Risk Management Resiliency Business Continuity

Risk Management Resiliency Program Responsibilities

Business Continuity is a key sub-program of Oracle’s Risk Management Resiliency Program. Corporate business continuity policy, standards, and Line of Business (LOB) practices are overseen by the RMRP Program Management Office (PMO).

This centralized program office guides LOB Risk Managers to help them fulfill their responsibilities defined in the Oracle Risk Management Resiliency Policy. As part of this guidance, the RMRP PMO develops planning materials and tools as aids to LOB Risk Managers in defining and maintaining their business continuity plans, performing plan testing and for training.

Risk Managers in Lines of Business

Business continuity planning is managed by the Risk Manager in each Line of Business (LOB). Critical LOBs are required to conduct an annual review of their business continuity plans with the objective of maintaining operational recovery capability, reflecting changes to the risk environment as well as new or revised business processes and technology. The RMRP program requires that critical LoBs:

  • Identify relevant business interruption scenarios, considering essential people, resources, facilities and technology
  • Conduct a Business Impact Analysis that specifies a Recovery Time Objective and Recovery Point Objective (if appropriate to the function) and identifies the organization’s business continuity contingencies strategy
  • Define a business continuity plan and procedures to effectively manage and respond to these risk scenarios, including emergency contact information
  • Revise business continuity plans based on changes to operations, business requirements, and risks
  • Educate personnel about their contingency planning controls and procedures
  • Conduct an exercise to test the efficacy of the plans, as well as participate in a cross-functional annual exercise assessing the capability of multiple organizations to collaborate effectively in response to events
  • Implement their business continuity plans
  • Analyze lessons learned for continual improvement of plans and procedures
  • Obtain approval from the LOB’s executive

In addition, all LOBs are required to:

  • Identify relevant business interruption scenarios, including essential people, resources, facilities and technology
  • Define a business continuity plan and procedures to effectively manage and respond to these risk scenarios, including emergency contact information
  • Obtain approval from the LOB’s executive