Business Continuity Tip of the Month   -  July 2008

Don't fall for the BS

Everyone in the business continuity world (well, in the UK at any rate) is talking about BS25999, the British standard for business continuity management. And why not? After all, gaining accreditation to the standard is guaranteed to result in a robust, fit for purpose business continuity strategy and plan isn’t it? The problem is, in truth it’s not!

Granted, BS25999 (or, for that matter, a number of other standards of a similar ilk) provides a sound framework showing all the widely-accepted, best-practice steps in the business continuity process, which is a very good thing. And following the guidelines in the code of practice should give you a fighting chance of ending up with a half-decent business continuity management system (or BCMS – as if we needed yet another acronym!). But it’s not a guarantee of an effective "BCMS" – or, more importantly, of a business continuity capability.

Accreditation merely confirms that you followed the process to the satisfaction of the auditor (who, incidentally, might not actually be a business continuity expert themselves), which is all well and good. But, in the same way that you can get accreditation to a quality standard by producing naff doughnuts, as long as you always produce the same naff doughnuts in the same way, merely following a process doesn’t guarantee that the end result will be any good.

The bottom line is that it depends how you apply the process to your situation. A robust business continuity capability requires a tad more than doing the minimum required to get a tick from the auditor.

So by all means use BS25999 as the benchmark for your business continuity programme. And by all means go for accreditation if that’s what floats your boat. But just take a step back and think why you’re doing it – to get a tick in that particular box, or to actually make your organisation more resilient?

 


Subscribe

Did you know that Acumen’s Consultancy Director, Andy Osborne, publishes an expert tip each month for people with an interest in developing a business continuity capability?

Why not subscribe now and have Andy’s ‘Tip of the Month’ delivered to your inbox.

Andy also writes the occasional blog, which is somewhat more light-hearted, but with a serious business continuity message. Subscribe to ‘Oz’s Blog’ instead and receive an email notification when Andy posts a blog, in addition to the Tip of the Month emails.

 

Please note that by submitting this form you are opting in to allow us to use your information to contact you and to store and handle your information as per our Privacy Policy