Business Continuity Standards and Guidelines Compendium

Links to Domestic Sources: ASIS -- www.asisonline.org/guidelines/guidelinesbc.pdf COBIT -- http://www.isaca.org/cobit/ DRII -- http://www.drii.org/ DRII/DRJ – Generally Accepted Practices (GAP) – same as DRII FED -- http://www.federalreserve.gov/ (e.g.,

http://www.federalreserve.gov/boarddocs/press/bcreg/2003/20030408)/attachment.pdf

FEMA -- http://www.fema.gov/ (e.g., www.fema.gov/government/coop/coopassessment3.htm)

FERC -- http://www.ferc.gov/ (e.g., http://www.ferc.gov/industries/hydropower/safety/guidelines/eap/recovery-plan.pdf

FFIEC – http://www.ffiec.gov/ (e.g., http://www.ffiec.gov/ffiecinfobase/booklets/bcp/bcp_workprogram.rtf )

GLBA -- http://banking.senate.gov/conf/confrpt.htm HIPAA -- http://www.hhs.gov/ocr/hipaa/ NIST sp800 Series -- http://csrc.nist.gov/publications/nistpubs/ NFPA 1600 -- http://www.nfpa.org/assets/files/pdf/nfpa1600.pdf SOX -- http://www.sec.gov/spotlight/sarbanes-oxley.htm NASD -- http://www.nasdr.com/ (e.g.,

www.nasd.com/RulesRegulation/IssueCenter/BusinessContinuityPlanning/NASDW_013426)

Links to International Sources: AS/NZS 4360 Risk Management Guide -- http://www.riskmanagement.com.au/ BCI - Good Practices Guideline (GPG) -- http://www.thebci.org/ BS 25999 (previously PAS 56) --

http://www.bsi-global.com/Risk/BusinessContinuity/bs25999.xalter HB 221:2004 Business Continuity Management (also 292:2006 and 293:2006) --

http://www.riskmanagement.com.au/Products/HB2212004BusinessContinuity/tabid/168/Default.aspx or http://www.saiglobal.com/shop/script/Details.asp?docn=AS938248190006

ISO 17799, IT - Code of practice for information security management -- http://www.iso.org/iso/en/CombinedQueryResult.CombinedQueryResult?queryString=17799

Information Technology Infrastructure Library (ITIL) -- http://www.itil.co.uk/ Standard for Business Continuity / Disaster Recovery Service Providers

(SS507:2004) -- http://www.ida.gov.sg/idaweb/marketing/infopage.jsp?infopagecategory=factsheet:marketing&versionid=7&infopageid=I2259

Technical Reference (TR19:2005) on BCM -- http://www.smafederation.org.sg/resources/control.cfm?ID=8566

Other References: 10 Certification Standards for Professional Practitioners -- www.thebci.org Business Continuity: Best-Practices -- World Class Business Continuity Management,

Second Edition , Andrew Hiles, Rothstein Associates Inc. Business Continuity Planning Methodology -- Akhtar Syed, Afsar Syed, Sentryx. A Model for Business Resiliency -- Thomas E. Martin, Eagle Rock Alliance Ltd. Enterprise Risk Management - Integrated Framework -- Committee of Sponsoring

Organizations of the Treadway Commission Overview of Enterprise Risk Management -- Casualty Actuarial Society Operational Risk and Resilience: Understanding and Minimizing Operational Risk To

Secure Shareholder Value -- Chris Frost, David Allen, James Porter, Philip Bloodworth,Butterworth-Heinemann

Enterprise Risk Management: from Incentives to Controls -- James Lam; Wiley The Resilient Enterprise: Overcoming Vulnerability for Competitive Advantage -- Yossi

Sheffi, The MIT Press Proactive Strategies to Position and Protect Your Organization -- Spencer Anderson,

www.continuitycentral.com Beyond Disaster Recovery: Becoming a Resilient Business -- Richard Cocchiara, IBM

Global Services Business Resilience – The Next Step Forward for Business Continuity -- Robin Gaddum,

IBM Global Services UK Enterprise Resilience : Risk and Security in the Networked World -- Strategy+Business,

Booz Allen Hamilton Quest for Resilience -- Gary Hamel and Liisa Valikangas, Harvard Business Review