It is becoming a legal requirement for many industries to have some form of business continuity in place. With ever increasing threats to businesses, regulating bodies are enforcing regulations to ensure the safety of a business and more importantly their customers.
Click on your company sector to discover the regulations you need to be adhering to:
General business Sectors >>
Financial Sector >>
Legal Sector >>
Public Sector >>
Chapter SYSC 3A of the FSA Hand book section 3A.8.3 states that “A firm should consider the likelihood and impact of a disruption to the continuity of its operations from unexpected events. This should include assessing the disruptions to which it is particularly susceptible and the likely timescale of those disruptions.”
Specific factors of this are:
-
loss or failure of internal and external resources (such as people, systems and other assets)
-
the loss or corruption of its information
-
external events (such as vandalism, war and acts of God)
Section 3A.8.6 states that “A firm should implement appropriate arrangements to maintain the continuity of its operations. A firm should act to reduce both the likelihood of a disruption (including by succession planning, systems resilience and dual processing); and the impact of a disruption (including by contingency arrangements and insurance).”
Section 3A.8.7 states that “A firm should document its strategy for maintaining continuity of its operations, and its plans for communicating and regularly testing the adequacy and effectiveness of this strategy.”
A firm should establish:
(a)Resource requirements such as people, systems and other assets, and arrangements for obtaining these resources
(b) The recovery priorities for the firm’s operations
(c) Communication arrangements for internal and external concerned parties (including the FSA, clients and the press)
-
Escalation and invocation plans that outline the processes for implementing the business continuity plans, together with relevant contact information
-
Processes to validate the integrity of information affected by the disruption
-
Processes to review and update (1) to (3) following changes to the firm’s operations or risk profile (including changes identified through testing).
Section 3A.8.8 states that “The use of an alternative site for recovery of operations is common practice in business continuity management. A firm that uses an alternative site should assess the appropriateness of the site, particularly for location, speed of recovery and adequacy of resources. Where a site is shared, a firm should evaluate the risk of multiple calls on shared resources and adjust its plans accordingly.”
For more information on FSA guidance, click here
To go back to the top, Click here
Section 7.20 of the legal services commission states “You must have at all times a Business Continuity Plan which conforms with Good Industry Practice and make it available to us (or our agents) at our request for inspection. You must review and test the Business Continuity Plan at least annually and correct any deficiencies identified during testing or implementation of that plan.”
Section 7.21 states “You must use all reasonable endeavours to prevent the loss, disclosure or corruption of any information relating to Contract Work held by you on your IT System. You must make up-to-date daily back-ups of such information which is in electronic format and store such backups on a regular basis off site. If an Unplanned Interruption occurs, which significantly impacts on your ability to perform Contract Work you will promptly notify us and provide details of the remedial action taken by you. You must ensure that all information relating to Contract Work held on your IT System can be recovered as soon as reasonably practicable following an Unplanned Interruption.”
For more information on the legal services commission, click here
To go back to the top, Click here
The Civil Contingencies Act in part one place a legal obligation upon category 1 responders (shown below) to assess the risk of, plan and practice for emergencies as well as undertake business continuity management. They are also obligated to warn and inform the public in relation to emergencies. Local authorities are also obligated to dispense advice on business continuity to local businesses. Legal obligations are also placed on category 2 responders (see below) for information sharing and increased co-operation between services.
|
Category 1 responders
|
Category 2 responders
|
|
Police Force
|
Electricity Distributors
|
|
Fire Services
|
Gas Distributors
|
|
Emergency Medical Services
|
Water & Sewerage Undertakers
|
|
HM Costguard
|
Telephone Service Providers
|
|
Local Authorities
|
Public Transport
|
|
Port Health Authorities
|
Strategic Health Authorities
|
|
Primary Care Trusts, Acute &
Foundation trusts
|
Health and safety executives
|
|
Environment Agency
|
|
For more information on the civil contingencies act 2004, click here
To go back to the top, Click here
BS25999 certifies that an organisation has assessed the requirements of the management systems standard. This certification was developed by BSI to approach the concerns of business and government leaders who requested a standard to meet their business continuity needs. Such needs as the ability to respond to incidents that disrupt normal business operations, including minor and frequent interruptions to the business, or because of the increasing major natural disasters and deliberate acts of terrorism. BS25 999 advises and covers all aspects to ensure businesses have reviewed all aspects of business continuity.
Key benefits of BS 25999 are:
-
Confidence that you have plans in place to continue trading in the event of a disruption to your supply chain.
-
Clear business advantage over your competitors when dealing with industry and government, providing levels of confidence and assurance.
-
Offers public assurance that your business is robust.
-
A certified BCMS will provide ‘proof of managed risk’ in your business, which could be reflected in insurance premiums over time, as the risk to the insurer may be reduced through a certified BCMS from BSI.
-
BS 25999 certification can provide a competitive advantage particularly when you are competing for business with suppliers that do not have their BCMS independently assured.
-
Continual improvement is an inherent benefit of BS 25999 certification. This is particularly relevant in industries which are highly regulated and high risk, and where organisations must demonstrate continued adherence to their legal and regulatory obligations.
-
Reduction in audits from other parties. A BSI certificate confirms you have a certified BCMS in place.
For more information on BS25999 certification, click here
To go back to the top, Click here
