BS25999

Introducing Standards

This is a short introduction to the world of Standards outlining how they are developed. 

A standard is a document defining best practice, established by consensus and approved by a recognized body (such as BSI, ANSI or ISO). Each standard is kept current through a process of maintenance and review whereby it is updated, revised or withdrawn as necessary.

ISO 22301 Business Continuity Standard moves forward

ISO - International Standards and Business Continuity
 
In November  the member countries of the International Standards Organisation (ISO) have been meeting in Beijing to discuss the proposed ISO for Business Continuity ISO22301. 
 
Earlier in the week doubts had been cast on its future following concerns expressed by a number of countries that the development of an Organizational Resilience Standard had the potential to adversely impact on the consistency and application of both Standards.
 

EON achieves Business Continuity BS25999 certification again

 
Last year Continuity Forum reported on E.ON UK’s accomplishment in achieving BS25999-2 certification across its Business services, with no non-conformities found
 
Recently, following a Continuing Assessment surveillance visit by BSI auditors, E.ON UK has been successful in maintaining its Business Continuity certification - again with no non-conformities found. 
 

Phase 2 Consultation of Civil Contingencies Act

After two years the revision of the Civil Contingencies Act (CCA) through the Enhancement Programme (EP) is nearing completion with the final consultations closing on 27th September 2011.  
 
The Enhancement Programme to the Civil Contingencies Act covers most areas of the legislation and has been split into phases. The phase has delivered updates centred primarily on Emergency Response and Recovery across the country and builds on the lessons learnt since the introduction of the Act. Clarification and updates have also been made on Good Practice Guidance, Mutual Aid and the fit with other legislation. (Summary of Phase One work)   
 
The work continues with consultation on the changes proposed in the following areas: 
 
Co-operation
Local Responder Risk Assessment Duty
Business Continuity Management
Communicating with the Public
Business Continuity Advice and Assistance to Business and the Voluntary Sector);
Arrangements for London
 
If you have yet to review these changes to the Act time is running out. You can use the links below to see and comment on the changes proposed.  
 
The Continuity Forum welcomes the revision process, particularly the aligning of Business Continuity arrangements with the British Standard BS25999 that we feel the revisions significantly clarify the expectations of the Act within all Category One and Two Responders. Another Major plus for the revised Act are the expectations relating to communications which we feel is a major step forward, providing greater clarity and removing much of the ambiguity that previously existed. It is clear to us that the CCA team has worked hard to a balanced review that provides flexibility in delivering appropriate solutions and processes, whilst maintaining clear direction on the expectations of the Act.    
 
The alignment with BS25999 is of particular importance to the sector and our communities as the Civil Contingencies Act preceded the launch of the Standard. Whilst many of those within the sector had aligned with BS25999 principles the now revisions make this expectation far clearer. We would hope that those planing in Category One and Two organisations will quickly move to assess and adapt their planning to meet this expectation, in particular the aspects that address their supply chain. Many BCM professionals working within organisations covered by the CCA have found this area to be a difficult area to address with management and has led to numerous avoidable problems.     
 
One area that we feel may need to be strengthened is the verification and audit of of the Business Continuity arrangements in place. Whilst we accept that some aspects of the BCM capabilities within Category One organisations may need a degree of adaption (and indeed BS25999 allows for this) this should not undermine the intent of either the Act or BS25999. Consequently, we would to see a condition added to justify variance from the standard.  This would not undermine the flexibility of either the Act or standard, but would result in evidence for the need to vary from accepted Good Practice to be justified more clearly. We also feel that a little more focus should be given to the audit and assessment of the plans developed and deployed as could be argued as fundamental to delivery of value from the investment being made. 
 
With regards to Category Two responders, we feel that the regulators for these sectors need to pay far more attention to the Business Continuity arrangements developed by the companies they are responsible for regulating and should demand similar levels of detail and regular updates. The Continuity Forum is working in this area and we are hoping to meet with the primary regulators shortly to discuss this issue further.        
 
Links to more information is shown below: (Opens in new window)
 
In a change to previous consultations, those wishing to comment are asked to submit their comments, via a dedicated on-line survey. The link is HERE!
   
If preferred, paper based comments will be accepted and a template can be requested from ccact@cabinet-office.x.gsi.gov.uk
 
Final versions of the revised Act are expected to be complete in early Spring 2012. 
 
If you have any questions or would like to discuss the Civil Contingencies Act in more detail please do get in touch.
 

 

 

BS25999 achieved by Vocal

 

The British Standards Institute has awarded Vocal, best known for its iModus notification system,  full BS25999 accreditation – the British standard of business continuity management. The accreditation incorporates the entire organisation and including the iModus system. 
 

