Overview

The Risk Management Resiliency Program (RMRP) objective is to establish a business- resiliency framework that helps provide an efficient response to business-interruption events affecting Oracle. Business Continuity is a key sub-program of Oracle RMRP.

Corporate business continuity policy, standards, and practices are governed by the RMRP Program Management Office (PMO) and are generally aligned with International Standards Organization (ISO) 22301 Business Continuity Management Systems guidance.

Functional business continuity planning is managed by the Risk Manager within each Line of Business (LoB). The critical LoBs are required to conduct an annual review of their business continuity plan with the objective of maintaining operational recovery capability, reflecting changes to the risk environment as well as new or revised business processes. The RMRP program requires that critical LoB:

• Review and update a Risk Assessment
• Write a Business Impact Analysis that includes identification of interdependent resources and internal customers, and the determination of a Recovery Time Objective and Recovery Point Objective
• Define a business continuity strategy
• Review and update a Business Continuity Plan
• Train employees in Business Continuity Plan execution
• Conduct an exercise to test the efficacy of the plan within the LoB, as well as participate in a cross-functional annual exercise assessing the capability of multiple organizations to collaborate effectively in response to events
• Implement lessons learned for plan improvement
• Obtain approval attestation from the LoB’s Vice President Approver

Non-critical LoBs are required to:

• Review and update a Business Resiliency Plan identifying contingency business continuity processes to be invoked in the event of a disruptive incident
• Obtain approval attestation from the LoB Vice President Approver

Following the review process, each LoB reports their business continuity status to the RMRP PMO. Using LoB inputs, the PMO constructs the Annual RMRP Scorecard Report and submits it to the program Executive Sponsor.