BS 25999-2:2007 PDF

Scope: This British Standard specifies requirements for planning, establishing, implementing, operating, monitoring, reviewing, exercising, maintaining and improving a documented BCMS within the context of managing an organization’s overall business risks. The requirements specified in this British Standard are generic and intended to be applicable to all organizations (or parts thereof), regardless of type, size and nature of business. The extent of application of these requirements depends on the organization’s operating environment and complexity. It is not the intent of this British Standard to imply uniformity in the structure of a BCMS but for an organization to design a BCMS that is appropriate to its needs and that meets its stakeholders’ requirements. These needs are shaped by regulatory, customer and business requirements, the products and services, the processes employed, the size and structure of the organization and the requirements of its stakeholders. This British Standard can be used by internal and external parties, including certification bodies, to assess an organization’s ability to meet its own business continuity needs, as well as any customer, legal or regulatory needs.

BS 25999-2:2007 history

2012 BS ISO 22301:2012 Societal security. Business continuity management systems. Requirements
2007 BS 25999-2:2007 Business continuity management. Specification