The document discusses the benefits of BS 25999, a standard for business continuity management. It provides a flexible, process-based framework that can be applied to any organization. Following the standard helps businesses make informed decisions, ensure their continuity processes are effective through audits and reviews, and protect long-term business goals. Certification also provides assurance to stakeholders and can help businesses spend resources strategically.
Taurus Zodiac Sign_ Personality Traits and Sign Dates.pptx
Benefiting From Bs25999 Lee
1. Benefiting from BS 25999
Business Continuity Management
Lee Allison CISM CISSP CAS (lee@spiir.net)
Managing Director, Spiir Security Consulting
BSI Certification Auditor & Course Tutor
“80% of [SME] businesses affected by a
major incident like a fire either never re-
open or close within 18 months.”
Douglas Barnett
Risk control strategy manager
Benefiting from BS 25999 IVC Nigeria AXA Insurance
Business Continuity Management 27th May 2009
2. Flexible Framework
• Process based
• High-level requirements
• Applies to any organisation
• The ‘what’ not the ‘how to’
• Integration with other standards
(e.g. ISO 27001, ISO 20000, ISO 9001, etc)
• Auditable specification
Benefiting from BS 25999 IVC Nigeria
Business Continuity Management 27th May 2009
3. Management System
Implement & operate
BS
25999
Part 2
BCMS
Policy
Scope
Objectives
Law Resources
Regs Procedures
Req Plans Monitor &
… review
Benefiting from BS 25999 IVC Nigeria
Business Continuity Management 27th May 2009
4. PDCA
The PDCA cycle is the
means of ensuring that
business continuity is
effectively managed and
Plan Do improved.
Act Check
Standardisation
Benefiting from BS 25999 IVC Nigeria
Business Continuity Management 27th May 2009
5. BCMS Maturity Continual Improvement
X
X
X
Time
Benefiting from BS 25999 IVC Nigeria
Business Continuity Management 27th May 2009
6. BCM Lifecycle
The Business Continuity
Lifecycle represents the
continuous operation of
the business continuity
programme within the
organization.
The PDCA cycle applies to all
parts of the BCM Lifecycle.
Benefiting from BS 25999 IVC Nigeria
Business Continuity Management 27th May 2009
7. BCMS Audits
• Requirement of the standard
• Process auditing
• BCMS effectiveness in achieving defined
goals and objectives
• Feedback to management
• Part of the continual improvement process
• Corrective actions
Benefiting from BS 25999 IVC Nigeria
Business Continuity Management 27th May 2009
8. Management Review
• Requirement of the standard
• Review of BCMS in achieving objectives
• Directing improvement and changes
• Taking action on weak areas
– Resources
– Budget
– etc
Benefiting from BS 25999 IVC Nigeria
Business Continuity Management 27th May 2009
9. Benefiting from BS 25999
• Making intelligent decisions based on more than
‘gut’ feeling
• $pend on what is necessary to achieve objectives
and reduce expenditure in less critical areas
• Assurance that things are actually as they seem
• Pro-active in protecting long-term business goals
• Duty of care to share holders, customers & staff
• 3rd party audit and certification
Benefiting from BS 25999 IVC Nigeria
Business Continuity Management 27th May 2009