BS 25999- Business Continuity Management Standard
What is BS 25999?
BS 25999 is a Business Continuity Management (BCM) standard. It is in two parts – BS 25999-1 and BS 25999-2. The former is a code of practice and the latter is a specification for business continuity management that you can be audited against to gain BS 25999 registration. BS25999-1 is essentially a guide which establishes the principles, terminology and process of business continuity management. It covers the activities and deliverables applicable in establishing a continuity management process, as well as providing recommended good practice steps. It is applicable to all organizations, regardless of size or industry or commercial sector, and should provide assistance to anyone responsible for managing a business continuity programs. BS25999-2 is intended for use by internal and external parties (including certification authorities) to assess the organization’s ability to meet customer and regulatory requirements. It specifies requirements for implementing, operating and improving a documented Business Continuity Management System (BCMS), describing only requirements that can be objectively and independently audited
What is Business Continuity Planning?
Business continuity planning (BCP) is the creation and validation of a business continuity plan for how an organization will recover and restore critical functions after a disaster or incident. BCP is working out how to stay in business local, regional or national levels and include fires, floods, and pandemic illnesses in the event of disaster. Incidents can occur on local, regional or national levels and include fires, floods, and pandemic illnesses.
The development of a BCP system can have five main phases:
- Solution design
- Testing and organization
Each of these has many elements that are tailored to the needs of an organization.
The Benefits of Implementing BS 25999
There are widespread benefits of BS 2599 including the following critical areas :
- Delivery - Following a disruption it provides a rehearsed method of restoring the ability to supply critical products and services to an agreed level and timeframe
- Resilience - Proactively improves resilience when faced with the disruption of an organization’s ability to achieve key objectives
- Management - Delivers a proven capability for managing a disruption and protecting (and enhancing) reputation and brand
Further benefits include cost savings, compliance with applicable laws and regulations, and identifying opportunities for improvement.
Why seek certification to BS 25999?
- Registration to BS 25999 by an accredited certification body shows commitment to customers in providing confidence that the business can still function irrespective of unforeseen circumstances/interference.
- It demonstrates the existence of an effective business continuity system that satisfies the rigors of an independent, external audit.
- A certificate for BS 25999 enhances company image in the eyes of customers, employees and shareholders.
- It also gives a competitive advantage to an organization’s marketing.
How do you start to implement BS 25999? What is involved?
- Identify the requirements of BS 25999 and how they apply to the business involved.
- Establish business continuity objectives and how they fit in to the operation of the business.
- Produce a documented business continuity policy indicating how these requirements are satisfied.
- Communicate them throughout the organization.
- Evaluate the business continuity policy, its stated objectives and then prioritize requirements to ensure they are met.
- Identify the boundaries of the management system and produce documented procedures as required.
- Ensure these procedures are suitable and adhered to.
- Once developed, internal audits are needed to ensure the system carries on working.
Assessment to BS 25999
Once all the requirements of BS 25999 have been met, it is time for an external audit. This should be carried out by a third party certification body. The chosen certification body will review the business continuity manuals and procedures. This process involves looking at the company’s evaluation of business continuity and ascertains if targets set for the
management programs are measurable and achievable. This is followed at a later date by a full on-site audit to ensure that working practices observe the procedures and stated objectives and that appropriate records are kept.
After a successful audit, a certificate of registration to BS 25999 will be issued. There will then be surveillance visits (usually once or twice a year) to ensure that the system continues to work. This is covered in more detail in Zensly’s ‘Audit Procedure’ information sheet.