Policy Corporate Governance Business Continuity Policy
Business Continuity Policy
- Aboriginals and Torres Strait Islanders in Marine Science
- Courses
- Future Students
- Current Students
- Research and Teaching
- Partners and Community
- About JCU
- Reputation and Experience
- Celebrating 50 Years
- Academy
- Anthropological Laboratory for Tropical Audiovisual Research (ALTAR)
- Anton Breinl Research Centre
- Agriculture Technology and Adoption Centre (AgTAC)
- Living on Campus
- How to apply
- Advanced Analytical Centre
- Alumni
- AMHHEC
- JCU Aquaculture Solutions
- AusAsian Mental Health Research Group
- ARCSTA
- Area 61
- Association of Australian University Secretaries
- Australian Lions Stinger Research
- Australian Tropical Herbarium
- Australian Quantum & Classical Transport Physics Group
- Boating and Diving
- JCU-CSIRO Partnership
- Employability Edge
- Career Ready Plan
- Careers at JCU
- Careers and Employability
- Chancellery
- Centre for Tropical Bioinformatics and Molecular Biology
- CITBA
- CMT
- CASE
- College of Business, Law and Governance
- College of Healthcare Sciences
- College of Medicine and Dentistry
- College of Science and Engineering
- CPHMVS
- Centre for Disaster Solutions
- CSTFA
- Cyber Security Hub
- Cyclone Testing Station
- The Centre for Disaster Studies
- Daintree Rainforest Observatory
- Discover Nature at JCU
- Research Division
- Services and Resources Division
- Education Division
- Elite Athletes
- eResearch
- Environmental Research Complex [ERC]
- Estate
- Fletcherview
- Foundation for Australian Literary Studies
- Gender Equity Action and Research
- General Practice and Rural Medicine
- JC 'U' Orientation
- Give to JCU
- Governance
- Information for JCU Cairns Graduates
- Art of Academic Writing
- Art of Academic Editing
- Graduate Research School
- Graduation
- Indigenous Education and Research Centre
- Indigenous Engagement
- Indigenous Legal Needs Project
- Inherent Requirements
- IsoTropics Geochemistry Lab
- IT Services
- International Schools
- International Students
- Research and Innovation Services
- JCU Eduquarium
- JCU Events
- JCU Global Experience
- JCU Ideas Lab
- JCU Job Ready
- JCU Motorsports
- JCU Prizes
- JCU Sport
- JCU Turtle Health Research
- Language and Culture Research Centre
- CEE
- LearnJCU
- Library
- Mabo Decision: 30 years on
- MARF
- Marine Geophysics Laboratory
- New students
- Off-Campus Students
- Office of the Vice Chancellor and President
- Virtual Open Day
- Orpheus
- Outstanding Alumni
- Parents and Partners
- Pathways to university
- Planning for your future
- Placements
-
Policy
- Academic Governance
- Academic Management
- Engagement
-
Corporate Governance
- Academic Freedom and Freedom of Speech Policy
- Affiliation of a Residential College Policy
- Bullying, Discrimination, Harassment, and Sexual Misconduct Policy
- Business Continuity Policy
- Child Safety Policy
- Code of Conduct – University Council
- Compliance Policy
- Conduct of Council Elections Policy
- Conflicts of Interests Policy – University Council and its Committees
- Controlled and Non-Controlled Entities Policy
- Critical Incident Policy
- Data Governance Policy
- Distinguished Professor Policy
- Domestic and Family Violence Policy
- Emeritus Professor Policy
- Foreign Interference Policy
- General Practice Training Governance Policy
- Incident Management Policy
- Information Privacy Policy
- Legal Services Claims and Litigation Assistance Policy
- Organisational Structure Policy
- Records Management Policy
- Right to Information Policy
- Risk Management Policy
- Social Media Policy
- Staff Code of Conduct
- University Archives - Access
- University Seal Policy
- Visiting Speaker and Event Policy
- Policy Development and Review Policy
- Quality Enhancement Framework
- Reviews of Organisational Units and Thematic Areas - Policy and Procedures
-
Estate and Facility Management
- Advertising on Campus
- Alcohol Consumption on University Property
- Approval of Works to University Buildings and Site Infrastructure
- Authorised Use of University Facilities, Premises and/or Grounds for Non-core Purposes
- Environmental Policy
- High Voltage Access Policy
- Memorial Plaques
- Noise on University Sites
- Pets on Campus
- Real Estate Dealings Policy
- Security Policy
- Space Allocation and Management Policy
- Timetable and Class Registration Policy
- Tree Protection
- Vehicle Fleet Policy
- Weapons Policy
- Adaptive Workplace Policy
-
Financial Management
- Appendices
-
Assets (FMPM 200 - FMPM 399)
