TQMC has acquired wide Domain Knowledge and Experience. You can FREELY access it here and here

DISCLAIMER: This matter here is a guide only. For authentic and up-to-date information, please contact TQMC.

The DIRECTIVES and STANDARDS listed here may have been subsequently REVISED . You must refer to the CURRENT REVISION and AMENDMENTS if any.

Monday, June 14, 2010


Business Continuity Planning and Disaster Recovery

This site provides information about Business Continuity planning & testing and Disaster Recovery planning & testing, with links to
Business continuity and disaster recovery planning is a key governance responsibility. The UK Companies Act 2006 gives statutory force to what has long been the worldwide common law duty of directors, which is to exercise due care in relation to their companies. Specifically, directors must "exercise reasonable care, skill and diligence" (s.174) 

The board of directors is accountable for ensuring that the organization has developed and tested business continuity and disaster recovery plans that deal with all the likely risks that face the organization.  

You can download free FAQs about Business Continuity and Disaster Recovery by supplying your email address, below:


All organizations face business continuity risks. Consider: 
  • 80% of organizations with a tried and tested business continuity plan are likely to survive a major business discontinuity; only 20% of those without a business continuity plan are likely to survive.
  • Over 90% of organizations that suffer a significant data loss are not in business two years later.
  • The Business Continuity Institute's 2005 survey indicates that 30% of businesses still don't have a business continuity plan.
  • The data indicates that many of the existing plans are not comprehensive and that maintenance (testing and updating) is generally inadequate.
  • 'Backup' is not the same as a business continuity plan, and terrorism should be specifically addressed.

    Essential Business Continuity Resources

BS 25999 - Business Continuity Best Practice

BS25999 (which replaced PAS56 on 27 November 2006) is the best practice standard for business continuity plans and every organization should, for its own survival, follow as much of the BS25999 guidance as is appropriate for its specific circumstances. It supports chapter 14 of ISO/IEC 27002 (ISO17799):2005 which deals extensively with the information security aspects of business continuity planning.

The BS25999 Business Continuity Management scheme will enable an organization to have its Business Continuity Plan externally audited and assessed.

Every organization, large and small, must have a business continuity plan. Large organization plans will tend to be more complex than those of small ones. Smaller organizations can follow the advice available from BCI, London First and the UK's National Counter Terrorism Security Office or get immediate continuity cover in place by using a standalone business continuity plan template, whereas larger organizations should consider deploying a comprehensive Business Continuity Template Set. (There's a special offeravailable on these right now!) 

Less than 30% of organizations employ business continuity professionals, In the other 70%, business continuity is part of a wider responsibility. This page is designed to help everyone whose less than full-time work on the organization's business continuity is still critical to its survival. In an age where terrorism is an ongoing, indiscriminate, background threat, all organizations need to take appropriate precautions.

Business continuity is not just an IT and data issue; it is an issue for the whole organization. Loss of telecommunications, internet connectivity, physical premises, machinery and equipment or critical people - all of these are possible continuity risks. And while business continuity planning is not the same as disaster recovery planning, the two are closely related.

Civil Contingencies and Business Continuity Planning

In the UK, the Civil Contingencies Act 2004 sets out specific requirements for public bodies. It imposes a series of duties on local bodies in England and Wales, Scotland and Northern Ireland (known as "Category 1 responders"). These duties include the duty to assess the risk of an emergency occurring and to maintain plans for the purposes of responding to an emergency. The range of Category 1 responders is broader than the range of local bodies which were subject to earlier legislation (which has now been repealed). It includes certain bodies with functions which relate to health, the Environment Agency and the Secretary of State, in so far as his functions relate to responding to maritime and coastal emergencies. The Act also provides the mechanism to impose duties on other local bodies ("Category 2 responders") to co-operate with, and to provide information to, Category 1 responders in connection with their civil protection duties.

Business Continuity  Planning 

Business continuity planning (BCP) involves the processes and procedures for the development, testing and maintenance of a (series of) plan(s) that will enable an organization to continue operating during and after a disaster. Plans are typically designed to cope with incidents affecting all the organization's business-critical processes and activities, from failure of a single server, or server room, all the way through to complete loss of a major facility. BCP is a response to an enterprise level risk assessment.

Disaster Recovery Planning

Disaster Recovery Planning (DRP) usually takes place within the BCP framework. DRP's are usually relatively technical and will focus on the recovery of specific operations, functions, sites, services or applications. A single BCP might contain or refer to a number of DRPs. 
The business continuity management life-cycle usually includes a series of steps: 
  • risk assessment
  • business impact analysis (BIA)
  • plan development
  • documentation
  • testing
  • maintenance.
This process is described in Business Continuity Planning - a Step-by-Step Guide and in other widely-recognized and highly acclaimed books available from this site. MI5 and the UK's National Infrastructure Security Co-ordination Centre, amongst many others, have developed appropriate guidance for organizations on dealing with these threats.

A common language can be a helpful thing to have when working on a project, helping to ensure that all the BC and DR professionals when communicating are talking about the same thing. In Business Continuity and BS25999: A Combined Glossary you are provided with such a language. It provides a common vocabulary for business continuity, listing hundreds of terms and definitions directly sourced from highly authoritative sources, including: Disaster Recovery Institute, Business Continuity Institute, ISO27001, BS7799-3:2006 and ISO20000 amongst many others.


No comments:

Post a Comment