| 1. Policy sets out an organization’s aims, principles and approach for business continuity management. It specifies what is required to be achieved or delivered without prescribing how it is to be carried out. A policy can be fulfilled by one or several processes working in unison. Policy requirements are typically expressed in simple single statement format or limited to short paragraphs comprising of a few statements.
2. Intentions and direction of an organization as formally expressed by its top management.
(Source: ISO 22301:2012 – Societal Security – Business Continuity Management Systems - Requirements) - clause 3.38