FAQ - BS 25999

What is business continuity management? | What is the scope of the standard? | Can I be certified to this standard? | What is self-certification? | How does this link with ISO 27001? | Is Business continuity management really IT disaster recovery? | Where can I find more information about BS 25999?

What is business continuity management?
A good, although lengthy definition in BS 25999-1 is "A holistic management process that identifies potential threats to an organization and the impacts to business operations that those threats, if realized, might cause, and which provides a framework for building organizational resilience with the capability for an effective response that safeguards the interests of its key stakeholders, reputation, brand and value-creating activities" Back to top

What is the scope of the standard?
The standard is in two parts.

BS 25999-1 was published in November 2006, and provides a basis for understanding, developing and implementing business continuity within an organization. It also enables the organization to measure its BCM capability in a consistent and recognized manner. This standard provides a system based on BCM good practice.

BS 25999 is published in October 2006, and sets out the requirements for establishing, implementing, operating, monitoring, reviewing, exercising, maintaining and improving a documented Business Continuity Management System (BCMS) within the context of managing an organization's overall business risks.
Back to top

Can I be certified to this standard?
Yes, this will be possible following the launch of BS 25999 part 2 in October 2007.
Back to top

What is self-certification?
When BS 25999 was launched, there was no provision for an auditable management system that would enable an organisation to be certified. It was suggested that firms could satisfy their own governance requirements, and the needs of their clients by undertaking a self-certification programme. This remains a viable option for firms to pursue, but still requires the firm to demonstrate a methodical evaluation of its programme.
Back to top

How does BS 25999 link with ISO 27001?
There is an overlap between the two standards. ISO 27001 sets out a requirement for business continuity as it applies to the confidentiality, integrity and availability of information. It is highly likely that if your BCM provisions satisfy the 27999 standards, they will also be appropriate for ISO 27001.
Back to top

Is Business Continuity Management just about IT Disaster Recovery?
Absolutely not! - In many cases the recovery of IT systems is one of the easier parts of the programme to manage. Business continuity programmes are intended to protect stakeholder value and enable critical business processes to be recovered. While IT failures are responsible for many BCM incidents, there can also be many other causes, and a programme should cater for areas such as facilities, staff and reputational risks.
Back to top

Where can I find more information about BS 25999?
Good starting points are www.BS25999.com and BSI www.bsi-global.com. If you want to order a copy of the standards, you can order them from BSI for around £100.
Back to top

 

Seven Nine, 11 Penny Long Lane, Derby, DE22 1AX | Tel: 01332 551 219 | Web: www.sevennine.co.uk

Site designed by Trisoft