BS 25999-1:2006 Business continuity management. Code of practice

BS 25999-1 is a code of practice that takes the form of guidance and recommendations. BS 25999-1 establishes the process, principles and terminology of business continuity management (BCM), providing a basis for understanding, developing and implementing business continuity within an organisation and to provide confidence in business-to-business and business-to-customer dealings.

Sample content - BS 25999-1: 2006 Business continuity management. Code of practice

Forward

Scope and applicability
Terms and definitions
Overview of business continuity management (BCM)
The business continuity management policy
BCM programme management
Understanding the organization
Determining business continuity strategies
Developing and implementing a BCM response
Exercising, maintaining and reviewing BCM arrangements
Embedding BCM in the organization’s culture

References

List of figures
Figure 1 — The business continuity management lifecycle
Figure 2 – Incident timeline

List of tables
Table 1 —Types and methods of exercising BCM strategies

Foreword

Publishing information

This British Standard was published by BSI and came into effect on [DATE]. It was prepared by Panel BCM/1/-/1, under the authority of Technical Committee BCM/1, Business continuity management. Organizations represented on this committee include:

Association of British Certification Bodies
Association of British Insurers
Association of Chief Police Officers
Association of Insurance Risk Managers
Business Continuity Institute
Cabinet Office
Chief Fire Officers' Association (CFOA)
Continuity Forum
Coventry University
Department of Trade and Industry
Emergency Planning Society
Federation of Small Businesses
Financial Services Authority
Independent International Organization for Certification
Institute of Directors
Institute of Emergency Management
Institute of Internal Auditors
Institute of Risk Management
Intellect
Metropolitan Police
Securities Industry Business Continuity Management Group (SIBCMG)
Society of Industrial Emergency Services Officers (SIESO)
Survive

This British Standard has been developed by practitioners throughout the business continuity community, drawing upon their academic, technical and practical experiences of business continuity management (BCM). It has been produced to provide a system based on good practice for business continuity management. It is intended to serve as a single reference point for most situations where business continuity management is practised, and to be used by large, medium and small organizations in industrial, commercial, public and voluntary sectors.

This document constitutes Part 1 of BS 25999. At the time of publication, a Part 2 was in preparation which will specify requirements for business continuity management.

Use of this document

As a code of practice, this British Standard takes the form of guidance and recommendations. It should not be quoted as if it were a specification and particular care should be taken to ensure that claims of compliance are not misleading.

Any user claiming compliance with this British Standard is expected to be able to justify any course of action that deviates from its recommendations.

Presentational conventions

The provisions of this standard are recommendations, which are expressed in sentences in which the principal auxiliary verb is “should”. Clause 3 does not contain any recommendations; rather, it gives useful background information on business continuity management (though the Standard is not intended as a beginner's guide to business continuity management).

The word “may” is used in the text to express permissibility, e.g. as an alternative to the primary recommendation of the clause. The word “can” is used to express possibility, e.g. a consequence of an action or an event.

Supplementary commentary, explanation and general informative material is presented in smaller italic type, and does not constitute a normative element.

Contractual and legal considerations

This publication does not purport to include all the necessary provisions of a contract. Users are responsible for its correct application.

Compliance with a British Standard cannot confer immunity from legal obligations.

1 Scope and applicability

This British Standard establishes the process, principles and terminology of business continuity management (BCM). The purpose of this Standard is to provide a basis for understanding, developing and implementing business continuity within an organization and to provide confidence in the organization's dealings with customers and other organizations.

It also enables the organization to measure its BCM capability in a consistent and recognized manner.

This Standard provides a system based on BCM good practice.

This Standard is intended for use by anyone with responsibility for business operations or the provision of services, from top management through all levels of the organization; from those with a single site to those with a global presence; from sole traders and small-to-medium enterprises (SMEs) to organizations employing thousands of people. It is therefore applicable to anybody who holds responsibility for any operation, and thus the continuity of that operation.

This Standard does not cover the activities of emergency planning inasmuch as that topic relates to civil emergencies.

NOTE Ultimately, no matter how much effort or resource is invested in business continuity management, an organization could still be faced with an incident or combination of incidents it did not forsee.

Purchase BS 25999-1: 2006 Business continuity management. Code of practice