BS25999

1. Policy Statement
Minimum Policy components and Sample BCP Policy

• # The opening Introduction or Overview statement section defines the purpose of the policy.
• # The Policy statement section defines the goals, metrics and responsibilities required to meet policy compliance. A statement of non-compliance penalty should also be included.
• # The Policy Leadership statement section defines the executive management officer responsible for oversight, implementation and compliance assurance of the policy.

2. Policy Integration
Lists how to integrate and enforce the BCP Policy

• # The Change Control Process supports and includes the Business Continuity Plan (BCP) Policy objectives
• # The BCP Policy is included in the metrics for performance and compensation for all levels of individual and “groups” in clear and specific terms.
• # Each task in the BCP is assigned to a specific individual. On a regular basis the individual is required to certify (sign) that they are a) aware of the assigned responsibility and b) that the task procedures work as documented.
• # Specific metrics and penalties are included in all Service Level Agreements (SLA's) and contracts sufficient to insure Business Continuity, Preparedness and compliance of BCP policy.

3. Plan Resiliency
Provides steps to ensure Plan flexibility

Recent natural disaster, such as earth quake or tsunami is true evidence that all business operation need appropriate business continuity management. Today, there are a lot of world standard that could be followed to get the best implementation of business continuity management. From the US standard: NIST SP 800-34 to British Standard 25999. Here is simple comparison between to standard.