The PCI-PAL (UK) Limited (the ‘Organisation’) Business Continuity Policy applies to all business functions within the scope of the Business Continuity Management System and covers the people, physical infrastructure, virtual infrastructure and information supporting these business functions. This document states the Business Continuity Management objectives and summarises the main points of the Business Continuity Policy.
Objectives
The objectives of Business Continuity Management are to;
1. Identify potential threats to the Organisation and the impacts to business operations that those threats
2. Provide a framework for building organisational resilience with the capability for an effective response that safeguards the interests of its key stakeholders, reputation, brand and value-creating activities
3. Facilitate the recovery or continuation of business activities in the event of a business disruption
4. Facilitate the currency and management of the overall programme through training, exercises and reviews
5. Always act within the statutory, regulatory and contractual framework within which the Organisation exists, including obligations to which it has voluntarily committed
Responsibilities
The Directors have approved the Business Continuity Policy
Overall responsibility for Business Continuity Management rests with the CISO.
Day-to-day responsibility for procedural matters, legal compliance, maintenance and updating of documentation, promotion of Business Continuity Management awareness, liaison with external organisations, incident investigation, management reporting etc. rests with the BCMS Manager
The BCMS Manager is responsible for drafting, maintaining and implementing this Business Continuity Policy and similarly related documents
As with other considerations including those relating to Quality, the Environment, Health & Safety and Information Security, aspects are taken into account in all daily activities, processes, plans, projects, contracts and partnerships entered into by the Organisation
The Organisation’s employees are advised and trained on general and specific aspects of Business Continuity Management, according to the requirements of their function within the Organisation. The Contract of Employment includes a condition covering confidentiality regarding the Organisation’s business
Adherence to Business Continuity Management procedures as set out in the Organisation’s various policies and documents is the contractual duty of all employees and a clause to this effect is set out in the Organisation’s Contracts of Employment
This Policy is communicated to all of the Organisation’s employees and is made available to other interested parties
Breach of the Business Continuity Management policies and procedures by the Organisation’s employees may result in disciplinary action, including dismissal
In view of the Organisation’s position as a trusted provider of PCI DSS Level 1 Service Provider network telecommunications platforms particular care is taken in all procedures and by all employees to ensure that Business Continuity Management remains integral to all business activities.
All statutory and regulatory requirements are met and regularly monitored for changes.
A Business Continuity Plan is in place. This is maintained, tested and subjected to regular review by the BCMS Manager and the management team.
This Business Continuity Policy is regularly reviewed and may be amended by the Directors in order to ensure its continuing viability, applicability and legal compliance, and with a view to achieving continual improvement in the Business Continuity Management System.
