Business Continuity Plan


Next review
Sat, 12 July 2025

This Policy sets out the guiding principles under which Business Continuity is to be developed, implemented and managed to enable Eastern College Australia to establish and maintain an effective level of preparedness to respond to incidents that disrupt normal operations. 

Approved on: 12 Jul 2023
Review cycle: 2 Years
Owned by

Eastern Executive Team

Approved by

Eastern Executive Team

Policy Contact: 
Executive Principal

This Policy sets out the guiding principles under which Business Continuity is to be developed, implemented and managed to enable Eastern College Australia to establish and maintain an effective level of preparedness to respond to incidents that disrupt normal operations. 


The Eastern College Australia Business Continuity Plan details all critical contact information, procedures and policies related to managing critical incidents and to ensure business continuity at Eastern College Australia. 

process or set of processes undertaken by the College (or on its behalf) that produces or supports one or more products or services. 
BCM Program: 
ongoing management and governance process supported by the College Executive and appropriately resourced to implement and maintain Business Continuity management. 
Business Continuity Management (BCM): 
capability of the organisation to continue delivery of products or services at acceptable predefined levels following a disruptive incident. 
Business Continuity Plan (BCP): 
a document to be referred to by the affected Faculty or department during a disruptive incident that outlines the steps required to recover. 
Business Impact Analysis (BIA): 
process of analysing activities and the effect that a business disruption might have upon them. 
The College refers to Eastern College Australia 
Executive Principal and the Eastern Leadership Team 
This term is applicable upon serious injury or immediate leave being granted, where the employee is unable to continue their role and assuming all responsibilities required by the position for a period that exceeds three (3) calendar months. 
Melbourne School of Theology 
This would occur upon death, permanent injury, immediate resignation or termination, that prevents the person from continuing their role and assuming all responsibilities required by the position. 
Recovery Time Objective: 
the period of time following an incident within which an activity must be resumed, or resources must be recovered. 

1     Policy 

The College is committed to ensuring that an effective business continuity management (BCM) program is implemented to minimise the disruption of activities due to the unavailability of ‘business as usual’ resources, for example but not limited to: 
  • facilities, e.g. flood, fire, power outage, chemical spill, denial of access 
  • people, e.g. pandemic/epidemic, industrial action, extreme flu season 
  • vital records, e.g. electronic and hard copy records 
  • information and communications technology (ICT), e.g. computer hardware, applications and telecommunications 
  • equipment, e.g. cold rooms, research equipment, desks and chairs 
  • externally provided service or resource e.g. contractors, software vendors 
BCM requirements will be assessed via a Risk Analysis (RA) for activities undertaken by all Faculties and departments. Impacts will be assessed by the Risk Management Committee (RMC) in accordance with the College’s Risk Assessment Matrix, which is part of the Eastern College Australia Risk Management Policy.  
Activities assessed as having a recovery time objective of 15 days or less are deemed critical activities. Recovery steps for these activities and their associated resources will be included in the College’s Business Continuity Plan (BCP). 
Continuity of service provision must be adequately addressed for services, infrastructure, and/or any resources provided by an external party via certification arrangements, service level agreements and/or other contractual arrangements appropriate to the assessed level of risk. 

1.1     Accountability 

Eastern College Australia’s Executive will demonstrate a high level of commitment to this Policy and support a culture aimed at building organisational resilience through the implementation and continued improvement of preparedness and response capabilities. 
  • The Chief Operations Officer is responsible for centrally coordinating the BCM program. 
  • The Critical Incident Management Team (CIMT) will provide strategic direction and oversight for BCM in accordance with the Eastern College Australia Crisis Management Plan. 
  • The Critical Incident Management Team will provide executive decisions and strategic direction on College priorities when responding to critical incidents affecting the College and managing related Business Continuity responses. 
  • Directors and the Executive are the custodians of BCM capability within their area. Supported by Support Services, they are responsible for the development, maintenance and validation of their specific BCP information, the management of any risks relating to BCM in accordance with the Eastern College Australia Risk Management Policy.  
  • The IT Manager is responsible for ICT continuity and disaster recovery processes including the alignment of ICT service levels and disaster recovery priority groups with the BIA. 

2     Procedures 

2.1     Activating a Business Continuity response 

Activation of a Business Continuity Management (BCM) response is initiated by the Critical Incident Management Team (CIMT) Leader when an incident disrupts the business as usual operations of the College, and the disruption has or threatens to breach the Recovery Time Objective (RTO) of one or more critical activities. 
During a Critical Incident the CIMT has responsibility for BCM and will establish a Business Recovery Team (BRT) who is responsible for coordinating the implementation of the Eastern College Australia Business Continuity Plan. 
To support a large relocation of activities or staff, the CIMT may require the displacement of other areas who are undertaking activities that, through the Business Impact Analysis (BIA) information, are deemed non-time critical in order to access their resources. This may be required to obtain office space or equipment such as computers. 
When the situation has been recovered to the point that the CIMT is stood down, the BRT may continue to work with the affected areas and report to the Critical Incident Management Team Leader. 
Disruptive incidents that do not require a CIMT response, are managed through implementing the relevant section of the College’s BCP by the local area. In these instances, the BRT may provide support. 

