BS 25999 BUSINESS CONTINUITY MANAGEMENT



Similar documents
HOW CAN YOU ENSURE BUSINESS CONTINUITY? ISO AUDITS, CERTIFICATION AND TRAINING

OHSAS OCCUPATIONAL HEALTH AND SAFETY MANAGEMENT SYSTEMS

AEROSPACE QUALITY MANAGEMENT SYSTEMS AUDIT, CERTIFICATION & TRAINING SERVICES

Reputation. Further excellence. business continuity. risk management. Data security

Business Continuity - IT Disaster Recovery Discussion Paper - - Commercial in Confidence Version V2.0R Wednesday, 5 September 2012

TURF ISN T THE ONLY THING THAT SHOULD BE GREEN TRAINING AND CERTIFICATION FROM SGS

Business Continuity Management Policy

Business Continuity Management Framework

Birmingham CrossCity Clinical Commissioning Group. Business Continuity Management Policy

Solihull Clinical Commissioning Group

BUSINESS CONTINUITY MANAGEMENT FRAMEWORK

WHAT MAKES YOUR OCCUPATIONAL HEALTH AND SAFETY SYSTEMS STANDARD BEST-IN-CLASS?

Business Continuity Management

HOW CAN YOU REASSURE YOUR CUSTOMERS ABOUT THE ORIGINS OF YOUR WOOD & PAPER PRODUCTS?

Business Continuity Management Governance. Frank Higgins Abu Dhabi March 2015

Principles for BCM requirements for the Dutch financial sector and its providers.

Company Management System. Business Continuity in SIA

University of Glasgow. Policy for. Business Continuity Management

By. Mr. Chomnaphas Tangsook Business Director BSI Group ( Thailand) Co., Ltd

Merrycon s Approach to Business Continuity Management

Business Continuity Policy

NORTH HAMPSHIRE CLINICAL COMMISSIONING GROUP BUSINESS CONTINUITY MANAGEMENT POLICY AND PLAN (COR/017/V1.00)

Business Continuity Management

DRAFT BUSINESS CONTINUITY MANAGEMENT POLICY

Moving from BS to ISO The new international standard for business continuity management systems. Transition Guide

UNDERSTANDING THE SUPPLY CHAIN SECURITY CERTIFICATION STANDARDS

Business Continuity (Policy & Procedure)

Ensuring operational continuity

NHS ISLE OF WIGHT CLINICAL COMMISSIONING GROUP BUSINESS CONTINUITY POLICY

Business Continuity Management

Business Continuity Policy

Business Continuity Policy

Business Continuity Planning. A guide to loss prevention

EPRR: Toolkit Facilitator Guide

ISO BUSINESS CONTINUITY MANAGEMENT SYStEMS (BCMS) EXPERT IMPLEMENTER

BUSINESS CONTINUITY POLICY

1.0 Policy Statement / Intentions (FOIA - Open)

BCP and DR. P K Patel AGM, MoF

Business Continuity. Is your Business Prepared for the worse? What is Business Continuity? Why use a Business Continuity Plan?

How To Manage A Disruption Event

Business Continuity Management and BS by Steve Chan, Head of Training - HK, BSI Management Systems

WEST YORKSHIRE FIRE & RESCUE SERVICE. Business Continuity Management Strategy

Business Continuity Management. Policy Statement and Strategy

Business Continuity Policy and Business Continuity Management System

CENTRAL BANK OF KENYA (CBK) PRUDENTIAL GUIDELINE ON BUSINESS CONTINUITY MANAGEMENT (BCM) FOR INSTITUTIONS LICENSED UNDER THE BANKING ACT

Business continuity management policy

I attach the following documents in response:

Introduction UNDERSTANDING BUSINESS CONTINUITY MANAGEMENT

CHAPTER 1: BUSINESS CONTINUITY MANAGEMENT STRATEGY AND POLICY

Business Continuity and Risk Management. Ken Kaberia Principal BCM Officer, Enterprise Risk Safaricom Limited

BSO Board Director of Human Resources & Corporate Services Business Continuity Policy. 28 February 2012

Coping with a major business disruption. Some practical advice

Business Continuity Business Continuity Management Policy

BUSINESS CONTINUITY MANAGEMENT POLICY

BUSINESS CONTINUITY POLICY RM03

Proposal for Business Continuity Plan and Management Review 6 August 2008

Business Continuity Management For Small to Medium-Sized Businesses

Checklist of ISO Mandatory Documentation

Business Continuity Management (BCM) Policy

ISO 22301: Societal Security Terminology ISO 22313: BCMS Guidance ISO 22398: Exercises and Testing - Guidance

abcdefghijklmnopqrstu

Need to protect your business from potential disruption? Prepare for the unexpected with ISO