- FMPM 200 Overview - Assets & Cash Management
- FMPM 210 Cash
- FMPM 220 Policy - Bank Accounts
- FMPM 230 - Petty Cash Advances
- FMPM 300 Investments
- FMPM 320 Plant and Equipment
- Financial FMPM 322 - Acquisitions of Plant and Equipment
- FMPM 260 Other Advances
- FMPM 330 Non-Capital Assets
- FMPM 280 Official Stores
- FMPM 290 Prepayments
- FMPM 323 - Disposal of Property, Plant and Equipment Procedure
- FMPM 324 Stocktake
- FMPM 350 Intangible Assets
- FMPM 270-2 Accounts Receivable - Student Debtors - Penalties
- FMPM 240 Travel Advances (Students)
- FMPM 330 Non-Capital Assets
- FMPM 270-1 Accounts Receivable
- FMPM 250 - Policy Salary Advances
- Equity (FMPM 500 - FMPM 599)
- Expenses (FMPM 700 - FMPM799)
- Financial Management and Control (FMPM 800 - FMPM 899)
- Further Applications (FMPM 900 - FMPM 999)
- Introduction (FMPM 100 - FMPM 199)
- Liabilities (FMPM 400 - FMPM 499)
- Revenue (FMPM 600 - FMPM 699)
-
Human Resources
- Awards for Excellence Policy
- Bullying, Discrimination, Harassment, and Sexual Misconduct Policy
- Community and Indigenous Language Allowance
- Competency Pay for Tradespersons Policy
- Conflict of Interest Policy
- Early Retirement Policy
- Equal Employment Opportunity
- Honorary Appointments Policy
- Human Resources Policy Glossary
- Market Loading Policy
- Overpayment of Wages Policy
- Performance, Development and Recognition Policy
- Recruitment, Selection and Appointment Policy
- Relocation Assistance Policy
- Remote Working Policy
- Salary Packaging Program Policy
- Special Studies Program Policy
- Supported Wage System (SWS) Policy
- Digital Infrastructure
-
International and Admissions
- Attendance Monitoring Policy - English Language and Foundation Programs
- Enrolment Requirements for International Student Visa-Holders Policy
- Management of Off-Campus Operations, Ventures and Partnerships
- Transfer of International Student Visa Holders to Other Educational Institutions
- US Federal Student Aid-SAP & Return to Title IV Policy
- Admissions Policy
-
Learning and Teaching
- Blended Learning Policy
- Charter of Responsibilities for Academic Quality and Governance
- Coursework Academic Integrity Policy
- English Language and Numeracy Policy
- Graduate Attributes
- Graduate Certificate of Education (Academic Practice) Internal Sponsorship Policy
- Learning Teaching and Assessment Policy
- Policy Glossary
- Review of a Student’s Suitability to Continue a Course Involving Placement
- Student Digital Experience Policy
- Student Evaluation of Subjects and Teaching Policy
- Student Retention Policy
- Research Education
- Research Management
-
Student Matters
- Academic Progression Policy
- Administration of Commonwealth Scholarships Policy
- Attendance Monitoring Policy - English Language and Foundation Programs
- Award Finalisation and Graduation Policy
- Bullying, Discrimination, Harassment, and Sexual Misconduct Policy
- Copyright Policy and Procedure
- Coursework Enrolment Policy
- Coursework Scholarships, Grants and Prizes Policy
- Library Use Policy
- Student Code of Conduct
- Student Complaints Policy
- Student Disability Policy
- Student Fee Payments and Refunds Policy
- Student Review and Appeals Policy (effective from 01/01/2023)
- Student Special Circumstances Policy
- Transfer of International Student Visa Holders to Other Educational Institutions
- Student Results Policy
- Work Health and Safety
- Policy search
- PAHL
- Publications
- Professional Experience Placement
- Queensland Research Centre for Peripheral Vascular Disease
- Rapid Assessment Unit
- RDIM
- Researcher Development Portal
- Safety and Wellbeing
- Scholarships
- Contextual Science for Tropical Coastal Ecosystems
- Staff
- State of the Tropics
- Strategic Procurement
- Student Equity and Wellbeing
- Student profiles
- SWIRLnet
- TARL
- TESS
- TREAD
- TropEco for Staff and Students
- TQ Maths Hub
- TUDLab
- Unicare Centre and Unicampus Kids
- UAV
- VAVS Home
- Work Health and Safety
- WHOCC for Vector-borne & NTDs
- Media
- Copyright and Terms of Use
- Australian Institute of Tropical Health & Medicine
- Clinical Psychedelic Research Lab
Intent
The University acknowledges that business continuity management (BCM) plays an integral part in strategic and operational planning, risk management, operational management and decision-making throughout the organisation. A Business Continuity Management Plan (BCM Plan) will support implementation, monitoring and review of the Business Continuity Policy (BC Policy) and JCU business continuity arrangements more broadly.
