PricewaterhouseCoopers implemented the BS25999 business continuity standard across its multi-site enterprise. It took a simple, concise and consistent approach with a small central team driving standardized documentation across 400+ staff and 800+ sites. Key challenges included balancing administrative requirements with usability, integrating multiple management systems, and raising awareness across a large organization. The implementation provided structure for business continuity planning and improvement, though continual assessment is needed to ensure ongoing success.

1. BS25999 implementation in a
multi-site enterprise
BCI/BSI/CCS BS25999 User Group
Leeds, April 28th 2010
Andy Mason MBCS CITP MBCI
Head of Business Continuity
PricewaterhouseCoopers LLP
PwC

2. Contents
BS25999 across PwC
Is it right for you?
Where next?
Is everything in order?
What was the multi-site approach?
Challenges – what challenges?
Conclusion – the end of the beginning?
PricewaterhouseCoopers LLP

3. BS25999 implementation in a multi-site enterprise
BS25999 across PwC
PricewaterhouseCoopers provides
industry-focused assurance, tax and
advisory services to build public trust
and enhance value for our clients and
their stakeholders. More than
163,000 people in 151 countries
across our network share their
thinking, experience and solutions to
develop fresh perspectives and
practical advice
PricewaterhouseCoopers in the UK
has 16000 Partners and staff spread
across 41 offices from Plymouth to
Aberdeen
BCI World Conference October 2009
PricewaterhouseCoopers LLP Slide 3

4. BS25999 implementation in a multi-site enterprise
Is it right for you?
Know the answer
Gap analysis
Cost/Benefit analysis
Operational impact
Previous experience of management
systems
Gain approval
Supplier selection
BCI World Conference October 2009
PricewaterhouseCoopers LLP Slide 4

5. BS25999 implementation in a multi-site enterprise
Where next?
ISO 14001 Environment Management System
PAS 99 Specification of common management system
requirements as a framework for integration
Standardised format for documentation
Programme to Management System
Requirements of BS25999-2:2007
Plan the project
BCI World Conference October 2009
PricewaterhouseCoopers LLP Slide 5

6. BS25999 implementation in a multi-site enterprise
Is everything in order?
Position for graphic BS25999 Internal Audit training
or image
Pre-assessment
Stage 1
Stage 2
BCI World Conference October 2009
PricewaterhouseCoopers LLP Slide 6

7. BS25999 implementation in a multi-site enterprise
What was the multi-site approach?
Simple, concise, consistent and relevant
Small central team
Firm first, standard second
Targeted and centrally driven
Repeatable components
Sustainable
Position for graphic
400+ people or image
800+ hardcopy plans
BCI World Conference October 2009
PricewaterhouseCoopers LLP Slide 7

8. BS25999 implementation in a multi-site enterprise
Challenges – what challenges?
Position for graphic Administration for administration’s sake
or image
Competencies – us and them!
MTPoDs
Integrated management systems – not quite!
Awareness-raising
Static versus dynamic
Position for graphic
or image How and why?
BCI World Conference October 2009
PricewaterhouseCoopers LLP Slide 8

9. BS25999 implementation in a multi-site enterprise
Conclusion –
the end of the beginning?
Positive experience
Disciplined and structured
Makes you think:
• What you do
• How you do it
• And why you do it
Continual improvement
Ongoing assessment
What does success look like?
BCI World Conference October 2009
PricewaterhouseCoopers LLP Slide 9

10. “There are risks and costs to a
programme of action…but they are far
less than the long ranging costs of
comfortable inaction.”
John F Kennedy
This publication has been prepared for general guidance on matters of interest only, and does not constitute
professional advice. You should not act upon the information contained in this publication without obtaining specific
professional advice. No representation or warranty (express or implied) is given as to the accuracy or completeness
of the information contained in this publication, and, to the extent permitted by law, PricewaterhouseCoopers LLP,
its members, employees and agents do not accept or assume any liability, responsibility or duty of care for any
consequences of you or anyone else acting, or refraining to act, in reliance on the information contained in this
publication or for any decision based on it.
© 2009 PricewaterhouseCoopers LLP. All rights reserved. 'PricewaterhouseCoopers' refers to
PricewaterhouseCoopers LLP (a limited liability partnership in the United Kingdom) or, as the context requires, the
PricewaterhouseCoopers global network or other member firms of the network, each of which is a separate and
independent legal entity.
PwC