| AS HB 167: Security Risk Management (2006) |
This handbook's objective is to outline a broad framework and core processes that should be included in a security risk management process, project or program of work. The handbook is consistent with the framework for risk management outlined in AS/NZS 4360 (2004): Risk Management. Security Risk Management (SRM) plays a critical role as part of an organization’s risk management process in providing a fundamental assessment, control and treatment process for certain types of risk. |
Applies to any size or type of organization—from large multinationals to small businesses, government agencies and the not-for-profit sector—that has identified the requirement for, and merit of, developing effective security risk management processes |
| AS/NZ HB 221: Business Continuity Management (2004) |
HB 221 provides consistency in respect to business continuity and risk management. This standard states that the key outcome of the business continuity management process should be to identify what is the minimum level of acceptable performance and what infrastructure and resources are required to achieve and sustain it. This standard is voluntary. |
Applies to any size or type of organization - from large multinationals to small businesses, not for-profit agencies and government agencies - that has identified the requirement for developing effective business continuity management processes |
| AS HB 292: A Practitioners Guide to Business Continuity Management (2006) |
The guide provides an overview of selected ‘generally accepted practices’ and emerging new practices used variously within Australia, United States and the United Kingdom. The structure of the guide is based on Australia / New Zealand Business Continuity Management Handbook HB 221:2004 – with much of the information being fully consistent with HB 221. However, the principles of HB 221 have been significantly expanded upon and extensive new explanatory information is provided. |
Applies to any size or type of organization - from large multinationals to small businesses, not for-profit agencies and government agencies - that has identified the requirement for developing effective business continuity management processes |
|
AS/NZS 5050: Business Continuity – Managing Disruption Related Risk (2009 Draft) |
The standard has three parts – 5050.1 Part 1: Specification, 5050.2 Part 2: Practice, and 5050.3 Part 3: Assurance – that builds upon Australia’s HB-292 by contemplating a range of disruption risks; integrating into risk management frameworks that are based on AS/NZS 4360 (2004) and AS/NZS/ISO 31000 (2009); enabling businesses to protect cross organizational functions and departmental structures; building flexible capability; enabling organizations to prepare, respond and adapt -in real time - to change and or disruptive events; integrates with existing management system standards including ISO 9001 (Quality Management Systems), ISO 14001 (Environmental Management Systems), ISO 27001 (Information Security Management), and ISO 28000 (Supply Chain Security Management System); integrates into existing assurance processes without providing separate certification regimes or an additional compliance. |
Applies to any organization that wishes to develop, implement, establish and maintain a BCMS, or requires third party certification of its approach to business continuity management |
| Canada: Operational Security Standard – Business Continuity Planning (BCP) Program (2004) |
The standard describes baseline security requirements for government departments to assure the continued delivery of government services through baseline security requirements, business continuity planning, including Information Management (IM) and Information Technology (IT) continuity planning, and continuous risk management. |
Applies to Canadian government departments establishing their business continuity program |
|
CSA Z1600: Standard on Emergency Management and Business Continuity Programs (2008) |
The CSA Z1600 is generally based on the NFPA 1600, but has slight modifications to tailor to Canadian standards, needs and requirements. CSA provides a benchmark to allow organizations to evaluate and/or initiate their business continuity plans and strategies. This standard is voluntary.> |
Applies to Canadian organizations and institutions - public and private |
| FSA CP142: Operational Risk Systems and Controls (2002) |
Any significant disruption to a financial firm's operations may prevent them from satisfying the FSA's threshold conditions and compliance with the Principles for Businesses. Thus, the FSA established the importance of preparedness of financial firms for major disruption and challenged the achievement of at least two of the FSA's statutory objectives - those referring to market confidence and consumer protection. This regulatory requirement is mandatory. |
Applies to UK institutions providing financial services |
| Singapore TR19: Technical Reference for Business Continuity Management (2005) |
The primary focus of TR19 is on continuity management and recovery of critical business operations, including preventive measures, business continuity planning, emergency response, crisis communications, supply chain coordination and cooperation with industry and public authorities. This standard is voluntary. |
