>
   
   

closed

 

Business Continuity Management

Disruption to business can be costly, both in terms of loss of revenue and loss of reputation with clients. The range of incidents that could affect a business is wide ranging, from a national emergency scenario such as Avian Flu or Swine Flu to a local loss of IT or heavy snow.

Implementation of a Business Continuity Management System (BCMS) allows an organisation to demonstrate that they are aware of incidents which could cause disruption and that plans are in place to recover from that disruption in a measured way.

Business Continuity Management is more than having a set of disaster recovery plans. It is equally important to ensure that potential threats have been assessed, and appropriate treatment taken to minimise the impact of incidents that may occur, for example by increasing redundancy in IT systems, by implementing greater remote working capabilities or by having simple paper based systems that can be used while IT systems are being recovered.

BS25999:2007 Business Continuity Management Standard

An organisation's ability to demonstrate full Business Continuity Management is receiving increasing focus in tender processes. Compliance to BS25999:2007 is becoming the preferred method for an organisation to demonstrate this, with references to the standard appearing in many pre tender questionnaires.

The BS25999 standard is based around the Plan Do Check Act (PDCA) model. In line with the PDCA model, an organisation is asked to establish, implement & operate, monitor & review and maintain & improve a Business Continuity Management System.

Demonstrating compliance to the BS25999 standard will involve setting high level policies, defining key processes, products and services and their critical availability requirements (Business Impact Assessment), defining the business continuity strategy, performing a risk assessments against potential threats, implementing plans, testing those plans and conducting reviews and internal audits in line with other ISO standards.

Business Continuity Management Consultancy

While most organisations have some business continuity plans in place, this is not enough to demonstrate compliance to the BS25999 standard. Although the plans are a key component of a Business Continuity Management System, equally important is a demonstration that the organisation has performed a full assessment of the key business activities, and that a full risk assessment against potential threats has been carried out. Employing Consultancy52 can assist in many different ways

  • Full implementation of a BS25999 compliant Business Continuity Management System, including writing policies, procedures, processes and plans necessary to demonstrate compliance, scheduling and performing internal audits, training of employees and assistance during any formal third party certification audit if required.
  • Implementation guidance can be provided. We can support your own implementation team from telephone assistance to onsite mentoring.
  • Internal Audits . Consultancy52 can provide an auditing service as a one off project or as part of an ongoing maintenance plan.
  • Information Security Training. Training packages including management representative training, internal audit courses, Introduction to Business Continuity etc can be provided on or off site.