Document Feedback - Review and Comment
Step 1 of 4: Comment on Document
How to make a comment?
1. Use this to open a comment box for your chosen Section, Part, Heading or clause.
2. Type your feedback into the comments box and then click "save comment" button located in the lower-right of the comment box.
3. Do not open more than one comment box at the same time.
4. When you have finished making comments proceed to the next stage by clicking on the "Continue to Step 2" button at the very bottom of this page.
Important Information
During the comment process you are connected to a database. Like internet banking, the session that connects you to the database may time-out due to inactivity. If you do not have JavaScript running you will recieve a message to advise you of the length of time before the time-out. If you have JavaScript enabled, the time-out is lengthy and should not cause difficulty, however you should note the following tips to avoid losing your comments or corrupting your entries:
-
DO NOT jump between web pages/applications while logging comments.
-
DO NOT log comments for more than one document at a time. Complete and submit all comments for one document before commenting on another.
-
DO NOT leave your submission half way through. If you need to take a break, submit your current set of comments. The system will email you a copy of your comments so you can identify where you were up to and add to them later.
-
DO NOT exit from the interface until you have completed all three stages of the submission process.
(1) The purpose of this policy is to: (2) This policy outlines the principles, roles and responsibilities for RMIT’s business resilience which encompasses the following three capabilities: (3) This policy applies to all employees, researchers, third parties and contractors of RMIT and its controlled entities. (4) RMIT develops and maintains a comprehensive Critical Incident Management Plan, including clear protocols to ensure preparedness for a coordinated and strategic response to a range of potential critical incidents that may negatively impact RMIT. (5) RMIT conducts systematic and periodic testing of the Critical Incident Management Plan using diverse scenarios to validate effectiveness in responding to real-world critical incidents, ensuring preparedness of the Critical Incident Management Team, identifying areas for improvement, and enhancing RMIT’s resilience to a spectrum of potential situations or threats. (6) RMIT establishes and maintains robust business continuity plans that cover people, processes, technology, sites, facilities and third parties to enable essential staff to plan for and manage potential disruptions and for immediate and long-term consequences of incidents. (7) RMIT conducts systematic and periodic testing of business continuity plans using diverse scenarios to validate their effectiveness in real-world disruptions to ensure preparedness, identify areas for improvement and enhance RMIT’s resilience to a spectrum of potential threats. (8) RMIT develops and maintains a thorough IT Disaster Recovery Plan that encompasses critical systems, data and infrastructure, outlining clear protocols for response, recovery and restoration to ensure minimal disruption to IT services during and after disaster in line with the Information Technology and Security Policy. (9) RMIT implements a routine testing regimen for the IT Disaster Recovery Plan, conducting simulations and exercises to validate the effectiveness of recovery strategies, identify weaknesses and refine procedures to enhance RMIT’s readiness to address diverse disaster scenarios. (10) RMIT provides adequate training to prepare essential staff to manage critical incidents covering CIM, BCM and ITDR processes. (11) RMIT ensures effective communication of information relating to incidents, disruptions, or disasters to all RMIT stakeholders. Incidents are managed and responded to in a coordinated, consistent, and sustainable manner. (12) RMIT activates the three capabilities (CIM, BCM, IT DR) independently or in conjunction with each other depending on the nature and extent of the risk or threat, and all three capabilities are considered as part of key conversations, analysis, recommendations, and decision making. (13) RMIT enforces accountability to manage business resilience risks in line with the Risk Management Policy. (14) RMIT publishes standards and procedures to implement principles in this policy. (15) Business owners and system owners are identified for all CIM, BCM and ITDR plans including services managed by third parties. (16) Audit and Risk Management Committee (ARMC) has regular oversight of business resilience capabilities and related critical incidents. (17) The Vice-Chancellor's Executive is responsible for monitoring the ongoing development and implementation of the policy and effective management of systems and processes that enables business resilience. (18) The Executive Director Property Services is responsible for establishing Critical Incident Management capability, and the team is responsible for: (19) The Chief Information Officer (CIO) is responsible for establishing Business Continuity and IT Disaster Recovery capability, and the team is responsible for: (20) Business owners are responsible for: (21) System owners must complete the disaster recovery planning and testing in conjunction with the Disaster Recovery team and in accordance with ITDR Standard. (22) All employees, researchers, third parties and contractors are responsible for: (23) RMIT’s Information Technology Services (ITS) and Property Services Group monitor compliance with this policy and related obligations. (24) Breaches of this policy will be managed in accordance with the RMIT Compliance Breach Management Procedure. (25) This policy will undergo a major review at least every five years in line with the Policy Governance Framework.Business Resilience Policy
Section 1 - Purpose
Top of PageSection 2 - Overview
Top of PageSection 3 - Scope
Section 4 - Policy
Business Resilience Principles
Business Resilience Governance
Responsibilities
Compliance
Review
Section 5 - Definitions
Business Resilience (BR)
is a strategy for anticipating disruptive events, ensuring rapid adaptation to potential incidents, maintaining uninterrupted business operations, and safeguarding people, assets, and the overall brand through three key capabilities: Business Continuity Management, Information Technology Disaster Recovery, and Critical Incident Management.
Business Resilience Plans
Business Resilience plans are Disaster recovery, Business continuity and Critical Incident management plans.
Critical incident or crisis
A Critical Incident is an abnormal and unstable situation that threatens an organisation or community and requires a strategic, adaptive and timely response in order to preserve its viability and integrity. (ISO 22361: 2022 Security and Resilience – Crisis Management – Guidelines).
Critical Incident Management (CIM)
An organisation’s planned and coordinated activities to identify, lead, direct and control it’s strategic response to a critical incident.
Incident and Major Incident (IT)
A situation that might be, or could lead to, a disruption, loss, emergency, or crisis. An IT Major Incident is defined as an unplanned or impending interruption or degradation of an ICT service with severe impact to the business of the University and its customers
Business continuity (BC)
The strategic and tactical capability of the organisation to plan for and respond to incidents in order to continue business operations at an acceptable pre-defined level.
Business continuity management (BCM)
A holistic management process that identifies potential threats to an organisation and the impacts to business operations if those threats materialise. BCM defines the foundations on which to build capability to effectively respond, to safeguard our stakeholders, people, technology, reputation, brand, premises and business processes.
Business impact analysis (BIA)
is a foundation step in business continuity management (BCM) to identify the organisation’s critical business functions, supporting resources and people requirements, along with an identification of the negative impacts that would occur because of the inability to perform these functions over a period of time during an incident. The BIA enables the organisation to determine the business case, and the appropriate scope, for all continuity planning efforts.
IT Disaster Recovery (ITDR)
is the process of managing the continuity and recovery of critical technology infrastructure, systems, applications and digital services following a disruptive event.
Business Owner
The individual responsible for the business functions that rely on the people, process, technology, sites and third parties. The Business Owner ensures that RMIT assets meet the needs of the business and are used in accordance with any relevant policies and regulations.
System Owner
The individual responsible for the overall ownership and management of a specific IT asset. They have the authority and accountability for the IT asset's operation, maintenance, and performance. The System Owner ensures that the system is designed, implemented, and operated according to the established ITS Policy, standards, and requirements.