Professional Documents
Culture Documents
ﻟﺬﻟﻚ ﯾﺠﺐ ﻋﻠﻰ اﻟﻤﻨﻈﻤﺔ أن ﺗﺘﻜﯿﻒ ﻋﻨﺪ وﻗﻮع ﻣﺜﻞ ﺗﻠﻚ اﻟﺤﻮادث واﻟﺘﻌﺎﻣﻞ ﻣﻌﮭﺎ ﺑﺸﻜﻞ ﻓﻌﺎل ،ووﺿﻊ
ﺧﻄﻂ ﻣﺘﻨﺎﺳﻘﺔ ﻷﻓﻀﻞ اﻟﻤﻤﺎرﺳﺎت اﻟﻤﻌﺘﺮف ﺑﮭﺎ دوﻟﯿﺎ ،ﻟﻀﻤﺎن وﺟﻮد اﺳﺘﺠﺎﺑﺔ ﻓﻌﺎﻟﺔ وﺳﺮﯾﻌﺔ وﻣﻼﺋﻤﺔ
ﻟﺘﺤﺪﯾﺎت اﻷﻋﻤﺎل اﻟﺤﺎﻟﯿﺔ واﻟﻨﺎﺷﺌﺔ.
ﻟﮭﺬا اﻟﺴﺒﺐ أﺻﺪرت اﻟﻤﻨﻈﻤﺔ اﻟﺪوﻟﯿﺔ ﻟﻠﻤﻌﺎﯾﯿﺮ ﻣﻌﯿﺎر اﻷﯾﺰو ISO 22301اﻟﻤﺴﻤﻰ ﺑﻨﻈﺎم إدارة
إﺳﺘﻤﺮارﯾﺔ اﻷﻋﻤﺎل ،ﺑﮭﺪف أﺳﺎﺳﻰ ھﻮ ﺗﻤﻜﯿﻦ ﻣﺴﺘﻮﯾﺎت أﻋﻠﻰ ﻣﻦ أداء إﺳﺘﻤﺮارﯾﺔ اﻻﻋﻤﺎل وإﻋﺎدﺗﮭﺎ
ﺗﺤﺖ اﻟﺴﯿﻄﺮة ﻋﻨﺪ ﺣﺪوث اﻹﺿﻄﺮاﺑﺎت
ﯾﺘﻌﯿﻦ ﻋﻠﻰ اﻟﻤﻨﻈﻤﺔ اﻟﺘﻰ ﺗﺘﺒﻨﻰ ھﺬا اﻟﻨﻈﺎم ،ﺗﺤﻘﯿﻖ اﻟﮭﯿﻜﻠﺔ اﻹدارﯾﺔ اﻟﺘﻰ ﻟﺪﯾﮭﺎ اﻟﻘﺪرة ﻋﻠﻰ ﺗﻨﻔﯿﺬه
واﻟﺤﻔﺎظ ﻋﻠﻰ ﻓﻌﺎﻟﯿﺘﮫ ﺑﻨﺎء ﻋﻠﻰ اﻟﺨﻄﻂ واﻷﻧﻈﻤﺔ واﻟﻌﻤﻠﯿﺎت اﻟﻼزﻣﺔ ﻟﺘﺤﻘﯿﻘﮫ ﺑﺸﻜﻞ ﻓﻌﻠﻰ
ﺗﺴﺘﻄﯿﻊ اﻟﻐﺎﻟﺒﯿﺔ اﻟﻌﻈﻤﻰ ﻣﻦ اﻟﻤﻨﻈﻤﺎت اﻟﺘﻮاﻓﻖ ﻣﻊ ﻣﻌﯿﺎر اﻷﯾﺰو ،22301ﺑﻐﺾ اﻟﻨﻈﺮ ﻋﻦ اﻟﻤﻮﻗﻊ،
اﻟﺤﺠﻢ ،اﻟﮭﯿﻜﻞ اﻟﺘﻨﻈﯿﻤﻲ،واﻷھﺪاف واﻟﺮؤى– ﺑﻤﺎ ﻓﻲ ذﻟﻚ اﻟﻘﻄﺎﻋﯿﻦ اﻟﻌﺎم واﻟﺨﺎص واﻟﻤﺆﺳﺴﺎت ﻏﯿﺮ
2
اﻟﺮﺑﺤﯿﺔ.
