Business Continuity Management (BCM) is essential for any business.
Planning for crisis or disaster is a complex science and fundamentally
an aspect of management that should not be neglected. BS 25999 is a Business Continuity Management (BCM) standard. It is in two parts
- BS 25999-1 and BS 25999-2. The former is a code of practice and the latter is
a specification for business continuity management that you can be audited against
to gain BS 25999 registration.
BS 25999 offers an accepted framework for incident anticipation and response with a series of recommendations for good practice.
BS 25999 offers an accepted framework for incident anticipation and response with a series of recommendations for good practice.
BS 25999 is a Business Continuity Management (BCM) standard published by the British Standards Institution (BSI).
It has two parts:
- The first, "BS 25999-1:2006 Business Continuity Management. Code of Practice", takes the form of general guidance on the processes, principles and terminology recommended for BCM. Part 1 offers good practice advice on the things that ought to be considered to achieve business continuity. It needs to be interpreted by user organizations according to their specific situations.
- The second, "BS 25999-2:2007 Specification for Business Continuity Management", formally specifies a set of requirements for implementing, operating and improving a BCM System (BCMS). Part 2 describes a how the business continuity arrangements described in part 1 can be managed systematically using a documented BCMS. Since part 2 is a precisely-worded specification, user organizations may opt to have their BCMS objectively and independently audited for compliance with the standard, leading to certification. The certificate assures stakeholders that the organization is proactively managing its business continuity in the structured manner laid down in part 2 of the standard. BS 25999-2 will be withdrawn in November 2012. It has been replaced by the International Standard, ISO 22301.
The contents of the code of practice (BS 25999-1) are as follows:
Section 1 - Scope and Applicability. This section defines the scope
of the standard, making clear that it describes generic best practice
that should be tailored to the organization implementing it
Section 2 - Terms and Definitions. This section describes the terminology and definitions used within the body of the standard
Section 3 - Overview of Business Continuity Management. A short
overview is the subject of the standard. It is not meant to be a
beginners guide but describes the overall processes, its relationship
with risk management and reasons for an organization to implement along
with the benefits
Section 4 - The Business Continuity Management Policy. Central to the
implementation of business continuity is having a clear, unambiguous
and appropriately resourced policy
Section 5 - BCM Programme Management. Programme management is at the
heart of the whole BCM process and the standard defines an approach
Section 6 - Understanding the organization. In order to apply
appropriate business continuity strategies and tactics the organization
has to be fully understood, its critical activities, resources, duties,
obligations, threats, risks and overall risk appetite.
Section 7 - Determining BCM Strategies. Once the organization is
thoroughly understood the overall business continuity strategies can be
defined that are appropriate.
Section 8 - Developing and implementing a BCM response. The tactical
means by which business continuity is delivered. These include incident
management structures, incident management and business continuity
plans.
Section 9 - Exercising, maintenance, audit and self-assessment of the
BCM culture. Without testing the BCM response an organization cannot be
certain that they will meet their requirements. Exercise, maintenance
and review processes will enable the business continuity capability to
continue to meet the organizations goals.
Section 10 - Embedding BCM into the organizations culture. Business
continuity should not exist in a vacuum but become part of the way that
the organization is managed.
The contents of the specification (BS 25999-2) are as follows:
Section 1 - Scope. Defines the scope of the standard, the
requirements for implementing and operating a documented business
continuity management system (BCMS)
Section 2 - Terms and Definitions. This section describes the terminology and definitions used within the body of the standard
Section 3 - Planning the Business Continuity Management System
(PLAN). Part 2 of the standard is predicated on the well established
Plan-Do-Check-Act model of continuous improvement. The first step is to
plan the BCMS, establishing and embedding it within the organization.
Section 4 - Implementing and Operating the BCMS (DO) Actually
implement ones plans. This section includes a number of topics that are
found in Part 1 although Part 1 should only be used for general guidance
and information. Only what is in Part 2 can be assessed.
Section 5 - Monitoring and Reviewing the BCMS (CHECK) To ensure that
the BCMS is continually monitored the Check stage covers internal audit
and management review of the BCMS
Section 6 Maintaining and Improving the BCMS (ACT) To ensure that the
BCMS is both maintained and improved on an ongoing basis this section
looks at preventative and corrective action
What is Business Continuity Planning?
