The State of Business Continuity Standards

It may seem that standards are multiplying by leaps and bounds, and that's almost true. We thought it would be a good idea to take a look at what standards are around and what they can do for us. We hope you will find this week's articles helpful as you determine which standards you should adopt or not.

What role do standards play in dealing with disruptions? (Item #1)   Here's a listing of today's standards from all around the world. (Item #2)   If you're wondering how these standards relate to each other, here is a side-by-side comparison. (Item #3)  

Do you have to choose between the two leading standards or can you adopt both? (Item #4)   Why ARE there so many standards? (Item #5)   Here's how one company used standards certification to demonstrate best practices. (Item #6)  

As always, we look forward to hearing your comments & insights regarding business continuity. If you have a topic you'd like us to cover, email me at [email protected].

Bob Mellinger, President
Attainium Corp

1. Business continuity management and risk management: The role of standards

In recent years, standards have become a vital part of BCM and risk management, and are becoming more widely adopted around the world. The development of international standards is likely to strengthen this trend. By implementing standards, organizations gain the assurance that they are adhering to best practice. Adoption of a BCM or risk management standard can also provide assurance to trading partners that measures are in place to manage risk effectively and to deal with any disruption that may arise.
http://www.talkingbusinesscontinuity.com/media/36056/bsi%20-%20bcm%20and%20risk%20management%20report%20vfinal%20singles%20-%20brochure%20june%202011.pdf

2. Business Continuity Standards and Regulations

The regulations, standards, and guidelines listed here have been developed to help companies achieve standard levels of compliance with industry-recommended practices. In a few industries, such as financial industries, government, the energy sector, and healthcare, there are mandatory requirements that are audited regularly for compliance; in industries where business continuity is not mandated, adherence to one or more of these standards demonstrates initiative in preparedness, instilling confidence in business partners, clients, and authorities
http://www.lootok.com/Resource_Directory/business-continuity-standards-regulations.php

3. Business Continuity Management Standards-A Side-by-side Comparison

Whether an organization has begun a grassroots initiative to develop a business continuity plan or has started to wrap up the initial implementation of a continuity management process, the need to continually revisit and improve the business continuity management (BCM) process is critical to the development of successful and robust recovery strategies. In an effort to enhance business continuity management capabilities (and to comply with regulatory guidelines), some corporations have elected to adopt suggested best practices from industry-independent and industry-specific entities and regulatory agencies. A significant (and growing) number of standards exist that are related to BCM; the task of pinpointing best practice consistencies across the majority of these groups can be quite daunting.
http://www.isaca.org/Journal/Past-Issues/2003/Volume-2/Pages/Business-Continuity-Management-Standards-A-Side-by-side-Comparison.aspx

4. NFPA 1600 or BS25999... Why Not Both?

The purpose of this article is to offer an unbiased summary of the similarities and unique features of two leading standards, NFPA 1600 (v2007) and BS 25999-2, in order to show how each offers valuable approaches that can help organizations determine strategies and program management processes that best fit their organization. When considering which standard(s) best fit an organization, business continuity professionals should consider any and all standards that may be applicable and valuable.
http://www.disaster-resource.com/articles/08p_034.shtml

5. Business Continuity & Disaster Recovery: Too Many Standards?

I often wonder why there are so many differing variations of standards and differing perspectives all around the world. Why isn't one single all-encompassing standard for Business Continuity good enough? Is it necessary to include Business Continuity at the end of every standard? For instance, Emergency Management in a community is different that Business Continuity but there's a standard to address both. Why so many standards?
http://stoneroad.wordpress.com/2010/09/20/business-continuity-disaster-recovery-too-many-standards/

6. Case Study: Construction company uses BS 25999 certification to demonstrate best practice

Dixons Contractors is one of Northern Ireland's leading construction companies. The company offers a total-solution service from the initial design stage right through to the completion of a project. Dixons already holds an impressive portfolio of fully integrated management system certifications including ISO 9001 (quality management), ISO 14001 (environmental management) and BS OHSAS 18001 (occupational health and safety management). The company has recently been awarded certification from BSI to the business continuity management system standard, BS 25999. This award recognizes that Dixons has an effective business continuity plan in place to protect the company should normal business activity be disrupted.
http://www.talkingbusinesscontinuity.com/bs25999-implementation-case-studies/construction-company-uses-bs-25999-certification-to-demonstrate-best-practice.aspx