Business Continuity Standards

October 30th 2007 marks the launch by the British Standards Institute (BSI) of BS25999. This standard and its international equivalents enable companies to become officially accredited as Business Continuity compliant.

Following the development of PAS56 and 25999 part 1 the full standard can be applied and audited. This means that companies can be accredited with the 25999 standard. For further details see www.bsi-uk.com

The Impacts

Pundits anticipate that 25999 adoption will follow the route of ‘Quality’ standard adoption, but more rigorously. Quality Standards didn’t guarantee the Quality of output, merely that appropriate systems and procedures were in place within an organisation.

25999 may in some industries and professions provide a fairly tangible assurance of continuity in the supply chain. As such it is anticipated that companies and government departments will demand it and that this will ‘filter down’. Organisations that are required to provide 25999 by their customers may have a need to require this of their suppliers in order to obviate risks and minimise the potential Business Impacts of these on their own supply chain.

Information Security Standards

BS 7799 and ISO 27001 are information security standards. They apply to all information – whether digital, paper or written in stone and include:

  • Security of information
  • Security of storage
  • Reliability of storage
  • Ability to retrieve data - irrespective of disaster - or time lapsed
  • Propriety in information disposal
  • Control of individuals rights of access to information and rights to move/transport/duplicate information

There is cross-over with Business Continuity and Disaster Recovery additionally some overlap with Data Protection, Financial Services, Freedom of Information (Public Sector) and Human Rights legislation. Companies trading with the USA , in the banking sector, with American subsidiaries or employees may find HIPPA and Sarbanes-Oxley apply to them, with some rigorous requirements.

BS7799 does not replace legislation. Adherence and implementation of the standard should make legal compliance easier to maintain. Where fines for non-compliance can be severe, BS7799 can represent excellent value.

Where do we ‘fit in’

As a group of companies we provide a range of services to help you comply with 25999 and 7799. The areas include:

  • Highly resilient IT systems with redundant components and power backup
  • Replicated IT systems – on site and offsite
  • Hosted, outsourced and collocated IT systems in our resilient secure centre, with or without diversely routed redundant communications links. The centre sits in a gated secure monitored building with multiple generator power backup and substantial fuel supplies.
  • Workplace recovery seating – for up to 800 people
  • Secure IT systems – including Firewalls, MPLS, VPN, user access controls,  ISA, stateful inspection, encryption and secure remote access
  • Offsite backup – for data integrity and rapid recovery
  • Ship to site solutions
  • Resilient telephone systems, multi-carrier connectivity
  • Systems administration and maintenance – with guaranteed response times and replacement components on telephone and IT systems – minimising downtime and assuring a fast recovery from unpredictable failure

For further information click here to contact us.
For our home page click here.