British Standard 25999-2 for Business Continuity and International Standard ISO 27001 for Information Security Management should be seen as intertwined rather than separate within any commercial resilience.
BS25999-2 and Business Continuity describes themselves as the “strategic and tactical capability of the organization to plan for and respond to incidents and business disruptions in order to continue business operations at an acceptable predefined level”. ISO 27001 describes itself as the “preservation of confidentiality, integrity and availability of information”. In first sight these two descriptions may look like vastly different descriptions.
However, if you look at these at a closer scale, the links between the both become apparent. One example is that if the integrity and availability of information contained within your business systems is becomes exposed for whatever reason then this can have large effects on your business continuity plans -specific customer, security, financial can all be impacted. Visa versa if your business operations are effected then this can have implications on integrity and availability of information. A basic example could be seen as the loss of a sever due to powercut/flooding/fire etc.
The two standards are also similar in the processes which they govern carrying out the risk assessment, in order to identify potential problems related to information; both standards require document management, conducting internal audits, management reviews, and corrective and preventive actions.
This similarity makes the argument to include both within any business environment, this does not have to be by following both to a commercial accreditation as this is not always financial viable for even large businesses but to increase your business resilience across the board.
Summary and Comment based on from http://blog.iso27001standard.com
Alex Friend
A summary and comparison of BS25999-2 and ISO 27001
British Standard 25999-2 for Business Continuity and International Standard ISO 27001 for Information Security Management should be seen as intertwined rather than separate within any commercial resilience.
BS25999-2 and Business Continuity describes themselves as the “strategic and tactical capability of the organization to plan for and respond to incidents and business disruptions in order to continue business operations at an acceptable predefined level”. ISO 27001 describes itself as the “preservation of confidentiality, integrity and availability of information”. In first sight these two descriptions may look like vastly different descriptions.
However, if you look at these at a closer scale, the links between the both become apparent. One example is that if the integrity and availability of information contained within your business systems is becomes exposed for whatever reason then this can have large effects on your business continuity plans -specific customer, security, financial can all be impacted. Visa versa if your business operations are effected then this can have implications on integrity and availability of information. A basic example could be seen as the loss of a sever due to powercut/flooding/fire etc.
The two standards are also similar in the processes which they govern carrying out the risk assessment, in order to identify potential problems related to information; both standards require document management, conducting internal audits, management reviews, and corrective and preventive actions.
This similarity makes the argument to include both within any business environment, this does not have to be by following both to a commercial accreditation as this is not always financial viable for even large businesses but to increase your business resilience across the board.
Summary and Comment based on from http://blog.iso27001standard.com
Share this:
Related