What are the key standards for business continuity that IT departments should be aware of and gaining certification in?
There's no current international standard for business continuity, though there are a number of national standards that are internationally recognized. At a risk of "working back from the answer," the first port of call for UK organizations should be to consider the recently completed BS25999 standard for business continuity management – this was issued in two parts, the second of which was published in November 2007. The good news is that those defining that standard have quite clearly taken a pragmatic approach, with the result that the standard should be applicable to most sizes of organization; also, it is reasonably straightforward to understand while being a great deal more than just common sense and motherhood. As a starting point for awareness, take a look at the UK Government's BCM primer, available
What are the pitfalls of such standards? A key question that arises very early in the description of BS25999 is, "Do you understand your business?" This is central to the ability to implement business continuity, which makes absolute sense in principle – but of course can be very difficult in practice. A second area of difficulty can be the sustainability of the business continuity plan, once produced. BS25999 follows a similar approach to that of ISO 9001 for quality, and ISO17799 for security – namely to define a system to support the implementation of the standard, then to stick with it. It's worth keeping this in mind at the start, and ensuring that any awareness, certification, implementation of BS25999 is couched within an understanding of how to keep the business continuity plan up to date and relevant to the business in years to come.