PDF created with pdfFactory Pro trial version www.pdffactory.com
Introduction / Background / ISO 22301
Published in 2012 by the technical committee, ISO 22301:2012 is the first international
standard for management systems that help ensure business continuity. ISO 22301 is the
premium standard for business continuity, and certification demonstrates conformance to
rigorous practices to prevent, mitigate, respond to, and recover from disruptive incidents.
Microsoft is the first hyperscale cloud service provider to receive the ISO 22301
certification for business continuity management.
The British Standards Institute (BSI), an independent certification body, awarded this
certification to Microsoft Azure, Microsoft Azure Government, Microsoft Intune, and
Microsoft Power BI after a stringent audit covering all aspects of their business continuity
processes. The audit covered the in-scope services listed below as well as Azure management
features, the Azure Portal, and the systems used to monitor, operate, and update the in-scope
services
اﻟﻤﻨﻈﻤﺔ اﻟﺪوﻟﯿﺔ ﻟﻠﻤﻌﺎﯾﯿﺮ ISOھﻲ ﻣﻨﻈﻤﺔ ﻏﯿﺮ ﺣﻜﻮﻣﯿﺔ ﻣﺴﺘﻘﻠﺔ وأﻛﺒﺮ ﻣﻄﻮر ﻟﻠﻤﻌﺎﯾﯿﺮ اﻟﺪوﻟﯿﺔ اﻟﻄﻮﻋﯿﺔ ﻓﻲ اﻟﻌﺎﻟﻢ.
ﺷﻜﻠﺖ ISOاﻟﻠﺠﻨﺔ اﻟﻔﻨﯿﺔ ﻟﻸﻣﻦ اﻟﻤﺠﺘﻤﻌﻰ TC 223ﻟﺘﻄﻮﯾﺮ ﻣﻌﺎﯾﯿﺮ ﻟﺤﻤﺎﯾﺔ اﻟﻤﺠﺘﻤﻊ ،ﺑﻤﺎ ﻓﻲ ذﻟﻚ اﻟﻤﻨﻈﻤﺎت ،ﻓﻲ
ﺣﺎﻟﺔ وﻗﻮع ﻛﺎرﺛﺔ ﻣﺜﻞ اﻟﻜﻮارث اﻟﻄﺒﯿﻌﯿﺔ ،أو اﻟﮭﺠﻤﺎت اﻹرھﺎﺑﯿﺔ اﻟﻜﺒﺮى ،أو ﺗﻌﻄﻞ/إﻏﻼق/ﺗﻮﻗﻒ ﺷﺒﻜﺎت اﻟﻜﮭﺮﺑﺎء.
ﺗﻌﺘﺒﺮ ISO 22301:2012اﻟﺘﻲ ﻧﺸﺮﺗﮭﺎ اﻟﻠﺠﻨﺔ اﻟﻔﻨﯿﺔ ﻓﻲ ﻋﺎم 2012أول ﻣﻌﯿﺎر دوﻟﻲ ﻷﻧﻈﻤﺔ اﻹدارة اﻟﺘﻲ ﺗﺴﺎﻋﺪ
ﻋﻠﻰ ﺿﻤﺎن اﺳﺘﻤﺮارﯾﺔ اﻷﻋﻤﺎل ،وﺗﺒﺮھﻦ ﺷﮭﺎدة اﻟﺘﻄﺎﺑﻖ ﻣﻊ ھﺬا اﻟﻤﻌﯿﺎر اﻟﺘﻮاﻓﻖ ﻣﻊ اﻟﻤﻤﺎرﺳﺎت اﻟﺼﺎرﻣﺔ ﻟﻤﻨﻊ
اﻟﺤﻮادث اﻟﺘﺨﺮﯾﺒﯿﺔ واﻟﺘﺨﻔﯿﻒ ﻣﻨﮭﺎ واﻻﺳﺘﺠﺎﺑﺔ ﻟﮭﺎ واﻟﺘﻌﺎﻓﻲ ﻣﻨﮭﺎ.
ﺗﻌﺪ Microsoftأول ﻣﻘﺪم ﺧﺪﻣﺔ ﯾﺤﺼﻞ ﻋﻠﻰ ﺷﮭﺎدة ISO 22301ﻹدارة اﺳﺘﻤﺮارﯾﺔ اﻷﻋﻤﺎل.
