Skip over navigation
Ultima Risk Management Logo linking to homepage
  • Contact us
  • Site map
  • Home
  • Consultancy
    • Introduction
    • Information Security (ISO 27001)
    • Business Continuity Management (BS 25999)
    • PCI DSS
    • IT Service Management (ITIL & ISO 20000)
    • Data Protection
    • Information Risk Management
    • Software Asset Management
    • Polices & Procedures
  • Training
    • Training Courses
    • CISMP - ISEB Certificate in Information Security Management Principles
    • PCBCM - ISEB Practitioner Certificate in Business Continuity Management
    • PCIRM - ISEB Practitioner Certificate in Information Risk Management
    • SAM - ISEB Certificate in Software Asset Management Essentials
    • PCSAM - ISEB Practitioner Certificate in Software Asset Management
    • BCM - BCI Understanding BCM Principles and Good Practice
    • All other courses
    • Training Schedule
  • Products
    • ISO 27001 Risk Assessment Tool
    • BS 25999 Risk Assessment Tool
  • Events
    • BS 25999 Implementation Seminar
  • Case Studies
    • Audatex - Global first Dual certification
  • About us
    • Company Profile
    • URM's Partners
    • How to contact us
Home / Consulting / BS 25999 / Significance of BS 25999
getting the balance right
Getting the Balance Right

BS 25999 Understanding the organisation

Activities in this stage provide information to enable an organisation to prioritise its products and services, and identify the criticality of the activities that are required to deliver them. Outputs from these activities will determine the selection of appropriate BCM strategies. Since BCM requirements should be based on actual business requirements URM would argue that this Stage is the most important activity to get right and is often one of the most neglected. Failure to identify the actual critical activities of an organisation can mean that the rest of the BCM Programme is based on inaccurate information with the result that key processes fail to receive the priority required should a disruption occur. It can also mean that unnecessary costs are incurred by focussing on non-critical activities.

The key steps in this phase are:

  • Scoping the BCMS (determine the business units or divisions into which the organisation will be divided for the purposes of planning and analysis)

  • Conducting a business impact analysis (BIA) and risk assessment. Organisations are required to assess which business processes are critical to the ongoing operation of the business and to assess what the impact would be of not being able to perform them based on increasing periods of disruption. Having identified the processes and the maximum tolerable period of disruption, the organisation is required to identify and document the resources required to carry out the minimum acceptable activities. Within this phase it is also essential for the organisation to identify and assess the risks it is facing. These risks may increase the likelihood of disruption or relate to circumstances that would hinder recovery.

To assist organisation's with this stage URM has developed a BS 25999 risk assessment tool, this allows the collection of risk data centerally, reporting of risks over time and the application of a proven methodology.

Back to lifecycle overview
  • Introduction
  • Information Security (ISO 27001)
  • Business Continuity Management (BS 25999)
    • Significance of BS 25999
    • How to deploy BS 25999 - Lifecycle Stages
    • Crisis Management Simulation Exercises
  • PCI DSS
  • IT Service Management (ITIL & ISO 20000)
  • Data Protection
  • Information Risk Management
  • Software Asset Management
  • Polices & Procedures

Copyright © Ultima Risk Management, 2008. All Rights Reserved.

contact us | careers | terms of use | privacy | site map