2.2     ICT Disaster Recovery 

ICT disaster recovery is a component of the College's overall business continuity capability. It provides for the timely recovery and restoration of ICT systems and processes, including applications, infrastructure and data resources that support critical activities. 

2.3     Business Continuity Program Elements 

2.3.1      Policy and Governance 

The Business Continuity policy outlines the scope and overarching responsibilities in relation to the management of the College's BCM Program. 

2.3.2      Analysis 

A Business Impact Analysis (BIA) is the primary information collection and assessment tool in the development of BCM strategies and plans. 
The BIA identifies activities performed and measures the impact of a disruption by assessing the impact over time, determining the service level timing and the maximum tolerable period of disruption. 
A Recovery Time Objective (RTO) for each activity is drafted and where these meet the scope of the Business Continuity policy, the dependencies and supporting resources are subsequently identified. Activities captured in this step are deemed critical activities. 

2.3.3      Design 

The information captured and assessed via the BIA process is used to prioritise the restoration of critical activities and set a suitable RTO within the context of broader College activities. Continuity and recovery strategies are then designed to meet the RTO for these activities. 

2.3.4      Implementation 

The strategies that have been developed at the design stage are documented within the College’s BCP, providing a pre-defined and approved course of action to be initiated in response to an operational disruption. 

2.3.5      Validation 

Validation of the College's BCM capability is completed annually within the CIMT exercise and periodically through BIA updates, desk checks and simulations. Refer to Table A – Business Continuity Management Validation for more information. 
Risks that are identified from the Business Continuity validation program will be evaluated and treated in accordance with the College's Risk and Compliance Management policy and Risk Management Framework. 

3     Leadership Continuity 

The Executive Principal Succession policy will come into force where there is a permanent or long-term loss of Eastern College Australia’s Executive Principal. 

4     Business Continuity Assessment 

4.1     Recovery Time Objective Assessment 

The Recovery Time Objective Assessment is a pre-crisis tool that ensures Eastern College Australia has an objective understanding of the time and process required to restore critical operations so it can continue day to day business functions and limit the financial and reputation risks that are likely from such an event. 
Note: This Assessment is to be complete by the Risk Management Committee and reviewed annually. 
RTO (Days) 
Property access 
Inability to use either of the 2 main entrances to the property. 
Debris around the property which is hazardous to non-emergency personnel. 
Power lines down blocking access to the property perimeter road. 
Lecture Rooms - usability 
Water or smoke damage 
Air conditioning not providing fresh air 
Administration - usability 
Communications - External 
Communications - Internal 
Reinstatement of resources 
Library - usability 
Water or smoke damage 
Air Conditioning failure (repair) 
Air conditioning not providing fresh air  
Air Conditioning failure (unrecoverable) 
Air conditioning not providing fresh air 
Student Files (Paper) 
Access to student records for reference 
Water or smoke damage 
Student Records (Electronic) 
Access to student records  
Located in the Cloud - Backed up 
Executive Principal incapacity 
Instability - staff and students 
Continuity of decision making and project development and implementation  
Electronic Data 
All systems would be compromised and unavailable to maintain effective operations. 
Classes interruption 
Email, calendar, notes, contacts (Outlook) 
Business interruption to staff and their contact with students, internal and external stakeholders. 
Personal work files (Office365) 
Loss of productivity and operational developments until systems restored. 
Teaching programs (stored & archived) 
Classes interruption 
Future unit and course development would be hampered if these materials are not available in the medium term. 
Inability to communicate with donors and friends of the college. 
Loss of mailing lists which are needed for fundraising and communicating events and activities to students and the broader church community. 
Loss of student records until systems are restored. 
Reckon (QuickBooks) 
Inability to pay staff 
Inability to pay our creditors and received money from debtors (students) 
Inability for the Board to keep track of Eastern College Australia's financial performance. 

