Business Continuity Standards and Guidelines Compendium

Links to Domestic Sources:  ASIS -- www.asisonline.org/guidelines/guidelinesbc.pdf  COBIT -- http://www.isaca.org/cobit/  DRII -- http://www.drii.org/  DRII/DRJ – Generally Accepted Practices (GAP) – same as DRII  FED -- http://www.federalreserve.gov/ (e.g., http://www.federalreserve.gov/boarddocs/press/bcreg/2003/20030408) /attachment.pdf  FEMA -- http://www.fema.gov/ (e.g., www.fema.gov/government/coop/coopassessment3.htm)  FERC -- http://www.ferc.gov/ (e.g., http://www.ferc.gov/industries/hydropower/safety/guidelines/eap/recoveryplan.pdf  FFIEC – http://www.ffiec.gov/ (e.g., http://www.ffiec.gov/ffiecinfobase/booklets/bcp/bcp_workprogram.rtf )  GLBA -- http://banking.senate.gov/conf/confrpt.htm  HIPAA -- http://www.hhs.gov/ocr/hipaa/  NIST sp800 Series -- http://csrc.nist.gov/publications/nistpubs/  NFPA 1600 -- http://www.nfpa.org/assets/files/pdf/nfpa1600.pdf  SOX -- http://www.sec.gov/spotlight/sarbanes-oxley.htm  NASD -- http://www.nasdr.com/ (e.g., www.nasd.com/RulesRegulation/IssueCenter/BusinessContinuityPlanning/NAS DW_013426) Links to International Sources:  AS/NZS 4360 Risk Management Guide -- http://www.riskmanagement.com.au/  BCI - Good Practices Guideline (GPG) -- http://www.thebci.org/  BS 25999 (previously PAS 56) -- http://www.bsiglobal.com/Risk/BusinessContinuity/bs25999.xalter  HB 221:2004 Business Continuity Management (also 292:2006 and 293:2006) -http://www.riskmanagement.com.au/Products/HB2212004BusinessContinuity/ta bid/168/Default.aspx or http://www.saiglobal.com/shop/script/Details.asp?docn=AS938248190006  ISO 17799, IT - Code of practice for information security management -http://www.iso.org/iso/en/CombinedQueryResult.CombinedQueryResult?queryS tring=17799  Information Technology Infrastructure Library (ITIL) -- http://www.itil.co.uk/  Standard for Business Continuity / Disaster Recovery Service Providers (SS507:2004) -http://www.ida.gov.sg/idaweb/marketing/infopage.jsp?infopagecategory=factshe et:marketing&versionid=7&infopageid=I2259

Technical Reference (TR19:2005) on BCM -http://www.smafederation.org.sg/resources/control.cfm?ID=8566

Other References:  10 Certification Standards for Professional Practitioners -- www.thebci.org  Business Continuity: Best-Practices -- World Class Business Continuity Management, Second Edition , Andrew Hiles, Rothstein Associates Inc.  Business Continuity Planning Methodology -- Akhtar Syed, Afsar Syed, Sentryx.  A Model for Business Resiliency -- Thomas E. Martin, Eagle Rock Alliance Ltd.  Enterprise Risk Management - Integrated Framework -- Committee of Sponsoring Organizations of the Treadway Commission  Overview of Enterprise Risk Management -- Casualty Actuarial Society  Operational Risk and Resilience: Understanding and Minimizing Operational Risk To Secure Shareholder Value -- Chris Frost, David Allen, James Porter, Philip Bloodworth, Butterworth-Heinemann  Enterprise Risk Management: from Incentives to Controls -- James Lam; Wiley  The Resilient Enterprise: Overcoming Vulnerability for Competitive Advantage -- Yossi Sheffi, The MIT Press  Proactive Strategies to Position and Protect Your Organization -- Spencer Anderson, www.continuitycentral.com  Beyond Disaster Recovery: Becoming a Resilient Business -- Richard Cocchiara, IBM Global Services  Business Resilience – The Next Step Forward for Business Continuity -- Robin Gaddum, IBM Global Services UK  Enterprise Resilience : Risk and Security in the Networked World -- Strategy+Business, Booz Allen Hamilton  Quest for Resilience -- Gary Hamel and Liisa Valikangas, Harvard Business Review