Implementing BS 25999 standard for BCP


Implementing BS 25999 standard for BCP

There is an increased awareness amongst organizations in relation to their approach towards disaster recovery (DR) and business continuity planning (BCP). A very thin line differentiates these two concepts. While DR is undertaken for systems in the data center, BCP is reserved for business processes.

Continue Reading This Article

Enjoy this article as well as all of our content, including E-Guides, news, tips and more.

By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.

You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

Safe Harbor

Pre-requisites for BS 25999 standard

The BS 25999 standard is a code of practice for guidance and recommendations. It establishes the processes, principles and terminologies of BCP. It also provides a basis for understanding, developing and implementing business continuity. There are two approaches (or rather situations), in which this standard could be implemented. The first approach comprises of implementing BS 25999 standard in a stable business environment, where one is aware of different processes. In the second instance, business is new, and one is not aware of how the processes will change.

It is ideal to implement BS 25999 standard for BCP only after some of the business processes have stabilized. Once the processes are in place, only then should you look at their continuity. This is a proven and conventional approach.

When BS 25999 standard is implemented in a new business, one can nominate a person who is an expert on the subject matter and look at stabilizing different processes. Out of ten processes, at least two or three processes would always have to be available, irrespective of anything.

Step-by-step execution

BS 25999 is a BCP standard; hence, it is better to first analyze the business processes in an organization and streamline them. Do not look at isolated silos of processes.

For the successful implementation of BS 25999 standard, it is important to break up activities into smaller functions and induct the right people. BCP involves making certain predictions, based on which norms have to be followed. The success of BS 25999 standard also hinges on the top management and how convinced it is about going forward with the execution

Implementing BS 25999 standard involves cost, strategy, and time. If you look at implementing BCP on day one, it is only going to be a cost implication for the organization without any profit.

Another standard that can be implemented along with BS 25999 is BS 25777. It is a new standard that talks about having internal DR for processes. It can be implemented after the BS 25999 standard to give a holistic IT approach to business.

About the author: Ashish Dandekar has served as the chief information officer of Power Exchange India. He is a certified business continuity professional and a lead auditor (ISO 25999). Dandekar is also an information security management system implementer (ISO 27001) and holds a Quality Management Certification (ISO 9001).

(As told to Jasmine Desai.)

This was first published in November 2010

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.