bs25999, business continuity management, bs 25999, business continuity planning
bs 25999

  • Introduction >
  • Certification
  • BS 25999 Standard
  • Details
  • CIS now offers a certification path for BS25999 Business Continuity Management professionals.
    business continuity management, bs 25777

    Leverage BS 25999 / BS25999 to establish an enterprise-wide business continuity management system

    Continued operations in the event of a business disruption, whether due to a major disaster or a minor incident, are a fundamental requirement for any organization. Ensuring operational continuity has led to the development of Business Continuity Management (BCM) as a recognized business discipline, but not until the recent publication of BS25999 has there been an internationally-recognized management framework that adds consistency, credibility and viability to your existing business continuity management programs.

    What is BS25999?

    BS25999 is a new visionary international standard designed to keep your business going during the most challenging and unexpected circumstances. It provides a basis for understanding, developing, implementing and managing business continuity within your organization and gives you confidence when dealing with stakeholders both within and outside your organization
    Isn't this pretty much the same as what we have been doing with DRI or BCI in the past?
    No.     Previous guidance and training provided by Disaster Recovery Institute International (DRI) or the Business Continuity Institute (BCI) have been largely obsoleted by BS25999. Neither DRI nor BCI certify business continuity management systems for organizations. BS25999 provides a very different and much more mature and business-savvy approach to developing and governing a true business continuity management system (organizational business methodology), supported by appropriate planning and procedures. It introduces an entirely new business continuity management (BCM) life cycle approach, and requires deployment according to the Plan-Do- Check-Act Shewhart/Deming cycle. Previous DRI and BCI approaches placed little emphasis on providing structure or specification for the foundation business function of Business Continuity Management, and rather focused on rudimentary concepts of risk management married to loosely-developed recommendations for mitigating procedures. Managing business continuity according to BS25999 represents a light-year leap ahead in terms of effectiveness, cost-efficiency, and business strategy maturity.
    What organizations use this BS25999 Standard?

    BS25999 has been developed by a group of world-class experts representing a cross-section of industry sectors and governmental organizations which is reflected in its applicability. The standard is suitable for any organization, large or small, from any sector. It is particularly relevant if you operate in a high risk environment such as the finance, telecommunications, transport, utilities and public sectors, where the ability to continue operating is paramount for both you and your stakeholders.

    Per BS25999, Part 1, "Scope and Applicability":
    This Standard is intended for use by anyone with responsibility for business operations or the provision of services, from top management through all levels of the organization; from those with a single site to those with a global presence; from sole traders and small-to-medium enterprises (SMEs) to organizations employing thousands of people. It is therefore applicable to anybody who holds responsibility for any operation, and thus the continuity of that operation.

    business continuity management

  • Can our organization become certified to the BS25999 busienss continuity management Standard?

    business continuity instituteBS25999-2 is an auditable standard, which means that through certification by an UKAS accredited British Standard certification body, you have a framework for continuous improvement and the ability to demonstrate to your stakeholders that your business continuity management programs meet best practice.

    Above all, when implementing a Business Continuity Management System and choosing Certified Information Security to train you to understand and meet the requirements of BS25999-2, your organization will be prepared to prove the validity of its business continuity management programs, preserve its reputation, and enable it continue to operate and trade through business disruptions.

    Can I become certified as a BS25999 professional?

    Since Business Continuity Management is more important than ever in today's risk conscious business environment, and because BS25999 now provides the opportunity for the organization to certify its Business Continuity Management System, organizations have a new and pressing need for professionals especially trained and skilled at establishing, managing, exercising, and maintaining business continuity according to this new international standard of best practice. Because business continuity planning and response procedures often are inadequate due to the limitations of knowledge and involvement of corporate governance decision makers, the Standard requires exactly the kind of evidence of training and documented understanding the CIS BCM credentialing scheme provides. If an organization wants to get its own BS25999 certification, it needs evidence of appropriate training and competence to fulfil the certification requirements of the standard itself.

    Certified Information Security provides the third-party training and professional credentialing necessary to set you apart as a Business Continuity Management authority who knows BCM according to the only international standard of BCM best practices. Learn more...

  • What is in the BS25999 business continuity management Standard?