Business Resiliency Business Continuity Management - January 14, 2014

Business Continuity Management AIRM Presentation

GUIDANCE DOCUMENT FOR COMPLETION OF RESIDENTIAL CARE ESTABLISHMENTS BUSINESS CONTINUITY PLAN TEMPLATE WEST MIDLANDS

Business Continuity & Crisis Management

Business Continuity Management Policy and Plan

BUSINESS CONTINUITY POLICY

Customer Experience. Further excellence

Business Continuity Management Policy

Business Continuity Policy

Business Continuity Planning

BUSINESS CONTINUITY STRATEGY

Business Continuity Management Policy and Framework

SUPPORTING THE RAIL INDUSTRY UNIQUE SOLUTIONS FOR UNIQUE SITUATIONS

Essex Clinical Commissioning Groups. Business Continuity Management System. Scope and Policy

Appendix 2 - Leicester City Council s Business Continuity Management Policy Statement and Strategy Business Continuity Policy Statement 2015

Institute for Business Continuity Training 1623 Military Road, # 377 Niagara Falls, NY

Information security controls. Briefing for clients on Experian information security controls

ISO 22301:2012 Societal Security Appendix B Business Continuity Management Systems Requirements 347

Effective risk management

CSC AND THE BUSINESS CONTINUITY MATURITY ASSESSMENT PROGRAM

Global Statement of Business Continuity

Overview TECHIS Manage information security business resilience activities

Il nuovo standard ISO sulla Business Continuity Scenari ed opportunità

KPMG Information Risk Management Business Continuity Management Peter McNally, KPMG Asia Pacific Leader for Business Continuity

Business Continuity Management Group Policy

PAPER-6 PART-1 OF 5 CA A.RAFEQ, FCA

RETAIL AUDIT FORUM - AUDITING BUSINESS CONTINUITY

Appendix 1 - Leicester City Council s Business Continuity Management Strategy and Policy Statement

Transcription:

BS 25999 BUSINESS CONTINUITY MANAGEMENT AUDIT, CERTIFICATION & training services

HOW CAN YOU ENSURE BUSINESS CONTINUITY? BS 25999 AUDITS & CERTIFICATION FROM SGS Most organisations will, at some point, be faced with having to respond to an incident which may disrupt or threaten the day-to-day operations of their business. A successful Business Continuity Management (BCM) programme, established to respond to any potential disruption, is essential for all organisations. Ensuring a holistic Business Continuity Management System (BCMS) is in place will not only help your organisation recover from disasters, it will also prevent the reputational damage that can arise from any operational outages, missed deadlines, upset customers or direct financial loss. Certification against the requirements of BS 25999, the British standard for Business Continuity Management, enables you to demonstrate your commitment to having a most robust BCMS in place.

ABOUT BS 25999 Business Continuity Management involves the recovery or continuation of business activities in the event of any business disruption. The overall BCM programme must be managed through activities such as training, exercises and reviews to ensure the plans in place are up to date. Even if an organisation has never experienced a serious incident, establishing a BCMS, built on BS 25999, helps to define key business processes and the impact that could result from any threats. BS 25999 provides a comprehensive set of controls based on BCM best practice, covering the whole BCM lifecycle. It defines the strategic and tactical capability of an organisation to plan for and respond to incidents and business disruptions in order to continue business operations at an acceptable pre-defined level. The standard is generic and offers organisations guidance on putting their BCM systems in place. An organisation can prepare for the worst and take steps to improve its resilience. The BCMS should also include a Business Impact Analysis (BIA), which is an inherent part of BS 25999 and an essential component of any business continuity plan. A BIA helps organisations identify their critical activities, dependence and resources supporting their key products and services, as well as what the impact of their failure would be on the organisation. THE BENEFITS The BS 25999 certification will help improve any business by ensuring planned, effective BCM at all levels, including: Organisation-wide identification and understanding of critical business processes and the impact of disruption Increased levels of resilience and recovery capability, and the continued survival of the organisation Advantage gained over less resilient competitors Positive message communicated to the media and stakeholders in crisis conditions Improved risk profile in the minds of insurers, resulting in reduced insurance premiums Compliance with the expectations of regulators, insurers, business partners and other key stakeholders Significantly reduced financial impact of incidents, disruption or even under disaster Increase the survival chance of both the organization and employees Reputation maintained, or even improved, through demonstrating a professional approach to managing disruption Timely and orderly responses to incidents and business disruptions to continue business operations at an acceptable pre-defined level as promises in contract or agreement Encourages cross-team and crossorganization coordination Demonstrate credible responses through scenario-base exercising Demonstrate management commitment in overall risk management with visible evidence THE BCM PROCESS The BCM process consists of six steps: Step 1 BCM programme management: Programme management enables the business continuity capability to be both established (if necessary) and maintained in a manner appropriate to the size and complexity of the organisation. Step 2 Understanding the organisation: The activities associated with this step provide the information that enables prioritisation of an organisation s products and services, identification of critical supporting activities and the resources that are required to deliver them. Business Impact Analysis (BIA) and Risk Assessment are crucial parts of this stage. Step 3 Determining business continuity management strategies: This allows an appropriate response to be chosen for a critical product or service so that the organisation can recover and continue their service or product within a pre-defined timeframe after disruption. Step 4 Developing and implementing a BCM response: This involves developing incident management, business continuity and business recovery plans that detail the steps to

