|
By David Honour, editor of continuitycentral.com
During February and March 2007, a survey was conducted of Continuity Central readers concerning their usage of business continuity standards and their attitude to the standards which they had read.
Overall, 280 useable responses were received. The majority of respondents’ organisations were either based in the United States (34 percent) or the United Kingdom (31 percent). Other countries with a significant number of respondents were: Australia (8 percent), Canada (5 percent) and France & India (2 percent each).
Respondents were asked to list up to two business continuity standards which they had read and were familiar with. Five different business continuity standards were reported by respondents:
BS 25999-1:2006
Business continuity management, Part 1: Code of practice
Developed by: The British Standards Institution
Country: United Kingdom
NFPA 1600
Standard on Disaster/Emergency Management and Business Continuity Programs
Developed by: The National Fire Protection Association
Country: United States
HB 221:2004
Business Continuity Management
Developed by: Standards Australia
Country: Australia
HB 292-2006
A practitioners guide to business continuity management
Developed by: Standards Australia
Country: Australia
BS ISO/IEC 17799:2005
Code of practice for information security management
Developed by: The British Standards Institution
Country: United Kingdom
BS 25999-1:2006 seems to be the most widely read standard internationally. 57 percent of those who reported reading it were located in the UK, while the remaining 43 percent of readers came from a total of 22 different countries. In contrast, 100 percent of the readers of HB 292-2006 were located in Australia and 77 percent of HB 221:2004 readers were located in either Australia or New Zealand.
The vast majority of NFPA 1600 readers came from organisations head-quartered in North America, with 74 percent located in the United States and 13 percent in Canada.
BS ISO/IEC 17799:2005 also had a predominantly US-based readership, with 64 percent of respondents who had read it being located there. The remaining readers were distributed amongst five different countries.
What do respondents think of the quality of the standards they have read?
The survey asked respondents to rate the two standards that they were most familiar with in terms of six subjective measures of quality. These were:
1) How easy the standard was to understand
2) How easily they thought they could follow the standard's guidelines within their company
3) The quality of writing
4) The usefulness to their organisation
5) The standard’s clarity
6) The presentation of the standard.
The results were as follows:
How easy the standard was to understand
HB 292-2006 had a very high rating for ease of understanding with every respondent (100 percent) who had read it saying ‘yes’ it was easy to understand. In contrast the older HB 221:2004 has a much lower rating, with only 54.3 percent of respondents saying that it was easy to understand.
BS 25999-1: 2006 performed well, with 83.6 percent of respondents who had read it saying that it was easy to understand. NFPA 1600 came out less well, with only 64.2 percent of respondents believing it was easy to understand and 12.8 percent saying that it was not easy to understand, the highest negative score of all the standards reviewed.
How easily did respondents think they could follow the standard's guidelines within their company?
HB 292-2006 came top-of-the-pile for how easily readers thought it would be to follow within their own organisation, with 75 percent of respondents who had read it believing that this was the case. BS 25999-1: 2006 followed at 64.7 percent.
HB 221: 2004 produced the most strongly negative response, with 15.4 percent of respondents who had read it saying that it would not be easy to understand how to follow the standard’s guidelines within their own organisation.
The quality of writing
Respondents believed that HB 292-2006 was the most well written standard, with an average score of 7.86 out of ten (on a scale of 1 ‘very poor’ to 10 ‘excellent’). BS ISO/IEC 17799:2005 followed, with an average score of 7.67. NFPA 1600 was seen as the least well written standard, with an average score of 6.76.
Usefulness to respondents’ organisations
When asked to judge the ‘usefulness’ of the various standards, on the same scale (1 to 10, where 1 is 'very poor' and 10 is 'excellent' ) the results for HB 292-2006 and BS ISO/IEC 17799:2005 produced virtually identical results, with respective average scores of 7.7 and 7.6. BS 25999-1: 2006 followed with an average score of 7.25. HB 221: 2004 was the lowest scorer in this category, with an average of 5.5.
The standard’s clarity
BS ISO/IEC 17799:2005 was seen as the standard with the most clarity, with an average score of 7.6. HB 292-2006 came a close second at 7.57. HB 221 : 2004 was seen as the least clear standard, averaging 6.25.
The presentation of the standard
Respondents deemed that HB 292-2006 was the best presented standard, with an average score of 7.85. BS 25999-1: 2006 followed with an average score of 7.12. NFPA 1600 was given lowest marks for presentation, at 6.34.
A more detailed discussion of the business continuity standards appears in the latest issue of the Business Continuity Journal: see http://www.businesscontinuityjournal.com
NOTE: Definition of a ‘business continuity standard’
For the purpose of this survey, a business continuity standard was seen as a document which has been developed by an official standards organisation, as recognised by ISO, the International Organization for Standardization. The document must be promoted as a standard by the official standards organisation. Therefore certain well-used business continuity guides, such as PAS 56, PAS 77, the Business Continuity Institute’s (BCI) Good Practice Guidelines and the BCI / Disaster Recovery Institute International’s Ten Certification Standards For Professional Practitioners were removed from the survey results since these are all guidance documents rather than true standards.
Make a comment
•Date: 10th August 2007• Region: World •Type: Article •Topic: BC statistics
Rate this article or make a comment - click here |
