As business continuity management matures, a number of standards and certifications are emerging. Some of these standards are industry specific, but most are general and customizable to specific industry needs.
Auditing bodies that evaluate the standards of the organizations have also come into being and are actively evaluating and certifying the standard compliance levels of organizations seeking certification with these bodies. For instance, in the UK, The Business Continuity Certification is offered by the British Standards Institute (BSI). Certification by BSI is also recognized by ANAB (the ANSI-ASQ National Accreditation Board in the United States). Organizations that have implemented ISO 27001 can apply for BSI certification.
Interestingly the size of the organization or the nature of work does not have any bearing on the BSI certification. While the ISO 270001 establishes management practices that ensure information management and security, the BSI certification establishes processes, principles and terminology of business continuity management. While the broad objectives are non prescriptive, they are standardized to work across a broad spectrum of industries and business models. The certification process takes between 6-12 months depending on the maturity of the organization in business continuity management.
It is an acknowledged reality that business continuity management is a fragmented discipline. Most business continuity programs are implemented on the basis of a variety of standards (including ISO 270001) and have varying depths and rigor levels of implementation. The BSI certification defines certain accepted standards of business continuity management and provides an objective measurement of the quality of the implementation.
The certification is, therefore, regarded as a competitive differentiator and a means of inspiring confidence in customers who sign up for the organizations services and products. Additionally, the certification provides several time saving answers that are often obtained after rigorous and expensive surveys and inquiries from customers, regulators, investors and insurance carriers.
The business continuity certification offered by BSI on ISO 27001 also introduces a certain measure of discipline in the organization and makes accountability an integral fact of the business life cycle.
The organizational certification also ensures effective knowledge transfer in industries where attrition rates are high.
Internally, a BSI certification for ISO 27001 implementation provides a framework for business operations. Management decisions can be taken with reference to a standard and weaknesses and non-conformities tend to get highlighted during discussions, leading to corrections and improvements that benefit the organization. Program audits are revealing and encourage compliance, conformity and will prove a catalyst for overall improvement.
BSI also provides planning strategies, risk management methodologies and risk treatment approaches that are essential for program optimization and continuous improvement. The structures that are defined follow standardized management concepts and assist organizations integrate business continuity concepts into larger enterprise risk management programs.
The BSI offers a number of toolkits to organizations who want to evaluate their readiness for BSI after they have implemented ISO 27001 standards. ISO 27001 is also offered as part of the family of products by BSI. The tool kits can be directly purchased from BSI. The starter kit defines the standards, offers discounts on training courses and vouchers for subsidising costs of the online self-assessment tool, gap analysis and training modules.
Since its inception as a Business Continuity Standard, BSI has certified more than 64,000 organizations in over 100 countries. It has a proven track record of delivering value to its clients and giving them a competitive edge in their niche markets. With increasing globalization and overwhelming concerns about business continuity, organizations need to get their business continuity management systems and their Information management systems evaluated and certified by third party certification authorities like BSI and ISO 27001.
Organizations also need to ensure that the online backup service providers or other service providers they align with are similarly certified in the interests of their own business continuity and disaster management plans.