Approach

To ensure that no standard has been given an unequal priority within the review process for this document the following methodology was adopted:

• Evaluate a number of standards from different parts of the world to see how they relate to BC and ITSC;
• Develop a generic Business Continuity Management process to show activities including how they flow;
• Integrate this result with the existing ENISA process model on Risk Assessment and Risk Management.

In compiling this report, various standards, handbooks and good-practice guides related to Business Continuity, Information Technology Service Continuity, Risk Management and Information Security were evaluated .

An overview Business Continuity process was developed which represents most of the Business Continuity methods available at present, while remaining independent. The language used fits all current methods rather than being aligned with any one method in particular.

It was felt that the existing Risk Assessment model [ENISA RM] could be utilised for BCM since it is important to show the relationship between Business Continuity and Risk Assessment. Since Business Continuity is risk-based the model appears to fit at many levels. The block diagram was then developed and the interfaces and overlaps were discussed.