psjenkins/ISMS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
draft
ISMS/01-policies/business-continuity-and-disaster-recovery-policy.md
Paul Jenkins 5eade2d99b Initial commit
2026-03-26 09:35:22 +00:00

2.3 KiB
Raw Permalink Blame History

Title: Business Continuity and Disaster Recovery Policy Document ID: [POL-BCDR-001] Version: 0.1 Draft Status: Draft Owner: CISO (Paul Jenkins) Approver: CEO (Paul Hague) Classification: Internal Effective date: [DD Month YYYY] Review date: [DD Month YYYY]

Business Continuity and Disaster Recovery Policy

Purpose

This policy defines BlackDice's high-level requirements for maintaining continuity of important activities and recovering from disruptive events.

Scope

This policy applies to in-scope business processes, technology services, supporting suppliers, information assets, and recovery arrangements relevant to BlackDice operations.

Objectives

  • reduce the impact of disruptive events on critical services and operations
  • define recovery priorities and continuity expectations
  • support coordinated response, recovery, and testing

Principles / Policy Statements

BlackDice must identify critical activities, dependencies, and recovery requirements relevant to in-scope services and business operations.

Continuity and disaster recovery arrangements must consider cloud platform dependencies, operator-hosted patterns where applicable, critical suppliers, and supporting internal processes.

Recovery strategies should be appropriate to service importance, data criticality, and customer commitments.

Plans must be maintained, accessible to authorised responders, and reviewed when material change occurs.

Continuity and disaster recovery arrangements must be tested at planned intervals.

Roles and Responsibilities

  • [Role] must oversee continuity and disaster recovery policy requirements.
  • Process and system owners must define recovery needs and supporting arrangements.
  • Management must support prioritisation, testing, and review.

Compliance / Exceptions

Gaps in continuity or recovery arrangements must be tracked and addressed through remediation or approved exception.

Monitoring and Review

This policy should be reviewed through exercises, incidents, service changes, supplier review, and management review.

Related Documents

  • Information Security Policy
  • Backup and Recovery Policy
  • Disaster Recovery Testing Procedure
  • Risk Assessment and Treatment Methodology

Version Control

Version Date Description of Change Author
0.1 Draft [DD Month YYYY] Initial draft. [Name or Role]
Reference in New Issue View Git Blame Copy Permalink