Business continuity planning (BCP) is the creation and validation of a business
continuity plan for how an organisation will recover and restore critical functions
after a disaster or incident.
BCP is working out how to stay in business local, regional or national levels and
include fires, floods, and pandemic illnesses in the event of disaster. Incidents
can occur on local, regional or national levels and include fires, floods, and pandemic
illnesses.
The development of a BCP system can have five main phases:
- Analysis
- Solution design
- Implementation
- Testing and organisation acceptance
- Maintenance
Each of these has many elements that are tailored to the needs of an organisation.
The Benefits of Implementing BS 25999
There are widespread benefits of BS 2599 including the following critical areas:
- Delivery - Following a disruption it provides a rehearsed method of restoring the ability to supply critical products and services to an agreed level and timeframe
- Resilience - Proactively improves resilience when faced with the disruption of an organisation’s ability to achieve key objectives
- Management - Delivers a proven capability for managing a disruption and protecting (and enhancing) reputation and brand
Further benefits include cost savings, compliance with applicable laws and regulations,
and identifying opportunities for improvement.
Why Seek Certification to BS 25999?
- Registration to BS 25999 by an accredited certification body shows commitment to customers in providing confidence that the business can still function irrespective of unforeseen circumstances/interference.
- It demonstrates the existence of an effective business continuity system that satisfies the rigours of an independent, external audit.
- A certificate for BS 25999 enhances company image in the eyes of customers, employees and shareholders.
- It also gives a competitive advantage to an organisation’s marketing.
How do you Start To Implement BS 25999? What is Involved?
- Identify the requirements of BS 25999 and how they apply to the business involved.
- Establish business continuity objectives and how they fit in to the operation of the business.
- Produce a documented business continuity policy indicating how these requirements are satisfied.
- Communicate them throughout the organisation.
- Evaluate the business continuity policy, its stated objectives and then prioritise requirements to ensure they are met.
- Identify the boundaries of the management system and produce documented procedures as required.
- Ensure these procedures are suitable and adhered to.
- Once developed, internal audits are needed to ensure the system carries on working.
Assessment to BS 25999
Once all the requirements of BS 25999 have been met, it is time for an external audit. This should be carried out by a third party certification body. The chosen certification body will review the business continuity manuals and procedures. This process involves looking at the company’s evaluation of business continuity and ascertains if targets set for the management programme are measurable and achievable. This is followed at a later date by a full on-site audit to ensure that working practices observe the procedures and stated objectives and that appropriate records are kept.After a successful audit, a certificate of registration to BS 25999 will be issued. There will then be surveillance visits (usually once or twice a year) to ensure that the system continues to work. This is covered in more detail in ISOQAR’s ‘Audit Procedure’ information sheet.
business management is not easy to do as you will need the biggest experience and if you don't pay attention on advices your business will be down, so visit this website to read and get known what to do that everything would be OK.
ReplyDeleteThank you for another wonderful post. Where else could anyone get that type of information in such a perfect way of writing? I have a presentation next week, and I’m on the look for such information. supplier control
ReplyDeleteThank you so much for this wonderful article really! Its very useful to me. Keep it up.
ReplyDeleteISO 9712 certification in Chennai
ISO 9712 certification in Tamil Nadu
Appreciating the persistence, you put into your blog and detailed information you provide. Thanks for Sharing...
ReplyDeleteiso 9001 consultancy in Chennai
iso certification consultants in Chennai
A useful article on Business Continuity Management Standard. Thanks for sharing useful article.
ReplyDeleteiatf 16949:2016 certification in chennai
iatf 16949 consultants in chennai
Adorable Blog.
ReplyDeleteI'll love to read more blog from your side.
IT infrastructure solution provider Indonesia
Worthy stuff. Thanks for sharing. Keep on posting more related.
