The Business Continuity Management Desk Reference
()
About this ebook
Guide to Business Continuity Planning, Crisis Management & IT Disaster Recovery with tools, techniques and templates for preparing your own DR & Business Continuity Plans (BCP).
A practical how to guide to Business Continuity that explains exactly what you need to do in the real world.
Written by an experienced consultant with 25 years industry experience of DR and Business Continuity.
Jamie Watters
I've had a varied management career working in programming, project management, programme management and operational management roles. A consistent theme over 25 years has been leading Business Continuity, DR and Data Centre remediation programmes. I've written books on Business Continuity, writing, self publishing and happiness. I have set up my own publishing company (Leverage Publishing) that focuses on non-fiction, business and self help titles. Specialties: Business Continuity, Disaster Recovery, Crisis Management, Business Continuity Planning, Business Impact Analysis, Disaster Recovery Testing, Work Area Recovery Testing, Incident Management, Risk Management, Prince 2, MSP, ITIL, COBIT, Project Management, Programme Management, Data Centre Migrations, Server Consolidations, Vitual Storage, Infrastructure Projects, Office Relocations, Desk Top Rollouts, Supplier Negotiation, Supplier Management, Print on Demand, POD, Lightning Source and e-books.
Related to The Business Continuity Management Desk Reference
Related ebooks
Everything you want to know about Business Continuity Rating: 0 out of 5 stars0 ratingsBusiness Continuity: Playbook Rating: 0 out of 5 stars0 ratingsISO 22301: 2019 - An introduction to a business continuity management system (BCMS) Rating: 4 out of 5 stars4/5The Manager’s Guide to Business Continuity Exercises: Testing Your Plan Rating: 0 out of 5 stars0 ratingsISO22301: A Pocket Guide Rating: 4 out of 5 stars4/5Business Continuity Management Systems: Implementation and certification to ISO 22301 Rating: 0 out of 5 stars0 ratingsBusiness Continuity Management A Complete Guide - 2020 Edition Rating: 0 out of 5 stars0 ratingsBusiness Continuity Exercises: Quick Exercises to Validate Your Plan Rating: 0 out of 5 stars0 ratingsBusiness Continuity and Disaster Recovery Planning for IT Professionals Rating: 0 out of 5 stars0 ratingsAdaptive Business Continuity: A New Approach Rating: 0 out of 5 stars0 ratingsBusiness Continuity Planning: A Step-by-Step Guide With Planning Forms Rating: 0 out of 5 stars0 ratingsBusiness Continuity Management: Choosing to Survive Rating: 3 out of 5 stars3/5Disaster Recovery and Business Continuity: A quick guide for organisations and business managers Rating: 0 out of 5 stars0 ratingsBusiness Continuity from Preparedness to Recovery: A Standards-Based Approach Rating: 0 out of 5 stars0 ratingsThe Manager’s Guide to Simple, Strategic, Service-Oriented Business Continuity Rating: 0 out of 5 stars0 ratingsThe Manager’s Guide to Enterprise Security Risk Management: Essentials of Risk-Based Security Rating: 0 out of 5 stars0 ratingsValidating Your Business Continuity Plan: Ensuring your BCP actually works Rating: 0 out of 5 stars0 ratingsManaging Information Security Breaches: Studies from real life Rating: 0 out of 5 stars0 ratingsCompliance Management System A Complete Guide - 2020 Edition Rating: 0 out of 5 stars0 ratingsBusiness impact analysis Complete Self-Assessment Guide Rating: 4 out of 5 stars4/5Mastering 21st Century Enterprise Risk Management - 2nd Edition: The Future of ERM - Book 1 - Executive's Guide Rating: 0 out of 5 stars0 ratingsIT GRC A Complete Guide - 2020 Edition Rating: 0 out of 5 stars0 ratingsInformation Security A Practical Guide: Bridging the gap between IT and management Rating: 5 out of 5 stars5/5Nine Steps to Success: North American edition: An ISO 27001 Implementation Overview Rating: 0 out of 5 stars0 ratingsInformation Security Breaches: Avoidance and Treatment based on ISO27001 Rating: 0 out of 5 stars0 ratingsISO 22301 A Complete Guide - 2020 Edition Rating: 0 out of 5 stars0 ratings
Business For You
