No consensus on which is the most useful standard
Thursday, May 1st, 2008The Conference Board looks into use of business continuity, disaster recovery and related standards by US organizations
The majority of US companies have a formal, written plan for emergency preparedness, according to a report released by The Conference Board. But a widely adopted certification standard for such plans does not exist yet.
Three-quarters of the 302 senior corporate executives surveyed in mid-2007 said that an emergency preparedness plan exists in their companies. The analysis was sponsored by the US Department of Homeland Security as part of an ongoing research project to assess the effectiveness of security in American companies.
The survey sample was intended to reflect the characteristics of American businesses as defined by size and industry. The sample was divided into three strata: small business (companies with $5 million to $50 million in annual sales); mid-market ($50 million to $1 billion in sales); and enterprise ($1 billion or more in sales). Within these groups of companies, the survey polled executives with responsibility for security, business continuity, crisis management, and emergency response efforts.
A ‘voluntary’ certification process for preparedness was adopted as part of the 2007 homeland security legislation (Public Law 110-53). The choice of standards that would permit certification under the law is currently under review.
"Currently, the most significant finding is that none of the many standards proposed for certification has attained widespread usage in the private sector," says Thomas Cavanagh, senior research associate, Global Corporate Citizenship, The Conference Board.
The most common standard is the ISO 27001/17799 information security standard, which has been implemented by 23 percent of the surveyed companies. Following close behind, used by 20 percent of companies, is NFPA 1600, which was endorsed as the National Preparedness Standard in 2004 by DHS, the U.S. Congress, the 9/11 Commission, and the American National Standards Institute (ANSI). Three other kinds of standards have all been implemented by 12 percent of companies.
Posted in General | No Comments »
