1. BS25777 – IT Continuity
(in 10 minutes)
Robin Gaddum MBCI
BSI BCM/1 co-opted member
Tripartite Authorities DR Service Providers‟ Forum member
IBM UK Business Continuity & Resiliency Consulting Practice Lead
M: 07966 265483
E: gaddumr@uk.ibm.com
2. Agenda
• Why was BS25777
developed; what need
does it fulfil?
• How does it relate to
BS25999?
• Who is its target
audience?
• What are the key
messages?
3. In the beginning there was…
• BS25999 part 1, which set out the code of
practice for business continuity
• … and it was good
• … but voices in the wilderness wailed,
“What about IT?”, and that begat PAS77…
• …and that begat BS25777:2008…
• A code of practice for ICT Continuity
associated with, and building upon,
BS25999 part 1
• For anyone seeking ICT Continuity
wisdom, not just BS25999 readers
5. „Writing on the tablets‟ of BS25777
Source: BS25777:2008
Time Zero
Protect Detect React Recover Operate Return
Business Continuity
Recovery Time Objective
(per product, service or activity)
ICT supports
ICT Continuity ongoing ICT supports
Recovery Detection Invocation BC User Business migration back
RTO
Point Decision Acceptance Continuity from recovery
Objective Time Time (per ICT service) Test activity mode
time
!
Last Service Decision ICT ICT Business
Disruption infrastructure application Staff start Return to
good data loss taken to service fully
occurs recovery recovery using (new)
backup experienced invoke ICT recovered
Continuity complete complete restored ICT normal
services operations
6. Here endeth the lesson
(which I hope has come across as gentle evangelism
rather than „fire and brimstone‟ preaching)
Robin Gaddum MBCI
BSI BCM/1 co-opted member
Tripartite Authorities DR Service Providers‟ Forum member
IBM UK Business Continuity & Resiliency Consulting Practice Lead
M: 07966 265483
E: gaddumr@uk.ibm.com