BS25999 - the Business Continuity Planning Standard
Important information: ISO22301, which was published in May 2012, is the new international standard for business continuity management. The international standard will effectively supersedes BS25999, which is in the process of being withdrawn.
Organisations that are currently certified to BS25999 will have 24 months (until 30 May 2014) to transition themselves to ISO22301.
This page contains information relating to BS25999, business continuity best practice, business continuity planning and disaster recovery planning. Visit our ISO22301 page for information relating to the new standard.
BS25999 - The British Standard for Business Continuity Management
The importance of BS25999
Business Continuity Management, the subject of British Standard BS25999, is of real importance to organisations of all sizes, types, industry and location. Everyone from Board directors, corporate executives and IT managers through to facilities managers and business continuity professionals.
Service disruptions, delays in responding to customer requests, inability to process transactions in a timely manner or being unable to resume business in the face of a disaster can all have significant impacts on an organisation's effective operation.
Natural disasters as well as terrorist activities have shown that an organisation's resilience to a disaster and its ability to resume business quickly and efficiently were directly related to its preparedness to respond to unforeseen events.
BS25999 in the UK public sector
In the UK, the NHS determined that BS25999 (and later ISO22301) certification was how NHS entities should demonstrate their resilience, and UK local authorities have recognised the BS25999 certification is the best method possible for demonstrating they are meeting their obligations under the Civil Contingencies Act.
BS25999 Certification (BS25999 registration)
The BS25999 standard is formed of two parts:
BS25999-1 is a Code of Practice for Business Continuity Management
BS25999-2 is a Specification for a Management Scheme
Part 2, the management scheme specification, made it possible for organisations to have their business continuity management arrangements independently certified by external auditors, thereby providing stakeholders, customers and insurers with a real degree of comfort about the rigour with which the business continuity efforts were developed.
Other Important Business Continuity Standards
ISO/IEC 27031 - ICT Readiness for Business Continuity is the international standard for ICT Service Continuity Management, which replaced BS25777, which itself replaced PAS77.
ISO27031 provides specific continuity guidance for Information Communication Technology (ICT) within the context of ISO22301.
ISO/IEC 24762, the ICT Disaster Recovery Standard, provides specific guidance for organisations around the provision (either in-house or outsourced) of disaster recovery facilities.
International Business Continuity Management Standards
ISO22301 has also superseded the national business continuity standards for other countries. Amongst the most widely adopted of these national standards are/were:
BS25999 - British - Business Continuity Management
NFPA 1600 - American - Standard on Disaster/Emergency Management and Business Continuity (NFPA: National Fire Protection Association, recognised by ANSI in the USA)
HB 221 - Australian - Business Continuity Management
Israeli Contributions on Security Management Systems: Management Standard and Accompanying Family of Standards – only issued as guidelines, with no easy reference number
Japanese Guidelines for the Establishment of Framework on Emergency Preparedness – only issued as guidelines, with no easy reference number