1. Purpose, scope, and users
This Policy aims to define the objective, scope, and basic rules for business continuity management.
This Policy is applied to the entire Business Continuity Management System (BCMS).
Users of this document are all employees of Resolver, as well as all suppliers and outsourcing partners who have a role in the BCMS.
2. Reference documents
- ISO 22301 standard, clauses 4.1, 4.3, 5.3, 6.2, and control 9.1.1
- ISO/IEC 27701:2019 standard clause 5
- Project Plan for Implementation of the Business Continuity Management System
- List of statutory, regulatory, contractual, and other requirements
- Risk Treatment Plan
- Preparation Plan for Business Continuity
- Procedure for Corrective Action
- Resolver Standard SLA
3. Business Continuity Management
3.1 Purpose of business continuity management
The purpose of business continuity management is to identify potential threats to an organization, and the impacts on business operations those threats might cause and to provide a framework for building organizational resilience with the capability of an effective response.
3.2 Links to general objectives and other documents
With the implementation of business continuity, Resolver wants to fulfill its strategic objectives:
- Lead through innovation.
- Build a financially sustainable and scalable business.
- Deliver an exceptional customer experience.
- Be a remarkable place to work.
For more information about department-specific business objectives, please see at “Enterprise Risk Management” Application at Resolver Core: https://core.resolver.com
Business continuity management is implemented compliant with requirements listed in the List of statutory, regulatory, contractual, and other requirements and within the framework defined by the following documents:
3.3 Setting business continuity objectives
President, in conjunction with the rest of the Top management, is responsible for setting the objectives for the whole BCMS and the method for measuring the achievement of those objectives.
The “Enterprise Risk Management” Application in Resolver Core documents those objectives and methods. The Presidentis responsible for reviewing those objectives at least once a year.
Objectives for individual elements of the BCMS are proposed and documented by BC Coordinator and approved by the President, VP Finance, DPO and CISO. These objectives must be reviewed at least once a year by the same persons who have proposed them.
Actions to achieve these objectives will be determined in the Risk Treatment Plan, Preparation Plan for Business Continuity, corrective actions according to Procedure for Corrective Action, and Management Review.
3.4 Scope
Business Continuity Management System is implemented for the entire Resolver organization, with special attention paid to activities identified during Business Impact Analysis.
The organization’s business locations are included in the scope:
- Resolver Inc. Headquarter. 111 Peter Street, Suite 804, Toronto, ON, M5V 2H1, Canada
- 1200-10025 102A Avenue, Suite 1200, Edmonton, AB, T5J 2Z2, Canada
- 707 Virginia Street East, Suite 1000, Charleston, WV 25301, United States of America
- 3 London Bridge Street, The News Building, Level 6, London, SE1 9SG, United Kingdom
- Regus – Christchurch, Awly Building, Level 1, 287-293 Durham Street, Christchurch 8013, New Zealand
- 9th Floor, My Home Twitza, Plot No 30/A, Survey No 83/1, TSIIC – Hyderabad Knowledge City, Hyderabad 500081, India
Organizational units included in the scope:
- Customer Support
- DevOps
- IT
- Professional Services
- Legal
- Customer Success
- Development/Engineering
- QA
- Finance
- Infosec
- HR
- Executive
- Product Management
- Sales
- Marketing
3.5 Key products and services
Resolver Inc. provides the following key products and services within the scope defined in the previous section:
- Core
- Perspective
- RiskVision
- GAL
- GRC Cloud
Business continuity management must ensure that the above-mentioned products and services will recover to a pre-defined level.
The Business Continuity Strategy lists all activities related to these products and services.
3.6 Responsibilities for Business Continuity Management
General responsibilities:
- BC Coordinator is responsible for ensuring that business continuity management is established and implemented according to this Policy and for providing all necessary resources
- BC Manager is responsible for operational implementation and maintenance of the Business Continuity Management System (BCMS)
- BC Coordinator must review the BCMS at least once a year or each time a significant change occurs and prepare a review report. The purpose of the management review is to establish the suitability, adequacy, and effectiveness of the BCMS
Specific responsibilities:
- The business Continuity (BC) Coordinator is responsible for adopting and implementing the Training and Awareness Plan, which applies to all persons who have a role in business continuity management
- Arrangements related to business continuity must be exercised and tested at least once a year using various methods in order to assess whether they can protect organizations’ activities – for this purpose BC Coordinator must write an Exercising and Testing Plan, which must be approved by top management; after each exercising and testing, BC Coordinator must prepare an Exercising and Testing Report
- BC Coordinator is responsible for adopting and implementing the BCMS Maintenance and Review Plan so that all BCMS elements are functional and up-to-date
- Each time a Business Continuity Plan, Recovery Plan, or Incident Response Plan is activated, the BC Coordinator is responsible for reviewing the effectiveness of business continuity management
- BC Coordinator is responsible for monitoring nonconformities, false alarms, actual incidents, etc., and for raising preventive actions as required
3.7 Measurement
Resolver will measure the following:
- Whether the objectives set according to this Policy are fulfilled at least once a year, normally before the Management Review
- Effectiveness and adequacy of business continuity plans at a frequency set in the Business Continuity Plan itself.
BC Coordinator will prepare a report of measurement results, while analysis and evaluation of the results will be done at the Management Review.
3.8 Policy communication
BC Coordinator, in coordination with the President, VP Finance, DPO and CISO, has to ensure that all employees of Resolver, as well as suppliers and outsourcing partners who have a role in the BCMS, are familiar with this Policy.
3.9 Support for BCMS implementation
Hereby, the President, VP Finance, DPO, and CISO declare that all elements of BCMS implementation will be supported with adequate resources in order to achieve all goals and objectives set according to this Policy, as well as satisfy all identified requirements.
4. Validity and document management
This document is valid as of August 2023.
The owner of this document is an Information Security & Compliance Lead who must check and if necessary, update the document at least once a year.
When evaluating the effectiveness and adequacy of this document, the following criteria need to be considered:
- Number of employees and suppliers/outsourcing partners who are not familiar with this document
- nonconformity of business continuity management with legislation and regulations, contractual obligations, and other internal documents of the organization
- ineffectiveness of BCMS implementation and maintenance
- unclear responsibilities for BCMS implementation
EFFECTIVE ON: August 2023
REVIEW CYCLE: Annual at least and as needed