New Standards and Certifications Help Guide Business Continuity Best Practices
When looking in the face of a disaster, the last thing your enterprise needs is to scramble to achieve business continuity. Many businesses are strapped for cash after a prolonged period of economic hardship. New standards are emerging to help align business continuity initiatives and provide guidelines to follow. Certifications can even serve to review standards-based internal programs, so your teams know they are going forward with a plan based on established criteria.
Recent years have shown enterprises are vulnerable to events in the outside world, including the September 11, 2001 terrorist attacks and Hurricane Sandy in 2012. The Department of Homeland Security was not only formed to deter terrorist attacks, but to help people and businesses be most prepared for the unknown. To establish more effective standards, it created the Private Sector Preparedness (PS-Prep) initiative. Standards related to the initiative include:
NFPA 1600 Standard on Disaster/Emergency Management and Business Continuity Programs
Business continuity is heavily dependent on there being a common set of processes and techniques. This is what NFPA 1600 addresses, with an emphasis on program policies and management following a disaster. A comprehensive set of guidelines breaks down the core components of crisis management and disaster recovery. The planning and implementation of these aspects are covered in detail in this standard. Enterprises have the option to certify for the standard by establishing a documented program managed by a coordinator and advisory committee.
ASIS International SPC.1-2009 Organizational Resilience: Security, Preparedness, and Continuity Management Systems
A management framework for planning and decision making, ASIS International SPC.1-2009 focuses on evaluation measures including internal audits, exercises, testing, reviews, and policy improvements. It is effective across a program’s lifecycle, from its creation to maintenance, to addressing the needs to improve upon it.
Aimed at establishing best practices across organizations regardless of their location, ISO 22301 is the first business continuity management systems standard created on an international scale. It has a clear focus on documentation and control processes, documenting reasons for excluding continuity elements, and parameters for executive management. Establishment of a communications process is also covered.
The new standard also incorporates a set of definitions to help those unfamiliar with business continuity understand the principles. Some of the elements of ISO 22301, in fact, are similar to BS 25999, a British Standard created in 2007 to help organizations develop management systems for their continuity practices. While certifications under this standard will proceed until 2014, the mandates will soon be merged with the ISO standard.
Picking the Best Guidance
Standardization for business continuity help to guide enterprises in what to do in terms of preparing, managing, and testing a plan. Choosing one over the other depends on your internal culture. The ASIS SPC.1 standard focuses on risk management while NFPA 1600 has been beneficial for organizations concentrating on emergency management. To follow the most ideal standard, your staff must carefully review the standards mentioned. Most importantly, thorough integration of the guidelines into your business continuity plan means being ready to deal with the onslaught and aftermath of a disaster.