SecAware materials

SecAware logo

~5-page information security policy template on business continuity.


This policy concerns the arrangements necessary to ensure the survival of the organisation despite serious incidents affecting critical business processes or activities plus the supporting IT systems, networks, people, business relationships etc.  The approach revolves around resilience engineering to reduce the probability and impact of serious incidents, supplemented by recovery/resumption and general-purpose contingency arrangements in case the preventive controls fail or prove inadequate in practice.


The policy draws on good practices from ISO/IEC 27002, ISO 22301 and other standards and advisories, plus decades of practical experience in the field.


Supplied as an MS Word document, readily customised for your organisation's specific situation.

Business continuity policy