Business Continuity Planning, Disaster Recovery & BS25999

This site provides information about Business Continuity and Disaster Recovery planning & testing, with a wide range of

• Books and toolkits for BS25999 implementation
• Business Continuity Planning Books
• Disaster Recovery Standards and Books 

Business continuity and disaster recovery planning is a key governance responsibility. Anyone who has watched the impact of, for instance, hurricanes over the last few years will recognise that the directors must plan for their organisation to survive natural disasters. 

The board of directors is accountable for ensuring that the organization has developed and tested business continuity and disaster recovery plans that deal with all the likely risks that face the organization.  

All organizations face business continuity risks. Consider: 

• 80% of organizations with a tried and tested business continuity plan are likely to survive a major business discontinuity; only 20% of those without a business continuity plan are likely to survive.
• Over 90% of organizations that suffer a significant data loss are not in business two years later.
• The Business Continuity Institute's 2005 survey indicates that 30% of businesses still don't have a business continuity plan.
• The data indicates that many of the existing plans are not comprehensive and that maintenance (testing and updating) is generally inadequate.
• 'Backup' is not the same as a business continuity plan, and terrorism should be specifically addressed.

  Essential Business Continuity Resources

BS 25999 - Business Continuity Best Practice

BS25999 is the best practice standard for business continuity plans and every organization should, for its own survival, follow as much of the BS25999 guidance as is appropriate for its specific circumstances. 

The BS25999 Business Continuity Management scheme will enable an organization to have its Business Continuity Plan externally audited and assessed.

Every organization, large and small, must have a business continuity plan. Large organization plans will tend to be more complex than those of small ones. Smaller organizations can get immediate continuity cover in place by using this step-by-step guidance and planning templates, whereas larger organizations should consider deploying a comprehensive Disaster Recovery and Business Continuity Plan Template Kit.  

Less than 30% of organizations employ business continuity professionals, In the other 70%, business continuity is part of a wider responsibility. In an age where terrorism is an ongoing, indiscriminate, background threat, all organizations need to take appropriate precautions.
Business continuity is not just an IT and data issue; it is an issue for the whole organization. Loss of telecommunications, internet connectivity, physical premises, machinery and equipment or critical people - all of these are possible continuity risks. And while business continuity planning is not the same as disaster recovery planning, the two are closely related.

Business Continuity  Planning 

Business continuity planning (BCP) involves the processes and procedures for the development, testing and maintenance of a (series of) plan(s) that will enable an organization to continue operating during and after a disaster. Plans are typically designed to cope with incidents affecting all the organization's business-critical processes and activities, from failure of a single server, or server room, all the way through to complete loss of a major facility.

BS25999 is the world's first best practice standard for business continuity planning.

Disaster Recovery Planning

Disaster Recovery Planning (DRP) usually takes place within the BCP framework. DRP's are usually relatively technical and will focus on the recovery of specific operations, functions, sites, services or applications. A single BCP might contain or refer to a number of DRPs. 

ISO/IEC 24762 is the world's first best practice standard for IT disaster recovery planning.

The business continuity management life-cycle usually includes a series of steps: 

• risk assessment
• business impact analysis (BIA)
• plan development
• documentation
• testing
• maintenance.

This process is described in Business Continuity Planning - a Step-by-Step Guide.

A common language can be a helpful thing to have when working on a project, helping to ensure that all the BC and DR professionals when communicating are talking about the same thing. In Business Continuity and BS25999: A Combined Glossary you are provided with such a language. It provides a common vocabulary for business continuity, listing hundreds of terms and definitions directly sourced from highly authoritative sources, including: Disaster Recovery Institute, Business Continuity Institute, ISO27001, BS7799-3:2006 and ISO20000 amongst many others.