Becoming Bulletproof: Protect Yourself, Read People, Influence Situations, and Live Fearlessly Rating: 4 out of 5 stars4/5Capitalism and Freedom Rating: 4 out of 5 stars4/5Crucial Conversations Tools for Talking When Stakes Are High, Second Edition Rating: 4 out of 5 stars4/5Crucial Conversations: Tools for Talking When Stakes are High, Third Edition Rating: 4 out of 5 stars4/5Law of Connection: Lesson 10 from The 21 Irrefutable Laws of Leadership Rating: 4 out of 5 stars4/5Just Listen: Discover the Secret to Getting Through to Absolutely Anyone Rating: 4 out of 5 stars4/5The Richest Man in Babylon: The most inspiring book on wealth ever written Rating: 5 out of 5 stars5/5Nickel and Dimed: On (Not) Getting By in America Rating: 4 out of 5 stars4/5Emotional Intelligence: Exploring the Most Powerful Intelligence Ever Discovered Rating: 5 out of 5 stars5/5Robert's Rules Of Order Rating: 5 out of 5 stars5/5Collaborating with the Enemy: How to Work with People You Don’t Agree with or Like or Trust Rating: 4 out of 5 stars4/5Set for Life: An All-Out Approach to Early Financial Freedom Rating: 4 out of 5 stars4/5Lying Rating: 4 out of 5 stars4/5The Intelligent Investor, Rev. Ed: The Definitive Book on Value Investing Rating: 4 out of 5 stars4/5Summary of J.L. Collins's The Simple Path to Wealth Rating: 5 out of 5 stars5/5Leadership and Self-Deception: Getting out of the Box Rating: 4 out of 5 stars4/5Your Next Five Moves: Master the Art of Business Strategy Rating: 5 out of 5 stars5/5Confessions of an Economic Hit Man, 3rd Edition Rating: 5 out of 5 stars5/5Tools Of Titans: The Tactics, Routines, and Habits of Billionaires, Icons, and World-Class Performers Rating: 4 out of 5 stars4/5Buy, Rehab, Rent, Refinance, Repeat: The BRRRR Rental Property Investment Strategy Made Simple Rating: 5 out of 5 stars5/5High Conflict: Why We Get Trapped and How We Get Out Rating: 4 out of 5 stars4/5The Five Dysfunctions of a Team: A Leadership Fable, 20th Anniversary Edition Rating: 4 out of 5 stars4/5How To Pay Off Your Mortgage in 5 Years Rating: 5 out of 5 stars5/5The Hard Thing About Hard Things: Building a Business When There Are No Easy Answers Rating: 4 out of 5 stars4/5Robert's Rules of Order: The Original Manual for Assembly Rules, Business Etiquette, and Conduct Rating: 4 out of 5 stars4/5Financial Words You Should Know: Over 1,000 Essential Investment, Accounting, Real Estate, and Tax Words Rating: 4 out of 5 stars4/5The Catalyst: How to Change Anyone's Mind Rating: 4 out of 5 stars4/5
Reviews for The Business Continuity Management Desk Reference
0 ratings0 reviews
Book preview
The Business Continuity Management Desk Reference - Jamie Watters
The Business Continuity Management
Desk Reference
Guide to Business Continuity Planning,
Crisis Management and IT Disaster Recovery.
24th October 2010
Business Leverage Ltd
Jamie Watters
Published by Leverage Publishing at Smashwords
Copyright 2010 Jamie Watters
www.LeveragePublising.com
All rights reserved. No part of this publication may be reproduced or distributed in any form or by any means without the prior permission of the author / or publisher.
The material in this book is provided for educational purposes only. No responsibility for loss occasioned to any person or corporate body acting or refraining to act as a result of reading material in this book can be accepted by the author or publisher.
All trademarks are the property of their respective owners. Business Leverage is not associated with any product or vendors mentioned in the book accept where stated.
Unless otherwise stated; any third party quotes and images are included under fair use
for comment, news reporting, teaching, scholarship and research.
Contents
1. Introduction
2. Business Continuity Management (BCM)
3. Kick start your Business Continuity
4. Getting started – First things first
5. Preparing the plan
6. IT Disaster Recovery
7. Business Recovery
8. Testing
9. Maintenance
10. Education and Awareness
11. Managing a Disaster
12. Return to Normal Operations
13. Governance and Reporting
14. Selecting and Managing Continuity Suppliers
15. Managing Supply Chain Continuity
Appendix
Appendix A – Criticality Levels
Appendix B – Roles and Responsibility Matrix (RACI)
Appendix C – Suggested BCM Timetable
Appendix D - Useful sources of reference & contacts
Appendix E – Continuity Assessment Questionnaire
Appendix F – Crisis Management Team Roles & Responsibilities
Appendix G - Call Cascade
Appendix H – Basic BCP template
Appendix I – BIA Questionnaire
Appendix J – BCM Standards
Appendix K – Severity Levels
Appendix L – Mapping Severity Levels to Criticalities
1. Introduction
Key Points of this chapter:
• Discusses how Business Continuity has evolved and where it is now.
