Transcription of Business Continuity Management Standard and …
1 Business Continuity Management Standard and guide AE/HSC/NCEMA 7000: 2012. Version 1. His Highness Sheikh Khalifa Bin Zayed Al Nahyan President of the United Arab Emirates Chairman of the Supreme Council for National Security His Highness Sheikh Mohammed Bin Rashid Al Maktoum Vice President and Prime Minister of the UAE and Ruler of Dubai Vice Chairman of the Supreme Council for National Security His Highness Sheikh Mohammed Bin Zayed Al Nahyan Crown Prince of Abu Dhabi Deputy Supreme Commander of the UAE Armed Forces Member of the Higher National Security Council His Highness Sheikh Hazza Bin Zayed Al Nahyan National Security Advisor Chairman of NCEMA Board United Arab
2 Emirates The Supreme Council for National Security National Emergency Crisis and Disasters Management Authority (NCEMA). Business Continuity Management Standard and guide AE/HSC/NCEMA 7000: 2012. Version 1. Use Key This book is a Standard benchmark to build an entity's capability to continue functioning and delivering its core services in times when emergencies disrupt or stop its Business . Part 1 Specifications Includes the specifications, and sets out all key parts and elements of the program. Part 2 guide Interprets clearly how the elements mentioned in part 1 work. The sections in part 2 reflect their counterparts in part 1, bearing the same numbering system.
3 For example, paragraph 8-2-1 in part 1 corresponds to paragraph A-8-2-1 in part 2, etc. Part 3 Toolkit Includes sample BCM templates. We have set one template for the Business Continuity plan as an example that can be used. When updates are made in the future, we will set other supporting templates. This Standard doesn't contradict with any other document issued by the National Emergency Crisis and Disaster Management Authority (NCEMA). In case of any contradiction, please refer to the documents concerned and follow them. This Standard and guide are only to manage Business Continuity . This document is a Standard to manage Business Continuity .
4 Preface: The development and issuance of this Standard took roughly eighteen months. The project was initiated in early September 2009. A respectable number of bodies, companies, global experience houses together with numerous global specialists took part in producing this Standard , under the leadership and supervision of the National Emergency Crisis and Disaster Management Authority (NCEMA) that is operating under the umbrella of the Supreme Council for National Security. Participating Bodies in Standard development: A team from the National Emergency Crisis and Disaster Management Authority 12.
5 Members from Abu Dhabi Executive Council Specialists from Abu Dhabi Accountability Authority (ADAA). Members from Abu Dhabi Information Center Bodies participating in the specialized review of the Standard : British standards Institute (BSI). Business Continuity Institute (BCI). Disaster Recovery International Institute (DRII). Bodies participating in technical review: Office of the Supreme Deputy Commander of the UAE Armed Forced Office of the Chief of Staff of the Armed Forces Ministry of Interior Ministry of Foreign Affairs General Department of State Security Ministry of Health Ministry of Transport Ministry of Labor Ministry of Energy Ministry of Economy General Civil Aviation Authority Securities and Commodities Authority Telecommunications Regulatory Authority Federal Electricity & Water Authority Chamber of Commerce and Industry Federal Authority for Nuclear Regulation Supreme Petroleum Council National Media Council Federal Customs Authority Central
6 Bank of the General Information Authority 13. Table of Contents Use key 12. Preface 12. Keynote of HH National Security Advisor 18. Introduction 20. Part 1: Specifications 22. 1: Introduction 23. 1-1 Purpose 23. 1-2 Responsibilities 23. 1-3 Hierarchy of Plans and Authorities 23. 2- Accountability Level 24. 3- Compliance 24. 3-1 Delegation of Authority 24. 3-2 Controls Set by Legislative Authorities 24. 4- Applicability 24. 5- Scope 24. 5-1 Scope of the Standard 24. 5-2 entity's Scope of Business Continuity Capability 25. 6- BCM Standard Requirements 25. 6-1 Requirements 25. 6-2 Requirements to define BC Capability 25.
7 7- BCM Documentation and Records 26. 7-1 Required Documents 26. 7-2 Controlling BCM Documentation and Records 26. 7-2-1 Documentation and Record Features 26. 8- Business Continuity Program Establishment 27. 8-1 Setting a Business Continuity Program 27. 8-2 Top Management Engagement 27. 8-3 Business Impact Analysis (BIA) 27. 8-4 BIA Documentation 27. 8-5 Risk Assessment 28. 8-6 Risk Management Strategy 29. 8-7 BCM Strategy 29. 8-8 BCM Plan 29. 8-9 Awareness and Training 30. 8-10 Tests and Exercises 31. 8-11 BCM Continual Improvement 32. 9- BCM Measurement and Evaluation 36. 9-1 Annual BCM Review 36.
8 9-2 Review of Key Suppliers 36. 9-3 Review of Third Parties 36. 9-4 Post-emergency, Crisis, Disaster Review 36. 9-5 Annual BCM Evaluation Report 36. 10- Management Review 37. 10-1 Management Review of BC Program 37. 10-2 Documentation of Management Review 37. 10-3 Points to be examined during Management Review 37. 10-4 Management Review Outcome 37. Part 2: guide 38. A-1 Introduction 39. A-1-1 Purpose 39. A-1-2 Responsibilities 39. A-1-3 Hierarchy of Plans and Authorities 39. A-2 Accountability Level 40. A-3 Compliance 40. A-3-1 Delegation of Authority 40. A-3-2 Controls Set by Legislative Bodies 40.
9 A-4 Applicability 40. A-5 Scope 41. A-5-1 Scope of Standard 41. A-5-2 entity's Scope of BC Capability 41. A-6 BCM Requirements 42. A-6-1 Requirements 42. A-6-2 Required Capability to Achieve Business Continuity 42. A-7 BCM Documentation and Records 48. A-7-1 Required Documentation 48. A-8 Developing BC Program 49. A-8-1 BC Program Development 49. A-8-2 Top Management Engagement 50. A-8-3 BIA 52. A-8-4 BIA Documentation 54. A-8-5 Risk Assessment 57. A-8-6 Risk Treatment Strategy 61. A-8-7 Business Continuity Strategy 65. A-8-8 Business Continuity Plan 66. A-8-9 Awareness and Training 74. A-8-10 Test and Exercise 76.
10 A-8-11 BCM Continual Improvement 80. A-9 BCM Assessment and Measurement 87. A-9-1 Annual Review of the BC Capability 87. A-9-2 Review of Key Suppliers 88. A-9-3 Review of Customers and Third Parties 89. A-9-4 Post-Incident Review 89. A-9-5 Annual BCM Evaluation Report 89. A-10 Management Review of Business Continuity Capability 90. A-10-1 Management Review 90. A-10-2 Documentation of Management Review 90. A-10-3 Management Review Input 90. A-10-4 Management Review Output 92. Part 3: BCM Toolkit 94. 1- BC Plan Template 95. Disclaimer 95. Plan Information 95. Plan Distribution List 96. Introduction 96.