The British Standard for Business Continuity (BS 25999), launched in 2007, was designed to provide a standard approach to business continuity, and to establish a way of assuring business continuity management all the way down the supply chain. In the US there is no equivalent.
Why should American companies care about a non-binding British standard? Obviously compliance is not required, but American business continuity officers may want to take a look at this standard as a useful guideline for establishing policy and procedures. It includes a useful set of guidelines and best practices that can benefit any company on either side of the pond.
In the UK, the CMI 2009 business Continuity Management report, supported by the Cabinet Office, showed that 39 percent of respondents who do have business continuity plans are aware of the standard. Of those that are aware of it though, only 13 percent are seeking certification, 19 percent plan to comply without benefit of accreditation, and 42 percent plan to use it as guidance. Four percent will go even further to ask suppliers to comply as well.
The standard is meant to put in place a set of standards to help minimize disruptions from disasters or other incidents, and is really the first of its kind in the world. The standard can be quite useful in implementing a plan, and even for incorporating partners down the supply chain in creating an end-to-end strategy. It includes a set of requirements based on best practice, and is relevant to any size organization in any sector.
Without going into excruciating detail, there are two parts: The first is the "Code of Practice," which includes best practices and recommendations; this is an especially useful part of the standard, even for those outside of the UK. The second part is the actual specification that sets out what is required to comply and become certified.