BS25999 BS25999 Part 2 - Specification BS25999 Certification | BS25999 Certification |
|
|
|
|
BS25999 Part 2 is a Specification, not a Code of Practice like Part 1. So what is the difference? Part 2 is a Specification and deals with 'Shall' rather than 'Should' as the Part 1 Code of Practice does. Titled BS 25999-2:2007 Specification for business continuity management and includes
The standard was published on November 20th 2007
How does an organisation seek compliance with the standard?As with most management standards the process will be relatively standardised using the guidelines in ISO 17021 STEP 1Apply to a certification body, certification bodies are organisations that are accredited to certify organisations, for example BSI or LRQA (although these two examples are not the only ones). An understanding of the scope of the BCMS will need to be made. The certification body will then create a proposal detailing the number of assessment days required and costs etc. If the organisation chooses to proceed the assessment should take place.STEP 2A pre assessment may be used to provide a snap shot of readiness for the full assessment. Sampling and other techniques may be used in this pre assessment. Any areas of omission will be raised and an assessment of remedial work, should any be needed, would be made. The formal assessment may be delayed if it is thought that it would be unlikely that the organisation would pass.STEP 3The formal assessment is then made during which all areas of the Part 2 Specification will be covered. In line with ISO17021 and in a similar way to other management standards the formal assessment is done in two parts.Stage 1 This stage will cover the Business Continuity Management System and will examine BCMS documentation, the management review/audit system and evaluation of readiness for stage 2. Planning for Stage 2 will also take place. Stage 2 This stage examines the implementation of the BCMS i.e. objective evidence. It may involve inspection of records, interviews of personnel and physical inspections. Any observations or non conformities will be formally recorded and a recommendation for certification or not made. STEP 4If client achieves recommendation for certification body this recommendation will be forwarded to the BS25999 Certification Manager for final review and issuing of certificates. If the client fails the audit a corrective action plan is usually agreed and a second audit arranged.STEP 5When the certificate has been awarded surveillance audits will be planned, typically at yearly intervals. These surveillance visits will examine the effectiveness of the BCMS, management reviews/audit, progress of continual improvement actions, change review and possibly the use of the registration marks in publicity materials etc. A full reassessment will also be carried out at longer intervals, usually 3 years although this will depend on both the organisation and the certification body.
What are the benefits of certificationAs we have mentioned the standard comes in two parts. Splitting them is designed to make it easier to understand and deploy. Part 2 or the Specification sets out the minimum that an organisation should do in order that its business continuity systems are effective. Implementing BS25999 Part 1 or the Code Practice will undoubtedly provide many benefits to an organisation but there is no doubt that achieving certification will require significant extra work, so what are the benefits? In a word, demonstrability. Having certification to a known and accepted management standard such as BS25999 Part 2 avoid saying to stakeholders 'Trust Me'
Document Author: Harvey Fawcett
Set as favorite
Bookmark
Email This
Hits: 1028 Comments
(0)
|
Subscribe to this comment's feed
| Next > |
|---|
