This policy is current as at 27/05/2018 10:05pm, AEST. Please refer to policy library website (https://education.nsw.gov.au/policy-library) for an updated version.
Requirements for managing the effects of severe unexpected events which impact the continuity of the Department’s operations, or threaten the safety and security of people, reputation, brand and value creating activities.
The department provides, funds and regulates education services for NSW students from early childhood to secondary school. Through Aboriginal Affairs, the department works with Aboriginal communities to promote social, economic and cultural wellbeing. The operational, financial, social and political consequences of a major disruption to critical services would be unacceptable.
This policy and its supporting documents aim to ensure that the department has arrangements in place to prevent, prepare for, respond to and recover from a disruptive event so that critical business functions and services are maintained at an acceptable level.
Senior executives (deputy secretaries, executive directors or directors) are required to assess and manage the risks of disruption to critical business functions for which they are accountable.
Senior executives accountable for critical business functions are required to develop, maintain and test Business Continuity Plans (BCPs) at least on an annual basis to ensure that essential services are maintained at an acceptable level during a major disruptive event, and restored to full functionality within an acceptable timeframe.
Senior executives who are responsible for the delivery of one or more critical business functions are referred to as the Business Continuity Owner (BCO) of their BCP.
Each BCP must identify the senior executive(s) with the authority to approve and activate (and deactivate) the relevant BCPs in the event of a localised business disruption.
Each BCP must be approved by the BCO and their deputy secretary.
In the event of the disruption affecting a number of critical business functions in multiple divisions and affecting the operations of the department as a whole, the Deputy Secretary, Strategy and Evaluation will mobilise the Business Continuity Response Team (BCRT) to activate the department-wide BCP. The BCRT, led by the appointed Incident Controller will prioritise and coordinate the department’s business continuity response and recovery efforts. The department-wide BCP must be approved by the BCRT. The BCRT must activate (and deactivate) the department-wide BCP in the event of a disruption that affects the operations of the department as a whole in accordance with the BCRT Charter.
When a BCP is activated, senior executives must ensure that the required people, information, facilities, assets and other infrastructure are available to ensure business continuity and recovery. Staff must re-prioritise their efforts to the delivery of critical business functions and services and the recovery of normal business operations. The BCO must also advise Corporate Governance (Strategy and Evaluation) when their BCP is activated as this may inform the activation of the department-wide BCP.
In the event that the incident endangers or threatens to endanger life, property or the environment, emergency management always takes priority over business continuity arrangements. BCPs are only activated once the health and safety of staff and bystanders have been assured.
In the event of an emergency, the department is required to implement its Emergency Management Plans (EMPs), as required by the department’s Emergency Management guidelines. Emergency management is handled by the department’s Health and Safety Directorate.
In the event of an emergency affecting the operations of the department as a whole, the Emergency Planning and Response Committee (EPRC) will coordinate the department’s emergency response.
This policy applies to all business units with the department.
The Business Continuity Management policy is an essential element of the department’s broader corporate governance, and Enterprise Risk Management framework.
This policy is supported by the Business Continuity Management guidelines, toolkit and templates to assist with business continuity planning.
This policy and guidelines reflect the international standard for business continuity management systems, ISO 22301:2012 and best practice.
The implementation of this policy is overseen by the Enterprise Risk Management Group and the Audit and Risk Committee.
Staff also have responsibilities for identifying and managing risk under the department’s Enterprise Risk Management policy, and responsibilities relating to health and safety, emergency response planning and incident notification under the department’s Work Health and Safety policy and Incident Reporting policy.
The Executive Director of Policy Coordination and Governance is responsible for monitoring the implementation of this policy, and reviewing it (at least) every three years.
Chief Risk Officer, Corporate Governance, Policy Coordination and Governance, (02) 9561 1029; firstname.lastname@example.org
This information is current as at 27/05/2018 10:05pm, AEST. For the most up-to-date information, go to https://education.nsw.gov.au/policy-library/policies/business-continuity-management-policy.
© State of New South Wales (Department of Education), 2018. For more information go to https://education.nsw.gov.au/about-us/rights-and-accountability/copyright.