The nature, complexity and scale of recovery management cannot be determined in advance of an incident; therefore, recovery management has to be flexible, scalable and relevant to a broad range of risks applicable to the organization and its operating environment.
Some incidents are dramatic and as a result can change the very fabric of “normality” for an organization so lessons have to be learned from the response to any incident and the recovery management arrangements reviewed.
For this reason, recovery management might need to operate under new operating norms beyond recovering to pre-recovery conditions. Recovery management has to balance predetermined recovery requirements against emerging or changing expectations.
PD 25888 Guidance on organization recovery following disruptive incidents offers a definitive step-by-step guide on how best to develop and implement your organization's recovery in response to a disruptive incident.
Designed to complement the provisions of BS 25999, this document presents the ability to recover, restore or reconfigure taking into consideration the financial, legal, regulatory, environmental, reputational and emotional consequences that could result from an incident and the consequences that follow.
Successful implementation of organization recovery is mutually dependent upon effective implementation of incident management and business continuity plans.
This published document is applicable to recovery management before, during and after an incident that disrupts an organization’s ability to deliver its products and services.
It is intended to be applicable to all organizations (or parts thereof), regardless of type, size and nature of business. The extent of application depends on the organization’s operating environment and complexity.
PD 25888 Guidance on organization recovery following disruptive incidents will enable your organization to: