This month, the Business Continuity Institute (BCI) has released a new guidance and overview document to the BC community.
The document is entitled, “Business Continuity Management – Legislations, Regulations and Standards – Version 4 – June 2010”.
BCI states that this document is a response to questions regularly asked by its members and other interested parties about current legislation, regulation and standards that exist nationally and internationally for Business Continuity Management.
The document is presented in the following four (4) sections:
Legislation: Government laws which include aspects of Business Continuity Management by name or are sufficiently similar in nature (Disaster Recovery, Emergency Response, Crisis Management) to be treated as BCM legislation for this purpose. To be included in this category they must be legally enforceable legislation passed by a national, federal, state or provincial government depending upon the legal structure in each particular country.
Regulation: Mandatory rules or audited guidance documents from official regulatory bodies in all sectors such as Financial Services, Energy, Oil and Gas, which could reasonably be construed as having some implications on an organization’s BCM provisions. General help, guidance and suggestions are included under Guidelines.
Standards: Official standards from national (and international) accredited standards bodies which relate to Business Continuity as a whole or specific related subset such as IT Service Continuity. The list also includes standards for different but related topics (like Information Security) when BCM is included only as a minor requirement for compliance. “Standards” that are issued by 3rd parties or professional groups will only be included if they are ratified by an accredited national standards body or accredited directly by a national accreditation service affiliated to the International Accreditation Forum (IAF).
Guidelines: Guidelines published as good (or best) practices by various authoritive organizations. These documents may form part of a wider set of advice provided by a professional body for whom BCM is only a peripheral activity, or alternatively they might be issued by a BCM professional body as general guidance either locally or internationally. They will provide no mandated rules but will be used and recognized as credible by BCM professionals.
Click here to read the full document.
Please pass this information along to those business continuity, risk management, information security team members in your organization.