ﻗﺎم اﻟﻤﻌﮭﺪ اﻟﺒﺮﯾﻄﺎﻧﻲ ﻟﻠﻤﻌﺎﯾﯿﺮ ،BSIوھﻮ ھﯿﺌﺔ اﻋﺘﻤﺎد ﻣﺴﺘﻘﻠﺔ ،ﺑﻤﻨﺢ ھﺬه اﻟﺸﮭﺎدة إﻟﻰ Microsoft Azure
و Microsoft Azure Governmentو Microsoft Intuneو Microsoft Power
BIﺑﻌﺪ ﺗﺪﻗﯿﻖ ﺻﺎرم ﯾﻐﻄﻲ ﺟﻤﯿﻊ ﺟﻮاﻧﺐ ﻋﻤﻠﯿﺎت اﺳﺘﻤﺮارﯾﺔ اﻷﻋﻤﺎل اﻟﺨﺎﺻﺔ ﺑﮭﻢ .ﻏﻄﺖ ﻋﻤﻠﯿﺔ اﻟﺘﺪﻗﯿﻖ اﻟﺨﺪﻣﺎت
ﺿﻤﻦ اﻟﻨﻄﺎق اﻟﻤﺪرﺟﺔ أدﻧﺎه ﺑﺎﻹﺿﺎﻓﺔ إﻟﻰ ﻣﯿﺰات إدارة Azureوﻣﺪﺧﻞ Azureواﻷﻧﻈﻤﺔ اﻟﻤﺴﺘﺨﺪﻣﺔ ﻟﻤﺮاﻗﺒﺔ
اﻟﺨﺪﻣﺎت داﺧﻞ اﻟﻨﻄﺎق وﺗﺸﻐﯿﻠﮭﺎ وﺗﺤﺪﯾﺜﮭﺎ.
4
6
Crises
Management
BCMS
Business Continuity
Management
System
11
ISO 22324:2022–
Guidelines for
Color coded Alert
12
Organizational
Resilience
13
وﺗﺤﻠﯿﻞ ﺗﺄﺛﯿﺮ،BC اﻟﻌﻨﺎﺻﺮ اﻷﺳﺎﺳﯿﺔ اﻟﺜﻼﺛﺔ ﻟﻨﻈﺎم إدارة اﺳﺘﻤﺮارﯾﺔ اﻷﻋﻤﺎل ھﻲ ﺳﯿﺎﺳﺔ اﺳﺘﻤﺮارﯾﺔ اﻷﻋﻤﺎل
RA وﺗﻘﯿﯿﻢ اﻟﻤﺨﺎطﺮ،BIA اﻷﻋﻤﺎل
14
We, the undersigned, are committed to implement a Business Continuity Management System
(BCMS) as described below.
Specifically, we are committed to:
• Developing and promoting high standards in satisfying customer, shareholders, employees, and
vendors
• Issuing a BUSINESS CONTINUITY policy, making it available to employees and reviewing it on
a regular basis to reflect our intentions
• Developing site specific BCMS documentation to address geographic challenges in each location
• Reviewing recovery time objectives RTO and action plans periodically and tracking progress on
results in order to build a culture of continual improvement within the company
• Assessing BCMS site documentation effectiveness on a regular basis and revising it as needed
Continue
15
Most importantly, we help our customers flourish in a rapidly transforming industry where
“good enough” testing, monitoring and analytics just aren’t good enough anymore—they
never were for us, anyway. For more information, visit >>>>>>>>> .com and follow us on
the >>>>>>>>>>>>.
