Welcome to the fourth edition of The ISO27000 Newsletter, designed to keep you abreast of news and developments with respect to ISO 17799 and information security.
The information contained in this newsletter is absolutely free to our subscribers and provides guidance on various practical issues, plus commentary on recent Information Security incidents.
Guidance and information included in this issue:
ISO17799 SECTION 11: BCP REVIEW
Business continuity planning is covered by section 11 of the standard, a core requirement of which is the creation and maintenance of a business continuity plan.
Creating such a plan from scratch is a difficult undertaking of course. This is one reason why software products were produced. Unfortunately these often become problematic in themselves... difficult to learn, expensive, etc.
Recent times have therefore seen a move to simplification, with organizations keen to avoid adding complexity to an already complex and difficult task. At the vanguard of this change was a product developed entirely in MS-Word: The well known BCP Generator.
This was designed from top down to simplify business continuity planning. It comprises two components: a plan template and an interactive guide (the latter using Word macros to jump to and fro into the correct part of the template). It's impact upon the business continuity scene has been substantial, with organizations from the very largest to the smallest embracing the tool and its concepts. It is in active use in over forty countries.
With this change of emphasis in the business continuity planning market, there is now NO excuse for not creating a full recovery plan. The old lines of "too expensive" and "too difficult" are now less hollow than they ever were. Although section 11 is very clear with respect to the need of a comprehensive plan, it is surely also a matter of due diligence to have one, and equally, irresponsibility not to have one.
For information on the BCP Generator see:
For information on business continuity generally, see: