Clause 5 : Leadership

Leadership

It’s very important to implement BCMS that all levels of management should demonstrate leadership in their capacity to fulfill business continuity policy and objectives in support of top management. Demonstration may be achieved using techniques of motivation, engagement and empowerment.

Management commitment

Top management should demonstrate its commitment and provide evidence of its commitment to the development and implementation of the BCMS and continually improving its effectiveness.

·         Check the BCMS is compatibility with the strategic direction of the organization

·         Complying with applicable legal requirements and any other requirements.

·         Creating business continuity policy and objectives according to the organization purpose.

·         Nominate one or team that have authority and competencies to be responsible for the system.

·         Check with the BCMS team the availability of resources.

·         Communicating the BCMS policy and objective to the organization.

·         Check the internal audits for the BCMS and the audit report.

·         Effective management review and outcomes.

·         Directing and supporting continual improvement

There are some ways to do the above

·         Steering committee meetings.

·         Exercising and testing contribution.

Policy:

·         Top management should ensure that the policy is appropriate to the organization purpose and objectives.

·         Provide the basis for setting BCM objectives.

·         contains commitments to meeting legal and regulatory requirements and to continual improvement of the BCMS

·         Policy should be available to interested parties after management approval and on-going maintenance periodically and whenever significant changes to internal or external factors occur.

·         Scope should be clearly defined in the policy as well as the exclusions.

·         Owner and responsible person or team.

·         Comply with the standard and other policies.

 

Organizational roles, responsibilities and authorities

A member of top management should have overall responsibility for the BCMS.

Top management should nominate representative, should have defined roles, responsibilities and authority for:

·         Ensuring that the business continuity programme is established implemented and maintained in accordance with the business continuity policy;

·         Reporting on the performance of the business continuity programme to top management for review and as the basis for improvement;

·         Promoting awareness of the programme throughout the organization; and

·         Ensuring the effectiveness of procedures developed for incident response, but not necessarily in their implementation during an incident.

It’s very important to implement BCMS to know that all roles, responsibilities and authorities in the BCMS should be defined and documented and be subject to audit.

 

Reference to ISO 22313