Australian Government - Attorney-General's Department

Protective
Security Policy
Framework

Achieving a Just and Secure Society

Skip breadcrumbHome » Governance » Business continuity management

Business continuity management

Business continuity management sets out the process entities are to follow in the event of a crisis and/or disruption to their business. Business continuity management is a part of an entity's overall approach to effective risk management.

Unforeseen events happen. In order for entities to return to business as usual after an event, they must be resilient and responsive and have an effective business continuity management program, which plays a key role in guiding an entity through a crisis or disruption to business.

Critical services and associated assets need to remain available in order to assure the health, safety, security and economic well-being of Australians, and the effective functioning of government. A key risk for entities is that they will be unable to remain operational in the event of a crisis and/or disruption to business.

GOV-11: Agencies must establish a business continuity management program to provide for the continued availability of critical services and assets, and of other services and assets when warranted by a threat and risk assessment.

Agencies are required to:

  • develop a governance structure establishing authorities and responsibilities for a business continuity management program, and for the development and approval of business continuity plans
  • within the context of the identification of assets, undertake impact analysis to identify and prioritise the entity's critical services and assets, including identifying and prioritising information exchanges provided by, or to other entities or external parties
  • develop plans, measures and arrangements to ensure the continued availability of critical services and assets, and of any other service or asset when warranted by a threat and risk assessment
  • undertake activities to monitor the entity's level of overall preparedness
  • make provision for the continuous review, testing and audit of business continuity plans.

An effective business continuity management process allows:

  • better understanding of uncertainty about the future
  • identification of the potential for different types of disruption
  • better planning for future management of those disruptions, and putting in place business improvements to reduce the likelihood and/or consequence of significant future disruption.

Further guidance

For further guidance refer to: