BS25999

Recently the British Standard Institute (BSI) published the world's first standard for business continuity which was defined in two parts:-

BS 25999 - Part 1 is a code of practice specifically targeted at Business Continuity Management (BCM), it explains the high level objectives and provides guidance

BS 25999 - Part 2 details the specification for BCM and outlines the activities required to comply with the standard bearing in mind the holistic view of risk held by the organisation

BS25999 effectively details the requirements for a Business Continuity Management System (BCMS) including the need for adequate BCM procedures and templates which are required to obtain alignment with the standard.

Benefits of this approach include:

  • an increased chance of business survival in the event of a disruption
  • a demonstrable commitment to risk management
  • a visible sign of best business practice
  • enhanced image to existing customers and new clients
  • increased employee security and re assurance
  • reduced exposure to loss
  • being perceived seen as less risky by financial institutions

The development of a BSMS includes:

  • Program Requirements
  • Suppliers interfaces
  • BCM strategy/policy
  • Resources for BCM operation
  • Training and competency development
  • Recording / documentation

Additionally, the BCMS should provide a framework which will facilitate the generation of:

  • Business Impact analysis
  • Risk Analysis
  • Organisational detail discovery
  • Recovery Plans
  • Emergency plans / procedures
  • Risk reduction projects/scope/time costs
  • Documentation / information storage
  • Organisational improvement solutions
  • Training plans / records
  • Testing plans / recording
  • Audit Train / Procedures
  • Lessons learnt

Costs to Achieve Compliance against BS 25999

Many factors will influence the cost of gaining certification against BS 25999 such as:

  • size and geographical dispersion of the organisation
  • Organisational complexity
  • The status of existing BCM processes, procedures and documentation
  • Status of BCM cultural take up

In order to evaluate the extent of work required to achieve compliance we can undertake a brief assessment of an organisation's BCMS status provide an indication of the amount of work required to achieve compliance.

Risk Gateway Ltd has developed its own framework which supports and surrounds the objectives and processes of BS25999. Based on Classic Maturity Model approaches we have produced in-house processes which ensure that we provide world class solutions to our clients. Our Framework takes the form:-

In this section