Home

Forums

Business Continuity Management

Beginners

Email Address:

Remember me?

Password:

To use the Talking Business Continuity Forum you'll need to register. Use the button to get started

31 October 2008 19:21 #1
Re:Selecting scope for certification
Julian Thrussell Join Date:May 2008 Posts:4	Rob, thats great advice, the text below text is from a BSI scope guide. It looks like a wall of text because of the way the web site posts work. ##BS 25999 Scope Protocols## The following requirements must be met by a client when confirming their proposed scope of Business Continuity Management System. 1.The scope of registration must be a whole organisation, division, business unit or complete site. Sub divisions such as 'The server room', ‘The IT Department’, or 'The finance department' are not suitable. 2.Single sites of larger organisations must include within their scope, any Head Office function(s) which the site is dependent upon and therefore considered critical. 3.A critical location delivers services, processes or items identified as critical within the BIA of the 'scope' entity. 4.All locations defined as 'Critical' in the BIA and all supporting activities (as defined in BS25999) will be visited and assessed. The client cannot pick, select, exclude or choose locations. If the assessor decides critical locations, products or services are not included, a non conformity will be raised and a certificate will not be issued. 5.Stage 1 always takes place at the scopes premier site. This could be a divisional or regional head office where the business continuity plans and processes have been developed and/or where the plans developers are based. 6.Critical services outside the applicants direct control must be understood and proportional / reasonable / appropriate' steps taken to mitigate the impact, or to ensure that business continuity plans are in place. 7.BSI’s wording for the scope of registration for Business Continuity Management will follow the convention as described below: The Business Continuity Management System in relation to >brief description of the company activities> (The brief description should be along the lines of “The provision of banking Services” or similar.) _______________________
10 October 2008 16:19 #2
Re:Selecting scope for certification
Robert Whitcher Join Date:October 2008 Posts:2	Quote: Hi, Are there any criteria to select scope for BS 25999 certification or can we choose a small group within the organization for certification? - Vijay Setting the scope in BS 25999 is more complex than with other standards. It's not as simple as reducing it to 50 people, or a department. The first thing that you will need to do is a high level Business Impact Analysis (BIA) to determine what product and services is important for your organization. For some, this could be because of Legal, Regulatory, or contractual requirements. For others, it could be based on products or services to maintain the organization's viability, for example shareholder requirements, revenue, profitability, etc. The scope statement must be based on products and services delivered by your organization. The only way a scope can be limited is by products and services. One cautionary note; critical activities that support the delivery of products and services for your organization must also be within the scope. If critical activities, or supporting activities (e.g. Finance, Legal, IT, etc.) are outside of the scope then your organization's ability to build in operational resilience, or to recover from a disruption will not work. _______________________ Robert Whitcher
28 August 2008 06:11 #3
Re:Selecting scope for certification
Sudarshan MN Join Date:August 2008 Posts:1	Vijay, This is the most difficult phase of the project. One accepted process is to do a gap assessment based on BS 25999-2:2007. Find out business priorities with special focus on contractual requirements. Decide a scope iitially with about 50 people. Later you may expand the scope. Regards Sudarshan
26 August 2008 12:29 #4
Selecting scope for certification
Vijay Kumar. P Join Date:August 2008 Posts:1	Hi, Are there any criteria to select scope for BS 25999 certification or can we choose a small group within the organization for certification? - Vijay

© British Standards Institution | Privacy | Terms and Conditions | Accessibility | Site Map
BSI Group Headquarters, 389 Chiswick High Road, London, W4 4AL, UK Tel: +44 (0)20 8996 9001