• Explains why you should read this book
• Set out why you should listen to me
• Provide you with an overview of the book as a whole
Audience
This chapter should be of interest to everyone. It’s especially useful as a roadmap if you want to dip into the book rather than reading it cover to cover.
Business Continuity Now
Business Continuity has emerged in the last few years. It was born in high risk and highly regulated industries, but is spreading rapidly into all sectors and every type of organisations.
Originally, it was the domain of a few elite consultants; now having moved into the mainstream, it’s become a business as usual activity that’s performed by everyday people.
Historically, consultants charged a premium for their skills and knowledge to organisations that had no choice but to pay up for bespoke consultancy engagements. Now, with its proliferation and the multitude of practitioners embedded inside organisation continuity has been commoditised. This commoditisation is a good thing, as organisations need Business Continuity Management in place quickly, at the lowest cost and without pain.
This book covers the key aspects of Business Continuity and is written so that anyone can pick it up, read it then go and do it. It tells people what they have to do, it gives them simple tools to use and tells them what questions they need to ask and who they should be speaking to.
Purpose – why read this book?
I want to help people avoid the trial and error experience that my peers and I had to suffer as we gained knowledge and experience. I want to pass on my learning and save my readers the pain and anxiety that I had to go through.
So if you want to avoid the pain and learn all the essential aspects of Business Continuity, then this book is for you.
The aim of this book is to explain (in simple terms) all the key elements of Business Continuity for people that need to:
• Learn the basics of Business Continuity fast;
• Get something in place today so they’ll have a chance if disaster strikes tomorrow;
• Avoid the principle mistakes and be able to challenge issues that may exist;
• Prepare solid plans that people find easy to use and maintain;
• Identify and fix contingency related gaps in their systems, processes or people;
• Test their continuity plans and the people, suppliers and technology that they depend on;
• Make sure that all their staff know what to expect if disaster strikes and what they will need to do;
• Be compliant with the demands of internal auditors, external regulators and business partners that expect them to have solid Business Continuity that they can demonstrate;
• Extend Business Continuity into their suppliers and business partners so that third parties are able to meet their needs;
• Keep all the plans, scripts, solutions, etc. up to date without making it into a full-time job.
If you need to do any of these things read on, this book is for you!
Who should read this book?
This book is relevant to anyone that is in anyway involved in Business Continuity, Crisis Management and DR.
This list includes:
• Business Continuity Managers
• Business Continuity Co-ordinators that look after local plans and do the day to day administration and testing for their department.
• Executives that are accountable for the continued smooth running of their business, funding Business Continuity and making sure it meets the underlying business need.
• Technicians that support Business Continuity or DR solutions and are involved in testing or have responsibility for some element of the recovery of their business.
• Staff that have a role to play in preparing plans, testing or who have responsibilities in disaster recovery situation.
• Auditors who are responsible for making sure that the organisations Business Continuity arrangements meet business needs.
• Sales people that may sell Business Continuity or need to include an element of Business Continuity in their offerings. e.g. DR for their services, etc.
• Suppliers that need to meet their customers’ needs in regard to Business Continuity and DR.
• Suppliers that sell Business Continuity or DR services.
Practices to underpin frameworks
There are many excellent BCM frameworks like BS25999 and AS / NZS 5050. They all set out what you have to do and to some extent what you should learn, but in general they don’t tell you how. How do you analyse a BIA, how do you plan and deliver a DR test, how do you keep your staff informed, how do you keep your plans updated? In writing this book, I’m trying to plug that gap by sharing my experience and what I actually do.
BCM is an emotive subject; many practitioners are precious about what they do. To be frank, I don’t care what we do. I only care about getting results efficiently, effectively and doing it well.
For this reason, if you read anything in this book and think of a better way of doing things don’t think badly about me; think, Jamie should know this and take the time to gather your thoughts and lets me know so I can, improve what I do and improve this book too!
Why listen to me?
