{"id":3895,"date":"2015-06-18T14:19:07","date_gmt":"2015-06-18T14:19:07","guid":{"rendered":"https:\/\/multiacademstg.wpengine.com\/27001academy\/?page_id=3895"},"modified":"2025-09-22T12:26:14","modified_gmt":"2025-09-22T12:26:14","slug":"what-is-bs-25999","status":"publish","type":"page","link":"https:\/\/staging.advisera.com\/27001academy\/what-is-bs-25999\/","title":{"rendered":"What is BS 25999?"},"content":{"rendered":"<div id=\"pl-3895\"  class=\"panel-layout\" ><div id=\"pg-3895-0\"  class=\"panel-grid panel-no-style\" ><div id=\"pgc-3895-0-0\"  class=\"panel-grid-cell\" ><div id=\"panel-3895-0-0-0\" class=\"so-panel widget widget_hero-with-buttons-widget panel-first-child\" data-index=\"0\" ><div\n\t\t\t\n\t\t\tclass=\"so-widget-hero-with-buttons-widget so-widget-hero-with-buttons-widget-default-d75171398898-3895\"\n\t\t\t\n\t\t><section class=\"iso-hero sans\" style=\"background: #03284d;\">\n    <div class=\"container\">\n        <h1 class=\"iso-hero_title  \">\n            What is BS 25999?\n        <\/h1>\n        <p class=\"iso-hero_subtitle \">\n                \n        <\/p>\n        <div class=\"iso-hero_buttons\">\n                            <div class=\"iso-hero_button\">\n                    <div class=\"button-image\">\n                        <img decoding=\"async\" width=\"64\" height=\"64\" src=\"\/wp-content\/uploads\/sites\/5\/2021\/10\/what-is-ISO-22301-Templates-button.png\" class=\"attachment-full size-full\" alt=\"-\">\n                    <\/div>\n                    <div class=\"button-content\">\n                        <span>ISO 22301 TEMPLATES<\/span>\n                    <\/div>\n                    <a href=\"https:\/\/staging.advisera.com\/27001academy\/iso22301-documentation-toolkit\/\"><\/a>\n                <\/div>\n                            <div class=\"iso-hero_button\">\n                    <div class=\"button-image\">\n                        <img decoding=\"async\" width=\"67\" height=\"67\" src=\"\/wp-content\/uploads\/sites\/5\/2021\/10\/what-is-ISO-22301-Courses-button.png\" class=\"attachment-full size-full\" alt=\"-\">\n                    <\/div>\n                    <div class=\"button-content\">\n                        <span>ISO 27001 COURSES<\/span>\n                    <\/div>\n                    <a href=\"https:\/\/staging.advisera.com\/training\/iso-27001-courses\/\"><\/a>\n                <\/div>\n                            <div class=\"iso-hero_button\">\n                    <div class=\"button-image\">\n                        <img decoding=\"async\" width=\"67\" height=\"67\" src=\"\/wp-content\/uploads\/sites\/5\/2021\/10\/what-is-ISO-22301-Free-Materials-button.png\" class=\"attachment-full size-full\" alt=\"-\">\n                    <\/div>\n                    <div class=\"button-content\">\n                        <span>FREE MATERIALS<\/span>\n                    <\/div>\n                    <a href=\"https:\/\/staging.advisera.com\/resources\/iso-27001-free-downloads\/\"><\/a>\n                <\/div>\n                    <\/div>\n    <\/div>\n<\/section><\/div><\/div><div id=\"panel-3895-0-0-1\" class=\"so-panel widget widget_content-with-sidebar-widget panel-last-child\" data-index=\"1\" ><div\n\t\t\t\n\t\t\tclass=\"so-widget-content-with-sidebar-widget so-widget-content-with-sidebar-widget-default-d75171398898-3895\"\n\t\t\t\n\t\t><section class=\"content-with-sidebar\">\n<div class=\"container\">\n\n    <div class=\"sidebar-area\">\n        <div class=\"sidebar-bg\"><\/div>\n        <div class=\"sidebar-wrapper\">\n            <div class=\"sidebar\">\n\n                \n                <h2 class=\"sidebar-title\">\n                    TABLE OF CONTENTS\n                <\/h2>\n\n                                    <div class=\"sidebar-item no-collapse\">\n                        <div class=\"sidebar-item-links\">\n                            <p><a class=\"scrollToAnchor\" href=\"#section1\">Introduction<\/a><br \/>\n<a class=\"scrollToAnchor\" href=\"#section2\">Key procedures<\/a><br \/>\n<a class=\"scrollToAnchor\" href=\"#section3\">Documentation<\/a><br \/>\n<a class=\"scrollToAnchor\" href=\"#section4\">Related standards<\/a><\/p>\n\n                        <\/div>\n                    <\/div>\n\n                            <\/div>\n        <\/div>\n    <\/div>\n    <div class=\"content-area\">\n        <div class=\"what-is-groups\">\n\n            \n            <h2 id=\"section1\">A leading business continuity standard<\/h2>\n<p>BS 25999-2 was a British standard issued in 2007, and quickly became the main standard for business continuity management \u2013 it was superseded by <a href=\"https:\/\/staging.advisera.com\/27001academy\/what-is-iso-22301\/\">ISO 22301<\/a> in 2012.