Today's most popular business continuity/disaster recovery standards

been on the internationally accepted ISO 22301:2012 standard, work continues on developing new standards, practices and guidance pinpointed at BC/DR activities. This article provides an updated list of business continuity and disaster recovery standards to know and use.

First, you will find currently available U.S. and U.K. standards and good practice documents.

Then, you'll learn the business continuity and disaster recovery standards in the ISO 223XX Series, plus other relevant standards and good practice documents. Regulations addressing BC/DR, security and related issues are also in place for specific vertical markets, such as banking and healthcare. Many countries have their own BC/DR standards, regulations and practices; most recognize the ISO standards in addition to their own.

Finally, you'll get information on where to obtain your own copies of these and other standards and practices.

Globally, the ISO standards for business continuity and disaster recovery are the most widely used, and are gaining acceptance in the U.S. The global BC standard, ISO 22301:2012, provides a solid foundation for developing business continuity management systems (BCMS) and can also be used for auditing existing BC programs. ISO 22313:2012, the companion standard for 22301, provides additional details (e.g., "how-to") that support 22301's requirements.

Table 1 lists the current standards in the ISO 223XX Series that apply to business continuity and related activities. The ISO 22398 and 22399 standards are also worth a look. The standards can be purchased from the ISO by visiting the www.iso.org website and entering the number of the standard.

Table 1 – The ISO 223XX Series – Societal Security

Table 2 lists two important technology disaster recovery standards. ISO 27031 provides a concise description of a technology disaster recovery program, planning process and supporting activities. ISO 24762 provides useful criteria for selecting a technology DR service provider. The two standards in Table 3 are can also be helpful for BC/DR planning.

Table 2 – ISO Technology DR Standards

Table 3 – Additional Important ISO Standards

Below you will find the Business Continuity Institute's (BCI) Good Practice Guidelines (GPG) in Table 4, as it provides a comprehensive foundation for understanding the business continuity process, and also maps closely to the ISO 22301 standard. Training courses based on the BCI's GPG are available from the BCI and other established educational firms.

Table 4 – U.K. Standards and Good Practice

Table 5 provides a partial listing (as does Table 4) of standards, regulations and good practice developed in the U.S. by several different organizations, such as ASIS International, the National Fire Protection Association (NFPA), the Federal Financial Institutions Examination Council (FFIEC), the Information Systems Audit and Control Association (ISACA), the Financial Industry Regulatory Authority (FINRA), the Federal Emergency Management Agency (FEMA) and the National Institute for Standards and Technology (NIST). The Disaster Recovery Journal (DRJ) offers Generally Accepted Practices (GAP) for business continuity. The NIST Special Publications 800 series of standards provides useful insight and guidance on many aspects of information technology, including BC/DR.

Table 5 – U.S. BC/DR Standards and Good Practice

An excellent single-source compendium of current standards from the U.S., U.K. and many other countries is the BCI's publication BCM Legislation, Regulations, Standards and Good Practice (January 2015).

Business continuity and disaster recovery standards, regulations and good practice have evolved dramatically over the past 10-15 years. In this article we've listed the most widely used standards and practices. Performing your BC/DR work in alignment with these standards will ensure you are prepared for future audits and reviews.