Business Continuity Management System Policy - Policies and Procedures
Document Reference: ISO22301
Version: 1.0
Issue Date: May 2024
1. General:
Najran University embraces its responsibility to protect its assets and ensure the continuity of its operations and services at a high level of quality, safeguarding the interests of all stakeholders. These efforts align with Saudi Arabia’s Vision 2030 for digital transformation and enhancement of electronic services, which the university aims to achieve by implementing actionable plans to ensure continuity and recovery in the event of disasters.
Najran University is committed to supporting recovery operations at alternate facilities in the event of unexpected business disruptions. The University and its senior leadership work to develop and maintain an effective continuity and recovery plan that adheres to ethical and regulatory standards and aligns with both strategic and tactical objectives.
This plan aims to reinforce the university's philosophy of delivering high-quality services to students, faculty, and staff, and to provide an advanced digital environment that supports both academic and administrative operations.
The Deanship of Digital Transformation and Knowledge Resources was established to manage technical operations and electronic services, with a vision to enable Najran University to lead in the field of e-services by creating an integrated and distinguished IT environment.
The Deanship’s mission is to improve provided services and ensure a high-quality digital environment supported by ICT, in alignment with the Kingdom’s e-government strategies.
The main objectives of the Deanship include:
- Adopting best global practices and leveraging IT systems and tools to increase administrative efficiency and support e-government goals.
- Enhancing the use of IT to support policies, procedures, and processes that improve accountability, transparency, and responsibility across the university.
- Developing IT infrastructure and tools to support faculty in improving teaching quality and research development.
- Improving infrastructure and IT tools to support and motivate students to achieve academic success.
2. Purpose:
The purpose of this policy is to ensure the ability of the Deanship of Digital Transformation and Knowledge Resources – Najran University – to continue its critical activities during emergencies, crises, or unexpected business disruptions.
It also aims to minimize the downtime of critical operations to acceptable levels as determined by senior management, through the adoption of a flexible framework and appropriate continuity planning. The system must comply with all relevant legislative, regulatory, contractual, and ethical obligations, including stakeholder expectations.
The implementation framework is aligned with ISO 22301:2019 and approved by senior leadership.
3. Core Services:
As listed in the service catalog issued by the Deanship.
4. Scope:
This policy applies to all services provided by the Deanship as listed in the official service catalog, based on the approved organizational structure.
5. Constraints and Exceptions:
None.
6. Objectives of the Business Continuity Management System (BCMS):
- Designing and developing a system to ensure business recovery and continuity, building resilience to maintain critical services within agreed timeframes, and preserving the university's strategic assets.
- Providing adequate resources to establish, document, implement, review, and improve the BCMS.
- Committing to training and guidance to ensure BCMS readiness.
- Efficiently managing incidents and response operations to minimize impacts on people, operations, and infrastructure.
7. Risk Levels:
7.1 Risk Levels:
Defined according to the risk assessment methodology in ISO 22301:2019 and the approved risk register.
7.2 Acceptable Risk Level:
As documented in the risk assessment methodology and official register.
8. Roles and Responsibilities:
As per the administrative decision issued by the Vice Dean for Digital Transformation to form the Business Continuity and Risk Committee.
9. Competencies:
The Deanship is committed to supporting the BCMS Manager with required resources, training, and qualified personnel.
10. Testing and Exercises:
Implemented based on the officially approved decision for the Business Continuity and Risk Committee.
11. Documentation:
Responsibility for preparing and maintaining BCMS documentation lies with the BCMS Manager and relevant committee, including regular review and continuous improvement to ensure effectiveness.