Standards Conformance

   
BS 25999
    
 

Introduction

In the full version of the product there are various notes by way of explanation and terminology. The strategy for demonstrating compliance is, of course, the same as for ISO/IEC 27001.

BS 25999:2007 Requirement Explanation of conformance
D
T
R
      3 Planning the business continuity management system  
        3.1 General Conformance with this requirement is demonstrated by this IMS as a whole
Part of IMS documention
An aspect of training
IMS Record
        3.2 Establishing and managing the BCMS Click on the hyperlinks to see how conformance is demonstrated
          3.2.1 Scope and objectives of the BCMS
            3.2.1.1 Define scope and set objectives, with regard to:

See the welcome page for the scope of the BCMS. The objectives are documented as part of the IMS policy
Part of IMS documention
    
              (a) requirements for business continuity        
              (b) organisational objectives and obligations        
              (c) acceptable level of risk        
              (d) statutory, regulatory and contractual duties;        
              (e) interests of its key stakeholders        
            3.2.1.2 Identify key products and services See the Business Continuity Risk page
Part of IMS documention
    
          3.2.2 BCM policy        
            3.2.2.1 Management commitment Apart from approving the policy, management committment is also demonstrated through participation in training, exercices and in reviews.
Part of IMS documention
IMS Record
            3.2.2.2 The policy includes/references:        

 

 

DEMONSTRATION OF COMPLIANCE CONTINUES IN THIS MANNER COVERING THE WHOLE STANDARD

 

HERE IS SOME MORE
      4 Implementing and operating the BCMS        
        4.1 Understanding the organisation        
          4.1.1 Business impact analysis        
            4.1.1.1 Documented method for determining effect of disruption Say something about your method<<>>, see the Business Continuity Risk page. Our results are presented in the order and under the same headings as laid down in BS 25999
Part of IMS documention
    
            4.1.1.2 The organisation shall:        
              ( a) identify activities for key products and services This is the second step in presenting the results of our analysis, having identified, as the first step, our key products and services that are in scope of the BCMS
Part of IMS documention
    
              (b) identify consequence of disruption (particularly knock-on effects) and their time variation This is the third step in presenting the results of our analysis
Part of IMS documention
    
              (c) establish maximum tolerable periods of disruption, identifying: This is the principal component of the fourth step in presenting the results of our analysis
Part of IMS documention
    
                (1) resumption time window        
                (2) minimum performance on resumption        
                (3) normal performance time window        
              (d) prioritise activities and criticality This is the concluding part of the fourth step in presenting the results of our analysis
Part of IMS documention
    

 

 

DEMONSTRATION OF COMPLIANCE CONTINUES IN THIS MANNER COVERING THE WHOLE STANDARD

 

HERE IS SOME MORE
          4.3.3 Business continuity plans and incident management plans        
            4.3.3.1 Documented plan for incident management and recovery/abnormal operation Say briefly how your plans are organised and hyperlink to I-BCProcedures.html#BCPlans<<>>
Part of IMS documention
    
            4.3.3.2 Each plan shall:        
              (a) define purpose and scope See, for example, one of our Business Continuity Plans
Part of IMS documention
    
              (b) be accessible and understood

Our plans are accessible at points of use. That they are understood is an aspect of business continuity awareness training that is verified through review of our business continuity exercises
Part of IMS documention
An aspect of training
IMS Record
              (c) be owned The owner of each the plan is responsible for their its review, update and approval
Part of IMS documention
  
IMS Record
              (d) be aligned with relevant external arrangements This is addressed in our business impact analysis
Part of IMS documention
    
            4.3.3.3 Collectively plans shall contain:        
              (a) communication lines Refer to a suitable plan with anchor "comLine" <<>>
Part of IMS documention
    
              (b) task summary/references Refer to a suitable plan with anchors "keyTasks" and "refs" respectively<<>>
Part of IMS documention
    

 

 

DEMONSTRATION OF COMPLIANCE CONTINUES IN THIS MANNER COVERING THE WHOLE STANDARD

 

THIS IS THE LAST PART
              (d) determining/implementing corrective action See the IMS Management page
Part of IMS documention
    
              (e) recording results of actions taken See the IMS Management page
Part of IMS documention
    
              (f) reviewing corrective action taken See the IMS Management page
Part of IMS documention
    
        6.2 Continual improvement See the IMS Management page
Part of IMS documention
    

 

 

IMS-Smart produced by Gamma Secure Systems Limited. Gamma is an ISO/IEC 27001:2005 and BS EN ISO 9001: 2000 registered company, certified for the provision of information security consultancy.  BSI certificate numbers IS 85916 and FS  30710.  Gamma Secure Systems, Diamond House, Frimley Road, Camberley, Surrey, GU15 2PS, UK Tel: +44 1276 702500 - Fax: +44 1276 692903.  Use of IMS-Smart is governed by a EULA. Template reference 035-071219, copyright © Gamma Secure Systems Limited, 2007-8
 
TemplateIMSDemo
Page last updated: 17 March, 2008