Latest News

Carrying out gap analysis to identify activity required for BS25999 accreditation – a useful method to satisfy clients and investors that you take business continuity seriously.

Biotech Company

Ensuring international standards and best practice are adopted globally through the production of handbooks and implementation guides.

Audit & Assurance

BS25999 - What is it and is it relevant to my company?

16 September 2009

BS25999 is the British standard for Business Continuity Management and is likely to become an international (ISO) standard in due course. It lays claim to being the fastest selling British standard of all time and comes in two parts:

BS25999-1:2006 is the Code of Practice which lays out how you should implement business continuity management in your organisation
BS25999-2:2007 is the “Specification for Business Continuity Management” which lays out what you must do in order to show compliance with the standard.

Formal accreditation with the standard is available for organisations who wish to be able to demonstrate that they have in place a robust business continuity management system.

Is it relevant to my company?
We need to start with a formal definition of business continuity management (BCM). According to BS25999, BCM is “an holistic management process that identifies potential threats to an organization and the impacts to business operations that those threats, if realized, might cause, and which provides a framework for building organizational resilience with the capability for an effective response that safeguards the interests of its key stakeholders, reputation, brand and value-creating activities”.

In other words, BCM aims to create a resilient organisation which is able to avoid unplanned downtime and, should a serious incident occur, can recover from it through keeping negative impacts within acceptable levels. Implementing BCM is not just about recovering from disasters. Rather it tries to keep operational outages at a minimum, thus saving the rework, missed deadlines, upset customers, direct financial loss, reputational damage etc. which can result from outages.

BS25999 aims to move BCM forward from previous guidance on the subject, for example PAS56, through also incorporating continuity for key resources on which the organisation depends to keep its critical activities going, such as employees and suppliers of goods and services.

Although there do not appear to be any obvious moves afoot at present, the existence of the standard may in time lead to organisations having an expectation, or even formal contractual agreement, that suppliers and business partners are able to demonstrate alignment with the standard, if not formal certification.

So BCM should be an essential process within every organisation. Unless that is your organisation never experiences operational interruptions and you can guarantee that you will never experience a serious incident…

If you want to review your BCM process in the context of BS25999, whether or not you wish to pursue accreditation, please feel free to contact us.

Brian Davey
Senior Consultant, Teed Business Continuity

Both parts of the standard can be purchased from the British Standard Institute

Case Studies

Related Pages

BS25999 - What is it and is it relevant to my company?