EMBEDDING BCM INTO THE ORGANISATION S CULTURE Understand the organisation Exercising, maintaining and reviewing BCM Programme Management Determining BCM Strategy Corrective and Preventive Action be taken during and after a disruption to maintain or restore critical processes or operations. Step 5 Exercising, maintaining and reviewing BCM arrangements: This leads to the organisation being able to demonstrate the extent to which its strategies and plans are fit for purpose with exercises at planned intervals to identify opportunities for improvement. Step 6 Embedding BCM in the organisation s culture: This enables BCM to become part of the organisation s core values and instils confidence in all stakeholders in the ability of the organisation to cope with disruptions. Organisations need to train those responsible for implementing BCM and acting in the event of disruption, as well as those who will be impacted by the plans. Organisations should not only put plans in place, but should ensure they are reviewed regularly and kept up to date. HOW DOES THE CERTIFICATION PROCESS WORK? The BCM 25999 certification process consists of six steps: Step A SGS provides you with a proposal based on the size and nature of your organisation. You can then proceed with the audit by accepting the proposal. Step B You may ask SGS to perform a pre-audit to give an indication of the readiness of your organisation for the audit. This stage is optional, yet it is often found useful in identifying any weaknesses in your systems and in building confidence before the formal audit. Step C The first part of the formal audit is the Stage 1 Readiness Review. This lets us evaluate the compliance of your documented system with the requirements of the standard to better understand the nature of your organisation, to plan the rest of the audit as effectively as possible and to initially examine key elements of the system. You will receive a report after this stage identifying any concerns or observed non-compliances so that you can take immediate action if required. Step D This is Stage 2 of the initial audit process. The audit includes interviews with you and your colleagues and examination of records. Observation of your working practices determines how compliant your actual processes are with the standard and with your own documentation system. At the end of this stage we will present the findings of the audit, classified as either major or minor non-conformances, along with other observations and opportunities for improvement. Once you have addressed the non-conformities, a technical review of the audit will then be conducted by an authorised SGS Certification Manager to confirm the issuance of a certificate. Step E Our surveillance visits will be scheduled at either six or 12-month intervals depending on the contract. During the visits we review the implementation of the action plan addressing the past non-conformities, and examine certain mandatory and other selected parts of the system in line with an audit plan that we provide you before each visit. Step F Shortly before the third anniversary of the initial certification, our routine visit will be extended to enable a re-certification audit. Surveillance visits will then continue, as before, on a three-year cycle. BS 25999 RELATED TRAINING We offer a wide variety of training courses for all levels of ability and awareness. Our BS 25999 training course portfolio is designed to meet the requirements of any organisation, and includes: Foundation Course BCMS Architecture Course Business Impact Analysis (BIA) Workshop Business Continuity Plan Workshop Internal or Course Lead or Course OTHER SERVICES RELATED TO BUSINESS CONTINUITY MANAGEMENT SYSTEMS SGS is also known for its solutions against other needs related to business continuity management as well as continuous improvement:, certification and training related

BS 25999 CERTIFICATION PROCESS Assessment and certification Surveillance Visits typically At 6 to 12 month intervals Step A Agree Contract Step C Stage 1 Step D Stage 2 Certificate Issue on Completion of Successful Step E Surveillance Visits Action and Closure of Identified Non-Conformities Step F Recertification Step B Optional Pre- Action and Closure of Identified Non-Conformities Certification Cycle Typically 3 years to ISO 27001 (Information Security Management Systems) and to ISO 20000 (IT Service Management) Integrated Management Systems: your management systems can be audited and certified simultaneously with other management systems which you have implemented solutions against additional, bespoke quality performance criteria: SGS can help develop the performance criteria and the checklist or simply check performance against existing measures Process Improvement solutions leveraging techniques, such as Lean or 5S We have a history of undertaking and successfully executing large-scale, complex international projects. With a presence in every single region around the globe, our people speak the language and understand the culture of the local market and operate globally in a consistent, reliable and effective manner. TO LEARN HOW SGS CAN HELP YOU EXCEED CUSTOMER EXPECTATIONS, VISIT WWW.UK.SGS.COM/BUSINESS-CONTINUITY OR CONTACT UK.NOWISTHETIME@SGS. COM FOR MORE INFORMATION. WHY SGS? SGS is the world s leading inspection, verification, testing and certification company. Recognised as the global benchmark for quality and integrity, we employ over 67 000 people and operate a network of more than 1 250 offices and laboratories around the world. We are constantly looking beyond customers and society s expectations in order to deliver market-leading services wherever they are needed. Partnering with SGS opens the door to better performing processes, increasingly skilful talent, consistent and compliant supply chains and more sustainable customer relationships delivering profitable competitive advantage. Work with the global leader and take your commitment to the next level.

SGS SA 2011. ALL RIGHTS RESERVED - 5517-0911. WWW.SGS.COM

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information