First, I’ve spent most of the last 25 years working in Business Continuity and IT Disaster Recovery related roles and have learnt much of what there is to know.
To be frank, it’s not been 25 years experience, it’s been more like a year here and there repeated for many years before the penny finally dropped. So, like most people that boast about years and years of experience I have something more like 2 years experience that’s taken me 25 years to get.
Now, what I’m offering you is the chance to exploit my mistakes and gain my insight in days, not months or years!
One of the key issues I’ve faced, and an issue that will probably concern you too, is how to deliver Business Continuity through people that have other full time roles that are nothing to do with Business Continuity; people for whom Business Continuity is a pain and a distraction from their main role.
I’ve come to realise that when creating a Business Continuity Programme it’s essential that it’s built with this reality in mind. It must address the deeper technical issues but without needing full time experts to make it work.
In short, I’ve had to learn the art of making Business Continuity simple and suitable for people that only look at their Business Continuity Plans once or twice a year. Wherever possible I’ve demystified it, so that when people come back to their plans nine months down the line, it’s like a hot knife through butter. If you want to learn to make it simple, then I hope I’m your man. If you want to immerse yourself in lots of bleak and mindless terminology then good luck, you’ll need it.
Structure
The book is structured so that you can either dip in as you need to or read it section by section. The section are organised as you should approach Business Continuity.
If sections don’t apply, for example, you might not have any third parties, feel free to skip them!
I’ve tried to highlight the relevance of each chapter at the beginning so you can decide in a few moments if it’s worth reading on.
Each chapter contains:
• Key Points – sets out the main points of the chapter to help you gauge its relevance.
• Audience - try to make it clear if you should read it.
• Main body – explores the key points of the chapter in detail
• Action plan – re-iterates the steps that will help to get you started
There are appendices that include useful things like checklists, templates and processes that you can use to get your own Business Continuity up and running.
These can also be downloaded from the web site.
The following gives a brief description of each chapter:
2. Business Continuity Management (BCM)
Explains a Business Continuity life cycle, introduces the various Business Continuity roles and outlines some key concepts that underpin Business Continuity.
3. Kick start your Business Continuity
This chapter is for people that currently have little or no Business Continuity in place. Its purpose is to help these people to get the basics in place very quickly; so that they’ll have a much better chance of surviving if disaster strikes tomorrow.
4. Getting started – First things first
In Business Continuity, like every discipline we start by establishing the requirements. In particular, we normally start by establishing what is critical in your business, so that you can be sure to recover the business if disaster strikes. This process is called Business Impact Analysis (BIA) and is the focus of Getting Started
.
5. Preparing the plan
The Business Continuity Plan describes what you’ll need to do in a disaster to keep your business running or if it’s stopped, what you’ll need to do to get it back up and running. It sets out the structure of a Business Continuity Plan and gives you the help you’ll need to get yours correctly populated.
6. IT Disaster Recovery
IT Disaster Recovery or DR for short; is how you protect and recover your critical IT services. This chapter explains the basic concepts of DR and tells you what you’ll need to do to get it up and running in your organisation and how to know if the DR you currently have is any good?.
7. Business Recovery
Business Recovery explains how to keep your critical business processes running during and after a disaster. This chapter explains the key aspects of business recovery and how you can get them in place as quickly as possible.
8. Testing
Once you have your plans and solutions, you have to make sure that they work. Testing is the principle way of providing assurance about your Business Continuity and DR. This chapter explains testing and describes how to go about it:
9. Maintenance
Maintaining your plans, solutions and skills is essential if your Business Continuity and DR is going to work on the day you need it. This chapter covers exactly what things you’ll need to maintain and the best way to go about maintaining them.
10. Education and Awareness
Having people that understand their responsibilities and are ready to perform in stressful situations is key to an organisations survival if disaster strikes. This chapter set out how you go about understanding your organisations educational needs. It also explains how to deliver a programme that informs every one of their responsibilities and prepares all key staff to act appropriately in potential disaster scenarios.
11. Managing a Disaster
The other decisive factors in business survival are: 1. how you respond to the incidents; 2. how you make decisions; 3. how you communicate information; and 4. how you monitor that your actions are working.
This chapter explains command and control in a disaster situation and helps you to set up a Crisis Management team that will get you out of the tightest squeeze
12. Return to Normal Operations
Getting your business back to normal operations can be a challenge. This chapter sets out what you need to do in order that you can revert from a disaster mode
of operation to normal operations
, and how to do it while minimising the risks of something else going wrong.
