Risk Management Resiliency Program Responsibilities

The Risk Management Resiliency Program (RMRP) objective is to establish a business resiliency framework that helps provide an efficient response to business interruption events affecting Oracle. Business Continuity is a key sub-program of Oracle RMRP.

Corporate business continuity policy, standards, and practices are governed by the RMRP Program Management Office (PMO) and are generally aligned with International Standards Organization (ISO) 22301 Business Continuity Management Systems guidance.

This centralized program office is responsible for providing guidance to Risk Managers in the lines of business, to help them fulfill their roles and responsibilities defined in the Oracle Risk Management Resiliency Policy. As part of this guidance, the RMRP PMO develops planning materials and tools meeting the RMRP Policy requirements as aids to LoB Risk Managers in managing their business continuity plans, testing and training procedures.

Risk Managers in Lines of Business

Functional business continuity planning is managed by the Risk Manager within each Line of Business (LoB). The critical LoBs are required to conduct an annual review of their business continuity plan with the objective of maintaining operational recovery capability, reflecting changes to the risk environment as well as new or revised business processes. The RMRP program requires that identified LoBs:

• Identify relevant business interruption scenarios, considering essential people, resources, facilities and technology
• Conduct a Business Impact Analysis that specifies a Recovery Time Objective and Recovery Point Objective (if appropriate to the function) and identifies the organization’s business continuity contingencies strategy
• Define a business continuity plan and procedures to effectively manage and respond to these risk scenarios, including emergency contact information
• Revise business continuity plans based on changes to operations, business requirements, and risks
• Educate personnel about their contingency planning controls and procedures
• Conduct an exercise to test the efficacy of the plan, as well as participate in a cross-functional annual exercise assessing the capability of multiple organizations to collaborate effectively in response to events
• Implement their business continuity plans as needed
• Analyze lessons learned for continual improvement of plans and procedures
• Obtain approval from the LoB’s executive

In addition, all LoBs are required to:

• Identify relevant business interruption scenarios, including essential people, resources, facilities and technology
• Define a business continuity plan and procedures to effectively manage and respond to these risk scenarios, including emergency contact information
• Obtain approval from the LoB’s executive