16
4- Scope of BCMS
The following premises are part of the scope of Business Continuity Management System
17
3.1.1 – 3.1.297__ Terms related to security and resilience ﻣﺼﻄﻠﺤﺎت ﻣﺮﺗﺒﻄﺔ ﺑﺎﻷﻣﻦ واﻟﻤﺮوﻧﺔ-1
3.2.1 - 3.2.44 __Terms related to counterfeiting tax stamps ﻣﺼﻄﻠﺤﺎت ﻣﺮﺗﺒﻄﺔ ﺑﺘﺰوﯾﺮ اﻷﺧﺘﺎم اﻟﻀﺮﯾﺒﯿﺔ-2
3.3.1 - 3.3.13 __ Terms related to Supply chain ﻣﺼﻄﻠﺤﺎت ﻣﺮﺗﺒﻄﺔ ﺑﺴﻼﺳﻞ اﻟﺘﻮرﯾﺪ-3
3.4.1 - 3.4.6 __ "اﻟﺪواﺋﺮ اﻟﺘﻠﻔﺰﯾﻮﻧﯿﺔ اﻟﻤﻐﻠﻘﺔCCTV ﻣﺼﻄﻠﺤﺎت ﻣﺮﺗﺒﻄﺔ ب-4
Terms related to video surveillance technology CCTV "closed-circuit television”
18
** This document provides definitions of generic terms and subject-specific terms related to
documents produced by ISO/TC 292. It covers the ISO 22300 family of standards as well as some
documents in the ISO 28000 family of standards.
It aims to encourage a mutual and consistent understanding and use of uniform terms and definitions
in processes and frameworks in the field of security and resilience.
This document can be applied as a reference by competent authorities, as well as by specialists
involved in standardization systems, to better and more accurately understand relevant text,
correspondences and communications.
The terms and definitions in 3.2, 3.3, 3.4 apply only to counterfeiting tax stamps standards, to supply
chain standards or to CCTV standards, respectively, and do not apply generally.
ﺗوﻓر ھذه اﻟوﺛﯾﻘﺔ ﺗﻌرﯾﻔﺎت ﻟﻠﻣﺻطﻠﺣﺎت اﻟﻌﺎﻣﺔ واﻟﻣﺻطﻠﺣﺎت اﻟﺧﺎﺻﺔ ﺑﺎﻟﻣوﺿوع اﻟﻣﺗﻌﻠﻘﺔ ﺑﺎﻟﻣﺳﺗﻧدات اﻟﺗﻲ ﺗﻧﺗﺟﮭﺎ
ﺑﺎﻹﺿﺎﻓﺔ إﻟﻰ ﺑﻌض اﻟﻣﺳﺗﻧدات ﻓﻲ ﻣﺟﻣوﻋﺔ ﻣﻌﺎﯾﯾرISO 22300 _ وھﻲ ﺗﻐطﻲ ﻣﺟﻣوﻋﺔ ﻣﻌﺎﯾﯾرISO/TC 292.
_ وذﻟك ﺑﮭدف ﺗﺷﺟﯾﻊ اﻟﻔﮭم اﻟﻣﺗﺑﺎدل واﻟﻣﺗﺳﻖ واﺳﺗﺧدام اﻟﻣﺻطﻠﺣﺎت واﻟﺗﻌﺎرﯾف اﻟﻣوﺣدة ﻓﻲ اﻟﻌﻣﻠﯾﺎتISO 28000.
وﻛذﻟك ﻣن ﻗﺑل اﻟﻣﺗﺧﺻﺻﯾن،واﻷطر ﻓﻲ ﻣﺟﺎل اﻷﻣن واﻟﻣروﻧﺔ_ﯾﻣﻛن ﺗطﺑﯾﻖ ھذه اﻟوﺛﯾﻘﺔ ﻛﻣرﺟﻊ ﻣن ﻗﺑل اﻟﺳﻠطﺎت اﻟﻣﺧﺗﺻﺔ
ﻟﻔﮭم اﻟﻧﺻوص واﻟﻣراﺳﻼت واﻻﺗﺻﺎﻻت ذات اﻟﺻﻠﺔ ﺑﺷﻛل أﻓﺿل وأﻛﺛر دﻗﺔ_ ﺗﻧطﺑﻖ،اﻟﻣﺷﺎرﻛﯾن ﻓﻲ أﻧظﻣﺔ اﻟﺗﻘﯾﯾس
ﻓﻘط ﻋﻠﻰ ﻣﻌﺎﯾﯾر اﻟطواﺑﻊ اﻟﺿرﯾﺑﯾﺔ اﻟﻣزﯾﻔﺔ أو ﻣﻌﺎﯾﯾر ﺳﻠﺳﻠﺔ اﻟﺗورﯾد3.4 و3.3 و3.2 اﻟﻣﺻطﻠﺣﺎت واﻟﺗﻌرﯾﻔﺎت اﻟواردة ﻓﻲ
. وﻻ ﺗﻧطﺑﻖ ﺑﺷﻛل ﻋﺎم، ﻋﻠﻰ اﻟﺗواﻟﻲ،CCTV أو ﻣﻌﺎﯾﯾر
19
23
24
3.1.89
emergency management capability
overall ability to effectively manage prevention (3.1.183), preparedness (3.1.182), response and
recovery (3.1.201) before, during and after potentially destabilizing or disruptive events (3.1.76)
25
3.1.133
internal attack
attack (3.2.4) perpetrated by people or entities (3.1.66) directly or indirectly linked with the legitimate
manufacturer, originator of the goods (3.3.8) or rights holder (3.1.214) (staff of the rights holder,
subcontractor, supplier, etc.)
