BS 25999 Understanding the organisation

Activities in this stage provide information to enable an organisation to prioritise its products and services, and identify the criticality of the activities that are required to deliver them. Outputs from these activities will determine the selection of appropriate BCM strategies. Since BCM requirements should be based on actual business requirements URM would argue that this Stage is the most important activity to get right and is often one of the most neglected. Failure to identify the actual critical activities of an organisation can mean that the rest of the BCM Programme is based on inaccurate information with the result that key processes fail to receive the priority required should a disruption occur. It can also mean that unnecessary costs are incurred by focussing on non-critical activities.

The key steps in this phase are:

• Scoping the BCMS (determine the business units or divisions into which the organisation will be divided for the purposes of planning and analysis)

• Conducting a business impact analysis (BIA) and risk assessment. Organisations are required to assess which business processes are critical to the ongoing operation of the business and to assess what the impact would be of not being able to perform them based on increasing periods of disruption. Having identified the processes and the maximum tolerable period of disruption, the organisation is required to identify and document the resources required to carry out the minimum acceptable activities. Within this phase it is also essential for the organisation to identify and assess the risks it is facing. These risks may increase the likelihood of disruption or relate to circumstances that would hinder recovery.

To assist organisation's with this stage URM has developed a BS 25999 risk assessment tool, this allows the collection of risk data centerally, reporting of risks over time and the application of a proven methodology.

Back to lifecycle overview

• Consultancy Introduction
• Information Security (ISO 27001)
  • Information Security (ISO 27001)
  • Relationship between ISO 27002 & ISO 27001
  • How to Comply with ISO 27002 or Certify to ISO 27001
  • ISO 27001 Awareness Training
  • ISO 27001 Case Studies
• Information Security (PCI DSS)
  • Information Security (PCI DSS)
  • Stages of Compliance to PCI-DSS
• Information Security (DMA DataSeal)
• Business Continuity Management (BS 25999)
  • Business Continuity Management (BS 25999)
  • Significance of BS 25999
  • How to deploy BS 25999 - Lifecycle Stages
  • Crisis Management Simulation Exercises
  • New ISO Standard for BCM - ISO 22301
• IT Service Management (ITIL & ISO 20000)
  • IT Service Management (ITIL & ISO 20000)
  • Significance of ITIL & ISO 20000
  • How to deploy ITIL or certify with ISO 20000
• Data Protection
  • Data Protection - Introduction
  • URM's approach to Data Protection
  • BS 10012 - New DPA Standard
• Information Risk Management
  • Information Risk Management
  • URM's approach to Information Risk Management
• Software Asset Management
  • Software Asset Management
  • URM's approach to Software Asset Management
• Polices & Procedures
  • Polices & Procedures
  • URM's approach to Polices & Procedures