ASIS International hosted a stakeholder deliberation meeting on Oct. 3, at its headquarters in Alexandria, Va., with business continuity professionals from more than a dozen organizations to discuss its American National Standards Institute (ANSI) standards project initiative to develop a Business Continuity Management (BCM) standard, for ultimate approval by ANSI. Participation in the meeting was open to key business continuity program managers, service providers and other interested parties, and included representatives from Disaster Recovery Institute International, Association of Contingency Planners, the Business Continuity Institute and its U.S. Chapter BCI-USA, who commented on the proposed ASIS standards project registered with ANSI.
ASIS held the stakeholder meeting due to some initial concerns over the development and application of a new BCM standard, and in compliance with ANSI’s procedural requirements. The ASIS-proposed Business Continuity Management American National Standard would include auditable criteria for preparedness, crisis management, business and operational continuity and disaster management.
ASIS is seeking key input from business continuity professionals to develop potential membership on the technical committee that would draft and critique the new standard. ASIS stated its goal was not to infringe on the credibility of current BCM practitioners or turn BCM into a subset of security management, but to utilize its position as an ANSI-accredited Standards Development Organization to lead the effort of providing its members, and the business continuity community at large, a standard it believes is genuinely needed. Interested parties may contact ASIS at firstname.lastname@example.org.
The consensus opinion of the participants was that the meeting was a productive step toward the development of a new standard that could be both auditable and scalable. The compelling need for the standard was unanimously identified. Most participants agreed that while other standards, such as NFPA 1600, already existed and provided value to the business continuity community, future needs of the community were not met since they were not auditable, were partial to certain industry segments or did not promote a holistic view of BCM, including the wide range of disciplines today’s BCM programs have to consider.
Additionally, although some meeting participants concurred that the new ASIS BCM standards project was in potential conflict with existing American National Standard(s), the group agreed that the NFPA 1600 and other complementing standards will continue to have a significant role in the continuing maturity of the BCM field, while emphasizing that the compelling need for the standard is evident.
Next steps include:
· Broad-based outreach to develop the technical committee to draft the new standard. The membership of the committee will include professionals responsible for their organization’s continuity programs, respected service providers and third parties with a general interest in the subject, such as professional associations, government and academia.
· Begin work on the new standard, preferably by Nov. 15, 2008.
· Ensure procedural requirements of the ASIS Standards Operating Procedures and ANSI Essential Requirements are met.
Organizations represented at the Oct. 3 meeting: ASIS International; Association of Contingency Planners; Avalution Consulting; Business Continuity Institute; BSI Management Systems America; Carrier Information Systems; Computer Sciences Corporation; Contingency Planning Association of the Carolinas; Continuity Information Support Services; Danalie Partners; Disaster Recovery Institute International; Emergency Management & Safety Solutions; McDermott Inc.; Navigant Consulting; North River Solutions.