26
3.1.153
minimum business continuity objective
MBCO
minimum capacity (3.1.25) or level of services and/or products that is acceptable to an organization
(3.1.165) to achieve its business objectives (3.1.162) during a disruption (3.1.75)
3.1.154
mitigation
limitation of any negative consequence (3.1.46) of a particular incident (3.1.122)
28
3.1.176
people at risk
individuals in the area who could be affected by an incident (3.1.122)
3.1.182
preparedness
readiness
activities (3.1.2), programmes, and systems developed and implemented prior to an incident (3.1.122)
that can be used to support and enhance prevention (3.1.183), protection (3.1.193) from, mitigation
(3.1.154) of, response to and recovery (3.1.201) from disruptions (3.1.75), emergencies (3.1.63) or
disasters (3.1.73)
29
event (3.1.96) or series of events that could cause significant emotional or physical distress,
psychological impairment or disturbance in people’s usual functioning
Note 1 to entry: Mental health professionals working in this field would normally refer to a “traumatic
event” as a critical psychological incident. The term “critical psychological incident” is preferred as it
implies an incident (3.1.122) that may or may not be traumatic to the individual involved. Although
there are several definitions of a traumatic event within the psychiatric and scientific world, “
psychological critical incident” provides a more real-world definition.
30
3.1.198
public warning system
set of protocols, processes (3.1.190) and technologies based on the public
warning (3.1.197)policy (3.1.181) to deliver notification (3.1.160) and alert (3.1.6) messages in a
developing emergency (3.1.87) situation to people at risk (3.1.176) and to first responders
31
3.1.203
recovery time objective
RTO
period of time following an incident (3.1.122) within which a product and service (3.1.191) or an
activity (3.1.2) is resumed, or resources (3.1.207) are recovered
Note 1 to entry: For products, services and activities, the RTO is less than the time it would take for
the adverse impacts (3.1.118) that would arise as a result of not providing a product/service or
performing an activity to become unacceptable.
32
3.1.209
response programme
plan, processes (3.1.190), and resources (3.1.207) to perform the activities (3.1.2) and services
necessary to preserve and protect life, property, operations and critical assets (3.1.13)
Note 1 to entry: Response steps generally include incident (3.1.122) recognition, notification
(3.1.160), assessment, declaration, plan execution, communications, and resources management
(3.1.144).
3.1.210
response team
group of individuals responsible for developing, executing, rehearsing, and maintaining the response
plan (3.1.208), including the processes (3.1.190) and procedures (3.1.189)
.
33
*************************************************
ISO/IEC 27031 Information technology — Security techniques — Guidelines for
information and communication technology readiness for business continuity _
prepared by Joint Technical Committee ISO/IEC JTC 1, Information technology,
Subcommittee SC 27, IT Security techniques.
ISO 27031 is based on the ISO 22301 PDCA management system but is tailored to the more
technical aspects of IRBC. ISO 27031 depends on the results of the Business Impact Analysis (BIA)
performed and accepted as part of the larger BCMS for an organization, in addition to the technical
adjustments to PDCA
What is the IRBC policy?
An IRBC is a management system designed for use in the event of an IT disaster. Similar to the
business continuity management system outlined in ISO 22301, IRBC employs a Plan-Do-Check-
Act (PDCA) cycle
IRBC stands for International Responsible Business Conduct. It is an approach by which
36
companies can conduct their operations in a manner ...
