Business Continuity Standards: The New StandardBy Ericka Chickowski | Posted 2008-09-25 Email Print
This case study on Repligen, a pharmaceutical company, takes a close look at the benefits and costs of applying business continuity and disaster recovery standards through a certified program. One expert in the field argues that companies should go slow with this process and examine all costs associated with it before deciding on a competing standard. Cerifications are a business, but real cost benefits can come in the form of customer loyalty and more efficient auditing, as well as streamlining business continuity processes.
The New Standard
One of the biggest problems organizations face in disaster recovery and business continuity management (BCM) is maintaining consistency. Most enterprises typically have some kind of BCM policies in place, but whether they could actually confidently depend on them is another matter altogether.
“Studies that were done show that even in Europe and the United States, 50 percent of companies that were surveyed showed that they weren't in a readiness state in terms of business continuity,” says John DiMaria, product manager for business continuity for the American arm of BSI. “This was mostly due to lack of consistency, lack of follow up, lack of improvement of plans. And people who had plans, hadn't proved them or updated them or even exercised them.”
One of the preeminent global standards bodies, BSI introduced BS 25999 less than two years ago and is making baby steps toward wooing the disaster recovery and continuity community into accepting the standard as a codification of a best practices framework that seems to have eluded the typical enterprise thus far.
Currently there are dozens of standards and certifications floating around the industry that deal with disaster recovery, preparedness or contingency planning in some way or another. There are certifications for business continuity professionals such as those offered by Disaster Recovery Institute International (DRII), lots of punitive and non-punitive guidance from regulatory bodies such as the FDA, FFIEC and SEC, and overarching standards such as ISO 17799 cover business continuity in parts.
Where BS25999 hopes to fill the gap is with a holistic, certifiable framework that cuts across industries, DiMaria suggests. “The BS25999 was created in answer to the international community’s cry out really for a consistent holistic management system approach to business continuity,” DiMaria says. The certification process takes some time, so BSI is just now starting to see its first crop of BS25999 adherents surface, including Repligen, its first North American company to be certified.