Sign In
Avalution Consulting
Skip navigation links
Perspectives
Client Service
About Us
Contact Us
Avalution Consulting > Perspectives > Business Continuity Standards > International Standards and Regulatory Requirements
Skip navigation links
White Papers and Presentations
BS 25999 Self Assessment
Business Continuity Standards
International Standards and Regulatory Requirements
Business Continuity Standards for Financial Institutions
Business Continuity Standards for Government
Business Continuity Standards for Health Organizations
Business Continuity Standards for the Energy Sector
US Private Sector Business Continuity Standards
Non-US Country-Specific Standard
International Enterprise Risk Management Standards
International Standards and Regulatory Requirements 

 Name

Purpose/Description

Scope

BS 25999-1/2: Business Continuity Management (2007)

BS 25999 provides end-to-end business continuity management guidance to organizations with aggressive risk management demands or international business interests by focusing on risk treatment, response and recovery.  This voluntary standard can be used as the basis of certification in the development of a business continuity program.

 Applies to all sized organizations anywhere in the world
ISO 27001 / 17999 (2004)

ISO 27001 provides organizations, whose primary business driver is an interest in security program enhancement, with IT disaster recovery considered.  This voluntary standard can be used as the basis of certification in the development of a information security management system.

Applies to organizations seeking IT security certification, with a "minor" in business continuity / IT disaster recovery
ISO (PAS) 22399: Societal Security: Guidelines for Incident Preparedness and Operational Continuity Management  (2007)

ISO 22399 is a Publicly Available Specification (PAS) focused on organization response processes (crisis and incident management).  This is a voluntary guideline.

 Applies to organizations seeking to create or improve crisis/incident management response processes
ISO/IEC 24762 (2008)

ISO 24762 is a standard focused on disaster recovery sites and service seeking confirmation of disaster recovery ability, either internally or as a commercial offering.  This is a voluntary guideline.

 Applies to any organization with internal recovery sites or organizations offering disaster recovery services

ASIS: A Practical Approach for Emergency Preparedness, Crisis Management, and Disaster Recovery (2005)

The ASIS guideline is a tool to allow organizations to consider the factors and steps necessary to prepare for a crisis so that it can manage and survive the crisis and take all appropriate actions to help ensure the organization's continued viability.  This is a voluntary guideline.

 Applies to private and public sector entities interested in developing business continuity capabilities 

DRII: Ten Professional Practices (1999)

The Disaster Recovery Institute International (DRII) Professional Practices were designed to establish necessary skills and competencies for individuals focused on business continuity; more specifically, to establish requirements, define strategies, document plans, exercise strategies and advance awareness amongst all stakeholders.  The Professional Practices may be viewed as volunary guidelines for businesses, but mandatory for those individual seeking professional certification.

 Although focused on individual competencies, can be "retrofitted' to any international entity

BCI: Good Practice Guidelines (2008)

The Business Continuity Institute (BCI) guidelines aim to provide a framework for successful business continuity management by providing an approach in which a practitioner can use to build or improve their business continuity program.  BCI's Good Practices may be viewed as voluntary guidelines for businesses, but mandatory for those individual seeking professional certification.

 Similar to the DRII Professional practices, applies to all organizations, regardless of size or industry sector
BASEL II: Revised International Capital Framework (2006)

BASEL outlines a set of principles that provide a framework for the effective management and supervision of operational risk for banks, including business continuity.  These requirements are mandatory for a select number of banks based on asset size.

 Applies to internationally-active banks at every tier within a banking group, any holding company that is the parent entity within a banking group, and banks that have a capital recognized in capital adequacy measures and is readily available for depositors
ITIL SCM: Disaster Recovery Self-Assessment (2008) 

IT Infrastrcuture Library (ITIL) Service Continuity Management (SCM) prepares for worst-case scenarios by investigating, developing and implementing recovery options when an interruption to a technology service reaches a pre-defined point. The goal is to support the overall BCM process by ensuring that required IT technical services can be recovered within required, and agreed, business timescales.  This is a voluntary guideline.

 Applies to those who understand the importance of IT Service Management in the IT Infrastructure environment
COBIT 4.1 (2007)

The COBIT framework deals with the creation, testing, and monitoring of a continuity and contingency plan. Their audits require a BCP to be in place and to be effective in order to meet compliance requirements; the framework also details uninterruptible power supply needs.  This is a voluntary guideline.

 Applies to the objectives and scope of IT governance, ensuring that its control framework is comprehensive, in alignment with enterprise governace principles and, therefore, acceptable to boards, executive management, auditors and regulators
 
© 2008 Avalution Consulting LLC | Site Map | Contact Us | Terms of Use