Policy on Business Continuity

Transcription

1 Status: Approved Custodian: Executive Office Date approved: Implementation date: Decision number: SAQA 07102/13 Due for review: File Number:

2 Table of contents 1 Preamble Purpose Ownership Scope of Practice Related Procedure: Type of Policy Definitions Responsibilities

3 1 Preamble The South African Qualifications Authority (SAQA) recognises the importance of comprehensive Business Continuity Planning so that SAQA can continue to operate, to some extent, during and after a disaster, to ensure the continued availability of employment of its employees and services for those we serve. 2 Purpose The purpose of the Business Continuity Policy is to have a plan in place to ensure the effective availability of essential information, products and services, to protect SAQA from, or minimise the impact of a disaster. 3 Ownership The Executive Office is the custodian of this Policy. 4 Scope of Practice 4.1 The Policy applies to all the key business processes of SAQA. All employees of SAQA will be bound by the Policy. Contractors and employees who are or may be in a position to affect the business processes or services of SAQA shall be required to acknowledge their acceptance of all or relevant sections of the Policy. 4.2 The Policy sets out the responsibilities of SAQA employees. It does not create any basis for one employee to become legally liable to another. 5 Related Policies and Procedures: The following policies and procedures relate to this Policy: 5.1 Policy on Information Security 5.2 Disaster Recovery Plan 5.3 Information Technology Disaster Recovery Plan 5.4 SAQA Procedure on Emergency Evacuation 6 Type of Policy This Policy is of strategic nature 7 Definitions None. 3

4 8 8.1 It is the policy of SAQA that a comprehensive Business Continuity Plan (BCP) is developed and maintained on an annual basis, to ensure that essential services and business can continue after a disaster. 8.2 The successful implementation of the Policy on Business Continuity (hereafter the Policy ) cannot be achieved without the cooperation of all directorates. It is crucial, therefore, that all are aware of, and fully comply with the general requirements outlined in the Policy and also those specific to their office and function. This includes existing policies such as the Policy on Information Security. 8.3 When implemented, the BCP should include those procedures and support agreements which ensure on-time availability and delivery of SAQA's required information and services. 8.4 Each directorate in SAQA is responsible for current and comprehensive Business Continuity Planning, which includes the regular (at least twice per year) updating of procedures and monthly updating of all contact details or as changes occur. 8.5 The BCP must be tested at least annually (in accordance with paragraph 9.2 below) in a simulated environment to ensure that it can be implemented in emergency situations and that the management and staff understand how it is to be executed. 8.6 All staff must be made aware of the BCP and their own respective roles. It is each Director s responsibility to make sure that staff knows about the policy. 9 Responsibilities 9.1 Executive Office The Deputy Chief Executive Officer is responsible for: Managing the Policy and granting sanction for specific and necessary deviation from the Policy. Facilitating a review, before the end of October every year, by the Executive Management Team, of the overall BCP as well as Directorates Business Continuity Plans. Ensuring the implementation of the Policy and its consequential procedures, including its associated administrative and monitoring procedures 4

5 9.2 Directorate: Information Technology The responsibilities of the IT Directorate will include: To advise the Executive Management Committee on the sufficiency and effectiveness of its Policy on Business Continuity and drafting any necessary amendments for the Executive Management Committee. To ensure adherence to the SAQA Disaster Recovery Plan as laid down by the Policy on Information Security. To ensure that an up-to-date copy of SAQA's BCP is stored safely at an off-site location To schedule, before the end of December each year, a test of the BCP and to report on the outcomes of the test to the following I & IT Steering Committee Meeting. 9.3 Directors 9.4 Staff It is a collective responsibility of Directors to implement the Policy within the operational procedures of their areas. Directors are responsible for ensuring that the Business Continuity Plan of their Directorate is kept up to date on an annual basis. Staff complement details are updated as changes occur. Directors are responsible to ensure that their staff are aware of the Business Continuity Policy and Plan, and how it relates to the operations of their Directorate. Directors are responsible for initiating any disciplinary measures against employees who fail to comply with the Policy. Each employee must be aware of the Policy. Each employee must understand and comply with the Policy. Each employee must be aware of his or her role and responsibilities as stipulated in the BCP. 9.5 Disciplinary procedure Any breach of the Policy or associated policies may result in SAQA taking disciplinary action against an employee. Details of the disciplinary process are in line with the Disciplinary Procure, and can be obtained from the Directorate: Human Resources. 5