Comment Submitted by John A. DiMaria, BSI Management Systems

BSI (British Standards Institution) the largest and oldest standards body in the world, applauds the DHS for their efforts in the adoption of the Voluntary Private Sector Accreditation and Certification Preparedness Program. We also applaud the fact that the DHS acknowledges that organizations are all unique in their own way and therefore wants to “maximize the number and type of private sector preparedness standards”. The BS 25999-2:2007 is a proven, internationally accepted and field tested standard that organizations around the world have been certifying to since its release in 2007 including being adopted by many organizations in the US. It was developed by practitioners throughout the business continuity community, drawing upon their academic, technical and practical experiences of business continuity management (BCM). It has been produced to define requirements for a management systems approach to business continuity based on good practice for use in large, medium and small organizations operating in industrial, commercial, public and voluntary sectors. BS 25999 is “user friendly” by virtue of the availability of the BS 25999 part 1 guidance document that provides best practice recommendations and the pre-compliance tool which is available for businesses to perform a gap analysis in order to prepare for certification or to satisfy supply chain needs. Furthermore, the BS 25999 is easily used by any organization by virtue of its construction and shown to satisfy many small, medium and multi-national organizations requirements for business continuity and also contains all the elements as outlined in page 8 & 9 of this Federal Register. Additionally, it is currently the only ”Certifiable” BCM standard currently in existence. It is with these facts that BSI feels it is critical that the BS 25999 be included in the choices of standards under the Voluntary Private Sector Accreditation and Certification Preparedness Program. It is clear that we must include standards that support what organizations have already deemed as valuable to the private sector and in many cases required by their customers around the world.