Manage Learn to apply best practices and optimize your operations.

Today's most popular business continuity/disaster recovery standards

BC/DR standards have evolved dramatically over the past 10-15 years. Find out the most widely used standards and practices with this updated list.

While much of the focus of business continuity and disaster recovery (BC/DR) standards in the past four years has...

been on the internationally accepted ISO 22301:2012 standard, work continues on developing new standards, practices and guidance pinpointed at BC/DR activities. This article provides an updated list of business continuity and disaster recovery standards to know and use.

First, you will find currently available U.S. and U.K. standards and good practice documents.

Then, you'll learn the business continuity and disaster recovery standards in the ISO 223XX Series, plus other relevant standards and good practice documents. Regulations addressing BC/DR, security and related issues are also in place for specific vertical markets, such as banking and healthcare. Many countries have their own BC/DR standards, regulations and practices; most recognize the ISO standards in addition to their own.

Finally, you'll get information on where to obtain your own copies of these and other standards and practices.

Globally, the ISO standards for business continuity and disaster recovery are the most widely used, and are gaining acceptance in the U.S. The global BC standard, ISO 22301:2012, provides a solid foundation for developing business continuity management systems (BCMS) and can also be used for auditing existing BC programs. ISO 22313:2012, the companion standard for 22301, provides additional details (e.g., "how-to") that support 22301's requirements.

Table 1 lists the current standards in the ISO 223XX Series that apply to business continuity and related activities. The ISO 22398 and 22399 standards are also worth a look. The standards can be purchased from the ISO by visiting the www.iso.org website and entering the number of the standard.

Table 1 – The ISO 223XX Series – Societal Security

Designation

What it Addresses

Where to Buy

ISO 22300:2012

Societal Security – Vocabulary

www.iso.org

ISO 22301:2012

Business Continuity Management Systems – Requirements

www.iso.org

ISO 22311:2012

Video Surveillance

www.iso.org

ISO 22313:2012

Business Continuity Management Systems – Guidance

www.iso.org

ISO 22315:2014

Mass Evacuation – Guidelines

www.iso.org

ISO 22320:2011

Emergency management – Requirements for Incident Response

www.iso.org

ISO 22322:2015

Emergency management – Guidelines for Public Warning

www.iso.org

ISO 22324:2015

Emergency management – Guidelines for Color-coded Alert

www.iso.org

ISO 22351:2015

Emergency management – Message Structure for Interoperability

www.iso.org

ISO 22397:2014

Guidelines for Establishing Partnering Arrangements

www.iso.org

ISO 22398:2013

Guidelines for Exercises

www.iso.org

ISO 22399:2007

Guidelines for Incident Preparedness and Operational Continuity Management

www.iso.org

Table 2 lists two important technology disaster recovery standards. ISO 27031 provides a concise description of a technology disaster recovery program, planning process and supporting activities. ISO 24762 provides useful criteria for selecting a technology DR service provider. The two standards in Table 3 are can also be helpful for BC/DR planning.

Table 2 – ISO Technology DR Standards

Designation

What it Addresses

Where to Buy

ISO 27031:2011

Guidelines for Information and Communications Technology Readiness for Business Continuity

www.iso.org

ISO 24762:2008

Guidelines for Information and Communications Technology Disaster Recovery Services

www.iso.org

Table 3 – Additional Important ISO Standards

Designation

What it Addresses

Where to Buy

ISO 27000

ISO Information Security Standard

www.iso.org

ISO 31000

ISO Risk Management Standard

www.iso.org

Below you will find the Business Continuity Institute's (BCI) Good Practice Guidelines (GPG) in Table 4, as it provides a comprehensive foundation for understanding the business continuity process, and also maps closely to the ISO 22301 standard. Training courses based on the BCI's GPG are available from the BCI and other established educational firms.

Table 4 – U.K. Standards and Good Practice

Designation

What it Addresses

Where to Buy

PD 25222

Guidance on Supply Chain Continuity

www.bsigroup.com

PD 25111:2010

Human Aspects of Business Continuity

www.bsigroup.com

PD 25666:2010

Exercising BCM

www.bsigroup.com

PD 25888

Guidance on Business Recovery

www.bsigroup.com

BS 11200:2014

Crisis Management Standard

www.bsigroup.com

BS 65000:2014

Organizational Resilience Standard

www.bsigroup.com

PAS 7000

Supply Chain Risk Management

www.bsigroup.com

BCI GPG 2013

Good Practice Guidelines from the Business Continuity Institute

www.thebci.org

Table 5 provides a partial listing (as does Table 4) of standards, regulations and good practice developed in the U.S. by several different organizations, such as ASIS International, the National Fire Protection Association (NFPA), the Federal Financial Institutions Examination Council (FFIEC), the Information Systems Audit and Control Association (ISACA), the Financial Industry Regulatory Authority (FINRA), the Federal Emergency Management Agency (FEMA) and the National Institute for Standards and Technology (NIST). The Disaster Recovery Journal (DRJ) offers Generally Accepted Practices (GAP) for business continuity. The NIST Special Publications 800 series of standards provides useful insight and guidance on many aspects of information technology, including BC/DR.

Table 5 – U.S. BC/DR Standards and Good Practice

Designation

What it Addresses

Where to Buy

NFPA 1600:2013

American National Standard for business continuity and emergency management; approved as part of P.L.110-53 Private Sector Preparedness (PS-Prep) Act of 2009

www.nfpa.org

ASIS SPC.1:2009

Organizational Resilience Standard; approved as part of P.L.110-53 Private Sector Preparedness (PS-Prep) Act of 2009

www.asisonline.org

FFIEC BC Handbook

Business Continuity Planning; IT Examination Handbook (2008)

www.ffiec.gov

ISACA Document G32

IT Auditing Guideline; Business Continuity Plans

www.isaca.org

FINRA Rule 4370

Business Continuity Plans and Emergency Contact Information; consolidates NYSE Rule 446 and NASD Rules 3510 and 3520

www.finra.org

FEMA FCD

Federal Continuity Directives for government agencies

www.fema.gov

DRJ GAP

Disaster Recovery Journal Generally Accepted Practices

www.drj.com

NIST SP 800-34

Contingency Planning Guide for Information Technology Systems

www.nist.gov

NIST SP 800-53

Security and Privacy Controls for Federal Information Systems

www.nist.gov

NIST SP 800-84

Guide to Test, Training and Exercise Programs for IT Plans

www.nist.gov

An excellent single-source compendium of current standards from the U.S., U.K. and many other countries is the BCI's publication BCM Legislation, Regulations, Standards and Good Practice (January 2015).

Business continuity and disaster recovery standards, regulations and good practice have evolved dramatically over the past 10-15 years. In this article we've listed the most widely used standards and practices. Performing your BC/DR work in alignment with these standards will ensure you are prepared for future audits and reviews.  

Next Steps

Make business continuity standards work for you

A closer look at BC/DR standards

How to comply with business continuity standards

This was last published in June 2015

Dig Deeper on Disaster recovery planning - management

PRO+

Content

Find more PRO+ content and other member only offers, here.

Join the conversation

1 comment

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

What business continuity and disaster recovery standards give you the most difficulty?
Cancel

-ADS BY GOOGLE

SearchSolidStateStorage

SearchCloudStorage

SearchDataBackup

SearchStorage

Close