13. Governance and Reporting
Making sure that everything is under control is an essential business practice and something that every manager is keen to demonstrate. This chapter sets out policy, process and the key reports you’ll need for appropriate governance of Business Continuity. It also sets out how you can have all these elements of governance without creating a cottage industry.
14. Selecting and Managing Continuity Suppliers
If you work with suppliers who help you to deliver Business Continuity and DR, this chapter explains how to select the right partner and make sure that they deliver what’s been agreed.
15. Managing Supply Chain Continuity
With many businesses depending on third parties to provide critical services, products or resources it’s essential to make sure that suppliers have adequate contingency arrangements. You need to insure that they can continue to deliver your critical services if they experienced an interruption.
If they can’t provide this assurance, you need to ensure that alternative suppliers are available in time to prevent a supplier interruption becoming a disaster for you. This chapter explores this issue and sets out some simple actions that will expose the risks and make sure that you get them covered.
Acknowledgements
Before going further, I have to thank a few people. First, I have to thank my wife Janet for her enduring support and patience. Thanks also to my three children: Libby, Freya and Ben, who inspired me. Finally thanks to my dad Doug for making me a better person.
I’d like to thank all the people that have helped with their council, insight, wise words, criticism, innovation, support and good practice over the years; in particular: Ian Francis, David Thompson, Kamlesh Parmar, Ray Trapnell, Ann Freeman, Sam Fox, Martin Kavanagh, Karen Duggan, Mary Shearer, Karen Payne, Lee Hawkins, David Tomlinson, Alison Fitzgerald, Richard Bridgford, Tim Armit, Andy Tomkinson, John Tucker, Mark Liddington, Keith Tilley, Adrian Jenkins, Julia Graham, Luke Bazzard, Lee Webb, Vicki Gavin, Andrew McCracken, Linda Hall, Chris Keeling, David Shaw, Jeremy Burns, Ken Clarke, Paul Ingham, Tony Hulse, Pele Johnson, Keith Oldham, Mark Dignum, Christine Shevlin, Karla Covington, Tim Musson, Bill Nadakow, Lauren Mayle, Dan Bridge, Paul Cowan, Nick Simms, Jane Hamill, Karen Woodward, Nigel Fenton, Kerrie Smith, Howard Goodman, Catherine Edwards, Martin Byrne, Rebecca Roberts, Phil Cloke, Neil Elkins, Mike James, Martin Nowokowski, Andrew Hartley, Sanjeel Raza, Ravi Raveendran, Andy Todd, Soterios Papayiannis, Karen Azzopardi, Cath Stringer, Karen Fogarty, Derek Mason, Peter Lightfoot, James Swansborough-Smith, Jane Swansborough-Smith and Howard D’Silva.
I have to say a final thanks to Aaron Shepherd and Dan Poynter without whose generosity there’d be no book, no Leverage Publishing and I’d be on the train reading instead of writing.
2. Business Continuity Management (BCM)
In this chapter we introduce the key concepts of Business Continuity, explain how an organisation should approach Business Continuity and explore the roles that underpin Business Continuity.
Key Points:
• Explains why we have Business Continuity
• Describes how Business Continuity is delivered
• Introduces some basic concepts and vocabulary
• Introduces the key roles for people involved
• Outlines some key standards for Business Continuity & DR
• Identifies further sources of reference, services and support
Audience
This is basic grounding and is relevant for everyone; though if you’re familiar with the key concepts feel free to skip ahead.
What is Business Continuity Management
Business Continuity Management is both a process and a discipline. It exists to avoid any interruptions that could lead to either significant losses or a failure to achieve the organisations principle objectives.
Business Continuity as a Process
The process or Business Continuity Life Cycle describes how any organisation should go about Business Continuity i.e. ensuring that critical activities are performed no matter what else is happening.
The process is cyclical, and follows the same basic steps as most processes of continuous improvement. See Figure 1 - Business Continuity Process Life Cycle
The process first understands what constitutes a critical process, then plans how this will be maintained, then designs and delivers supporting solutions, then tests it all, until ultimately it keeps it all maintained and repeats itself ad-infinitum.
Figure 1 - Business Continuity Process Life Cycle
Business Continuity as a Discipline
The discipline is the collection of people and teams in your organisation that are responsible for the various steps that make up the Business Continuity life cycle. Business Continuity is also responsible for monitoring incidents