This page contains a Flash digital edition of a book.

with the program administration requirements and document the effective operation of the emergency and continuity management program. Documenting the process of program review provides evidence of due diligence and accountability, and can be used to track changes and assess their effectiveness. Records can include those kept for

program implementation, the actions taken to mitigate, prepare for, respond to and recover from an event or an incident, legal requirements, training and monitoring activities, and any changes or improvements made to the prevention, mitigation, preparedness, response and recovery strategies. Records should remain legible, readily identifiable and retrievable. Procedures should be established to define the controls needed for the identification, secure storage, protection, retrieval, retention time and disposition of records.


The planning process (the PLAN stage of the PLAN-DO-CHECK-ACT cycle) established by the organisation guides the development, implementation and maintenance of its emergency and continuity management program. It provides flexibility for the standards user to create program plan documents that meet the needs of the organisation – one or more plan documents that can be integrated within the emergency and continuity management program. Key stakeholders should be involved as applicable in the planning process. The assumptions used in preparation of all plans, especially those regarding hazard identification, risk assessment and impact analysis should be

identified, reviewed and included at the start of the planning process. Planning is not a one-time activity. Organisations must engage in the planning process on a regularly scheduled basis, or when a situation changes to make existing plan(s) inadequate.

Common plan requirements All plans should include a purpose statement, setting out the intent of the plan and a scope statement describing the boundaries and limitations of the plan. It is important to ensure that the plan’s objectives are specific and measurable as they serve as the basis for policy and performance measures. Plans must identify and assign the organisation’s internal functional roles and responsibilities, designated alternates, and lines of authority so that roles, responsibilities and lines of communications are clear, reducing the potential for confusion within the organisation. It may be necessary to engage and define

the relationship with key stakeholders – external agencies and organisations such as suppliers, first response agencies, special interest groups, different levels of government, and regulators. Plans must also identify external organisations with mutually agreed-to functional roles and responsibilities and the lines of authority for external agencies.

Plans also identify logistics support and

resource requirements, and the process for managing the communication and flow of information, both internally and externally. The organisation must make appropriate sections of the plans available to those assigned specific tasks and responsibilities

‘The updated Standard is now titled Emergency and Continuity Management Program.’

and to other stakeholders as required. Distributing plans internally or to key stakeholders could require an organisation to develop safeguards by obtaining confidentiality or nondisclosure agreements. Plans must identify the process for maintenance set out in Section 7 – Program Evaluation.

Risk assessment Risk assessment is key to the risk management process and the planning cycle. Using an ‘all-hazards approach’, the organisation identifies the range of possible hazards and threats and the impact on it and the surrounding area, or the critical infrastructure supporting the organisation. The potential impact of each hazard or threat is then categorised by frequency and severity, taking into account the vulnerability of the organisation including the health and safety of persons; property, facilities, assets and critical infrastructure; economic and financial condition; the environment; and the reputation of, and confidence in the organisation. Guidance provided in the Standard explains that an all-hazards approach does not require that all hazards be assessed, evaluated and treated but that all hazards are considered by a process consisting of risk identification, risk analysis and risk evaluation. Natural, human-caused and technological hazards must be considered

CAN/ISO 31000:2009 is cited as a

reference in Z1600-13. It provides principles and generic guidelines on risk management. The design and implementation of risk management plans and framework must take into account the varying needs of the specific organisation, its particular objectives, context, structure, operations, processes, functions, projects, products, services, or assets and specific practices employed.

Adverse weather conditions – tornado. 62

Impact analysis This is the process of analysing all operational functions and the effects that an operational interruption might have upon them. It generally includes the process of a business impact analysis which is the identification of critical business assets, functions, processes and resources as well as an evaluation of the potential damage or loss that may be caused to the organisation resulting from a disruption. The impact analysis takes into consideration the entire organisation when identifying the most critical activities. It is necessary to understand the organisation and what activities or processes are essential to ensure


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45  |  Page 46  |  Page 47  |  Page 48  |  Page 49  |  Page 50  |  Page 51  |  Page 52  |  Page 53  |  Page 54  |  Page 55  |  Page 56  |  Page 57  |  Page 58  |  Page 59  |  Page 60  |  Page 61  |  Page 62  |  Page 63  |  Page 64  |  Page 65  |  Page 66  |  Page 67  |  Page 68  |  Page 69  |  Page 70  |  Page 71  |  Page 72  |  Page 73  |  Page 74  |  Page 75  |  Page 76  |  Page 77  |  Page 78  |  Page 79  |  Page 80  |  Page 81  |  Page 82  |  Page 83  |  Page 84  |  Page 85  |  Page 86  |  Page 87  |  Page 88  |  Page 89  |  Page 90  |  Page 91  |  Page 92  |  Page 93  |  Page 94  |  Page 95  |  Page 96  |  Page 97  |  Page 98  |  Page 99  |  Page 100