Lessons learned from first 6 months of implementing BS25999

Posted on 2 December
The following are the learning points from a ‘Structured Debrief’ of the first 6 months of working with one of our clients as we approach the first audit. As we are starting working with another part of the organisation to achieve BS25999 it was important to learn the lessons before starting up a second project.

Point learned to date are:-

a.      The project stalled at the beginning as there was a lack of business continuity and BS25999 expertise internally.  The client managed to develop their BIA, policy and plans but they were unsure whether they were compliant with the standard and were unsure what they were trying to achieve with these documents. Expert help was brought in and the project took off again. The learning from this is that it is difficult to achieve the standard unless you have sufficient internal or external expertise.

b.     Time has been a major issue on the project. There is the constant tension of completing the ‘day job’ as well as trying to carrying out the requirements of the project. When starting a business project staff and their managers need to be aware of the time commitment and allows then sufficient time to work on the project.

c.     In the debrief a number of people commented there was excellent commitment by the team to the project and that all the different parts of the organisation were represented on the team. A learning point is that all parts of the organisation need to be represented on the team and the team members need to be carefully selected.

d.     All those on the project need to be identified at the beginning of the project so as to avoid constantly going back over past subjects and recapping in meetings.

e.     Senior managers informed of the progress of the project was deemed important to ensure business buy in and their continued support.

f.      Sufficient resources need to be allocated to ensure the success of the project . Do not underestimate the resource and work commitment to the project. This should include an allocated project manager, project sponsor and representatives from all parts of the organisation.

g.     There need to be one controller of all documents. Do not underestimate the volume of documents produced!

Best of luck with your project!