Applies to Singapore-based organizations intending to build competence, capability, resilience and readiness to response to and recover from events which threaten to disrupt normal business operations |
| SS 540: Singapore Standard for Business Continuity Management (2008) |
SS540 is a Singapore certifiable standard (that replaces TR 19 (2004)) that establishes the framework for organization to analyze, implement strategies, process and procedures. The standard emphasizes resilience and protection of critical assets, human, environment, intangible and physical. It focuses on continuity management and recovery of critical business functions as to make it applicable small and large organizations. |
Applies to Singapore-based companies in order to assist in building resilience and capability for an effective response to disruptions |
| SS507: Singapore Standard for Business Continuity / Disaster Recovery (BC/DR) Service Providers (2004) |
SS 507 provides a basis to certify and differentiate the BC/DR service providers, helps the end-user organizations in selecting the best-fit service providers and provides quality assurance. It also establishes industry best practices to mitigate outsourcing risks. |
Applies to BC/DR service providers who wish to get certified under the standard as well as at BC/DR service providers and end user organizations who use the standard as a reference document |
| NEN 7132: Security, Preparedness, and Continuity Management Systems (2008 Draft) |
NEN 7132 provides guidance on the management of audit programs, the conduct of internal or external audits of security, preparedness, and continuity management systems (including suck risk-based disciplines of emergency, crisis and/or disaster management), as well as on the competence and evaluation of auditors. |
Applies to a broad range of potential users, including (but not limited to) auditors, organizations implementing management systems, organizations needing to conduct audits for contractual reasons, and organizations involved in auditor certification or training |
| Bank of Japan: Business Continuity Planning at Financial Institutions (2003) |
The Bank of Japan dictates that disaster management consists of 1) minimizing the impact of a disaster by implementing measures to prevent damages, and 2) ensuring continuity of its critical business operations to fulfill the responsibilities even in times of disaster. This regulatory requirement is mandatory. |
Applies to all financial institutions in Japan |
| External Circular 048 (Colombia) - Rules for the Operational Risk Management |
The External Circular 048 was released by the Colombian Financial Superintendence in 2006. This circular sets up the basis and minimal features for the adoption of an Administrative System of Operative Risk (SARO) and points out the risk factors and their dentitions, the loss classes and the loss events, the organizational structure and the control entities. |
States that all Columbian financial entities should comply with the requirements before July 1, 2007. |
| HB 203:2006 – Environmental Risk Management (Australia Standard) |
HB 203:2006 aims to assist organizations and individuals with understanding and implementing environmental risk management programs/ strategies. |
Applies primarily to those organizations doing business in Australia/ New Zealand who wish to create or improve their environmental risk management program; however the principles may also apply to organizations abroad |
| Hong Kong Monetary Authority – Supervisory Policy Manual |
The HKMA is Hong Kong’s central banking authority. The HKMA’s Supervisory Policy Manual outlines the HKMA’s latest policies and practices, the minimum standards that authorized institutions (“AIs”) are expected to manage in order to satisfy the requirements of the Banking Ordinance, and recommendations on best practices that AIs should aim to achieve. |
Applies to any organization with financial interests in Hong Kong |
| MS 1970 (Malaysia Standard) |
MS 1970 provides a standard framework for developing business continuity plans specifically those organizations residing within Malaysia. |
Applies to all organizations in all industries |
| Prudential Standard APS 232 on BCM (Australia) |
Prudential Standard APS 232 aims specifically at ADI’s (authorized deposit-taking institutions) requiring them to consider business continuity as a part of their overall risk management plan. |
Applies to authorized deposit-taking institutions operating in Australia |
| Prudential Standard GPS 222 on BCM (Australia) |
Prudential Standard GPS 222 aims specifically at general insurers requiring them to consider business continuity as a part of their overall risk management plan. |
Applies to general insurers operating in Australia |
| Prudential Standard LPS 232 on BCM (Australia) |
Prudential Standard LPS 232 aims specifically at life insurance companies requiring them to consider business continuity as a part of their overall risk management plan. |
Applies to life insurance companies operating in Australia |