After more than 10 years in use, the BSI Standard 100-4 “Emergency Management” has been modernized and further developed. The new standard 200-4 “Business Continuity Management” should be universally applicable for institutions and support them in setting up and developing a business continuity management system (BCMS).
Compared to its predecessor, the BSI Standard 200-4 takes a more holistic view of BCM and therefore addresses the creation of an all-encompassing resilience of the institution in a more targeted manner. This is implemented primarily using implementation aids as well as practical examples and the demonstration of synergy potentials for other security topics and management systems, for example in information security, crisis management or IT service continuity management.
New model with three levels
The practical reference and action-oriented focus of the standard is also reflected in the new three-step model. The simplest level, the so-called reactive BCMS, should enable institutions with fewer resources and little prior experience in BCM to gradually build up their resilience. For this purpose, the focus is initially placed on all those aspects in BCM that enable the institution to respond appropriately to emergencies.
In the largest version of the tiered model, the standard BCMS, on the other hand, all the necessary requirements are taken into account in order to be able to build a complete BCMS that meets the requirements. If these implementation recommendations are consistently applied, all requirements of the internationally recognized ISO 22301 standard can be met at the same time. The BSI standard 200-4 is therefore an ideal implementation guide if an institution wants to have its BCMS certified according to the ISO standard 22301.
Institutions that already implement emergency management according to BSI Standard 100-4 can expand this using a migration concept that will be made available by the BSI in the coming weeks and make the necessary additions for a complete business continuity management system according to the current BSI Standard 200-4.
The community draft is on the BSI website available until 30.06. be commented on.