If an organization is using ISO/IEC 27001 to establish an ISMS, and/or using relevant standards
to establish a BCMS, the establishment of IRBC should preferably take into consideration
existing or intended processes linked to these standards. This linkage can support the
establishment of IRBC and also avoid any dual processes for the organization. summarizes the
interaction of IRBC and BCMS. In the planning and implementation of IRBC, an organization can
refer to ISO/IEC 24762:2008 in its planning and delivery of ICT disaster recovery services,
regardless of whether or not those services are provided by an outsourced vendor, or internally
to the organization.
https://www.linkedin.com/pulse/ict-business-continuity-information-security-top- 37
certifier/ ATT#02
PDF created with pdfFactory Pro trial version www.pdffactory.com
اﻟﻤﺒﺎدئ اﻻﺳﺎﺳﯿﺔ اﻟﺘﻲ ﯾﺴﺘﻨﺪ ﻋﻠﯿﮭﻢ ﻧﻈﺎم إدارة إﺳﺘﻤﺮارﯾﺔ اﻷﻋﻤﺎل:
.1ﺗﺤﻠﯿﻞ ﺗﺄﺛﯿﺮ اﻷﻋﻤﺎل :**BIA Business Impact Analysisﯾﺠﺐ ﻋﻠﻰ اﻟﻤﻨﻈﻤﺔ إﺟﺮاء ھﺬا اﻟﺘﺤﻠﯿﻞ ﻓﻲ اﻟﻤﻘﺎم اﻷول
ﻋﻠﻰ ﻷﻧﺸﻄﺔ اﻟﺠﻮھﺮﯾﺔ ﻟﻠﻤﻨﻈﻤﺔ ،ﻟﺘﺤﺪﯾﺪ ﺗﺄﺛﯿﺮ اﻻﻧﻘﻄﺎﻋﺎت اﻟﺘﻲ ﻗﺪ ﺗﺤﺪث ﻓﻲ ﺣﺎﻟﺔ وﺟﻮد ﺧﻄﺮ ﻋﻠﻰ ھﺬه اﻷﻧﺸﻄﺔ
