BS 25999 / SS 540The Standards for Business Continuity Management

Business Continuity - A Challenge

“Business of every business is to remain in business!”

In early days, disaster recovery (DR) has been part of the IT function. DR test used to be a weekend task performed by data center staff, or system programmer, taking the development system down, testing the DR environment and may be run a few sample batch to prove the system recovery capability.

In today’s business environment, business continuity and disaster recovery are more demanding. We are facing with new threats and challenges continuously. Implementing Business Continuity Management in an organization is to insulate business from unexpected disruption and to protect business in all time of crisis.

A business organization, regardless of its size and nature of business, has to protect its business strategies, policies and processes, personnel and relationships, information and infrastructure. This can be achieved with systematic resiliency goals, governance & compliance, command and control, reliability strategy, continuity & resumption, management & protection, redundancy & recovery, and safety, security & dependability.

BCMS

BCMS (Business Continuity Management System) is a “Holistic management process that identifies potential impacts that threaten an organization and provides a framework for building resilience and the capability for an effective response that safeguards the interests of its key stakeholders, reputation, brand, and value-creating activities”

Business Continuity Concerns

n How would the business continue to service the customers?

n How would the business continue to operate?

n How long can be business sustain / survive during the disaster (if non-operational)?

n How to minimize the losses / impact?

n How to recover and resume back to normal?

n How to achieve cost- effective resumption following an interruption?

n How to effectively manage and respond during crisis?

What can be achieved?

Framework: Provides a common framework, based on international best practices, to manage business continuity.

Resilience: Proactively improves resiliency efforts when faced with disruptions to key value streams.

Management: Delivers a proven response methodology for managing a disruption.

Reputation: Helps protect and enhance the organization’s reputation and brand.

Compliance: Demonstrates that applicable laws and regulations are being observed.

Supply-Chain: Ensures that every company in the supply chain understands and consistently applies guidelines and standards consistent with requirements.

Competitive Advantage: Contributes to the opening of new markets through demonstration of compliance with best-in-class standards.

Delivery: Provides a rehearsed method of restoring an ability to supply critical products and services to an agreed level and timeframe following a disruption.

DQS has taken a giant step toward a global future by merging with UL MSS, the Management Systems Certification business of Underwriters Laboratories Inc.

UL Management Systems Solutions India Pvt. Ltd

Head Office# 147, Anjaneya Techno Park5th Floor, HAL Airport RoadKodihalli, Bangalore - 560 017, INDIATel.: +91 80 66616500 Fax: +91 80 66616530

New Delhi# 138 & 139, Ist FloorVardhman Star City MallSector - 7, DwarkaNew Delhi - 110 075, INDIATel.: +91 11 25073907 / 08

Pune# 208, R Square2nd floor, Opp. Atul NagarMumbai-Bangalore Bypass RoadWarje, Pune - 411 052, INDIATel.: +91 20 64703902

ChennaiPlot # 29B, 2nd StreetKrishnamachari NagarAlapakkam, Chennai - 600 016, INDIATel.: +91 44 43513352Fax: +91 44 24865494

www.ul-dqs.in / www.dqs-ul.comcustomerservice.india@in.dqs-ul.com

Business Improvement: Enables a clearer understanding of how the entire organization operates on a day-to-day basis, which can identify opportunities for improvement (including personnel and knowledge deficiencies and single points of failure).

Cost Savings: Creates an opportunity to reduce the burden of internal and external business continuity audits and may reduce business interruption insurance premiums.

In order to establish best practices, the organization can adopt BS 25999 or SS 540.

The requirements specified in these standards are generic and are intended to be applicable to all organizations (or parts there of), regardless of type, size and nature of business. The extent of application of these requirements depends on the organization's operating environment and complexity.

BS 25999

BS 25999-2 specifies requirements for establishing, implementing, operating, monitoring, reviewing, exercising, maintaining and improving a documented Business Continuity Management System (BCMS) within the context of managing an organization’s overall business risks.

SS 540

SS540 is a BCMS Standard published by SPRING (Standards, Productivity and Innovation Board), Singapore. SS540 provides requirements for organizations intending to build competence, capacity, resilience, and readiness to respond to and recover from events, which threaten to disrupt normal business operations and activities.

RiskAssessment

Scope &Objectives

BCP & IMP

BCMExercising

Maintain &Improve BCMS

Implement &Operate BCMS

EstablishBCMS

Monitor &Review BCMS

BCMSReview & Audit

ContinualImprovement

BCStrategy

Business ImpactAnalysis

Risk Analysis& Review

BusinessImpact Analysis

Strategy

BusinessContinuity PlanBC

M A

reas

Test andExcercises

ProgramManagement

SS 540Requirements

BCM Components

Policies Processes People Infra-structure

Customers Certified for BCMS:

Maxis Communications, Malaysia

Singapore Health Services, Singapore