Business Continuity Standard Migrating from BS25999 to ISO22301

BS25999 & ISO22301

BS25999

BS25999 is the Business Continuity and Business Resilience certification standard that has worldwide applicability.

The Business Continuity Standard, BS25999 has the real importance to everyone from Board directors, corporate executives and IT managers through to facilities managers and business continuity professionals. It provides a basis for understanding, developing and implementing business continuity within your organization and gives you confidence in B2B and B2C dealings. It also contains a comprehensive set of requirements based on Business Continuity Management (BCM) best practice and covers the whole BCM lifecycle.

In the UK, theNHShas determined that BS25999 certification is a key way for NHS entities to demonstrate that they adequately resilient, and UK local authorities have recognised the BS25999 certification is the best method possible for demonstrating they are meeting their obligations under the Civil Contingencies Act. Internationally, organisations in both the public and private sector are pursuing BS25999 certification in order to demonstrate to stakeholders and customers that they have adequate business resilience arrangements in place.

BS25999 has a critical relationship with ISO27001

ISO 22301

The ISO standard for Business Continuity

ISO 22301 refers to the international standard for Societal security- Preparedness and continuity management systems (PCMS) which is expected to be released in 2011. As with other standards the specification standard will be accompanied by a code of practice ISO 22399. Plans are in place to allow organisations already certified to BS25999 to easily convert to ISO 22301 in a similar way to when BS 7999 became ISO/IEC 27001.

It is understood that BS 25999 was utilised as a foundation for the new Standard and certainly the ‘plan, do, check, act’ (PDCA) model of continuous improvement based on continuous improvement has been adopted. Our BCM specialists are working closely with the industry to ensure seamless transitions of certifications and to assist our clients in implementing ISO 22301 when it launches in mid 2011.

ISO22301 International Business Continuity Standard for Societal Security

Castleforce BS 25999 Icons

We have shown the following BS 25999 icon on the Product and Services pages followed by the specific act principle which relates to the link. If the BS 25999 icon is selected on all other pages it is set to come back to this overview page.

The benefits of BS 25999

Framework - Provides a common consistent framework, based on international best practice, to manage business continuity.
Resilience - Proactively improves your resilience when faced with the disruption of your ability to achieve key objectives
Reputation - Helps protect and enhance your reputation and brand.
Competitive advantage - Opens new markets and helps you win new business.
Win more contracts more cost effectively - Provides a marketing edge and using certification can help reduce the cost of expensive tenders.
Business improvement - Certification requires a clear understanding of your entire organization which can identify opportunities for improvement.
Continuous improvement - The certification process involves regular audits which ensure that your management system is up to date.
Compliance - Demonstrates that applicable laws and regulations are being observed.
Cost Savings - Creates opportunities to reduce the cost of BCM audits and may reduce insurance premiums.
Delivery - Provides a rehearsed method of restoring your ability to supply critical products and services to an agreed level and timeframe following a disruption
Management - Delivers a proven capability for managing a disruption.

BS 25999 Implementation Service

Service Overview

Our BS 25999 Consultancy Services are designed to help your organisation implement the standard in alignment with your business drivers. We can work with your organisation to assist in implementing part of the standard or deliver a complete implementation through to formal certification.

BS 25999 Business Benefits

Achieving certification means your organisation will be recognised as managing Business Continuity risks and proves a level of resilience which will be highly regarded by both customers and business partners alike.
Improved chances of winning contracts with customers (mandatory requirement for some tenders)
Greater understanding of the process, systems and resources used to deliver to your customers needs.
Greater control over technology and business processes
Opportunity to improve business processes and increase efficiency
BS 25999 Compliance efforts can be aligned with other compliance efforts

Deliverables

Our dedicated consultants will design and deliver the necessary elements of an BS 25999 system including a policy framework, Business Continuity Management System, and complete Business Continuity and Disaster Recovery plans. The scope of these deliverables will be agreed prior to project commencement. Our consultants will work closely with your key stakeholders to help you implement a BS 25999 compliant (or certified) set of processes.

BS 25999 Gap Analysis

Service Overview

BS 25999 is the de-facto international standard for Business Continuity. We can assist your organisation in achieving compliance with this standard through our GAP analysis service. Our consultants will undertake a gap analysis review of your Business Continuity processes required to achieve compliance to (and potential certification to) the BS 25999 standard. Our experts will perform a comprehensive compliance audit against the BS 25999 Business Continuity Management System requirements criteria. The analysis provides a holistic view of strong and weak areas with regards to BS 25999 compliance areas.

