Benefiting From Bs25999 Lee

IVC Nigeria 27th May 2009

Benefiting from BS 25999 Business Continuity Management


“80% of [SME] businesses affected by a major incident like a fire either never re-open or close within 18 months.”

Douglas Barnett Risk control strategy manager AXA Insurance

Lee Allison CISM CISSP CAS ([email protected]) Managing Director, Spiir Security Consulting BSI Certification Auditor & Course Tutor



Flexible Framework

•  Process based •  High-level requirements •  Applies to any organisation •  The ‘what’ not the ‘how to’ •  Integration with other standards

(e.g. ISO 27001, ISO 20000, ISO 9001, etc)

•  Auditable specification



Management System BS 25999 Part 2

Law Regs Req

Policy Scope Objectives Resources Procedures Plans …

Implement & operate

Monitor & review

BCMS



PDCA

The PDCA cycle is the means of ensuring that business continuity is effectively managed and improved. Do Plan

Act Check

Standardisation



Continual Improvement

Time

BC

MS

Mat

urity

X

X

X



BCM Lifecycle

The Business Continuity Lifecycle represents the continuous operation of the business continuity programme within the organization.

The PDCA cycle applies to all parts of the BCM Lifecycle.



BCMS Audits

•  Requirement of the standard •  Process auditing •  BCMS effectiveness in achieving defined

goals and objectives •  Feedback to management •  Part of the continual improvement process •  Corrective actions



Management Review

•  Requirement of the standard •  Review of BCMS in achieving objectives •  Directing improvement and changes •  Taking action on weak areas

– Resources – Budget – etc



Benefiting from BS 25999

•  Making intelligent decisions based on more than ‘gut’ feeling

•  $pend on what is necessary to achieve objectives and reduce expenditure in less critical areas

•  Assurance that things are actually as they seem •  Pro-active in protecting long-term business goals •  Duty of care to share holders, customers & staff •  3rd party audit and certification



Questions?