The BCM Plan incorporates various elements from both the Good Practice Guidelines, Global Edition (GPG2013) issued by the Business Continuity Institute and ISO 22313:2012 and other recognised standards.
The BC Policy outlines the commitment of the University Council and Executive Management, towards establishing and maintaining a Business Continuity Management programme. The BCM programme is designed and built around the BC Policy which provides a commitment to:
- Communicate the importance of, and expectations surrounding BCM as it applies to certain University activities and services;
- Allocate BCM roles and responsibilities to staff for identifying and managing disruption related risks and provide adequate resources (human, financial, physical and technological) to manage business disruption effectively;
- Ensure consistent implementation of a business continuity management process across the University to ensure the continuity of critical business functions (Business Continuity Planning);
- Ensure an organised and effective approach to isolated incidents that could seriously impact critical business processes (Disaster Recovery Planning);
- Effectively manage incidents that may impact University reputation and the health and wellbeing of people associated with University activities (Emergency/Crisis Management Planning); and
- Integrate BCM within the University Risk Management Framework, Critical Incident Policy and the ICT Strategic Asset Management and ICT Operational Plans.
Scope
This BC Policy applies to all Divisions, Colleges, Centres and Institutes and significant University activities. The policy also applies to all University staff and affiliates, students, visitors and contractors engaged with facilities controlled by the University.
Specifically, this policy:
- Extends to all current and future activities, and new opportunities including those relating to JCU controlled entities;
- Emphasises the importance of robust business continuity management arrangements being developed and applied to all key activities/services based on the risks of disruption that may impact them;
- Includes assessing and identifying critical suppliers of goods and services to the University, as well as partners or stakeholders where a business disruption may have an upstream or downstream effect on University activities or processes; and
- Ensures systems, processes and documentation are established for staff to use when developing and implementing business continuity plans within their Divisions and/or business units.
Definitions
Business Continuity | The capability of the University to continue delivery of services at acceptable predefined levels following a disruptive event (e.g. cyclone, cyber- attack, etc.). Definition from ISO 22300 |
Business Continuity Policy (BC Policy) | The key document that sets out scope and governance of the BCM programme. The policy reflects the reasons for why the programme is being implemented (GPG2013) |
Business Continuity Management Programme (BCM programme) | Ongoing management and governance process supported by the University Executive and Council of JCU. The BC programme is appropriately resourced to implement and maintain business continuity management (ISO 22301) |
Business Continuity Management System (BCMS) | Part of the overall management system that establishes, implements, operates, monitors, reviews, maintains and improves business continuity (ISO 22301) |
Business Continuity Plan (BCP) | Documented procedures that guide the University to respond, recover, resume and restore to a predefined level of operation following disruption (ISO 22301) |
Business Impact Analysis (BIA) | Process of analysing University activities and the impact that a business interruption might have on those activities (ISO 22301) |
Business Continuity Lifecycle (BCM Lifecycle) | A series of business continuity activities which collectively cover all phases of the BCM programme (GPG2013) |
Critical Incident Management Group | The Critical Incident Management Group is the body of people convened by the Chief Coordinator to manage the University’s response to a Critical Incident |
Chief Coordinator | Chief of Staff, or Vice Chancellor’s nominee |
Policy
1. Business Continuity Management Lifecycle
The University has adopted the GPG2013 Business Continuity Management Lifecycle (BCM Lifecycle) model as the basis for business continuity management. The model is shown below:
The model identifies the six stages of activity the University must move through (and repeat) with the overall aim of improving University resilience. More detailed procedural information on the application of the BCM Lifecycle is contained in the University BCM Framework document.
1.1 Management Practices
1.1.1 Policy and Programme Management
This is the start of the BCM Lifecycle (and purpose of this document). This stage defines the University policy relating to Business Continuity and how the policy will be implemented, controlled and validated through a BCM programme.
