This British Standard specifies requirements for planning, establishing,
implementing, operating, monitoring, reviewing, exercising,
maintaining and improving a documented BCMS within the context of
managing an organization’s overall business risks.
The requirements specified in this British Standard are generic and
intended to be applicable to all organizations (or parts thereof),
regardless of type, size and nature of business. The extent of application
of these requirements depends on the organization’s operating
environment and complexity.
It is not the intent of this British Standard to imply uniformity in the
structure of a BCMS but for an organization to design a BCMS that is
appropriate to its needs and that meets its stakeholders’ requirements.
These needs are shaped by regulatory, customer and business
requirements, the products and services, the processes employed, the
size and structure of the organization and the requirements of its
stakeholders.
This British Standard can be used by internal and external parties,
including certification bodies, to assess an organization’s ability to meet
its own business continuity needs, as well as any customer, legal or
regulatory needs.
BS 25999-2:2007 history
2012BS ISO 22301:2012 Societal security. Business continuity management systems. Requirements
2007BS 25999-2:2007 Business continuity management. Specification