The particular strength of this standard is that it focuses on planning and preparation in anticipation of a disaster and does not prescribe a program development process.
2. BS25999—Business Continuity Management. This standard defines requirements for a management systems approach to business continuity, and integrates risk management disciplinesand processes. BS25999 is comprised of two parts: Part 1 dated 2006; Code of
Practice, and Part 2 dated 2007; Specification. The particular strength of this standard is that it specifically provides a management systems approach to business continuity and also integrates risk management disciplines and processes. The standard also provides the user the basis for understanding and implementing in business-to-business and business-tocustomer
dealings to reassure business resilience.
3. ASIS SPC. 1–2009—Organizational Resilience: Security Preparedness, and Continuity Management Systems— Requirements with Guidance for Use. This standard was released in 2009 and defines requirements for a management systems approach to organizational resilience. The particular strength of this standard is that it applies a management systems approach to organizational resilience. The standard encompasses an assortment of risk management mechanisms and follows a plan-do-check-act approach associated with other International Standard Organization management system based standards.