Issued 6 October 2010
Last updated 28 August 2018
This policy establishes principles and rules for developing, implementing and exercising business continuity preparedness and actions in Norges Bank Investment Management (NBIM), and governs NBIM’s Business Continuity Plan and NBIM’s Business Continuity Management activities. These activities aim to prepare the organisation for business disruptions and crisis situations, which will allow NBIM to efficiently mitigate, manage and minimise the potential impact of such situations.
Business Continuity Management shall prepare NBIM for unexpected events where normal business is interrupted and normal work processes cease to function. Business Continuity Management shall ensure that the organisation is able to secure personnel, funds, commitments and infrastructure efficiently, before re-establishing process contingency and recovery to normal operation following a Business Continuity Event.
The NBIM CEO is responsible to the Executive Board for business continuity capabilities and resilience towards events which may occur. The CEO as sponsor for business continuity management shall ensure organisational and financial support for the programme being maintained.
- Business Continuity (BC) is the capability of the organisation to continue delivery of products or services at acceptable predefined levels following a disruptive incident.
- Business Continuity Event is a disruptive incident where normal operational processes cease to apply.
- Business Continuity Management (BCM) is defined as a holistic and continual management process. BCM identifies potential BC and crisis events which threaten NBIM and provides a framework for building resilience and response in order to safeguard the interests of personnel, stakeholders, portfolio assets, reputation and value creating activities.
- Business Continuity Plan (BCP) is a plan containing procedures, roles, responsibilities and priorities that take effect when normal business operations cease to apply.
- The Business Continuity Plan is a part of NBIM’s operational risk management framework. The plan addresses the impact of potential incidents with very low probability and very high impact. It is a supplement to the ongoing monitoring of operational risk factors. Risks and incidents not covered by the Business Continuity Plan shall be managed according to requirements in internal guidelines.
Business Continuity Plan and Business Continuity Management
- To act on business disruption events and/or crisis situations, NBIM shall have in place plans which cover:
- Business continuity arrangements for key processes, activities and deliveries, built upon identified international best practice standards;
- Measures which aim to safeguard NBIM personnel, portfolio assets and commitments made;
- Measures to ensure efficient and effective business continuity and recovery when critical NBIM business functions including information systems or resources are impacted;
- Procedures to ensure ongoing preparedness and the ability to act on disruptive business events and crisis situations;
- Arrangements for crisis communication and media handling together with support for employees and their next of kin in the case of a crisis event.
- The Business Continuity Plan and Business Continuity Management in NBIM shall be based on the following principles:
- Proximity - crisis situations shall normally be managed by the affected business line at the lowest possible organisational level;
- Similarity - processes shall normally be carried out as closely to normal procedures as possible;
- Responsibility - responsibilities in a crisis situation shall follow the line of authority in a normal situation as closely as possible;
- Coordination - crisis situations that are not manageable by NBIM alone, or have severe effect on other Norges Bank activities, shall be coordinated with Norges Bank or the involved stakeholders.
- NBIM will prioritise actions and behaviour in a crisis situation as follows:
- safeguard people - any actions to contain and limit damages to personnel, next of kin, visitors and partners;
- safeguard portfolio assets - any actions to ensure assets in the fund are safe;
- safeguard commitments - any actions to ensure commitments are managed;
- establish business continuity for critical processes;
- recover to normal business operations (recover, repair and replace any damaged resources).
- The Business Continuity Plan and Business Continuity Management in NBIM shall reflect that:
- NBIM is a global organisation operating in multiple time zones (24/7);
- NBIM has outsourced many of its key services and processes to 3rd party service providers;
- NBIM operates on a common, centralised IT infrastructure platform
Business Continuity Management activities
- The Business Continuity Management activities shall efficiently support the ongoing management and maintenance of NBIM’s business continuity capabilities and shall include the following key elements:
- business continuity framework;
- business continuity training and awareness building;
- business continuity exercises.
- For the awareness building, training and excercises an annual activity plan shall be established.
- NBIM's Business Continuity Management and Plan shall be reviewed for applicability at least annually.