Review of Business Continuity

2010

Business continuity management is important because the success of any organisation depends on its ability to continue functioning through both normal and abnormal events. These range from everyday occurrences such as the loss of power, failure by a third party service provider or an IT outage through to a natural or man-made disaster.

In the case of Victoria Police, lack of effective business continuity planning can result in its inability to carry out its core functions, which are an essential community service.

Victoria Police's approach to business continuity is centred on disaster recovery and emergency management. It pays much less attention to maintaining continuous access to information in the case of an event, even though many members interviewed agreed that information is fundamental to their work. The Force relies on a highly detailed 'template' approach to business continuity which encourages a 'tick-the-box' approach and discourages members in the field from actively thinking about what the specific continuity needs of their workplaces might be, especially with regard to access to data.

CLEDS considers that Victoria Police complies partially or fully with parts of the implementation guidelines for Standards 34 and 35, but finds an overall rating of non-compliant. That is principally due to the lack of attention to information (law enforcement data) continuity (Standard 34) and the lack of evidence that testing of business continuity plans (Standard 35) takes place.