ReplyDeletesix sigma training in Chennai
7 qc tools training chennai
its looking nice information sharing blog keep it up
ReplyDeleteFacility Management Software in UAE
Best Facility Management software in Abu Dhabi
Facility Management software company in UAE
Best FM software company in UAE
Top FM software company in Abu Dhabi
very nice blogs!!! i have to learning for lot of information for this sites...Sharing for wonderful information.Thanks for sharing this valuable information to our vision. You have posted a trust worthy blog keep sharing.
ReplyDeleteiso 22301 online training
Tq for the sharing
ReplyDeleteNice post. I learn something totally new and challenging on sites . It's always helpful to read content..
ReplyDeleteISO 22301 Training
This is very useful to me...
ReplyDeleteISO 22301 Lead Auditor Course
Thanks for your post. ISO 22301 Certification
ReplyDeleteI loved the post, keep posting interesting posts.
ReplyDeleteHIPAA Certification
HIPAA Privacy
Really useful stuff. Keep on posting related topics. Waiting for your next update.
ReplyDeleteISO 22301 Certification
Thanks for your blog. ISO 22301 Certification in Saudirabia
ReplyDeleteThanks for your blog.ISO 22301 Certification in Bahrain
ReplyDeleteThis post will be very useful to us....i like your blog and helpful to me....nice thoughts for your great work....
ReplyDeleteIATF 16949 Certification
Thanks for sharing. ISO 22301 Certification in Saudiarabia
ReplyDeleteThis blog is the Best place for learning and contribution.
ReplyDeleteISO 22301 Certification
Thank you so much for sharing this great blog. Very inspiring and helpful too.
ReplyDeleteISO 22301 certification.
ISO 37001 Certification.
This post is really nice and informative. The explanation given is really comprehensive and informative..
ReplyDeleteISO 22301 Certification
There is so much to learn from this piece. You are a great help and I would surely try to follow all the learning.
ReplyDeleteISO 22301 Certification
Nice blog post. Thanks for sharing.
ReplyDeleteClick on ISO 22301 Certification
Thank you so much! That did the trick, you saved me more endless hours of searching for a fix.
ReplyDeleteiso 22301 lead auditor training
Good Blog, well descrided, Thanks for sharing this information.
ReplyDeleteISO 22301 Lead Auditor Course
My cousin recommended this blog and she was totally right keep up the fantastic work!
ReplyDeleteiso 22301 certification
This is really interesting, you’re a very skilled blogger. I have bookmarked this article page as I received good information from this
ReplyDeleteISO 22301 Training Online
It is really very helpful for us and I have gathered some important information from this blog.
ReplyDeleteiso certification
My cousin recommended this blog and she was totally right keep up the fantastic work!
ReplyDeletecertificacion iso 22301 peru
Excellent read, Positive site, where did u come up with the information on this posting? I have read a few of the articles on your website now, and I really like your style. Thanks a million and please keep up the effective work.
ReplyDeleteISO 22301 Curso De Auditor Principal
Hey, nice site you have here! Keep up the excellent work!
ReplyDeleteISO 22301 Lead Auditor Course
Very Nice. This blog is very useful to me. Now I have clarified my doubts. Thanks for sharing the information.
ReplyDeleteOnline Bookkeeping
I recently came across your blog and have been reading along. I thought I would leave my first comment.
ReplyDeleteCertificacion ISO 22301 Peru
Nice post! It is really very helpful for us. If anyone want to know the details about. ISO 22301 in Oman
ReplyDeleteThank u for the great blog about iso 22301 certification keep posting more blogs.
ReplyDeleteiso lead auditor course in dubai.
lead auditor courses.
Thanks you for sharing this unique useful information content with us. Really awesome work. ISO 22301 Certification in Saudi Arabia
ReplyDeleteSecurium Solutions is one of the best HIPAA Compliance Company in Abu Dhabi that acknowledge the best solutions to keep your sensitive information transparent to all kinds of bugs.
ReplyDeleteIt is really very helpful for us and I have gathered some important information from this blog. ISO 22301 Internal Auditor Training
ReplyDeleteThank you so much for this wonderful article really! Its very useful to me. Keep it up.
ReplyDeleteISO 9712 Level 3
I found your blog and it was really useful as well as informative thanks for sharing such an article with us. We also provide services related to Certificación ISO 22301
ReplyDelete