Here are three key steps to help you navigate the minefield of BCM Regulations
Will we use the Business Continuity Institute (BCI) Methodology? Or the Disaster Recovery Institute International (DRII) standard? What about Standards Australia Handbook HB:292/293? Or ISO/IEC 24762 for Disaster Recovery? But we’re implementing and ISMS, shouldn’t we use ISO/IEC27001?
How do I go about developing a business continuity program that complies with the relevant regulations and standards?
Here are three key steps to help you along the way:
1. Find out if your industry is in fact regulated. In the Australian financial markets, you need to consider ASIC and APRA. In NSW Government, Premiers Office has issued directives and guidance on the BCM standards to adhere to.
2. Review previous continuity audits. Its highly likely that you’ve been through an audit in the past, so a good place to start is to review the audit reports and determine which regulatory standards you’re being assessed against. Talk to your auditors about recent regulatory changes, and ask which one you’ll be audited against in the future.
3. Talk to others in your industry. A few simple phone calls to like-minded executives within your industry is an invaluable way to determine a strategy for your own organisation.
Regardless of your industry, the key to success is to find out up-front whether there is a regulatory standard you need to adhere to – whilst there is commonality across the various local and international regulatory guidelines, starting out with the right one will save a lot of rework down the track.