Your SlideShare is downloading. ×
Bs25999 2 advisory board
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Introducing the official SlideShare app

Stunning, full-screen experience for iPhone and Android

Text the download link to your phone

Standard text messaging rates apply

Bs25999 2 advisory board

419
views

Published on

An old presentation about BS25999 parts 1&2 - but it explains some of the context about business continuity standards

An old presentation about BS25999 parts 1&2 - but it explains some of the context about business continuity standards


0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
419
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
1
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. BS25999 and OtherManagement Systems Standards (MSS) Chris Green, Chair BCM/1 This Presentation is an Adaptation of a Siemens- Insight copyright Presentation Insight Consulting
  • 2. Agenda BS25999 and other standards Benefits of the Management Systems approach Guidance Accreditation Other Developments
  • 3. Why have standards? Common understanding Common approach Common sets of evidence Promote quality in a particular subject area Reduced risk Reduce management overhead Greater assurance that the topic is managed effectively
  • 4. Which standard should we have? Broadly speaking there are four tiers of “standards” in the UK  PAS – guidance on best practice  BS – a standard for the UK in the form of a code of practice  BS – a specification allowing for the achievement of certification  ISO – an international standard superseding BS
  • 5. Positioning BS25999-1 Supersedes PAS56 Not the specification standard which will be BS25999-2 Related guidance should be compatible with BS25999, for instance any future PAS relating to continuity planning Could be superseded by an International Standard, so any ISO25999 would replace BS25999
  • 6. Global Vision for ISO 2006 to 2010 Facilitation of global trade Improvement in quality, safety, security, environmental and consumer protection, as well as rational use of resources Global dissemination of technologies and good practice
  • 7. Issue of Complexity  Great potential for synergy between standards  The synergies are not recognised  Economies relating to synergies are not realised
  • 8. Management Systems Standards ISO TMB MSS-SAG TC223 Societal Security RM Quality Environment Food Safety ISO 25700 ISO 9001 ISO 14001 ISO22000 SUPPLY CHAIN PAS 28003 BCM BS 25999 IT DR Crisis Mgt PAS 77 SSM/1
  • 9. Issue - More reporting and more management time  Constant stream of people reporting to the Board  Board room time taken up with reporting not strategy  No common themes nor messages  Management want confidence and assurance (this is exactly what the standards are aimed at providing)  Always ask for money
  • 10. PAS99 – MS Integration E OHS&S Q BC E OH&S Q BC Common Common Common Common COMMON
  • 11. Management Systems Generally the approach is:-  Standard Plan-Do-Check-Act model  BS describes establishing a Management System, its continuing operation and a process of continuing improvement  Subject specific information then fits into this model
  • 12. PDCA Model
  • 13. Implications for BS25999-2 This is the specification that will allow for certification Must weigh the benefits of commonality with other standards and the current practices in business continuity MSS approach will need adapting for our specialism whilst retaining the key characteristics of a certification standard and consistency with other related MSS Scope statements allow application to largest and smallest of organisations Scope must not be allowed to imply capability where none exists – for instance certification can only be achieved by addressing all steps and all controls in the standard
  • 14. 25999 Part 2 BS25999-2 has finished DPC 250 pages of comments ! Under review at present and being finalisde for the main committee to review in October 2007 Publication will be late October Guidance Documents underway
  • 15. The Standards Pyramid ISO BS25999 BSI/CEN FT pl S E Context; c 2 Framework; Scope Pu 50 Why do BCM bl – S ic m (benefits/drivers)?; – a Options; Na ll Ch Relation to Other Implementation / Testing tio ar Risk Areas Specialised na iti Functions l/L es oc /V HR – IT – OR - Legal – Security al ol un – Procurement – Ethics –Sector Guides ta Supply SM ry E Sector/Industry specific guides* Construction, Utilities Financial Pharmaceutical Aerospace & Retail mining, oil Engineering and gas
  • 16. The Standards Pyramid ISO BS25999 BSI/CEN FT pl S E Context; c 2 Framework; Scope Pu 50 Why do BCM bl – S ic m (benefits/drivers)?; – a Options; Na ll Ch Relation to Other Implementation / Testing tio ar Risk Areas Specialised na iti Functions l/L es oc /V HR – IT – OR - Legal – Security al ol un – Procurement – Ethics –Sector Guides ta Supply SM ry E Sector/Industry specific guides* Construction, Utilities Financial Pharmaceutical Aerospace & Retail mining, oil Engineering and gas
  • 17. The Standards Pyramid ISO BS25999 BSI/CEN FT pl S E Context; c 2 Framework; Scope Pu 50 Why do BCM bl – S ic m (benefits/drivers)?; – a Options; Na ll Ch Relation to Other Implementation / Testing tio ar Risk Areas Specialised na iti Functions l/L es oc /V HR – IT – OR - Legal – Security al ol un – Procurement – Ethics –Sector Guides ta Supply SM ry E Sector/Industry specific guides* Construction, Utilities Financial Pharmaceutical Aerospace & Retail mining, oil Engineering and gas
  • 18. Accreditation Bodies 5 accreditation bodies interested 4 volunteers for pilot – however, concerns that they are “all the same” Competence Criteria for Auditors being developed
  • 19. Other emerging standards PAS77 – IT Continuity guidance  Developed in isolation from BS25999  Does not follow precepts of PAS56 or BS25999  Does not follow the management systems approach  Not clear how this fits with other related standards – e.g. ISO 20000 (ITIL) ISO/IEC 24762 – Recovery Site Provision  Didn’t ask any recovery site vendors !
  • 20. Risk Management Risk Management standard  BCM and Risk Management committees have swapped glossaries and trying to agree common terms  Where BS25999 uses risk assessment it has tried to reflect developments of risk management standard
  • 21. ISO IPOCM Commencement  Broadly similar to Programme Management  Define scope, management commitment, policy Planning  Broadly similar to Understanding Your Business  Includes risk assessment and Impact Analysis  Also response as includes Response Management Implementation and Operation  Includes resourcing, competence, education and awareness and operational control structure Performance Assessment  Evaluation of effectiveness including testing, maintenance and audit  Broadly similar to BS25999
  • 22. IPOCM This is work in progress and a long way from a finalised document Terminology slightly different from UK common usage and the business continuity industry as most of us have come to know it  For the most part UK practitioners can embrace the changes Approach slightly different to BS25999/PAS56  But many common points
  • 23. Room for more? Should there be standards in specific areas of business continuity?  PAS77 could be developed into a standard  Could there be an Incident Management standard?  Overall Governance standard?
  • 24. What happens next? Committee continues in operation Focus for other related committees (e.g. risk management) Review of BS25999 so that subsequent revisions lead to improvements in the standard Focus for expertise and contribution to ISO deliberations