Business Continuity Planning BS25999-2-2007

I wonder how many companies were faced with the same problem that I faced following the Christmas and New Year shutdown: my office landlord decided that he would turn off the heating during this period in order to save money. The net result was that the office, and more importantly the computer equipment, became very cold. Upon turning the heating back on, condensation formed and this caused the equipment to short out.

The resulting bang not only did my constitution no good, it meant that the computer equipment had to be repaired. Fortunately our company has a business continuity plan which was put into action and none of our clients were put to any inconvenience.

At the end of 2007 The British Standards Institute produced an new standard BS 25999-2 Business Continuity Management and its code of practice BS25999-1. This can be either a stand-alone system or as part of ISO27001 (Information Security Management Standard).

BS25999-2 sets out the requirements for BCM (business continuity management) and how any organisation can reduce or mitigate any incident which interrupts or degrades the company or its operations.

The main areas are:

  • Identify what potential risks could affect the company;
  • Know what equipment would be needed in the event of a loss of building/facility;
  • Keep copies of staff information off-site to be able to contact key personnel if required;
  • Plan who will do what and when;
  • Make contingency plans for staff if buildings are unavailable;
  • Keep copies of important information off-site;
  • Review and train everyone in the continuity plan and IT disaster recovery routine;
  • Test the plan regularly;
  • Learn lessons from any tests;
  • Ensure the plan is kept up to date.

Having a business continuity plan in place will not stop a disaster happening, but it certainly will ensure that its effect can be mitigated and will ensure that the company can be up and running in the shortest possible time.

It is important to note that many companies that have been subject to a major disaster and do not have a business continuity plan have gone out of business.

Be prepared. It is not only for boy scouts.

Chris Eden FIBC, MISSA, ACQI is a director of Quality Matters Limited an established independent management consultancy specializing in ISO27001 Information Security Management accreditation.

Source: www.isnare.com