Upload
budzeg
View
569
Download
1
Tags:
Embed Size (px)
DESCRIPTION
Benefiting From Bs25999
Citation preview
IVC Nigeria 27th May 2009
Benefiting from BS 25999 Business Continuity Management
Benefiting from BS 25999 Business Continuity Management
“80% of [SME] businesses affected by a major incident like a fire either never re-open or close within 18 months.”
Douglas Barnett Risk control strategy manager AXA Insurance
Lee Allison CISM CISSP CAS ([email protected]) Managing Director, Spiir Security Consulting BSI Certification Auditor & Course Tutor
IVC Nigeria 27th May 2009
Benefiting from BS 25999 Business Continuity Management
Flexible Framework
• Process based • High-level requirements • Applies to any organisation • The ‘what’ not the ‘how to’ • Integration with other standards
(e.g. ISO 27001, ISO 20000, ISO 9001, etc)
• Auditable specification
IVC Nigeria 27th May 2009
Benefiting from BS 25999 Business Continuity Management
Management System BS 25999 Part 2
Law Regs Req
Policy Scope Objectives Resources Procedures Plans …
Implement & operate
Monitor & review
BCMS
IVC Nigeria 27th May 2009
Benefiting from BS 25999 Business Continuity Management
PDCA
The PDCA cycle is the means of ensuring that business continuity is effectively managed and improved. Do Plan
Act Check
Standardisation
IVC Nigeria 27th May 2009
Benefiting from BS 25999 Business Continuity Management
Continual Improvement
Time
BC
MS
Mat
urity
X
X
X
IVC Nigeria 27th May 2009
Benefiting from BS 25999 Business Continuity Management
BCM Lifecycle
The Business Continuity Lifecycle represents the continuous operation of the business continuity programme within the organization.
The PDCA cycle applies to all parts of the BCM Lifecycle.
IVC Nigeria 27th May 2009
Benefiting from BS 25999 Business Continuity Management
BCMS Audits
• Requirement of the standard • Process auditing • BCMS effectiveness in achieving defined
goals and objectives • Feedback to management • Part of the continual improvement process • Corrective actions
IVC Nigeria 27th May 2009
Benefiting from BS 25999 Business Continuity Management
Management Review
• Requirement of the standard • Review of BCMS in achieving objectives • Directing improvement and changes • Taking action on weak areas
– Resources – Budget – etc
IVC Nigeria 27th May 2009
Benefiting from BS 25999 Business Continuity Management
Benefiting from BS 25999
• Making intelligent decisions based on more than ‘gut’ feeling
• $pend on what is necessary to achieve objectives and reduce expenditure in less critical areas
• Assurance that things are actually as they seem • Pro-active in protecting long-term business goals • Duty of care to share holders, customers & staff • 3rd party audit and certification
IVC Nigeria 27th May 2009
Benefiting from BS 25999 Business Continuity Management
Questions?