BUSINESS STANDARDS
is the online magazine of BSI Group, highlighting the vital role that standards play in today's business environment by helping organizations improve quality, save money, reduce risk and be more sustainable. Features include interviews with leading business figures, as well as news on the latest developments in management systems, standards, testing, healthcare and certification.

Business Standards > Articles

Keep IT moving

26 Oct 2007
Topics: ICT, ICT continuity, BS 25777

Around 1.2 million organizations in Britain alone depend on information and communication technology (ICT) systems. Not just in the commercial world, but in every area of human activity, from health services to defence. And when ICT systems fail, things can grind to a halt very quickly.

According to the 2007 Business Continuity Management survey by the Chartered Management Institute, "as in previous years, loss of IT and telecommunications were the most commonly perceived threats, reflecting the frequency of their occurrence". Over a third of organizations reported disruptions due to loss of IT (39 per cent), representing the largest single disruption cited by respondents ? while 25 per cent highlighted "loss of telecommunications" as a major problem.

No surprise then that when BSI issued PAS 77 IT Service continuity management. Code of practice in partnership with Adam Continuity, Dell Corporation, Unisys and SunGard in 2006, it sparked significant interest.

As a consequence, people and organizations from around the world have stepped up to join a wider debate and develop the PAS into a British Standard. The result is BS 25777 ICT Continuity, a new British Standard for IT continuity and related areas.

"We had responses from hundreds of people who wanted to contribute, from the Far East to the USA," explains BSI British Standards' BS 25777 committee manager Dave Adamson. "We are confident that there is a global market for this standard and that it will be a success."

Adamson admits that PAS 77 in its original form was an "un-integrated approach" to business continuity in ICT, but believes that as an exercise in public consultation, it has proved an extremely valuable starting point on the road to developing BS 25777.

"The original PAS 77 specification was written from the perspective of the computer industry," he says.

"By contrast, we now have more than 20 stakeholders working on the standard, with representatives from a very wide range of sectors, including telecoms, manufacturing, insurance, government and banking.

"As a result, BS 25777 in its final form may not look anything like PAS 77. Rather, it will embody the broadest possible consensus from all types of organizations working with ICT, whatever their size and activity.

"Above all, we want to establish the consistency of approach that was achieved so successfully in BS 25999-1 Business continuity management. Code of practice, which deals with business continuity in the wider corporate context, but make the new standard highly specific to ICT."

What does continuity look like?

BS 25777 will be delivered in two parts, the first of which is expected in autumn 2008. The second part, due to be published by the end of 2009, will be a specification that is fully auditable and will enable organizations to achieve certification. What is it likely to contain?

Ron Miller is a consultant with business continuity specialists SunGard and convenor of the BS 25777 development committee.

"The new standard will be a practical guide to ICT continuity written in plain English that can be understood by business managers as well as technical people," he says. "What it won't contain is ivory tower theories.

"BS 25777 will embrace all aspects of communication as well as computer systems. The challenge is to enable people to make their systems more resilient and ensure continuity in the event of a wide range of situations. It is quite different from the conventional IT disaster recovery' approach, which focuses mainly on hardware or software failures.

"To ensure business continuity, it is essential for ICT to be considered as an integral part of any organization, rather than as a separate function. BS 25777 will address an age-old problem: many ICT people still do not understand what their businesses need from them, and many business managers are not clear how ICT should support the business."

One of the most radical and far reaching features of BS 25777 is likely to be the way it addresses risk ? and sets out practical processes and procedures to deal with it.

"Managing risk in the context of ICT and business continuity should be based on establishing appropriate practices, rather than aiming for perfection," Miller explains. "It is not realistic to provide absolute protection against all risks.

"For example, organizations carrying out large financial transactions cannot afford to lose their systems for a single minute without suffering major losses. They are at the high risk end of the spectrum, so it is appropriate to invest in very sophisticated 'failover' systems to ensure seamless continuity.

"By contrast, the failure of one of several PCs in a builders' merchants, used to prepare invoices and write letters, is unlikely to have a serious impact on the business, even if the machine is out of action for several days. They are at the low end of the risk spectrum. While it is still important for them to have ICT business continuity procedures in place, they do not need to be as stringent. "However, it is also true that relatively minor ICT failures can have disproportionately serious effects on business continuity. A key part of BS 25777 will be to help people quantify both the risk and consequences of failures and prepare appropriately."

Miller's ultimate message is that BS 25777 will not be just for specialist ICT or business continuity managers. It will provide essential guidance needed by organizational managers, auditors and regulators, together with people who outsource ICT to third party supplies and the suppliers themselves.
For more information: www.bsigroup.com/oct07pas77

Business Standards © 2010. Editorial produced by Caspian Publishing in association with The British Standards Institution. Editorial opinions expressed on are not necessarily those of BSI Group or Caspian Publishing. Neither Caspian Publishing nor BSI Group accept responsibility for advertising or editorial content, nor for that appearing on linked third-party websites. Reproduction in whole or in part is forbidden without written permission from BSI Group or Caspian Publishing.

View all