<\/p>\n<p>Just like ISO 27001, ISO 9001, ISO 14001 and other standards that define management systems, BS 25999-2 also defines a business continuity management system which contains the same four management phases: planning, implementing, reviewing and monitoring, and finally, improving. The point of these four phases is that the system is continually updated and improved in order to be usable when a disaster occurs. The following are some of the key procedures and documents required by BS 25999-2:<\/p>\n<ul>\n<li>Scope of the BCMS \u2013 precise identification of that part of the organization to which business continuity management is applied<\/li>\n<li>BCM policy \u2013 defining objectives, responsibilities, etc.<\/li>\n<li>Human resources management<\/li>\n<li>Business impact analysis and risk assessment<\/li>\n<li>Defining <a href=\"https:\/\/staging.advisera.com\/27001academy\/iso22301-documentation-toolkit\/?rel=business-continuity-strategy&amp;doc=business-continuity-strategy\" target=\"_blank\" rel=\"noopener\">business continuity strategy<\/a><\/li>\n<li><a href=\"https:\/\/staging.advisera.com\/27001academy\/iso22301-documentation-toolkit\/?rel=business-continuity-plan&amp;doc=business-continuity-plan\" target=\"_blank\" rel=\"noopener\">Business continuity plans<\/a><\/li>\n<li>Maintenance of plans and systems; improvement<\/li>\n<\/ul>\n<h2 id=\"section2\">Human resources management<\/h2>\n<p>The standard states that it is essential to determine the necessary knowledge and skills, to identify the necessary training sessions, to conduct such training sessions, to check whether the required knowledge and skills have been achieved, and to keep records. BS 25999-2 also requires conducting awareness programs, and also communicating the importance of business continuity management to employees.<\/p>\n<h2>Business impact analysis and risk assessment<\/h2>\n<p>Business impact analysis deals with important activities in an organization, defines the maximum tolerated period of disruption, describes the interdependence of individual actions, determines which activities are critical, explores the existing arrangements with suppliers and outsourcing partners, and finally, sets the recovery time objective.<\/p>\n<p>Risk assessment is carried out to establish which disasters and other disruptions in business operations may occur and what their consequences are, but also which vulnerabilities and threats can lead to such business disruptions. Based on such assessment, the organization determines how to reduce the probability of risk, and how it will be mitigated if it should occur.<\/p>\n<h2>Defining the business continuity strategy<\/h2>\n<p>A strategy refers to defining how an organization will recover in case of disaster. The strategy is determined on the basis of the results of risk assessment and business impact analysis, and usually involves alternative locations, data recovery options, recovery of human resources, communications, equipment, management of suppliers and outsourcing partners, etc.<\/p>\n<h2>Business continuity plan<\/h2>\n<p>The <a href=\"https:\/\/staging.advisera.com\/27001academy\/iso22301-documentation-toolkit\/?rel=business-continuity-plan&amp;doc=business-continuity-plan\" target=\"_blank\" rel=\"noopener\">business continuity plan<\/a> includes plans for incident response, activation procedures for the business continuity plan, and recovery plans for critical activities \u2013 they are all written based on the <a href=\"https:\/\/staging.advisera.com\/27001academy\/iso22301-documentation-toolkit\/?rel=business-continuity-strategy&amp;doc=business-continuity-strategy\" target=\"_blank\" rel=\"noopener\">business continuity strategy<\/a>.<\/p>\n<p>An <a href=\"https:\/\/staging.advisera.com\/27001academy\/iso22301-documentation-toolkit\/?rel=business-continuity-plan&amp;doc=incident-response-plan\" target=\"_blank\" rel=\"noopener\">incident response plan<\/a> must specify the manner of determining types of incidents, communication channels, types of response, responsibility, etc.<\/p>\n<p>Recovery plans must specify roles and responsibilities, key steps for recovery, locations, resources to be used and where they are located, priorities, what actions to take when recovery is completed, etc.