Practical, Cost Effective and award-winning

Business Continuity, Crisis Management & Information Security Solutions

Phone:

0800 035 1231 (Mon to Fri 9am – 5pm)

36B Market Street, New Mills

Derbyshire, SK22 4AA, United Kingdom

O2 Suffers Another Outage – Does BS 25999 Actually Work?

Unsurprisingly, the prolonged loss of service to hundreds of thousands of O2 customers this week has attracted widespread media coverage.  However, from the point of view of a Business Continuity professional, there are two interesting aspects to this story that have not been (widely) reported:

  • This is only the most recent disruption that O2 have suffered, in particular there was a high-profile outage in South East England in May 2010; and
  • O2 is one of only a few hundred companies worldwide to have achieved certification to BS 25999: British Standard for Business Continuity Management.

How can it be that a company that has proven it has implemented best practice in Business Continuity Management in this way continues to suffer such disruptions?

The first point to note is that, in Business Continuity, one has to take a long-term view: however resilient your organisation, occasional problems will still occur (hence the ongoing need for an Incident Management capability) so it is important not to infer too much from a small number of incidents over a short time scale.  Secondly, and more importantly, it is important to remember that certification to a standard merely demonstrates that an organisation has gone through the correct process: not that it has necessarily drawn valid conclusions from this analysis.

Whilst not in any way devaluing BS 25999 certification (or ISO 22301), it is important to bear the latter point in mind when assessing suppliers’ continuity arrangements: certification on its own does not guarantee that the services you depend upon will be restored within time-scales that you feel are appropriate so it is still worth having a look through the plan itself.