** ﺗﺣﻠﯾل ﻋﻠﻰ ﻣﺳﺗوى اﻹدارة ﯾﺣدد آﺛﺎر ﻓﻘدان ﻣوارد اﻟﺟﮭﺔ .ﯾﻘﯾس اﻟﺗﺣﻠﯾل ﺗﺄﺛﯾر ﻓﻘدان اﻟﻣوارد وﺗﺻﺎﻋد اﻟﺧﺳﺎﺋر ﺑﻣرور اﻟوﻗت ﻣن أﺟل ﺗزوﯾد
اﻟﻛﯾﺎن ﺑﺑﯾﺎﻧﺎت ﻣوﺛوﻗﺔ ﯾﻣﻛن ﻋﻠﻰ أﺳﺎﺳﮭﺎ اﺗﺧﺎذ اﻟﻘرارات اﻟﻣﺗﻌﻠﻘﺔ ﺑﺗﺧﻔﯾف اﻟﻣﺧﺎطر واﺳﺗراﺗﯾﺟﯾﺎت اﻟﺗﻌﺎﻓﻲ واﻟﺗﺧطﯾط ﻟﻼﺳﺗﻣرارﯾﺔ
.2ﺗﺤﻠﯿﻞ اﻟﻤﺨﺎطﺮ :ﻋﻠﻰ اﻟﻤﻨﻈﻤﺔ إﺟﺮاء ھﺬا اﻟﺘﺤﻠﯿﻞ ﻋﻠﻰ ﺟﻤﯿﻊ اﻷﻧﺸﻄﺔ ﺑﺪﻗﺔ ﻟﺘﺤﺪﯾﺪ:
* وﻗﺖ اﻟﺘﻮﻗﻒ اﻟﻤﻘﺒﻮل اﻟﺬي ﯾﻤﻜﻦ أن ﯾﻜﻮن ﻟﻠﻤﻨﻈﻤﺔ ﻣﺼﺤﻮﺑﺎ ﺑﺨﺴﺎﺋﺮ ﻣﻘﺒﻮﻟﺔ وﺗﺤﺖ اﻟﺴﯿﻄﺮة
* ﻣﺎ ھﻲ اﻟﻨﻘﺎط اﻟﮭﺎﻣﺔ اﻟﺘﻲ ﺳﺘﺘﺄﺛﺮ إذا ﻛﺎن ھﻨﺎك وﻗﺖ ﺗﻮﻗﻒ طﻮﯾﻞ
ﯾﺘﻢ ﺗﺤﺪﯾﺪ إﺳﺘﺮاﺗﯿﺠﯿﺔ إﺳﺘﻤﺮارﯾﺔ اﻷﻋﻤﺎل وﻓﻘﺎ ﻟﻨﺘﺎﺋﺞ ﺗﺤﻠﯿﻞ ﺗﺄﺛﯿﺮ اﻷﻋﻤﺎل و ﺗﺤﻠﯿﻞ اﻟﻤﺨﺎطﺮ ،ﻓﺈذا ﻟﻢ ﯾﺘﻢ اﺟﺮاؤھﺎ
ﺑﺸﻜﻞ ﺻﺤﯿﺢ ،ﯾﻜﻮن ﻧﻈﺎم ادارة إﺳﺘﻤﺮارﯾﺔ اﻷﻋﻤﺎل ﻏﯿﺮ ﺻﺤﯿﺢ ،أﯾﻀﺎ ﯾﺠﺐ ﻣﺮاﺟﻌﺔ ﻧﻔﺲ اﻟﺘﺤﻠﯿﻼت ﻋﻨﺪﻣﺎ ﺗﺘﻐﯿﺮ
اﻟﻈﺮوف
.3ﺣﻜﻮﻣﺔ إﺳﺘﻤﺮارﯾﺔ اﻷﻋﻤﺎل
.4اﻟﺘﺪرﯾﺐ ورﻓﻊ اﻟﻮﻋﻲ واﻟﺘﻮاﺻﻞ ﻟﺠﻤﯿﻊ اﻟﻤﻮظﻔﯿﻦ واﻟﻌﺎﻣﻠﯿﻦ ﺑﺎﻟﻤﻨﻈﻤﺔ
.5اﻟﺘﻤﺎرﯾﻦ واﻹﺧﺘﺒﺎرات ﻋﻠﻰ أداء ﻧﻈﺎم إدارة إﺳﺘﻤﺮارﯾﺔ اﻷﻋﻤﺎل
.6ﺗﻘﯿﯿﻢ ادارة اﺳﺘﻤﺮارﯾﺔ اﻻﻋﻤﺎل
38
39
وﯾﻤﻜﻦ ﺳﺪ ھﺬه اﻟﻔﺠﻮة ﻣﻦ ﺧﻼل إﺟﺮاءات ﻧﻮﻋﯿﺔ ﻟﻠﺤﺪ ﻣﻦ اﻟﻤﺨﺎطﺮ .وﯾﺠﺐ ﺗﺴﺠﯿﻞ ھﺬه اﻟﺘﺪاﺑﯿﺮ ووﺿﻌﮭﺎ ﻓﻲ ﺧﻄﺔ،
وھﻲ ﻣﺎ ﯾﻄﻠﻖ ﻋﻠﯿﮫ اﺳﻢ ﺧﻄﺔ ﻣﻌﺎﻟﺠﺔ اﻟﻤﺨﺎطﺮ .ﻋﻠ ًﻤﺎ ﺑﺄن ﺧﻄﺔ ﻣﻌﺎﻟﺠﺔ اﻟﻤﺨﺎطﺮ ﻟﯿﺴﺖ ﺟﺰ ًءا ﻣﻦ ﺧﻄﺔ اﺳﺘﻤﺮارﯾﺔ
اﻷﻋﻤﺎل ،ﻟﻜﻨﮭﺎ ﻣﻮﺟﻮدة ﺑﺸﻜ ٍﻞ ﻣﺘﻮازى وھﻲ ﺗﺘﺄﻟﻒ ﻣﻦ ﺗﺤﺮﯾﺎت إﺿﺎﻓﯿﺔ وإﻋﺎدة ھﻨﺪﺳﺔ اﻟﺨﺪﻣﺎت اﻟﺤﺎﻟﯿﺔ أو اﻟﺒﻨﯿﺔ
اﻟﺘﺤﺘﯿﺔ واﻟﺤﺼﻮل ﻋﻠﻰ ﺑﻌﺾ اﻷﻧﺸﻄﺔ ﻣﻦ ﻣﺼﺎدر ﺧﺎرﺟﯿﺔ ،إﻟﺦ
40
42