White papers

If you want more information about different aspects of Business Continuity Management and how it fits into the wider management of your organisation, then the following white papers which are available for free download may be useful. These have been written by professionals and partner consultants to help you better understand how BCM can benefit your organisation. In some cases these are discussion documents and we welcome your comments on them in the forum. If you have a white paper that you think might be of interest then please contact us.

 Download free PDF documents with Adobe Reader

Business Continuity Management and Risk – the role of standards (393KB)

BCM is an increasingly important element of an organisation's risk mitigation strategy. British Standards Institution (BSI) has published a white paper which explores how standards in this area help to build organisational resilience and how a consistent approach can enable effective benchmarking and opportunities for development. Greater awareness in recent years of the volatility of the risk environment, together with the regulatory impetus provided by corporate governance requirements, has placed effective risk management high on the corporate agenda. During this evolutionary process, BCM has developed out of the areas of information security and disaster management. Effective BCM can enable an organisation to reduce its exposure to disruptive events, implement mechanisms to limit the impact of an incident on business processes and operations, and provide reputational resilience in the most difficult of circumstances.

How to Deploy BS 25999 (1449KB)

This second edition of "How to Deploy BS 25999" addresses the BS 25999-2 Specification, finalised in late 2007. This edition also takes advantage of lessons learned from recent BCM system development projects designed to meet BS 25999 requirements. Business continuity programs, similar to other enterprise risk management processes, are most effective when grounded in generally-accepted standards and built according to the objectives of the business. Business objectives and "proven" standards together form a foundation that adds both credibility and viability to a continuity program. This white paper explores a new international code of practice (and its associated specification document), namely the British Standard Institution’s British Standard BS 25999. BS 25999 is viewed by a growing body of practitioners as a complete description of a mature, repeatable and actionable business continuity management program. In addition to providing implementation details for the standard, this document covers how to use BS 25999 to obtain executive support, create a business continuity program and/or increase the maturity of an existing program.

BS 25999 - Key issues to address for certification (143KB)

Since BS 25999-2 (Part 2 - the Specification) was issued in November 2007 many organisations have been certified and UKAS (the United Kingdom Accreditation Service) has been assessing the audits undertaken by certification bodies as part of its process of moving towards accrediting these bodies in respect of BS 25999.

As a result of all these activities, BS 25999-2 itself is coming under the close scrutiny of those organisations being certified, the certification bodies and UKAS. The overall consensus is that BS 25999-2 has been constructed to a very high standard and has generally been very well received by these three groups. As with any new standard, there are inevitably some areas of confusion and misunderstanding and there are aspects of the standard that are more difficult to comply with than others. This paper, written by a member of the BCM committee that wrote the standard, addresses two areas that have caused newly certified companies the most issues: the management systems requirements and the business impact analysis. Download the full paper and please discuss any issues on the forum where we will endeavour to respond to any queries.