Do you have a plan for when your computer system crashes?
Can your business continue without information and communication technology (ICT)?
In most organizations, the processes that deliver products and services depend on information and communication technology (ICT).
Disruption to ICT can therefore be a huge risk and can damage your organization's ability to operate and undermine its reputation. The consequences of a disruptive incident vary and can be far-reaching, and might not be immediately obvious at the time. So how would you cope?
BS 25777 will help your organization plan and implement an ICT continuity strategy.
ICT continuity management supports the overall business continuity management (BCM) process of an organization. BCM ensures that your organization’s processes are protected from disruption and is able to respond positively and effectively when disruption occurs.
ICT continuity management makes sure that ICT and services are resilient and can be recovered within timescales required by and agreed with the top management. Effective BCM depends on ICT continuity management to ensure that your organization can meet its objectives at all times, particularly during times of disruption. To be successful, both BCM and ICT continuity management have to become embedded within the organization’s culture.
BCM and ICT continuity management form an important part of effective management, sound governance and organizational prudence. Top management is responsible for maintaining the ability of the organization to continue to function in the face of disruption. Many organizations also have a statutory or regulatory duty to maintain effective risk-based controls, including BCM.
The benefits of effective ICT continuity are that your organization:
- Understands the threats to, and vulnerabilities of, ICT services
- Identifies the potential impacts of disruption to ICT services
- Encourages improved collaboration between business managers and ICT service providers (internal and external)
- Develops and enhances competence in ICT staff by demonstrating credible responses through exercising ICT continuity plans and testing ICT continuity arrangements
- Provides assurance to top management that it can depend upon predetermined levels of ICT services and receive adequate support and communications in the event of a disruption
- Provides additional confidence in the business continuity strategy through linking investment in ICT solutions
- Has ICT services that are cost-effective
- Can enhance its reputation for prudence and efficiency
- Potentially gains competitive advantage through the demonstrated ability to deliver business continuity and maintain product and service delivery in times of disruption
- Understands and documents stakeholders’ expectations and their relationships with, and use of, ICT services.
ICT continuity is fairly cheap and easy to set up as part of ICT strategy. Retrofitting ICT continuity can be complex, disruptive and expensive. The content of an ICT continuity programme will be influenced by the organization’s risk appetite.
BS 25777 gives recommendations for ICT continuity management within the framework of business continuity management provided by BS 25999-1.
Contents
Foreword
Introduction
Scope
Terms and definitions
ICT continuity programme management
Understanding the ICT requirements for business continuity
Determining ICT continuity strategies
Developing and implementing ICT strategies
Exercising and testing
Maintenance, review and improvement
Annexes
Annex A (informative) I CT continuity management milestones
Bibliography
List of figures
Read the BSI press release
Resilience in a Digital Age: New BSI Guidance on ICT Continuity
See all forthcoming conferences from BSI British Standards
