Programs, Architecture & Analytics

Top Standards and Practices for Business Continuity and Disaster Recovery Professionals

References and CitationsIn the past decade there has been a significant development of Standards and Practices for Business Continuity and Disaster Recovery Professionals.  As a basic estimate there are three hundred or more guidelines that relate to Business Continuity, Disaster Recovery and associated fields such as Risk, Emergency, Incident, Information Security, Governance and Compliance Management.

Selecting a framework for your organization can be time consuming and at times you will think to build your own standard by cherry picking the best ideas from your research (don’t do that).  My recommendation in selecting standards/practices is rather simple, strip down the framework to the core and fundamental parts.  Then perform a GAP Analysis (keeping in-mind your organization’s capabilities, industry, region and regulators) compare the core framework to your business processes, organizational culture/resources and the organization’s business risk appetite and goals.  Develop a plan/strategy to meet the core/fundamental parts of the standard/practice.  Pick the standard/practice that has the path of least resistance for you to meet your goals (i.e. Certification) and/or the goals of the organization.

Standard/practice implementation is usually a long road so dig in and be patient adoption is usually incremental.

Top Standards & Practices:

Business Continuity

  • ISO/IEC 22301 – Business Continuity Management Systems – Requirements
  • DRII – Professional Practices
  • BSI – Standards for Business Continuity Management
  • BCI – Good Practice Guidelines
  • ITIL – Service Continuity Management
  • Continuity of Operations (COOP)
  • Continuity of Government (COOG)
  • National Disaster Recovery Framework
  • ISO/IEC 24762 – Guidelines for information and communications technology disaster recovery services
  • AS/NZSD 5050 – Business Continuity-managing disruption-related risk (Australia/New Zealand)
  • Federal Financial Institutions Examination Council (FFIEC) Handbook

Risk Management

  • ISO 31000 – Risk Management
  • Committee of Sponsoring Organizations (COSO) – Enterprise Risk Management
  • Basel II, Basel Committee on Banking Supervision, Sound Practices for Management and Supervision
  • National Institute of Standards and Technology – Risk Management Framework (RMF)
  • ISACA – Risk IT Framework for Management of IT Related Business Risks

Emergency/Incident/Disaster Management

  • NFPA 1600
  • ISO/IEC 22399 Guideline for incident preparedness and operational continuity management

Information Security

  • National Institute of Standards and Technology 800 Series
  • ISO/IEC 27001 – Information Security Management System
  • ISO/IEC 27002 – Information Security Management – Code of Practice
Print Friendly, PDF & Email