Our manifesto outlines “22 ways to build resilience and aspiration in people and communities” across five key areas. Download your copy.

Dismiss close

Business continuity policy

Overhead close-up of a person reviewing a formal-looking document. They are holding a pen to make notes. A laptop is on the table in front of them. Overlaid is text that reads: "Policy Library".

Catch22 reserves the right to amend this policy, following consultation, where appropriate.

Date of last review: April 2023

Date of next review: July 2024


This policy outlines the scope and approach to business continuity management (BCM) within Catch22. For the purpose of this policy, business continuity is defined as a framework for creating and improving resilience and which will enable Catch22 to continue to deliver an acceptable level of service of its critical activities in the event of any unexpected disruption.


As a social business and a supplier of services to local and national government, Catch22 is required to align with or meet the standards that these commissioning authorities work to including, but not limited to, the Security Policy Framework, (SPF) and ISO 22301. Under the Mandatory Requirement 70 of the SPF, Catch22 “must have robust, up to date, fit for purpose and flexible business continuity management arrangements that are regularly tested and reviewed and supported by competent staff that allow them to maintain, or as soon as possible resume provision of, key products and services in the event of disruption.”

ISO 22301 states that, “Top management shall establish and demonstrate commitment to a business continuity policy. The policy shall make reference to:

  1. the organisation’s business continuity objectives; and
  2. the scope of business continuity, including limitations and exclusions

The policy shall be:

  1. approved by top management;
  2. communicated to all persons working for and on behalf of the organisation; and
  3. reviewed at planned intervals and when significant changes occur.”

The aim of this policy is to ensure that the appropriate business continuity management system framework is in place within each department/service so that it can meet these requirements and, by doing so,

  • reduce the risk of interruption or negative impact on delivery to key business services;
  • minimise disruption and enable full restoration of services within locally agreed recovery time objectives;
  • ensure that business continuity management principles are embedded in the daily operational activities and culture of the organisation.
Continue reading