnction may be a single structural unit of the organization. or may require activity across several structural units,
2 A single structural unit may have resprsnsihility for one or more business functions.
3 A function may he performed by an outsourced or third pariy provider.
4 May also be referred to as ‘busines.s activity’.
1.3.6 Capability
Ability and capacity of people. functions, processes and/or infrastructure to undertake required actions or activities.
1.3.7 Communication and consultation’
Contioual and iterative processes that an organization conducts to provide, share or obtain information, and engage in dialogue with stakeholders regarding the ntanagemertt of disruption-related risk.
Consultation is a process which impacts on a decision through influence rather than power:
an input to decision-making. not joint decision-making.
2 Consultation Is a two-way process of informed communication between an organization and its stakeholders on an issue prior to making a decision or dciermining a course of action.
1.3,8 Contingency plan
Any plan of action that allows an organization to respond to events should they occur.
NOTES:
1 This includes all plans that deal ith stabilization, continuity of critical business functions and recovers.
2 Some types of contingency plans may have been described by terms such as ‘business continuity plan’ and ‘disaster recosery plan’.
13.9 ContIngent capability
Supplementary resources pros idcd specifically to enable an organization to respond to events should they occur.
The internal factors include, but are not limited to—
(i) governance arrangements including policies, structures, roles and accountabilities and decision-making processes (both formal and informal);
(ii) objectives, and the strategies that are in place to achieve them.
(iii) capabilities, understood in terms of resources and knowledge (e.g. capital. time, people, processes. systems and technologies):
(iv) information systems, reporting and other information flows:
(v) the organization’s culture; and
(vi) standards and guidelines adopted by the organization.
For each of the above set of factors, past experience. the present situation and potential future circumstances should be considered.
3.3.2 Establishing the policy
The polic should clearly state the organization’s objectives for, and commitment to. the management of disruption-related risk and typically addresses—
(a) the organization’s rationale for ensuring business continuity;
(b) links between the organization s objectives and policies and this policy;
(c) accountabilities and responsibilities for managing this type of risk;
(d) commitment to make the necessary resources available to assist those accountable and responsible for managing this type of risk: and
(e) the way in sshich performance against this policy will be measured and reported: and
(f) commitment to review and improve the policy and frarnessork periodically and in response to an event or change in circumstances.
