Business Continuity Planning BS25999-2-2007
Submit Articles Back to Articles
I wonder how many companies were faced with the same problem that I faced
following the Christmas and New Year shutdown: my office landlord decided that
he would turn off the heating during this period in order to save money. The net
result was that the office, and more importantly the computer equipment, became
very cold. Upon turning the heating back on, condensation formed and this caused
the equipment to short out.
The resulting bang not only did my constitution no good, it meant that the
computer equipment had to be repaired. Fortunately our company has a business
continuity plan which was put into action and none of our clients were put to
At the end of 2007 The British Standards Institute produced an new standard
BS 25999-2 Business Continuity Management and its code of practice BS25999-1.
This can be either a stand-alone system or as part of ISO27001 (Information
Security Management Standard).
BS25999-2 sets out the requirements for BCM (business continuity management)
and how any organisation can reduce or mitigate any incident which interrupts or
degrades the company or its operations.
The main areas are:
- Identify what potential risks could affect the company;
- Know what equipment would be needed in the event of a loss of
- Keep copies of staff information off-site to be able to contact key
personnel if required;
- Plan who will do what and when;
- Make contingency plans for staff if buildings are unavailable;
- Keep copies of important information off-site;
- Review and train everyone in the continuity plan and IT disaster recovery
- Test the plan regularly;
- Learn lessons from any tests;
- Ensure the plan is kept up to date.
Having a business continuity plan in place will not stop a disaster
happening, but it certainly will ensure that its effect can be mitigated and
will ensure that the company can be up and running in the shortest possible
It is important to note that many companies that have been subject to a major
disaster and do not have a business continuity plan have gone out of business.
Be prepared. It is not only for boy scouts.
About the Author
Chris Eden FIBC, MISSA, ACQI is a director of Quality Matters Limited an
established independent management consultancy specializing in
Information Security Management accreditation.
Follow us @Scopulus_News
Article Published/Sorted/Amended on Scopulus 2008-02-05 22:52:08 in Business Articles