As with any emerging science or area of knowledge, DR and BC processes are becoming more and more mature. For example, we have almost universal or in-country standards in financial accounting. So an accountant can move from one organization to another and still be able to practice accounting. Though organizations can frame and implement their own workable BC practices they can very soon hit certain limitations and roadblocks. Hence there is a need for recognized standards and universally adoptable practices that can be implemented in any industry. After the recent international terrorist attacks, mega financial scandals and electronic methods of making a company bankrupt within hours government agencies and business owners have been pushing for establishing foolproof BC and risk mitigation methods. A standard for BC management has been mooted for many years. Standards remove the headaches of proprietary and non-portable procedures. BC standards establish a sound basis for understanding, developing and implementing BC within an organization. Secondly, adopting industry acceptable practices can give business managers confidence that their business is in safe hands, and can withstand both a real disaster and also the scrutiny of a comprehensive audit.
This was a reference document developed by the British Standards Institute to document best practice in business continuity management. PAS stands for Publicly Available Specification. PAS56 provided an overview of the steps and activities necessary in setting up a BC management process and made recommendations for best practice. PAS56 was designed to help ensure that an organization’s missioncritical and key risk scenarios are included in the BC management processes. PAS56 was to be used in all organizations regardless of size or industry.
PAS56 was withdrawn and superseded as the international best practice standard for BC by the new British Standard 25999, published in November 2006 and described below.
Many professional and competent agencies around the world are engaged in establishing standards that can be implemented in any organization. One such standard is BS25999, developed by the British Standards Institute (BSI) in 2006. Though this book has been written as general-purpose advice on DR and BC for small organizations, it is worth mentioning the highlights of emerging BC standards. BSI state that BS25999 is for: ‘anyone with the responsibility for business operations and the continuity of such operations, from board directors and chief executives through all levels of the organization’. As organizations go global they need to prove to each other that they have and practice certain universally acceptable standards, rather than some home-made remedies and recipes for DR and BC. This is where industry standards will help organizations. For example, we already have several standards such as ISO 27001 for information security management, CMM for process maturity, ITIL for IT service management and other standards for running a business. Similarly, standards like BS25999 will become a standard for protecting a business and may soon become a necessary requirement for most businesses.
BS 25999-1:2006 is a code of practice that provides guidance and recommendations for DR and BC. It outlines the process, principles and terminology of business continuity management (BCM), to provide a basis for understanding, developing and implementing business continuity within an organization. It helps in building confidence in business-to-business and business-to-customer dealings.
BS 25999 has been developed by experts and practitioners throughout the global community, through their considerable academic, technical and practical experiences of disaster recovery and business continuity. It is a single point of reference for identifying the range of controls needed for situations where BCM is practised. It can be used by large, medium and small organizations in industrial, commercial, public and voluntary sectors. It provides a comprehensive set of controls based on BCM best practice and covers the whole BCM lifecycle. BS 25999-1:2006 replaced PAS 56:2003, which has now been withdrawn.
BS25999 has been developed by the British Standards Institute and essentially establishes a code of practice for BC management.
BS 25999 is published in two parts:
Part 1: Code of practice for business continuity management;
Part 2: Specification for business continuity management.
For more details on BS25999 visit the following websites:
The BS25999 publication can be purchased from www.itgovernance.co.uk/products/632. At the time of writing, the cost of the book was £90 plus shipping charges.