1.1.2 Embedding BC
This is the stage where the University continually seeks to integrate BC into “day-to-day” activities and organisational culture. Staff need to be aware of BC and understand their roles within the BCMS.
1.2 Technical Practices
1.2.1 Analysis
In the Analysis stage, a review and assessment of the University is performed in terms of what its objectives are, how it functions and the environmental (contextual) constraints within which the University operates.
1.2.2 Design
In this stage the University identifies and selects appropriate strategies and tactics to determine how recovery from a disruption will be achieved to re-establish continuity.
1.2.3 Implementation
This is the stage of the BCM lifecycle that executes the agreed strategies and tactics through the process of developing a Business Continuity Plan (BCP).
1.2.4 Validation
The final stage to confirm the BCM programme meets the objectives of the University as set out in the BC policy. Validation that the University BCP is fit for purpose also occurs at this stage.
2. Roles and Responsibilities
2.1 University Council
The University Council sets policy for the University’s business continuity management, based on advice from the Audit, Risk and Compliance Committee of Council. The Council also provides strategic direction to business continuity management including resources and infrastructure related to emerging risks and changing internal/external risk context.
2.2 Audit, Risk and Compliance Committee
The Audit, Risk and Compliance Committee provides high-level guidance and structure to the University’s Business Continuity Management System and monitors results of BCP testing and awareness programs to ensure consistency and coverage across all Divisions, related business units and significant activities.
2.3 University Executive
The University Executive are the Business Continuity Plan owners with responsibility for ensuring all critical functions under their responsibility have established business continuity plans, and these plans are maintained and reviewed in accordance with the BCM Lifecycle.
2.4 Chief of Staff Office
The Chief of Staff Office for the purpose of the BC Policy includes the Risk and Compliance Officer and Insurance Officer. It is responsible for the implementation of business continuity management including the oversight of appropriate documentation, training, testing and monitoring of the BCM programme.
Media and communications in the event of a critical incident is managed by specialist staff within the Chief of Staff Office. Refer to the Incident Management Policy and Critical Incident Procedures.
2.5 Divisional and other Business Units
Directorates and Colleges within Divisions as well as Centres and Institutes must appoint a Business Continuity Function Owner (BC Function Owner).
Divisional and other business units, including JCU controlled entities, must determine their business continuity priorities and carry out an initial risk assessment on potential disruptions to activities. They are required to follow the BCM Lifecycle as it applies to their business continuity planning.
2.6 Business Continuity Function Owner
The BC Function Owner has responsibility for the implementation of continuity arrangements should a critical function be disrupted. The BC Function Owner is required to follow instructions issued by the Critical Incident Management Group or their Supervisor depending on the nature and scale of the response.
2.7 Critical Incident Management Group (CIMG)
The CIMG oversees and prioritises recovery efforts and considers the strategic direction of recovery during a business disruption. The CIMG provides leadership and control in the overall co-ordination, decision-making and communications process until recovery to predefined levels of University operations is achieved.
2.8 All Staff
Every staff member is expected to understand the importance of business continuity and familiarise themselves with this policy. Staff must support the BC programme to ensure business disruption is managed appropriately. Improved response will be achieved by staff actively taking part in awareness and training sessions as required.
Related policy instruments
The following key policies and business unit intranet site give effect to this policy:
Incident Management Policy and Critical Incident Procedures
Health, Safety and Environment Policy
Related documents and legislation
The listing below is not meant to be exhaustive and contains key legislation and standards as updated from time to time:
Disaster Management Act
Work Health and Safety Act
Biosecurity Act
Environmental Protection Act
Fire and Emergency Services Act
Police Powers and Responsibilities Act
Building Fire Safety Regulation
Security Providers Act
Business Continuity Guidelines Global Edition 2013
AS/NZS 5050:2010 Business continuity - Managing disruption-related risk
ISO 22301: 2012 Societal security – Business continuity management systems - Requirements
ISO 22300: 2012 Societal security – Terminology
AS/NZS ISO 31000:2009 – Risk management – Principles and guidelines
Administration
NOTE: Printed copies of this policy are uncontrolled, and currency can only be assured at the time of printing.
Approval Details
Policy Sponsor | Vice Chancellor |
Approval Authority | JCU Council |
Date for next Major Review (in accordance with the Policy Handbook) | 07/12/2022 |
Revision History
Version | Approval date | Implementation date | Details | Author |
18-1 | 07/12/2017 | 01/03/2018 | Policy established | Chief of Staff |
Keywords | Business, crisis, emergency, risk, management, framework, policy, programme |
Contact person | Chief of Staff |