As globalization blurs the lines between countries and expands business hours from 9 to 5 to 24/7, companies can no longer approach business continuity and risk management as a regional, or even national, endeavor. Instead, business continuity programs must enable organizations to communicate in multiple languages and deal with meeting the requirements of various regulatory agencies around the globe.
Avalution Consulting has a deep knowledge of international business continuity standards authored by the most influential business and financial authorities. The table below summarizes common elements found in five leading standards/regulations influencing global financial services organizations, as well as unique characteristics that should be considered by business continuity and risk management professionals.
In addition to the regulatory requirements and standards noted above, many other standards, guidelines or regulatory requirements exist. The United States Securities and Exchange Commission approved NYSE Rule 446 and NASD Rules 3510 and 3520, applicable to the securities industry. New Zealand and Australia jointly published “HB 221:2004 Business Continuity Management”, Singapore’s SPRING (Standards, Productivity and Innovation Board) has published TR19:2005, and Bank of Japan published “Business Continuity Planning at Financial Institutions”, to name a few.
NFPA1600, an emergency preparedness standard, is an industry independent guideline often used in measuring BC program readiness. Another standard often used by larger organizations is found in an Information Security document titled ISO 17799 (originally BS 7799). ISACA and ITGI published business continuity control objectives in the Control Objectives for Information Technology (CobiT) framework.
In order to make an organization more resilient, management should consider developing governance structures and measuring business continuity readiness through the identification of standards applicable to their unique business and regulatory requirements.