BS25999 Business Continuity Management Strategic Planning and Risk Assessment

No two organizations are exactly alike. Even within the same industry and sector, every organization has unique goals, objectives, stakeholders, business processes, and risk tolerance. In order to craft incident response that best fits your organization's needs, you need to establish a system for ongoing understanding and management of those needs. Trying to develop business continuity and contingency procedures before determining what your organization needs and what levels of risk it will tolerate, is akin to trying to author a book without first determining a plot.

This course provides participants with a solid understanding of business continuity management. It is based on industry best practice and guidelines for business continuity and reviews the “Business Continuity Management – Code of Practice” released by BSI, BS25999-1:2006. Practical exercises and instructor-led discussions will help students understand the benefits of business continuity management in an organization.  

BS 25999 advocates applying the same Plan-Do-Check-Act management methodology found in many other BSI, ISO, and IEC standards. Accordingly, this stage 1 course addresses BCMS Life Cycle key concepts required for BCMS planning.This course naturally serves as a prerequisite for attendance of Using BS 25999 Best Practices to Develop, Exercise, and Certify Business Continuity and Disaster Recovery Processes.

Leverage BS 25999 to Establish a business continuity management System to determine and evaluate your risks and corresponding risk strategy

Use ISO Standard 27005 to Determine and evaluate your risks and corresponding risk strategy

This course addresses BCMS Life Cycle key concepts required for BCMS planning in British Standard Parts 1 and 2. Additionally, the course augments the Standard's framework with risk management content supporting ISO/IEC Standard 27005 , and security content supporting ISO/IEC Standards 27001 and 27002.

Click to enlarge

BCM Policy and Program Management

• Establishing the need for a Business Continuity Management (BCM) Process, including: resilience strategies, recovery objectives, business continuity and incident management plans, obtaining management support for such a process.
• Organizing and managing the formulation of the function or process either in collaboration with, or as a key component of an integrated risk management initiative.
• Roles and Responsibilities; team development
• Developing, coordinating, evaluating and creating plans and procedures to communicate with external stakeholders, including the media, during incidents. 

Understanding the Organization

• Business Impact Analysis:
• Identifying the impacts resulting from disruptions and disaster scenarios that can affect the organization and developing techniques that can be used to quantify and qualify such impacts.
• Establishing critical functions, their recovery priorities and inter-dependencies so that recovery time objectives can be set. 

Risk evaluation and control

• Determining the events and environmental surroundings that can adversely affect the organization and its facilities with disruption and/or disaster and understanding the damage such events can cause.
• Establishing the controls needed to prevent or minimize the effects of potential loss.
  Providing cost-benefit analysis to justify investment in controls to mitigate risks.
• Using ISO 27005 and other risk assessment frameworks to support Business Impact Analysis 

Determining Business Continuity Management Strategies

• Determining and guiding the selection of alternative business recovery operating strategies for continuation of business within recovery time and/or recovery point objectives, while maintaining the organization's critical functions.
• Delivering solutions for continuation of business within the recovery time and/or recovery point objectives, whilst maintaining the organization's critical functions.
• Developing, coordinating, evaluating and creating plans and procedures to communicate with internal stakeholders during incidents.
• The provision of post-incident support and guidance for employees and their families.

business continuity management is a team effort! Decisions regarding critical business processes, organizational resources including people, facilities, products, services, and information technology are not made by a single person, or even a group of three or four.

• Decisions on how your organization will choose to accept risk, or invest to mitigate risk will ultimately be decided by the very people who are ultimately accountable for how well the organization runs - in good times and in bad.
• Therefore, senior management is required to at least lead BCM risk and strategy, which are covered in Establishing a Business Continuity Management System.
• Other employees, who will go on plan and deploy BCM controls will continue on to attend Using BS 25999 Best Practices to Develop, Exercise, and Certify Business Continuity and Disaster Recovery Processes.
• Learn more about how you can train your entire BCM team at half of the cost of regular public pricing.

Accordingly, the following key operations and risk management are recommended to attend since each is required to participate in the Business Continuity Management System:

Course Prerequisites

This is an advanced business strategy seminar. It is not a technical "how-to" course. This course will explore various business processes, environments, and risk strategy approaches to help you better understand how to best protect your organization's ability to prevent and sufficiently mitigate the business impact of a disruptive event.

Prior business is experience is highly recommended, and financial risk decision authority is preferred.

- or-