~4-page information security policy template on business continuity.
This policy concerns the arrangements necessary to ensure the survival of the organisation despite serious incidents affecting critical business processes or activities plus the supporting IT systems, networks, people, business relationships etc. The approach involves a combination of:
- resilience engineering to reduce the probability and impact of serious incidents;
- recovery/resumption, efficiently and effectively restoring failed processes, systems etc. to operation; and
- general-purpose contingency arrangements in case other controls fail or prove inadequate in practice (e.g. if someone accidentally restores an old backup over the live production data).
The policy draws on good practices from ISO/IEC 27002, ISO 22301 and other standards and advisories, plus decades of practical experience in the field.
Supplied as an MS Word document, readily customised for your organisation's specific situation.