The progress towards a Standard for BCM

Submitted by Continuity Forum on Sat, 2006-05-06 13:23.News

Category Business Continuity Management Briefing BCM - BS25999 - BCM Standard

Spring Briefing 2006

New British Standard for Business Continuity
--------------------------------------------------------------------------------

Increasing numbers of organisations in the UK recognise the need for BCM. Their cognisance may be driven by customers, regulators, statutory requirements or even a desire to improve organisational governance. Whatever the driver it is acknowledged there is a need for guidance of how BCM should be implemented.

No commercial, public or voluntary organisation operates as an island; they are all dependent upon others to achieve successful delivery of products and services to their clients and customers. Those of us who have been working in the BCM arena for many years appreciate that a uniform approach to BCM, particularly across the supply network is essential.

When quality management was first introduced the major commercial companies imposed their own quality standards on their suppliers. Any supplier serving a group of major customers was obliged to introduce a range of quality management methodologies to meet the customer’s demands. Although this added to their costs it could be accommodated. If the same approach is taken with business continuity there would be serious issues.

Whilst customers can assess the quality of goods and services delivered at anytime, the effectiveness of BCM is, in reality, only fully tested if and when an organisation is disrupted for whatever reason. It is therefore essential that there should be a way of assessing a BC programme in a non-disruptive situation. For this to happen there needs to be a benchmark against which measurement can take place. A recognised BCM standard would provide such a baseline.

In 1999 the BCI, working with the insurance industry, Department for Industry and several industry partners created a set of measures for business continuity which could be used to assess Y2K BC plans. Following discussions with the UK Financial Services Authority the BCI created a set of guidelines for BCM, building on the Y2K work and the expertise of BC practitioners in the finance sector. This comprehensive document, published in 2002, was the first authorative guide to the BCM process published in the UK and, perhaps, in the world.

In the autumn of 2002 an opportunity arose to create a British Standards Public Available Specification for BCM. A representative group of practitioners, drawn from public and private sectors, came together under the chairmanship of John Sharp, to develop PAS 56. This was subsequently published in March 2003. To date this publication has sold over 6000 copies worldwide and forms the basis of BCM for many organisations.

Following the UK Government’s experience with major incidents, including the fuel strike, floods and foot & mouth, it was felt that the existing legislation to deal with such widespread incidents was out of date. In 2005 the Civil Contingencies Bill was introduced which was designed to improve the UK’s resilience to disruptive events. For the first time BCM was included, placing an obligation on public bodies to put in place effective BCM to protect their capabilities at the time of an emergency. Local authorities were also required to promote BCM to the wider community.

The bill, which was subsequently enacted, was supported by guidelines designed to establish some uniformity in delivery across England & Wales. Practitioners, including John Sharp, assisted in the creation of these guidelines and it was insisted by those involved that the sections covering BCM should follow accepted practices and PAS 56 was used as a foundation.

Whilst not being perfect, PAS 56 is seen by many as a defacto standard for BCM. Because of the level of interest in the PAS, BSI canvassed opinion as to the need for a full BSI standard for BCM. As there was sufficient support it was decided in July 2005 to form a Technical Committee to start work on a full standard. The Technical Committee consisted of approximately 36 members drawn from representative organisations and industry sectors. In order to accelerate the development of the standard, workgroups have undertaken the creation of the stages of the standard based upon the now accepted BCM wheel. One of these workgroups is led by John Sharp.

Basic elements will be incorporated into the standard, these are:

Identification of critical activities which, if disrupted, have the greatest impact on the organisation,

Identification of the resources that are used to support the critical activities,

Development of appropriate BC plans to minimise the disruption to the critical activities
Exercising of the plans, and

The lessons learnt from the exercises that are then incorporated into modified plans.

The initial draft of the new BCM standard will be available for public consultation in June/July of this year. The first section to be published will be BS25999-1, a Code of Practice for BCM. This will be followed shortly afterwards by BS25999-2, a Specification for BCM against which, it is hoped, organisations will be able to seek certification. Following a period of consultation the Technical Committee will review comments received with a view to formally publishing the two parts in Sept/Oct 2006.

During 2007 the United Kingdom Accreditation Service (UKAS) will be developing a scheme of accreditation for BCM auditing companies. Those who achieve accreditation by UKAS will be able to carry out assessment of organisations’ BCM programmes against BS25999-2 with a view to certifying them as compliant. Prior to this process being in place organisations will be able to carry out a self-assessment against BS25999-2. In addition it is expected that ‘business to business’ (B2B) assessment will take place.

By the end of 2007 the UK will have in place a BCM standard together with an accredited auditing regime. The standard will have been built upon the best practices of UK BCM practitioners and the methodologies used by private, public and voluntary sectors. Certification against the standard will give assurance to regulators, insurers, investors and customers that those on whom they rely are better able to minimise the effects of disruptive events and will in turn lead to a more resilient UK.

John Sharp
Policy & Development Director, Continuity Forum

The Continuity Forum will be hosting a number of special events and workshops to introduce the new standard and help organisations achieve the accreditation. For more details on these activities and the general activities of the Continuity Forum please contact us directly on +44 208 993 1599 or visit or website at www.continuityforum.org.

Please do contact Sara Mckenna or Russell Price for more information on attending these valuable sessions.

*** Back to Spring Newsletter page***

***Back to Home page ***

For more details on our events, workshops and industry development work, as well as the general activities of the Continuity Forum please contact us directly on +44 208 993 1599 or mail us HERE!

Please do contact Sara Mckenna or Russell Price .

END

Creating Continuity ... Building Resilience ...

If you would like to know more about how your organisation can get involved and benefit from working with the Continuity Forum, please email us HERE! or call on + 44 (0) 208 993 1599.
___________________________

***Back to Home page ***

Lost Password?   Not registered yet?
Quick Links

Business Continuity search
Business continuity articles
SPEAKERS CORNER


Continuity Forum Book shop
BOOKSTORE

SIGN UP FOR NEWS AND EVENT ALERTS!

Business continuity jobs

Business continuity experts

Business continuity research

Business continuity research

Business continuity training

Business continuity advice

Business continuity events

incident Alert Notification

News
more
Continuity Central News
more
© Copyright 2008 www.continuityforum.org