BS 25777

Note: BS 25777 has been superseded by ISO 27031

BS 25777 is the British Standard that specifies a Code of Practice for Information and communications technology continuity management.

In almost all organisations today, the processes that deliver products and services depend on information and communication technology (ICT).

Disruption to ICT can be a major risk and can damage an organization’s ability to operate and can undermine its reputation. The consequences of a disruptive incident vary and can be far-reaching, and might not be immediately obvious at the time.

BS 25777 will help any organization plan and implement an ICT continuity strategy.

ICT continuity management supports the overall business continuity management (BCM) process of an organisation. BCM ensures that an organisation’s processes are protected from disruption and is able to respond positively and effectively when disruption occurs.

ICT continuity management makes sure that ICT services are resilient and can be recovered within timescales required by, and agreed with, the Top Management. Effective BCM depends on ICT continuity management to ensure that an organisation can meet its objectives at all times, particularly during times of disruption. To be successful, both BCM and ICT continuity management have to become embedded within the organisation’s culture.

BCM and ICT continuity management form an important part of effective management, sound governance and organisational prudence. Top Management is responsible for maintaining the ability of the organisation to continue to function in the face of disruption. Many organisations also have a statutory or regulatory duty to maintain effective risk-based controls, including BCM.

BS 25777 ensures that an organisation:

  • develops and enhances competence in ICT staff by demonstrating credible responses through exercising ICT continuity plans and testing ICT continuity arrangements;
  • encourages improved collaboration between business managers and ICT service providers (internal and external);
  • identifies the potential impacts of disruption to ICT services;
  • potentially gains competitive advantage through the demonstrated ability to deliver business continuity and maintain product and service delivery in times of disruption;
  • provides additional confidence in the business continuity strategy through linking investment in ICT solutions;
  • provides assurance to Top Management that it can depend upon predetermined levels of ICT services and receive adequate support and communications in the event of a disruption;
  • understands and documents stakeholders’ expectations and their relationships with, and use of, ICT services.
  • understands the threats to, and vulnerabilities of, ICT services;

BS 25777 gives recommendations for ICT continuity management within the framework of business continuity management provided by BS 25999 – now superseded by ISO 22301

British Standards can be purchased from the British Standards Institutive Shop (BSi)