ANSI approve ASIS/BSI BCM.01 standard

 

The American National Standards Institute (ANSI) has approved the ASIS/BSI BCM.01 2010 standard for Business Continuity Management. 

 

The full name for the standard is ANSI/ASIS/BSI BCM.01:2010, Business Continuity

Dr Marc Siegel

Management Systems - Requirements with Guidance for Use (Joint ASIS International and British Standards Institute (BSI) Standard) and whilst a mouthful it reflects the very close collaboration throughout the whole development process between ASIS and the BSI.  This approach led to a multi-national team being involved with committee formed responsible for the development being co-chaired by Dr Marc Siegel (US) and Kevin Brear (UK) and that also included Russell Price from the Continuity Forum.

 

BS25999 awarded to EC Group

EC Group has become the first promotional handling and fulfilment company to be awarded BS 25999 certification in Business Continuity Management from BSI. EC Group provides outsourced marketing services. 

PlanB Consulting awarded BS25999 Certificate at Resilient Scotland Conference

 
Kim and Charlie Maclean-Bristol Directors of PlanB Consulting were awarded their BS25999 (the British Standard for business continuity) Certificate by Gordon Stewart of the British Standards Institute at the Resilient Scotland Conference in Edinburgh on 22 November 2010.

BS25999 Certification for Altius Associates Limited

 
Altius Associates Limited (“Altius”) are the first financial services company in the world to achieve official accreditation to the Global Industry Standard for Business Continuity, BS25999. 
 

Interxion gains BS 25999 Certification

 
Interxion, a leading European provider of carrier-neutral colocation data centre services, today announced that it has achieved the highly regarded certification of BS 25999, the British Standards Institution (BSI) standard for Business Continuity Management. This has been integrated with Interxion’s existing Information Security Management System certification, ISO 27001.

Vodafone retains BS25999 status ... and highlights the value

Business Continuity forum 

Vodafone UK has recently been undergoing a thorough audit by the BSI as part of the retention process for its BS25999 certification for Business Continuity Management. The successful outcome demonstrates the capability of the Vodafone approach and in achieving recertification demonstrates to customers the added resilience of the services provided by Vodafone.

 

This is a point not lost on Vodafone's management. In their press statement they make reference to the clear responsibility they have as a telecommunications company to other organisations and particularly their  BCM plans. Peter Kelly, Enterprise Director Vodafone UK says “We know that mobile communications are an essential service for all businesses – retaining BS 25999 certification demonstrates that we continue to deliver the most reliable and highest quality network for our customers, no matter what.”

Continuity is crucial for construction

HERE in the UK, approaches to business continuity are becoming far more holistic. However, in the North East the association with business continuity and IT is still incredibly strong.

This may go some way to explaining why some businesses in the construction industry have not been able to reap the benefits of investing in an effective business continuity management system (BCMS).

Tender documents from the public sector increasingly ask businesses to offer evidence of a business continuity plan and statements from the coalition Government have suggested that this will only become more prominent.

E.ON UK achieves certification to BS25999

Business Continuity Forum

E.ON, the world’s largest investor-owned utility, recently celebrated the achievement of BS25999-2:2007 certification across all its UK business services locations. This follows nearly two years of preparation led by business continuity manager, Jag Gogna. This decision was preceded by a review in 2007 of business continuity and crisis management of over 50 locations and around 16,000 staff.

The challenge from the outset, he explains, was to secure support and buy-in from senior strategic and operational mangers from across all aspects of the company. Cultivating the required relationships and instilling the required confidence among staff is vital to a cooperative culture.

Environment Agency responds to Pitt review findings on 2007 Summer flooding

Category Business Continuity legislative, regulatory and government


Environment Agency accepts Pitt Review in Full


The report of Sir Michael Pitt's Review into the floods of Summer 2007 was published in June 2008. The Government welcomes this Review, and pays tribute to Sir Michael Pitt and his team. They have thoroughly reviewed the flooding that happened in 2007 and identified clearly the lessons that should be learned.

BSI BS25777 for ICT Continuity

BSI British Standard  BS 25777 for Information and Communications Technology continuity management.


Following on from the development of BS25999 BSI has announced a complimentary standard aimed at detailing good practice at the ICT level, BS25777 for ICT Continuity.

ICT continuity management, a key part of the overall business continuity management (BCM) process of an organization, ensures that ICT services are resilient and in the event of disaster, can be recovered within timescales agreed with senior management.

Syndicate content

Business Continuity Forum creating Resilince and security

Creating Continuity... Building Resilience...