Business Continuity Management Policy
BCMS POLICY STATEMENT
The Board and Management of MoMoPSB is committed to preserving a defined level of Business Continuity and continual improvement of the Bank’s Business Continuity Management System (ISO 22301). MoMoPSB is committed to providing quality
services to our customers, both internal and external by aligning Business Resilience investments with organizational goals. MoMoPSB has aligned its processes and operations to the ISO22301 standard requirements to ensure business
continuity.
A single policy of Business Continuity Management System (BCMS) will be maintained to ensure that all plans are consistent to ensure the safety of staff and Bank’s property. It is, therefore, MoMoPSB’s policy to ensure:
-
Business Continuity Management System will be designed to minimize or address significant business disruptions affecting its critical business operations conducted in all its local, regional and nation-wide locations offices, sites
and business channels. -
Business Continuity planning will ensure the continuous and reliable delivery of critical products and services to customers and that increased demand for products and services during emergencies are met while maintaining regulatory
compliance. - Business Continuity planning will be steered to ensure customer confidence, the Bank’s brand reputation and compliance with the Nigerian Code of Corporate Governance guidance on business continuity and resilience management.
- Business Continuity and Resilience management will be aligned with ISO22301 BCM standards as well as other relevant standards and frameworks such as the BCI Good Practice Guidelines.
-
That Business Continuity Management is embedded in the Bank by ascertaining that the right level of awareness is maintained organisation-wide and adequate capacity is built to ensure that business continuity remains relevant and
meets the requirements of the business. All staff must be made aware of the Business Continuity Plan and their respective roles. All employees of MoMoPSB shall have the responsibility of reporting incidents. - That the Business Continuity Plan must be periodically updated and tested to ensure that it can be implemented in emergency situations while management and staff should understand how it is to be executed.
-
The Business Continuity Plan is to be kept up to date to take into account changing business requirements and circumstances. It is to aid the understanding of the risks that MOMO PSB is exposed to, the likelihood of their occurrence
and their impact. -
Emergency procedures, which describe the actions to be taken following an incident, which jeopardizes business operations and/or human life. This should include arrangements for public relations management and for effective
communication liaison with appropriate public authorities, e.g police, fire service and local government. -
Fall-back procedures, which describe the actions to be taken to move essential business activities or support services to alternative temporary locations, and to bring business processes back into operation in the required
timescales.
Scope
The certification scope for MoMoPSB Business Continuity Management Systems (BCMS) consists of all critical processes, services, products systems and people that support the products and services of MoMoPSB.
This policy provides guidance for the resumption and recovery of time sensitive operations and services in accordance with pre-established timeframes as well as ensuring that adequate plans are in place for the non-time sensitive
operations.
Target Audience
This document is meant for staff MOMO PSB and interested parties (customers, distributors, shareholders, Investors, owners, Insurers, government, regulators etc.) and it is expected that are familiar with the BCM approach, policies and
procedures as well as awareness and test strategies.
Objectives of MOMO PSB's Business Continuity Management Programme
The overall objective of Business Continuity Management in MOMO PSB is to enable business resilience. Business Resilience means the organization is able to meet its commitments to all stakeholders at all times including during a crisis
or disruptive event. These stakeholders include customers, employees shareholders, regulators, partners, suppliers/vendors, the public, as well as other persons, groups, or organisations that are directly or indirectly impacted as a
result of a disruption to MOMO PSB operations.
To achieve this objective, the BCM programme will be required to meet the following requirements:
- Ensure 100% safety and welfare of staff and stakeholder who are within the premises at the time of the incident.
- Ensure the recovery of all key business processes, within the defined RTO after a disruptive incident.
- Ensure all critical systems have redundant infrastructure.
- Ensure 100% compliance with legal, regulatory and contractual obligations.
- Maintain or improve MoMoPSB’s brand & reputation.
-
Embed BCM as a ‘business as usual’ culture by providing awareness on business continuity to all employees and wherever applicable to relevant external parties like sub-contractors, consultants, suppliers, vendors and such programs
are periodically evaluated for the relevance and effectiveness. - Ensure that BCM plans are regularly tested and updated in order to meet the changing needs of the Bank.
Definition and terms
Term | Definition |
---|---|
Business Continuity | Capability of the organisation to continue delivery of its products and services at acceptable and predefined levels, following a disruptive incident. |
Business Continuity Management |
A holistic management process that identifies potential impacts that threaten an organisation and provides a framework for building resilience and the capability for an effective response to disruptions that safeguards the interests of its key stakeholders reputation, brand and value-creating activities. |
Business Continuity Plan | A plan of action that establishes the processes and systems necessary to restore in an orderly and expeditious manner critical operations of the organisation in the event of a disruptions. |
Business Impact Analysis |
The process of measuring the business impact or loss (quantitatively and qualitatively) to the organisation in the event of disruption to its operations. The business impact analysis is useful in identifying the recovery priorities, recovery resource requirements, critical staff, and recovery strategies. |
Disaster Recovery Plan | The plan by which the organisation intends to recover and restore its information technology and telecommunications capabilities following a disruptive incident. |
Emergency / Disaster / Incident |
An actual or impending situation that may cause injury, loss of life destruction of property or cause the interference, loss or disruption of an organisations’ normal business operations to such an extent that it poses a threat to the business (including but not limited to financial, security, reputation threat etc.) |
Exercise / Test | An announced or unannounced execution of some or all parts of a business continuity plan intended to evaluate the implementation of existing plans and to identify areas where improvement is required. |
Organizational Resilience | Ability to absorb and adapt in a changing environment that is either sudden or incremental. |
Risk Assessment |
The process of identifying internal and external threats and vulnerabilities, identifying the probability of an event arising from such threats or vulnerabilities, defining the critical functions necessary to continue an organisation’s operations, defining the controls in place or necessary to reduce exposure,and evaluating the cost for such controls. |
Risk Appetite | An organization’s propensity to take appropriate levels of risk. |
Recovery Strategy | Defined, management approved and tested course of action in response to operational disruptions. |