20230621_AS_TRANSCO_POLICY

BCM POLICY

STATEMENT

TRANSCO is committed to ensuring the implementation of Business Continuity Management system and

Cyber Security Program to build organizational resilience with the capability for an effective response that

safeguards the interests of its key stakeholders, reputation, brand, and value creating activities. The mini-

mum and desired outcome expected of this Policy is to enable business areas to:

• Ensure their overall resilience including their capability for an effective and acceptable response to a major

disruption, cyber security incidents, and crisis and/or disaster situation.

• Integration between business continuity, crisis management and incident management

• Implement of all necessary processes, procedures and capability to meet any additional local legal, regula-

tory and compliance requirements related to Business Continuity or Cybersuch as NCEMA 7000:2021

Standards, ISO 22301, and ISO 27001 that provides the following as a minimum:

• Senior Executive Management commitment, engagement, and participation.

• Allocation of sufﬁcient quantity of competent resource to implement this policy, achieve its objectives and

maintain the business continuity capabilities.

• Details suitably competent Business continuity Resources

• Processes being conducted in accordance with the Business continuity Methodology and retaining copies

of all output from such processes, including

• Business Impact analysis

• Business Continuity Risk assessment

• Business continuity Strategy

• Business Continuity Planning

• Business Continuity Testing and exercising

• Business continuity Auditing

• Business Continuity Awareness, education, and training and

• Business Continuity Program Management

• Business Continuity Management Review

• An effective process for the continual improvement of the BCMS, and

• An appropriate and suitable set of infrastructure and facilities to meet the Business Continuity

Requirements of the business.

• Allocation of sufﬁcient budget to enable the implementation and ongoing maintenance of a BCMS d the

required business Continuity capability.

• Implementation of a three lines model for BCM (as described below)’;

• A Business Continuity Governance forum to establish and regularly review as least annually, a set of

Business Continuity Objectives to support the Strategic objectives of TRANSCO and the Business

continuity Management system (BCMS). As a minimum these objectives shall include:

• A capability to identify, monitor and research potential disruptive events that could impact the continuity

of business activities with a view to adopting a proactive approach to the prevention and/or response to

Disruptions.

• Inclusion and consideration of Business Continuity Within Business Development initiatives (such as

mergers, acquisitions, investments, and new operational environment).

• Inclusion of Business Continuity practices and requirements as an integral part the TAQA Group Change

Management Process.

• Primary responsibility for TRANSCO BCM rests with the Chief Executive Ofﬁcer (CEO). The CEO has

delegated operational responsibility for BCM to the Risk & Resilience Department Manager

• Identifying the essential business activities, processes, services and assets to TRANSCO and the risk that

could disrupt them.

• Helping to ensure an appropriate and effective response capability is in place to identify, coordinate,

manager and respond ta business Disruption.

• The protection and continuation of essential activities that relate to delivery of services, products,

revenue, market share, proﬁt, stature, governance, and reputation of TRANSCO and TAQA.

• Satisfying relevant and appropriate contractual, legal, and regulatory requirements for Business

Continuity within the TAQA Group.