<\/p>\n<h2>Maintenance of plans and system; improvement<\/h2>\n<p>The standard stipulates the following:<\/p>\n<ul>\n<li>Regular exercising and testing of plans to make staff more familiar with the plans and to check how up to date they are<\/li>\n<li>Conducting internal audits at regular intervals<\/li>\n<li>Management reviews to ensure that the BCMS is functioning and to make appropriate improvements<\/li>\n<li>Taking preventive and corrective actions to improve not only plans, but also other elements of the system<\/li>\n<\/ul>\n<h2 id=\"section3\">Documentation<\/h2>\n<div class=\"what-item-full tab3\">\n<p>BS 25999-2 requires the following documents:<\/p>\n<ul>\n<li>The scope of the BCM<\/li>\n<li>The BCM policy<\/li>\n<li>Specific responsibilities for the BCM<\/li>\n<li>Procedures for managing documents and records, procedures for corrective and preventive actions<\/li>\n<li>Methodology for business impact analysis, and results of the analysis<\/li>\n<li>Risk assessment methodology<\/li>\n<li><a href=\"https:\/\/staging.advisera.com\/27001academy\/iso22301-documentation-toolkit\/?rel=business-continuity-strategy&amp;doc=business-continuity-strategy\" target=\"_blank\" rel=\"noopener\">Business continuity strategy<\/a><\/li>\n<li><a href=\"https:\/\/staging.advisera.com\/27001academy\/iso22301-documentation-toolkit\/?rel=business-continuity-plan&amp;doc=business-continuity-plan\" target=\"_blank\" rel=\"noopener\">Business continuity plan<\/a>, which includes the <a href=\"https:\/\/staging.advisera.com\/27001academy\/iso22301-documentation-toolkit\/?rel=business-continuity-plan&amp;doc=incident-response-plan\" target=\"_blank\" rel=\"noopener\">incident response plan(s)<\/a> and recovery plan(s)<\/li>\n<li>Records<\/li>\n<\/ul>\n<p>The amount of documentation depends on the number of critical activities in an organization \u2013 an organization with a small number of critical activities will also have a small amount of documentation related to business impact analysis, risk assessment and business continuity plans, while the documentation of larger organizations will be much more extensive.<\/p>\n<\/div>\n<h2 id=\"section4\">Other related standards<\/h2>\n<p>In addition to BS 25999-2, BS 25999-1 is an \u201cauxiliary\u201d standard, which provides more details on how to implement specific parts of BS 25999-2.<\/p>\n<p>Other useful standards are ISO 27001, which places business continuity in a broader context of information security, and ISO 27005, which gives a detailed description of the risk assessment process.<\/p>\n<p><em>For implementing ISO 22301 yourself, easily and efficiently, use this helpful<\/em>\u00a0<a href=\"https:\/\/staging.advisera.com\/27001academy\/iso22301-documentation-toolkit\/\" target=\"_blank\" rel=\"noopener\">ISO 22301 Documentation Toolkit<\/a>.<\/p>\n\n\n            \n        <\/div>\n    <\/div>\n<\/div>\n<\/section>\n<\/div><\/div><\/div><\/div><\/div>","protected":false},"excerpt":{"rendered":"<p>What is BS 25999? ISO 22301 TEMPLATES ISO 27001 COURSES FREE MATERIALS TABLE OF CONTENTS Introduction Key procedures Documentation Related standards A leading business continuity standard BS 25999-2 was a British standard issued in 2007, and quickly became the main standard for business continuity management \u2013 it was superseded by ISO 22301 in 2012. Just &#8230;<\/p>\n","protected":false},"author":6,"featured_media":0,"parent":0,"menu_order":30,"comment_status":"open","ping_status":"closed","template":"page-what-is-iso.php","meta":{"_acf_changed":false,"footnotes":""},"toolkit-document-types":[],"class_list":["post-3895","page","type-page","status-publish","hentry"],"acf":[],"_links":{"self":[{"href":"https:\/\/staging.advisera.com\/27001academy\/wp-json\/wp\/v2\/pages\/3895","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/staging.advisera.com\/27001academy\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/staging.advisera.com\/27001academy\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/staging.advisera.com\/27001academy\/wp-json\/wp\/v2\/users\/6"}],"replies":[{"embeddable":true,"href":"https:\/\/staging.advisera.com\/27001academy\/wp-json\/wp\/v2\/comments?post=3895"}],"version-history":[{"count":3,"href":"https:\/\/staging.advisera.com\/27001academy\/wp-json\/wp\/v2\/pages\/3895\/revisions"}],"predecessor-version":[{"id":104594,"href":"https:\/\/staging.advisera.com\/27001academy\/wp-json\/wp\/v2\/pages\/3895\/revisions\/104594"}],"wp:attachment":[{"href":"https:\/\/staging.advisera.com\/27001academy\/wp-json\/wp\/v2\/media?parent=3895"}],"wp:term":[{"taxonomy":"toolkit-document-types","embeddable":true,"href":"https:\/\/staging.advisera.com\/27001academy\/wp-json\/wp\/v2\/toolkit-document-types?post=3895"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}