An Introduction to ICT Continuity Based on BS 25777
1 ISACA JOURNAL VOLUME 2, 2011 Organizations have various ways of judging business success. In the public sector, one success criterion is quality of service to the citizens. In the private sector, growth of market share is a success measure. In all sectors, a condition for success is that business should continue to function in the face of fire, flood and other disasters. The discipline that ensures that the business can continue is business continuity management (BCM).1 In most organizations, the processes that deliver products and services depend on information and communication technology (ICT). Disruptions to ICT can, therefore, constitute a strategic risk, damaging the organization’s ability to operate and undermining its reputation. The consequences of a disruptive incident vary and can be far-reaching, and they may not be immediately obvious at the time of the incident. In 2008, the British Standards Institution (BSI) released BS 25777:2008, Information and Communications Technology Continuity Management: Code of Practice, to help organizations plan and implement an ICT continuity strategy. BS 25777 gives recommendations for ICT continuity management within the framework of BCM provided by BS 25999-1:2006, Business Continuity Management: Code of Practice. This article provides an introduction to the key elements of ICT continuity based on BS 25777.