14. Business Continuity Management
Control objective: to counteract interruptions to business activities, to protect critical business processes from the effects of major failures of information systems or disasters and to ensure their timely resumption
A managed process, set out in DOC 14.1, has been developed and is maintained for business continuity throughout the Organisation; it addresses the information security requirements needed for the Organisation’s business continuity
Events that can cause interruptions to business processes are identified as set out in DOC 14.2, along with the probability and impact of such interruptions, and the risk assessment process (DOC 4.4) is extended to apply to business continuity risks. These risk assessments drive the business continuity planning framework (DOC 14.3)
The Organisation’s Business Continuity Plan is developed in line with DOC 14.1 and is set out in DOC 14.3. It enables the Organisation to maintain or restore operations and ensure availability of information at the required level and in the required time scales following interruption to, or failure of, critical business processes
A single framework (as described in DOC 14.1) of business continuity plans is maintained to ensure that the plan and all its sub-plans are consistent, to consistently address information security requirements, and to identify priorities for testing and maintenance
Business continuity plans are tested and updated regularly, in line with the requirements of DOC 14.4, to ensure that they are up to date and effective
Shaikh Salman Mohammed Al-Khalifa Mohammed Al-Amer
Director General of IT President of CIO
____________________________ _______________________________
On:
08 November, 2007
____________________________ _______________________________
Change history
Issue 1 08 November, 2007 Initial issue