Business Continuity

Business continuity and disaster recovery planning is a key governance responsibility; the board of directors of any organisation is responsible for ensuring that disruptive risks to the continuity of business services are identified and controlled.

ISO 22301 - Business Continuity Best Practice

Business Continuity Planning focuses on ensuring that key business processes can continue delivering minimum required levels of performance if external disruption occurs. ISO 22301 is currently the world's leading best practice standard for business continuity plans and every organization should, for its own survival, follow as much of the ISO 22301 guidance as is appropriate for its specific circumstances. ISO 22301 supports chapter 14 of ISO/IEC 27002:2005 which deals extensively with the information security aspects of business continuity planning. ISO 22301 is a two part standard: a specification and a Code of Practice.

The ISO 22301 Business Continuity Management scheme will enable an organization to have its Business Continuity Plan externally audited, assessed and, if the requirements of the scheme are met, then an accredited certificate can be issued.

Through this site you can obtain copies of the standard, as well as a ISO 22301 Implementation Manual and a ISO 22301 BCM Toolkit to help implement a ISO 22301 Business Continuity Management System. 

BS25777 - Information and communications technology (ICT) continuity best practice

BS25777 gives recommendations for information and communications technology (ICT) continuity management within the overall framework of business continuity management provided by ISO 22301. BS25777 is the bridge between general business continuity management and information technology. It makes ISO 22301 relevant to information and communications technology. Of course, it can also be used on a standalone basis in tackling ICT continuity management.

Disaster Recovery Planning

Disaster Recovery Planning (DRP) usually takes place within the BCP framework. Disaster Recovery Plans are usually relatively technical and will focus on the recovery of specific operations, functions, sites, services or applications. A single BCP might contain or refer to a number of DRPs. Best Practice for Disaster Recovery is set out in ISO/IEC 24762.