/ Home / The progress towards a Standard for BCM

The progress towards a Standard for BCM

in

Category Business Continuity Management Briefing BCM - BS25999 - BCM Standard

 

New British Standard for Business Continuity

Increasing numbers of organisations in the UK recognise the need for BCM. Their cognisance may be driven by customers, regulators, statutory requirements or even a desire to improve organisational governance. Whatever the driver it is acknowledged there is a need for guidance of how BCM should be implemented.

No commercial, public or voluntary organisation operates as an island; they are all dependent upon others to achieve successful delivery of products and services to their clients and customers. Those of us who have been working in the BCM arena for many years appreciate that a uniform approach to BCM, particularly across the supply network is essential. When quality management was first introduced the major commercial companies imposed their own quality standards on their suppliers. Any supplier serving a group of major customers was obliged to introduce a range of quality management methodologies to meet the customers demands. 

If the same approach is taken with business continuity there would be serious issues. Whilst customers can assess the quality of goods and services delivered at anytime, the effectiveness of BCM is, in reality, only fully tested if and when an organisation is disrupted for whatever reason. It is therefore essential that there should be a way of assessing a BC programme in a non-disruptive situation.

For this to happen there needs to be a benchmark against which measurement can take place. A recognised BCM standard would provide such a baseline. In 1999, various government and industry partners created a set of measures for business continuity which could be used to assess Y2K BC plans. 

In 2000 in conjunction with the Institute of Directors, the Continuity Forum published the first guide to Business Continuity for Director and Managers.  

Following discussions with the UK Financial Services Authority the BCI created a set of guidelines for BCM, building on the Y2K work and the expertise of BC practitioners in the finance sector. 

This comprehensive document, published in 2002 and in the autumn of 2002 an opportunity arose to create a British Standards Public Available Specification for BCM. A representative group of practitioners, drawn from public and private sectors, came together under the chairmanship of John Sharp, to develop PAS 56. This was subsequently published in March 2003.

To date this publication has sold over 6000 copies worldwide and forms the basis of BCM for many organisations. Following the UK Government experience with major incidents, including the fuel strike, floods and foot & mouth, it was felt that the existing legislation to deal with such widespread incidents was out of date.

In 2005 the Civil Contingencies Bill was introduced which was designed to improve UK resilience to disruptive events. For the first time BCM was included, placing an obligation on public bodies to put in place effective BCM to protect their capabilities at the time of an emergency.

Local authorities were also required to promote BCM to the wider community. The bill, which was subsequently enacted, was supported by guidelines designed to establish some uniformity in delivery across England & Wales. Practitioners, including John Sharp, assisted in the creation of these guidelines and it was insisted by those involved that the sections covering BCM should follow accepted practices and PAS 56 was used as a foundation. Whilst not being perfect, PAS 56 was seen by many as a defacto standard for BCM. Because of the level of interest in the PAS, opinion was canvassed by the Continuity Forum and the BCI as to the need for a full BSI standard for BCM. This led in July 2005 to formation a Technical Committee to start work on a full standard.

The Technical Committee consisted of approximately 36 members drawn from Government agencies, representative organisations and industry sectors. In order to accelerate the development of the standard, workgroups have undertaken the creation of the stages of the standard based upon the now accepted BCM wheel.

Basic elements will be incorporated into the standard, these are: Identification of critical activities which, if disrupted, have the greatest impact on the organisation, Identification of the resources that are used to support the critical activities, Development of appropriate BC plans to minimise the disruption to the critical activities Exercising of the plans, and The lessons learnt from the exercises that are then incorporated into modified plans.

The initial draft of the new BCM standard will be available for public consultation in June/July of this year. The first section to be published will be BS25999-1, a Code of Practice for BCM. This will be followed shortly afterwards by BS25999-2, a Specification for BCM against which, it is hoped, organisations will be able to seek certification. Following a period of consultation the Technical Committee will review comments received with a view to formally publishing the two parts in Sept/Oct 2006.

During 2007 the United Kingdom Accreditation Service (UKAS) will be developing a scheme of accreditation for BCM auditing companies. Those who achieve accreditation by UKAS will be able to carry out assessment of organisations BCM programmes against BS25999-2 with a view to certifying them as compliant. Prior to this process being in place organisations will be able to carry out a self-assessment against BS25999-2. In addition it is expected that "business to business" (B2B) assessment will take place. By the end of 2007 the UK will have in place a BCM standard together with an accredited auditing regime.

The standard will have been built upon the best practices of UK BCM practitioners and the methodologies used by private, public and voluntary sectors. Certification against the standard will give assurance to regulators, insurers, investors and customers that those on whom they rely are better able to minimise the effects of disruptive events and will in turn lead to a more resilient UK.  

The Continuity Forum will be hosting a number of special events and workshops to introduce the new standard and help organisations achieve the accreditation. For more details on these activities and the general activities of the Continuity Forum please contact us directly on +44 208 993 1599 or visit or website at www.continuityforum.org.

Please do contact Sara Mckenna/ or Russell Price / for more information on attending these sessions.