BS25777 – IT Continuity

(in 10 minutes)

Robin Gaddum MBCI

BSI BCM/1 co-opted member

Tripartite Authorities DR Service Providers‟ Forum member

IBM UK Business Continuity & Resiliency Consulting Practice Lead

M: 07966 265483

E: gaddumr@uk.ibm.com

Agenda

• Why was BS25777 developed; what need does it fulfil?

• How does it relate to BS25999?

• Who is its target audience?

• What are the key messages?

In the beginning there was…

• BS25999 part 1, which set out the code of

practice for business continuity

• … and it was good

• … but voices in the wilderness wailed,

“What about IT?”, and that begat PAS77…

• …and that begat BS25777:2008…

• A code of practice for ICT Continuity

associated with, and building upon,

BS25999 part 1

• For anyone seeking ICT Continuity

wisdom, not just BS25999 readers

…and Lo! BS25777 was similar to

BS25999

Source: BS25777:2008

Last

good data

backup

!

Disruption

occurs

Service

loss

experienced

Decision

taken to

invoke ICT

Continuity

ICT

infrastructure

recovery

complete

ICT

application

recovery

complete

Business

service fully

recovered

time

Recovery

Point

Objective

Invocation

Decision

Time

Business Continuity

Recovery Time Objective

(per product, service or activity)

ICT Continuity

RTO

(per ICT service)

BC User

Acceptance

Test

ICT supports

ongoing

Business

Continuity

activity

Staff start

using

restored ICT

services

Time Zero

Detection

Time

Protect Detect React Recover Operate

Return to

(new)

normal

operations

ICT supports

migration back

from recovery

mode

Return

„Writing on the tablets‟ of BS25777Source: BS25777:2008

Here endeth the lesson(which I hope has come across as gentle evangelism

rather than „fire and brimstone‟ preaching)

Robin Gaddum MBCI

BSI BCM/1 co-opted member

Tripartite Authorities DR Service Providers‟ Forum member

IBM UK Business Continuity & Resiliency Consulting Practice Lead

M: 07966 265483

E: gaddumr@uk.ibm.com