About the BCI
• Join the BCI
• BCI Certification
• BCI Regional Forums
• BCI News
• BCI Mentor Scheme
• Joint Ventures
• Guides
• FAQs
Consultancy Register

GPG
BS25999 and other   Standards
• BCI E-Learning
• BCI Training
• BCI Accredited Training
• BCI Benchmark
 BCM World Conference   and Exhibition
• BCI Workshops
• Industry Vacancies
• Bookstore
• Conference Diary

BCI Partnership
Partners
Industry Suppliers
Industry News
Current Thinking
Continuity Magazine
Special Interest Groups
Awareness Raising
 
 
BS25999 and other standards

BCM Legislations, Regulations, Standards and Guidelines

The BCI is regularly asked by members and other interested parties about current legislation, regulation and standards that exist nationally and internationally for Business Continuity Management.  It is difficult to provide a definitive list because there are regular changes and amendments at a country level and often inconsistent terminology between countries, sectors and legislators. 

The document we have produced is the most comprehensive that it was possible to produce based upon information provided to us by our members around the world. Where we have country input we have included it alphabetically. At the end of the document we have a page summarising current and projected international initiatives particularly those supported by the International Standards Organisation (ISO) and the Basel Committee on Banking Supervision.

Please click here to view

We are still looking for you to contribute, in particular we would like input from all European Countries as we currently only have info from UK, Switzerland and Russia.

Please send your contributions to Jan Gilbert, jan.gilbert@thebci.org.

 

BSI's Partnership with the BCI
BSI has partnered with the Business Continuity Institute to promote the highest standards of professional competence and commercial ethics in the provision and maintenance of business continuity planning and services.

BSI Business Continuity Self-assessment Free trial of BSI Business Continuity Self-assessment

Click here to request a Free trial of the new BSI
Business Continuity Self-assessment tool.


Various standards and legislation relate to business continuity management - this page overviews the main ones

BS25999 Part one
This Standard establishes the process, principles and terminology of business continuity management (BCM), providing a basis for understanding, developing and implementing business continuity within an organisation and to provide confidence in business-to-business and business-to-customer dealings. Usually published at £90 + post and packing, the BCI are able to offer this publication at:

£80 including post and packing to BCI members
£90 including post and packing to non-members.
Click here to place your order. Payment must accompany order.

To download a PDF copy of BS25999 visit the online shop 


BS25999 Part two
BS 25999-2 specifies requirements for establishing, implementing, operating, monitoring, reviewing, exercising, maintaining and improving a documented Business Continuity Management System (BCMS) within the context of managing an organization’s overall business risks.

The requirements specified in BS 25999-2 are generic and intended to be applicable to all organizations (or parts there of), regardless of type, size and nature of business. The extent of application of these requirements depends on the organization's operating environment and complexity.

Therefore the design and implementation of a BCMS to meet the requirements of this standard will be influenced by regulatory, customer and business requirements, the products and services, the processes employed and the size and structure of the organization. It will not be the intent of this British Standard to imply uniformity in the structure of a BCMS but for an organization to design a BCMS to be appropriate to its needs and that meets its stakeholder’s requirements.

BS 25999-2 can be used by internal and external parties, including certification bodies, to assess an organization’s ability to meet its own business continuity needs, as well as any customer, legal or regulatory needs.

Please note that if you wish to purchase the PDF download of the BS25999-2 the price will be £90.00, Unfortunately the BSI currently has no facility to offer any form of promotional discounts in its online shop

However, if you wish to purchase a hard copy, please complete the order form and send to the address indicated. The price for this will be £80 for BCI members and £90 for BCI non members.

To download a PDF copy of BS25999 visit the online shop


Latest news:
BSI achieves global accreditation for BS 25999 certification

BSI Management Systems has announced that is has been independently accredited to deliver worldwide certification against BS 25999, the business continuity management standard. BSI’s accreditation has been granted by UKAS (United Kingdom Accreditation Service), the globally recognized accreditation body.

BSI was the first certification body in the world to register clients to the standard in November 2007 and it can now offer a fully-accredited certification scheme.

