By: Deb Ladendorf, CBCP
A standard is a basis of comparison, which is usually approved by an authority or has general consent from those who are being measured against it. Based on this, it would follow that a business continuity standard is a basis of measuring the business continuity program of an organization against an approved model. There are currently several business continuity standards, British Standard BS25999, the Singapore standard, the Australian standard, but none of them are considered an accepted auditable business continuity standard in the United States. BS25999, the British Standard, is probably the closest to being recognized as an international standard, but with the advent of Public Law 110-53 in the US, other groups are jumping into the business continuity standards arena.
The enactment of Public Law 110-53 in the United States, which evolved from recommendations of the 9/11 Commission, has prompted several standards bodies to begin development of business continuity standards. Title IX of PL110-53 calls for voluntary private sector preparedness certification and empowers the Department of Homeland Security to select the business continuity standard or standards that organizations seeking voluntary preparedness certification will be measured against. The following two groups are the major players working to develop auditable business continuity standards:
- ASIS International – They are combining their business continuity guidance with the British Standard 25999 guidance and specification to develop an auditable standard.
- NFPA – NFPA is currently revising NFPA 1600 to create an auditable standard that is a combination of business continuity and emergency management elements.
- ANSI – They are currently developing an American standard based on the guidance and specifications of the British Standard 25999
ISO already has auditable standards for business continuity as it relates to information security, but no standards for business continuity in and of itself. It is anticipated one of the above groups’ standards will become the ISO business continuity management standard.