Becoming BS25999 certified can build your business’ reputation.
The first thing you need to do is to identify which bodies are registered to certify you as BS25999 compliant. There are numerous organisations that can do this, check out their portfolio of current clients and think about how you feel about each of those brands. Does that particular company fill you with confidence and inspire secure thoughts or not? Finding a registered body with an impressive portfolio of current clients will give you the confidence that your business will be getting the very best guidance of the highest standard.
Make contact with your selected body, and they will give initial guidance in terms of what they can do for you. Having a clear idea of the level of business continuity management you require will be useful in helping the accreditor to work to your needs. For example, the business continuity management plan for a small clothes boutique employing 12 people will differ from that of a multinational enterprise employing 1,000 people in a central London office block.
Building up the plan
The best accreditors will quickly provide you with a client or project manager in order to provide assistance and guidance throughout the process. Before committing to work with any one organisation, revisit their portfolio as described above and ask them what level of expertise they have in your field. If you are a large business, are you likely to get the results you want if the awarding body is only able to provide experience based on work in much smaller environments?
Look at undergoing training, for the very least yourself if you plan on rolling it out to your team, however if there is a group planned to write the business continuity management plan it will definitely be worth having them all trained on the best practice first hand, as this will undoubtedly make acquiring the BS 25999 certification easier.
The awarding body will generally carry out an interim assessment. This will give the auditors an opportunity to identify shortcomings in your plan and process, and give you guidance on how to achieve the required standard prior to the formal assessment and certification.
Once you have been awarded a BS 25999 certification for your business, this will be valid for a period of three years. Ensure that your assessor is not going to desert you and reappear in three years for the re-assessment. The best organisations will provide on-going support and guidance to help you maintain the systems you have in place, as well as advice on any legislative updates which may require you to amend your business continuity management plan.
For resources and help on becoming BS25999 certified, see Iso27001standard.com.