    BS25999 is a Business Continuity Management (BCM) standard in two parts. The first, "BS 25999-1:2006 Business Continuity Management. Code of Practice", published by the British Standards Institution in December 2006, takes the form of general guidance and seeks to establish processes, principles and terminology for Business Continuity Management. The second, "BS 25999-2:2007 Specification for Business Continuity Management", published by the British Standards Institution in November 2007, specifies requirements for implementing, operating and improving a documented Business Continuity Management System (BCMS), describing only requirements that can be objectively and independently audited.

    A useful means of understanding the difference between the two is Part 1 is a guidance document and uses the term 'should', Part 2 is an independently verifiable specification that uses the word 'shall'.

    Certification (independent verification) to this standard is available from certification bodies accredited by the United Kingdom Accreditation Service (UKAS) and is a multi-stage process usually involving a number assessment visits. The assessor will then make a recommendation that the organization receive certification or not. After initial certification a number of surveillance visits are made as per a plan to ensure that the organization is still in compliance.

    The contents of the code of practice (BS25999, Part 1:2006) are as follows:
    • Section 1 - Scope and Applicability. This section defines the scope of the standard, making clear that is describes generic best practice that should be tailored to the organization implementing it
    • Section 2 - Terms and Definitions. This section describes the terminology and definitions used within the body of the standard
    • Section 3 - Overview of Business Continuity Management. A short overview is the subject of the standard. It is not meant to be a beginners guide but describes the overall processes, its relationship with risk management and reasons for an organization to implement along with the benefits
    • Section 4 - The Business Continuity Management Policy. Central to the implementation of business continuity is having a clear, unambiguous and appropriately resourced policy
    • Section 5 - BCM Program Management. Program management is at the heart of the whole BCM process and the standard defines an approach
    • Section 6 - Understanding the organization. In order to apply appropriate business continuity strategies and tactics the organization has to be fully understood, its critical activities, resources, duties, obligations, threats, risks and overall risk appetite.
    • Section 7 - Determining BCM Strategies. Once the organization is thoroughly understood the overall business continuity strategies can be defined that are appropriate.
    • Section 8 - Developing and implementing a BCM response. The tactical means by which business continuity is delivered. These include incident management structures, incident management and business continuity plans.
    • Section 9 - Exercising, maintenance, audit and self-assessment of the BCM culture. Without testing the BCM response an organization cannot be certain that they will meet their requirements. Exercise, maintenance and review processes will enable the business continuity capability to continue to meet the organizations goals.
    • Section 10 - Embedding BCM into the organizations culture. Business continuity should not exist in a vacuum but become part of the way that the organization is managed.
    The contents of the specification (BS25999-2) are as follows:
    • Section 1 - Scope. Defines the scope of the standard, the requirements for implementing and operating a documented business continuity management system (BCMS)
    • Section 2 - Terms and Definitions. This section describes the terminology and definitions used within the body of the standard
    • Section 3 - Planning the Business Continuity Management System (PLAN). Part 2 of the standard is predicated on the well established Plan-Do-Check-Act model of continuous improvement. The first step is to plan the BCMS, establishing and embedding it within the organization.
    • Section 4 - Implementing and Operating the BCMS (DO) Actually implement ones plans. This section includes a number of topics that are found in Part 1 although Part 1 should only be used for general guidance and information. Only what is in Part 2 can be assessed.
    • Section 5 - Monitoring and Reviewing the BCMS (CHECK) To ensure that the BCMS is continually monitored the Check stage covers internal audit and management review of the BCMS
    • Section 6 Maintaining and Improving the BCMS (ACT) To ensure that the BCMS is both maintained and improved on an ongoing basis this section looks at preventative and corrective action

  • Two-Seminar Track

    Session 1:
    Establishing and Governing The BS25999 Business Continuity Management System (BCMS)
    Duration:
    		 3 Days
    CPE Credit:
    		 24
    Venues:
    Prerequisites:
    • Required: None
    Session 2:
    Using BS25999 Best Practices to Develop, Exercise, and Certify Business Continuity and Disaster Recovery Processes 
    Duration:
    		 2 Days
    CPE Credit:
    		 16
    Venues:
    Prerequisites:
    • Required: Establishing a BS25999 Business Continuity Management System (BCMS)

     

.