BS 25999 Gap Analysis Business Benefit

Identifies weak and strong areas within your business with regards to BS 25999 compliance
Gives a good overview of the cost and effort required to make your business BS 25999 compliant
Gives your organisation a better understanding of business processes and technology which could lead to increased efficiency.

Deliverables

We will deliver a formally documented Business Continuity gap analysis report in a business friendly language detailing gaps and recommendations on how to close the gaps identified to meet compliance requirements. We can formally present these findings to key stakeholders and can work with your organisation to assist in achieving BS 25999 compliance if required.

Business Continuity Consultancy

Service Overview

How would your business continue to operate in the event of an incident, such as fire, flood, loss of power or IT problem? Business Continuity is all about planning and being prepared for such an event.

Our Business Continuity service is tailored to your organisations needs. Whether it’s creating organisation wide business continuity plans, specific plans, assisting in testing your plans or undertaking an assessment of your current Business Continuity posture we can help. If your organisation is looking to achieve compliance with or certification to BS 25999 we can use our expertise in this area help achieve this.

All our Business Continuity services are delivered in line with best practice industry standards including BS 25999.

Business Benefits

Clear plans for organisations to continue operating in adverse circumstances
Greater control over and a better understanding of your business processes
Increased efficiency due to the understanding of business processes
Reduced risk of loss of customer confidence and reputation

Methodology

Our consultants are highly skilled and experienced in Business Continuity and hold associated professional certifications such as Specialist of the Business Continuity Institute.
We will work with your organisation to assess your Business Continuity needs and draw up a clear tailor made package to cover your organisations requirements.

Deliverables

Our dedicated consultants will design and deliver suitable tested Business Continuity Plans based on the agreed scope. Where we undertake testing of your environment or a Business Continuity audit we will deliver a clear business friendly report with prioritised recommendations. If we required we can work with your organisation to assist in improving your Business Continuity posture and can formally present our findings to suitable nominated stakeholders.

BS 25999 Gap Analysis / Risk Assessment Available

We can provide Gap Analysis and Risk Assessments to help your organisation understand what they need to do in order to comply with the BS 25999. It's very important to understand where you may be falling short and what steps would be needed in order to comply with the act and our Gap Analysis can be a step in the right direction.

Castleforce Consultants can help you with all aspects of establishing and maintaining a Business Continuity Management System including:

Undertaking Business Impact Analysis and Risk Assessments
Designing and documenting system requirements
Drawing up Incident Management Plans
Devising and supervising exercises
Training for all staff
Auditing your system

BS 25999 Business continuity - Minimizing disruptions – Maximizing recovery

Business Continuity Management Service (Virtual Manager)

Service Overview

All organisations need to ensure that they are managing Business Continuity risks, issues and incidents. Whilst some larger organisations have the luxury of appointing a person or team to manage these issues on a full time basis, many do not and instead rely on staff undertaking security duties over and above their normal job.

Our Business Continuity Management Service allows an organisation to have access to a qualified Business Continuity Manager on an as needed basis. This may be a set number of days a month or simply a short period of time to cover a particular project.

Which ever way this gives your organisation the option to control the costs of Business Continuity management whilst having access the professionals needed to manage Business Continuity risks.

Business Benefits

None of the costs or administration surrounding the appointment of permanent employees
Tailored specifically to your organisational requirements
Fully flexible, professional time called when you need it
Allows professional implementation of compliance requirements in a cost effective manner
Provides assurance to the organisation that compliance and Business Continuity activities are taking place effectively
Gives organisations greater control of their business processes and technology
Will help to improve business processes and improve efficiency

Methodology

Our consultants are highly skilled and experienced in Business Continuity Management and hold associated professional certifications such as Specialist and Member of the Business Continuity Institute.

We will work with your organisation to assess your Business Continuity Management and compliance requirements and draw up a clear tailor made package to cover your organisations requirements.

Deliverables

We will provide you with a dedicated Business Continuity Manager for the amount of time your organisation requires, whether that be a set number of days per week/month/year or for a short term period. We will agree the exact scope of the engagement and our Business Continuity Managers will provide you with written reports on their actions and progress at agreed points. All appointed managers will have relevant experience and qualification within your industry sector.