Fundamentals of Risk Management
Business continuity standards
Download 3.45 Mb. Pdf ko'rish
|
Fundamentals of Risk Management
- Bu sahifa navigatsiya:
- Business continuity 209 FIgURE 18.1 Disaster recovery timeline and costs A B C D Cost of operation
|
Business continuity standards
The British Standards Institute published a standard on business continuity manage- ment (BCM). This is BS 25999 Part 1 (2006) ‘Code of Practice – Business continuity management’ and was followed by BS 25999 Part 2 (2007) ‘Business continuity management. Specification’. It has now been replaced by an internationally accepted standard ISO 22301 (2012) ‘Societal Security – Business Continuity Management System – Requirements’. ISO 22301 is similar to BS25999 and is written in what is becoming the standard structure for management standards. It describes a plan–do– check–act (PDCA) approach that is similar to the plan–implement–measure–learn (PIML) approach used throughout this book and described in detail in Appendix C. ISO 22301 identifies a BCP lifecycle that has the following five components related to the Business Continuity Management System (BCMS): ● ● identify crucial risk factors already affecting the organization; ● ● understand the needs and obligations of the organization; ● ● establish, implement and maintain your BCMS; ● ● measure the overall capability to manage disruptive incidents; ● ● guarantee conformity with stated business continuity policy. Business continuity 209 FIgURE 18.1 Disaster recovery timeline and costs A B C D Cost of operation Major incident at point of time A A B C D Major incident, such as a fire or long-term power cut Level of service Time Full recovery from this point Increased cost of operation Limited emergency operations commenced at a back- up site, as planned by the disaster recovery plan Start-up of operations at an alternative emergency site, but the back-up site operations are disrupted Full recovery from this point Reduced level of service Cost of operation Level of service Figure 18.2 provides a model for BCP that is consistent with ISO 22301. Table 18.1 provides a checklist of the key activities involved in BCP. Having business continuity plans is recognized as essential by most large organizations. Indeed, many governments take an active role in encouraging businesses (especially small businesses) to develop and implement adequate business continuity plans. The main change introduced by ISO 22301 in comparison to BS 25999 is that ISO 22301 is the first standard to be written using the new high-level structure, which is common to all new management systems standards. This will make integration |
