Background to BS 25999
BS 25999 is the first national Business Continuity Management Standard to which organisations can certify. It is written in two parts. Part 1 is the Code of Practice and outlines the Standard's overall objectives, guidance and recommendations. Part 2 is the Specification which details the activities that should be completed in order to meet business continuity objectives within the context of an organisation's overall business risks. It is Part 2 (launched in October 2007) which organisations can certify against. Like other standards, BS 25999 is based on the continuous improvement Plan-Do Check-Act model which is spread over 6 lifecycle components. Within the exercising, maintaining and reviewing stage, auditing of the management system forms a key activity.
URM's BS 25999 Auditing Services
Having been involved in numerous BC projects as well as being selected as the technical experts in the pilot BS 25999 certification programme, URM is ideally placed to assist organisations with their auditing activities as part of any certification project.
Depending on the availability of the appropriately skilled internal resource, the organisation can then either conduct the internal audits itself or utilise one of URM's auditing specialists to conduct the audit. Where URM conducts the audit, it will encourage the organisation to shadow the URM auditor as part of its knowledge transfer philosophy.
Naturally, the audits will be bespoke to the organisation and can include the operation of the management system (e.g. document management procedures or the preventive and corrective actions process) or the business continuity processes (e.g. business impact analysis, plan maintenance or plan exercising).
URM's BCM audit services can also extend to auditing third parties on behalf of the client e.g. verifying business continuity plans and competencies.