Business Continuity Planning BS25999-2:2007
I wonder how many companies were faced with the same problem that I faced following the Christmas and New Year shutdown: my office landlord decided that he would turn off the heating during this period in order to save money. The net result was that the office, and more importantly the computer equipment, became very cold. Upon turning the heating back on, condensation formed and this caused the equipment to short out.
The resulting bang not only did my constitution no good, it meant that the computer equipment had to be repaired. Fortunately our company has a business continuity plan which was put into action and none of our clients were put to any inconvenience.
At the end of 2007 The British Standards Institute produced an new standard BS 25999-2 Business Continuity Management and its code of practice BS25999-1. This can be either a stand-alone system or as part of ISO27001 (Information Security Management Standard).
BS25999-2 sets out the requirements for BCM (business continuity management) and how any organisation can reduce or mitigate any incident which interrupts or degrades the company or its operations.
The main areas are:
Having a business continuity plan in place will not stop a disaster happening, but it certainly will ensure that its effect can be mitigated and will ensure that the company can be up and running in the shortest possible time.
It is important to note that many companies that have been subject to a major disaster and do not have a business continuity plan have gone out of business.
Be prepared. It is not only for boy scouts.
The resulting bang not only did my constitution no good, it meant that the computer equipment had to be repaired. Fortunately our company has a business continuity plan which was put into action and none of our clients were put to any inconvenience.
At the end of 2007 The British Standards Institute produced an new standard BS 25999-2 Business Continuity Management and its code of practice BS25999-1. This can be either a stand-alone system or as part of ISO27001 (Information Security Management Standard).
BS25999-2 sets out the requirements for BCM (business continuity management) and how any organisation can reduce or mitigate any incident which interrupts or degrades the company or its operations.
The main areas are:
- Identify what potential risks could affect the company;
- Know what equipment would be needed in the event of a loss of building/facility;
- Keep copies of staff information off-site to be able to contact key personnel if required;
- Plan who will do what and when;
- Make contingency plans for staff if buildings are unavailable;
- Keep copies of important information off-site;
- Review and train everyone in the continuity plan and IT disaster recovery routine;
- Test the plan regularly;
- Learn lessons from any tests;
- Ensure the plan is kept up to date.
Having a business continuity plan in place will not stop a disaster happening, but it certainly will ensure that its effect can be mitigated and will ensure that the company can be up and running in the shortest possible time.
It is important to note that many companies that have been subject to a major disaster and do not have a business continuity plan have gone out of business.
Be prepared. It is not only for boy scouts.
Labels: BS25999-2:2007, Business Continuity Planning, ISO27001
Posted: Thursday, 24 January 2008
Business Continuity Planning
The flooding in July has shown that companies with proper business continuity plans have done well with little or no interruption in services. Those companies with no business continuity plans in place have fared less well. Some of these have been caught napping and their systems went down with uncertainty about resumption dates and doubts about insurance cover may mean that some companies ceased to trade.
A basic Business Continuity Plan looks at possible threats to the company and what action would be appropriate in these circumstances, moreover the actions are tested before disaster strikes and any corrective actions incorporated.
Plans that are put in place but are untested often fall at the first fence; an example of this is the company that has an uninterruptible power supply in place to deal with mains power loss, but takes no account of an interruption lasting an hour or more when the UPS power is exhausted.
Most of the planning is just common sense, but tell that to those companies facing ruin.
A basic Business Continuity Plan looks at possible threats to the company and what action would be appropriate in these circumstances, moreover the actions are tested before disaster strikes and any corrective actions incorporated.
Plans that are put in place but are untested often fall at the first fence; an example of this is the company that has an uninterruptible power supply in place to deal with mains power loss, but takes no account of an interruption lasting an hour or more when the UPS power is exhausted.
Most of the planning is just common sense, but tell that to those companies facing ruin.
Labels: Business Continuity Planning, ISO27001
Posted: Wednesday, 22 August 2007
0 Comments:
Post a Comment