According to ISO 22301:2019, a business continuity policy should focus on high-level commitments and objectives related to business continuity and resilience. Operational specifications are too detailed and specific for inclusion in the policy and should instead be part of detailed procedures, plans, or supporting documentation.
Supporting Details:
ISO 22301:2019 Clause 5.2.1 ("Establishing the Business Continuity Policy")
The policy should include a commitment to meeting applicable requirements, continual improvement of the BCMS, and high-level principles guiding the organization's approach to business continuity. It does not involve operational-level specifics.
Avoiding Operational Specifications
Operational specifications such as task-level instructions, configurations, or technical details are unsuitable for a policy document, which is meant to outline strategic direction and commitments. Including such details would dilute the policy's focus and reduce its effectiveness as a guiding document.
Appropriate Content for the Policy
The policy may mention interested parties (Clause 4.2) and reference ISO standards to align with industry best practices, ensuring transparency and consistency.
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit