On a more general note for the end of the year, in this article we explain why it is important to follow the standards and best practices in the process of establishing a business continuity plan (BCP). We also provide some examples of these standards so that you can refer to them if needed. As the objective of this article is to raise your awareness, we will limit ourselves to a few brief explanations.
Legal and compliance obligations
For any organization, it is essential to base a business continuity approach on specific standards and regulations as well as recognized best practices. To this end, a mapping of the legal, compliance, regulatory and self-regulatory business continuity obligations of the industry in which the organization operates should be completed. It should also include all other “legal” BCP standards to which it is subject, including contractual obligations with its customers and suppliers.
Most of the time, an organization operating in a regulated sector may be subject to strict laws and obligations in terms of business continuity, crisis management and emergency measures. Examples include the financial industry, healthcare, petrochemicals, aviation, public emergency services, etc. However, for companies that do not operate in a regulated industry with BCP constraints, it can be more difficult to navigate all the other regulations and standards that exist.
In general, industries rely on good practices recognized by reputable organizations, but also by secondary organizations that promote additional approaches and benchmarks. There are a number of national and international standards and regulations governing BCPs, which are referred to as “good practices” when they are mentioned.
As such, there are several resources and organizations that define best practices in BCP. These organizations conduct research, studies, analyses and surveys, provide specialized training to educate professionals and grant internationally recognized certifications to organizations and specialists once the evaluation processes are completed. These certifications are important to both companies and professionals. Here’s why:
- When held by an expert, they assure the public and organizations that they have completed all the recognized training, have the necessary experience and keep up to date through a rigorous follow-up process.
- When a certification is obtained by a company, it demonstrates to the entire ecosystem that its employees, systems, services, products and/or processes meet recognized standards or benchmarks.
Most common BCP best practices and standards
Here are some examples of international organizations that have been recognized for many years for their good practices, norms and standards. Several regulatory, self-regulatory and legislative bodies rely on these:
- Business Continuity Institute
- Disaster Recovery Institute Canada (DRI)
- Disaster Recovery Institute International (DRII)
- ISO 22301 – Security and resilience — Business continuity management systems — Requirements
Other available resources*
In addition to the four (4) sources mentioned in the previous paragraph, we invite you to refer to the following organizations for more information on BCP standards and best practices as well as additional aspects to consider in the context of BCP:
- Canadian Standards Association (CSA) – Z1600
- Disaster Recovery Journal (DRJ)
- International Association of Emergency Managers (IAEM)
- ISO 27000 – Information technology — Security techniques — Information security management systems
- ISO 27031 – Information technology — Security techniques — Guidelines for information and communication technology readiness for business continuity
- ISO 31000 – Risk management — Guidelines
- National Fire Protection Association (NFPA) – 1600
- Programme de sécurité civile du Québec
- United Nations Office for Disaster Risk Reduction (UNDRR)
* Partial list
Do you need an expert to help you set up your business continuity plan (BCP), while ensuring that you comply with the standards and regulations applicable to your industry? Benoit Racette Services-conseils inc. can assist you in this process. We offer a personalized approach in line with your business strategy, in addition to innovative solutions based on best practices. Contact us now: [email protected].