Bs25999 2 advisory board

1,130 views

Published on

An old presentation about BS25999 parts 1&2 - but it explains some of the context about business continuity standards

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,130
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
3
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Bs25999 2 advisory board

  1. 1. BS25999 and OtherManagement Systems Standards (MSS) Chris Green, Chair BCM/1 This Presentation is an Adaptation of a Siemens- Insight copyright Presentation Insight Consulting
  2. 2. Agenda BS25999 and other standards Benefits of the Management Systems approach Guidance Accreditation Other Developments
  3. 3. Why have standards? Common understanding Common approach Common sets of evidence Promote quality in a particular subject area Reduced risk Reduce management overhead Greater assurance that the topic is managed effectively
  4. 4. Which standard should we have? Broadly speaking there are four tiers of “standards” in the UK  PAS – guidance on best practice  BS – a standard for the UK in the form of a code of practice  BS – a specification allowing for the achievement of certification  ISO – an international standard superseding BS
  5. 5. Positioning BS25999-1 Supersedes PAS56 Not the specification standard which will be BS25999-2 Related guidance should be compatible with BS25999, for instance any future PAS relating to continuity planning Could be superseded by an International Standard, so any ISO25999 would replace BS25999
  6. 6. Global Vision for ISO 2006 to 2010 Facilitation of global trade Improvement in quality, safety, security, environmental and consumer protection, as well as rational use of resources Global dissemination of technologies and good practice
  7. 7. Issue of Complexity  Great potential for synergy between standards  The synergies are not recognised  Economies relating to synergies are not realised
  8. 8. Management Systems Standards ISO TMB MSS-SAG TC223 Societal Security RM Quality Environment Food Safety ISO 25700 ISO 9001 ISO 14001 ISO22000 SUPPLY CHAIN PAS 28003 BCM BS 25999 IT DR Crisis Mgt PAS 77 SSM/1
  9. 9. Issue - More reporting and more management time  Constant stream of people reporting to the Board  Board room time taken up with reporting not strategy  No common themes nor messages  Management want confidence and assurance (this is exactly what the standards are aimed at providing)  Always ask for money
  10. 10. PAS99 – MS Integration E OHS&S Q BC E OH&S Q BC Common Common Common Common COMMON
  11. 11. Management Systems Generally the approach is:-  Standard Plan-Do-Check-Act model  BS describes establishing a Management System, its continuing operation and a process of continuing improvement  Subject specific information then fits into this model
  12. 12. PDCA Model
  13. 13. Implications for BS25999-2 This is the specification that will allow for certification Must weigh the benefits of commonality with other standards and the current practices in business continuity MSS approach will need adapting for our specialism whilst retaining the key characteristics of a certification standard and consistency with other related MSS Scope statements allow application to largest and smallest of organisations Scope must not be allowed to imply capability where none exists – for instance certification can only be achieved by addressing all steps and all controls in the standard
  14. 14. 25999 Part 2 BS25999-2 has finished DPC 250 pages of comments ! Under review at present and being finalisde for the main committee to review in October 2007 Publication will be late October Guidance Documents underway
  15. 15. The Standards Pyramid ISO BS25999 BSI/CEN FT pl S E Context; c 2 Framework; Scope Pu 50 Why do BCM bl – S ic m (benefits/drivers)?; – a Options; Na ll Ch Relation to Other Implementation / Testing tio ar Risk Areas Specialised na iti Functions l/L es oc /V HR – IT – OR - Legal – Security al ol un – Procurement – Ethics –Sector Guides ta Supply SM ry E Sector/Industry specific guides* Construction, Utilities Financial Pharmaceutical Aerospace & Retail mining, oil Engineering and gas
  16. 16. The Standards Pyramid ISO BS25999 BSI/CEN FT pl S E Context; c 2 Framework; Scope Pu 50 Why do BCM bl – S ic m (benefits/drivers)?; – a Options; Na ll Ch Relation to Other Implementation / Testing tio ar Risk Areas Specialised na iti Functions l/L es oc /V HR – IT – OR - Legal – Security al ol un – Procurement – Ethics –Sector Guides ta Supply SM ry E Sector/Industry specific guides* Construction, Utilities Financial Pharmaceutical Aerospace & Retail mining, oil Engineering and gas
  17. 17. The Standards Pyramid ISO BS25999 BSI/CEN FT pl S E Context; c 2 Framework; Scope Pu 50 Why do BCM bl – S ic m (benefits/drivers)?; – a Options; Na ll Ch Relation to Other Implementation / Testing tio ar Risk Areas Specialised na iti Functions l/L es oc /V HR – IT – OR - Legal – Security al ol un – Procurement – Ethics –Sector Guides ta Supply SM ry E Sector/Industry specific guides* Construction, Utilities Financial Pharmaceutical Aerospace & Retail mining, oil Engineering and gas
  18. 18. Accreditation Bodies 5 accreditation bodies interested 4 volunteers for pilot – however, concerns that they are “all the same” Competence Criteria for Auditors being developed
  19. 19. Other emerging standards PAS77 – IT Continuity guidance  Developed in isolation from BS25999  Does not follow precepts of PAS56 or BS25999  Does not follow the management systems approach  Not clear how this fits with other related standards – e.g. ISO 20000 (ITIL) ISO/IEC 24762 – Recovery Site Provision  Didn’t ask any recovery site vendors !
  20. 20. Risk Management Risk Management standard  BCM and Risk Management committees have swapped glossaries and trying to agree common terms  Where BS25999 uses risk assessment it has tried to reflect developments of risk management standard
  21. 21. ISO IPOCM Commencement  Broadly similar to Programme Management  Define scope, management commitment, policy Planning  Broadly similar to Understanding Your Business  Includes risk assessment and Impact Analysis  Also response as includes Response Management Implementation and Operation  Includes resourcing, competence, education and awareness and operational control structure Performance Assessment  Evaluation of effectiveness including testing, maintenance and audit  Broadly similar to BS25999
  22. 22. IPOCM This is work in progress and a long way from a finalised document Terminology slightly different from UK common usage and the business continuity industry as most of us have come to know it  For the most part UK practitioners can embrace the changes Approach slightly different to BS25999/PAS56  But many common points
  23. 23. Room for more? Should there be standards in specific areas of business continuity?  PAS77 could be developed into a standard  Could there be an Incident Management standard?  Overall Governance standard?
  24. 24. What happens next? Committee continues in operation Focus for other related committees (e.g. risk management) Review of BS25999 so that subsequent revisions lead to improvements in the standard Focus for expertise and contribution to ISO deliberations

×