“This is another example of BSI’s commitment to sustain its leadership role in the world market by helping our clients manage their risk”, said BSI Management Systems' managing director, Flemming Norklit. “We have seen a wide range of organizations asking us for certification to the standard, including governments, banks, retailers and ICT businesses. Now we are able to offer a fully-accredited scheme, we expect demand to rise even more rapidly while passing the rigorous UKAS accreditation process means that BSI can demonstrate independent compliance with the exacting standards for competency and impartiality laid down in ISO/IEC 17021, the standard for bodies providing audit and certification of management systems.” Mr Norklit adds, “From today accredited BS 25999 certification from BSI provides the independent assurance that organizations really do meet business continuity management best practice and so are ready to protect their businesses.”

www.bsigroup.com/managementsystems




BS 25777
Do you have a plan for when your computer system crashes?  Can your business continue without information and communication technology (ICT)?

In most organizations, the processes that deliver products and services depend on information and communication technology (ICT).

Disruption to ICT can therefore be a huge risk and can damage your organization's ability to operate and undermine its reputation. The consequences of a disruptive incident vary and can be far-reaching, and might not be immediately obvious at the time. So how would you cope?

BS 25777 will help your organization plan and implement an ICT continuity strategy.  ICT continuity management supports the overall business continuity management (BCM) process of an organization. BCM ensures that your organization’s processes are protected from disruption and is able to respond positively and effectively when disruption occurs.

For more details : http://www.bsi-global.com/en/Shop/Publication-Detail/?pid=000000000030166966

To download a PDF copy of BS25777 visit the online shop


NFPA 1600
The North American business continuity standard: download the 2007 edition (PDF)


ASIS/BSI standard development

With the announcement of the formation of a joint ASIS (American Society for Industrial Security) and BSI (British Standards Institution) technical committee to develop a Business Continuity Management standard for the United States, a number of BCI members requested that the Institute organise a teleconference to discuss the implications.

It had to be organised a short notice prior to the official first meeting in Virginia, the intent was to make it open to all members worldwide who wished to dial in and the agenda was relatively informal. However it proved a valuable opportunity for members to make specific points and also to get clarification from BCI members who were physically going to attend the meeting in the United States. There were Kevin Brear, who will act as the overall committee vice-chair and Paul Kirvan (BCI Board Member) who is a US citizen and resident.

The BCII would like to thank Kevin and Paul for their excellent contribution to this teleconference, which you can listen to by clicking on http://www.thebci.org/finalusstandardsdebate.mp3

We apologise in advance for the poor quality of the recording in parts but hopefully this will still give a feel those unable to join in an idea of the topics discussed. We intend to publish further updates on the BCI website as this project progresses and (if there is sufficient membership demand) have additional open tele-conferences.

Report on ASIS/BSI Working Group Meeting, 15-16 January 2009, Ritz Carlton Pentagon City Hotel, Alexandria, Virginia, USA


ISO/PAS 22399:2007
ISO publishes international benchmark for incident preparedness and operational continuity management.

ISO has published the first internationally ratified benchmark document addressing incident preparedness and continuity management for organizations in both public and private sectors.

The Publicly Available Specification ISO/PAS 22399:2007, Societal security – Guideline for incident preparedness and operational continuity management, is based on best practice from five national standards from Australia, Israel, Japan, the United Kingdom and the United States.

More details. (PDF)


BS ISO/IEC 27002:2005, BS 7799-1:2005
A standard for an Information Security Management System. Following the requirements of ISO/IEC 27002., you will identify, manage and minimise the range of threats to your information. By using ISO/IEC 27002. as the basis for your ISMS, you can become registered by BSI. More details can be found at http://www.bsi-global.com/en/Shop/Publication-Detail/?pid=000000000030166440


ITIL
Continuity Management, IT Security and Availability Management appear as part of the IT Infrastructure Library’s Service Delivery management practices; designed to ensure that IT services are provided and remain as intended.


Risk management
The IRM’s Risk Management Standard was the result of extensive work by a team drawn from the major risk management organisations in the UK including the IRM, AIRMIC and ALARM. The standard can be downloaded or ordered from www.theirm.org/publications/PUstandard.html


Civil Contingencies Act
The Civil Contingencies Act received Royal Assent on 18th November 2004 and is split into two parts. Part 1 addresses local arrangements for civil protection and part 2 concerns the conditions and scope of the necessary emergency powers. A comprehensive history of related press releases, letters from the Civil Contingencies Secretariat and further information can be found on the UK Resilience website.


Singapore Technical Reference for business continuity
New business continuity guidelines are being launched in Singapore. Entitled the ‘Business Continuity Management Technical Reference’ the document is the result of a project spearheaded by the Singapore Business Federation (SBF) with the support of the Singapore Economic Development Board and SPRING Singapore. BCI helped to review the standard. Read the full story

 

Training



Members login:

Many of the resources in this website are for members only.


Search:
Click here to search this site using Google technology.