5     Disaster Recovery Plan 

The purpose of Eastern College Australia's Disaster Recovery Plan (DRP) is to recover IT systems and infrastructure that support business processes critical to the organization’s survival. The following items form the basis of the DRP: 

5.1     The Recovery Team 

The Recovery Team consists of the: 
  • Critical Incident Management Team (CIMT) 
  • Executive Principal 
  • Chief Operations Officer 
  • IT Manager 
  • Dean of Faculty & Head of Arts
  • Dean of Chinese Faculty 
  • Dean of Students 


  • Determine primary and back-up Incident Controller 
  • Determine primary and back-up Recovery Team 
  • Prepare and review the Disaster Recovery Plan 
  • Understand the events that may impact Eastern College Australia's business 
  • Mitigate any impacts before an event occurs  


  • Establish & notify employees involved in recovery and clarify roles 
  • Communicate recovery action steps to all employees 
  • Compile a report of the actions taken during the emergency for the debrief. 
  • Collect and evaluate information related to the effectiveness of Eastern College Australia’s recovery plan. 
  • Attend meetings of the CIMT as appropriate. 

5.2     Disaster Recovery Plan Checklist 

The following items form the basis of the Disaster Recovery Plan. 
5.2.1      Disaster Recovery - Leadership 
Recovery Details 
Loss of Executive Principal 
Appoint interim 
5.2.2      Disaster Recovery - Alternate Location 
Recovery Details 
Locate and confirm an alternate recovery location and back-up location 
Chief Operations Officer 
Staff and Faculty 
Work from home 
Lectures – Switch Delivery 
On campus units switched to Online where possible 
On Campus Daytime 
TBA (Eg: Local churches) 
On Campus Evening: 
TBA (Eg: St Andrew’s Christian College) 
Establish location for an emergency command centre and a back-up location 
Chief Operations Officer 
Internal - Primary 
Chief Operations Officer 
Internal: Secondary 
Property & Services Manager’s office 
TBA (Eg: Home of Chief Operations Officer 
5.2.3      Disaster Recovery - Communications 
Recovery Details 
Develop plan to communicate with the Critical Incident Management Team (CIMT)  
Chief Operations Officer 
What’sApp group: MST Emergency Evacuation  
Develop plan to communicate both internally and externally 
Chief Operations Officer 
Staff and Board email groups established and available through web based Office365. 
Student email groups – Paradigm 
Supplier and critical services contacts available through web based Office365. 
Create and store employee information: Contact details, employment details. 
Chief Operations Officer 
Available through web based Office365. 
Record and store contact information for critical vendors/partners 
IT Manager 
Available through web based Office365.
Determine alternate plan for phone communications 
IT Manager 
Mobile services 
Ensure plan includes multiple methods of communication (text, mobile phone, two-way, radio, etc) 
IT Manager 

5.2.4      Disaster Recovery - Employees 

Recovery Details 
Establish plan for emergency transportation  
Property & Services Manager 
Develop emergency communication/notification system 
IT Manager 
Designated communications staff 
•Chief Operations Officer 
•Property & Services Manager 
•Executive Principal 
Team App 
WhatsApp: MST Emergency Evacuation 
Accommodate people with disabilities in emergency planning 
Property & Services Manager 

5.2.5      Disaster Recovery – Technology & Data 

Recovery Details 
Document technology hardware, software and licensing information 
IT Manager 
Develop technical recovery procedures to be followed in the event of an interruption 
IT Manager 
Determine and list individuals/vendors to manage technical recovery  
IT Manager 
Determine source for back-up technical resources (PCs, servers, printers, etc) 
IT Manager 
Document critical data to be restored and backup all data at off-site location 
IT Manager 

5.2.6      Disaster Recovery – Operations 

Recovery Details 
Identify the systems that support the organisation’s Essential Functions. 
IT Manager 
Chief Financial Officer 
UGG Boot 
Reckon QB 
Develop plan to restore Essential Systems in the event of an interruption 
IT Manager 
Determine employees responsible for restoring each Essential System 
IT Manager 

5.2.7      Disaster Recovery – Suppliers 

Recovery Details 
Develop plan to communicate with vendors and suppliers 
Chief Operations Officer 
List key clients, suppliers, and critical recovery contacts and store copy(s) offsite 
Chief Operations Officer 
Assure key vendors and suppliers have actionable recovery plans 
Chief Operations Officer 
Develop relationships with alternate suppliers in case primary vendors are unavailable 
Chief Operations Officer 

5.2.8      Disaster Recovery – Safety 

Recovery Details 
Assemble Disaster Recovery Kit 
Chief Operations Officer 
Create an Evacuation Plan 
Chief Operations Officer 
view ECA Crisis Management Plan 
Create an Emergency Shelter Plan 
Chief Operations Officer 

5.2.9      Disaster Recovery – Plan Testing & Maintenance 

Recovery Details 
Develop a comprehensive testing methodology for your DR plan  
Chief Operations Officer 
Conduct a Post Test Review and report results 
Chief Operations Officer 
Communicate changes in plan to all employees 
Chief Operations Officer