Note: Supplemental materials are not guaranteed with Rental or Used book purchases.
- ISBN: 9781420088649 | 1420088645
- Cover: Hardcover
- Copyright: 8/26/2009
The increased threat of natural and man-made risks on business operations means the stakes are now higher than ever. It is essential then that businesses develop contingency plans should these risks become reality. This book goes beyond theoretical aspects to provide tactical tools for selling a continuity program to senior leadership, building it through each step of the process, and validating it through testing. It also gives planners an easy-to-implement recovery plan for developing risk analysis, incident response, and recovery strategies. The author brings more than 20 years of first-hand continuity planning experience and a freshness that is a welcome resource to the professional's toolkit.
Introduction | p. xvii |
Where It All Began from Someone Who Was There | |
Disaster Recovery vs. Business Continuity: What Is the Difference? | p. 3 |
The Transition from Data-Center-Driven to Business-Driven | p. 5 |
Selling the Program | |
Financial Risks | p. 12 |
Risk to the Company Reputation | p. 13 |
Regulatory Risk | p. 15 |
Hidden Benefits of the Planning Process | p. 15 |
Why No One Believes in the "Big One" | p. 16 |
Project Initiation and Management | |
Defining the Scope of the Planning Effort | p. 19 |
Defining a Timeline | p. 21 |
Company Policy or Standard | p. 22 |
Resource Requirements | p. 22 |
Planning Phases and Deliverables | p. 23 |
Your Planning Team and Your Vital Records Program | |
Vital-Records Program | p. 28 |
Data Stored in Electronic Form | p. 28 |
Remote Replication/ Offsite Journaling | p. 28 |
Backup Strategies | p. 29 |
Hard-Copy Data | p. 30 |
Risk Evaluation and Control | |
Risk Management | p. 33 |
The Most Common Risks and Ways to Mitigate Them | p. 35 |
Natural-Hazard Risks | p. 36 |
Industry Risks | p. 40 |
Don't Forget the Neighbors! | p. 41 |
Risk-Management Practices | p. 41 |
Physical Security | p. 42 |
Information Security | p. 42 |
Records Management | p. 44 |
Privacy | p. 45 |
Vendor Management | p. 45 |
Operational Risk Management | p. 46 |
Internal/External Audit | p. 46 |
Managing the Risk | p. 47 |
Business Impact Analysis | |
What is a BIA? | p. 49 |
Why it is About Time Sensitivity, Not Criticality | p. 49 |
How to do This and Get it Right | p. 50 |
A Simple BIA Form | p. 52 |
Resource Requirements | |
How Many, What Type, and Where | p. 55 |
Technology Review: Business People and Technology People Speak Different Languages | p. 55 |
Desktop Image | p. 57 |
Routing Calls | p. 57 |
Printing, Faxing, and Copying | p. 58 |
Unique Equipment | p. 59 |
Interdependencies: Who Else Needs to Know/ Who Else Needs to Help | p. 59 |
The Business-Function Index | p. 60 |
Recovery Strategies | |
Selecting a Recovery Strategy for Business Operations | p. 61 |
Selecting a Recovery Strategy for Technology | p. 64 |
Cost-Benefit Analysis | p. 66 |
Implementing Recovery Strategies | p. 66 |
Documenting the Plan | |
What Are the Components of the Plan? | p. 68 |
Quick Reference Guide | p. 69 |
Initial Response Plans | p. 71 |
Communications | p. 71 |
Detailed Execution Procedures | p. 72 |
The Human Factor | p. 73 |
Administrative Support | p. 74 |
Logistics | p. 75 |
Finance Issues | p. 75 |
Transition Back to Normal Operations | p. 76 |
Distribution of the Plan | p. 77 |
Plan-Maintenance Strategies | p. 77 |
Using the Sample Plan | p. 78 |
Training and Awareness Programs | |
The Question | p. 81 |
Different Training for Different People | p. 82 |
Testing the Recovery Plan | |
First Rule of Testing Your Plan | p. 86 |
Types of Testing | p. 86 |
Planning the Exercise: Exercise Checklist | p. 91 |
Logistics Tasks | p. 92 |
Getting Ready to Test | p. 92 |
Exercise Begins | p. 93 |
Post-exercise Tasks | p. 94 |
Recovery-Team Review | p. 94 |
Publishing the Results | p. 95 |
Data-Center Exercise Reporting | p. 95 |
Change Control | p. 98 |
Test Schedules | p. 98 |
Coordinating with Public Agencies | |
What You Can Expect From Public Agencies | p. 99 |
Whom You Should Have Relationships with Before There is a Crisis | p. 99 |
How to Engage Them in Your Program | p. 100 |
Crisis Management/Event Management | |
Event Management | p. 103 |
When an Event Becomes a Crisis | p. 110 |
Leadership in Crisis | p. 110 |
Problem Management | p. 114 |
Crisis Communications | |
Recovery Communications | p. 115 |
Employee Notification | p. 116 |
Communications Among and to Your Recovery Teams | p. 117 |
Using Conference Bridges | p. 119 |
Communications to Customer, Clients, and Vendors | p. 119 |
Handling the Media | p. 120 |
Work You can do Before an Event | p. 122 |
Pandemic Planning | |
An Influenza Tutorial | p. 125 |
Pandemics in the Last Century | p. 128 |
So What Is Bird Flu and Why Are We Worried? | p. 130 |
HINI Flu | p. 132 |
Economic Impacts of a Pandemic | p. 135 |
Public Health Law and Quarantine | p. 136 |
Pandemic Planning Assumptions from the CDC | p. 136 |
Why is this Plan Different? | p. 138 |
Human-Resources Policy Changes | p. 142 |
Life Safety | |
What Is Life Safety? | p. 145 |
Floor/Fire Wardens | p. 146 |
Fires and Evacuation Drills | p. 147 |
Assembly Areas | p. 148 |
Using Fire Extinguishers-Why I Don't | p. 149 |
How Often to Conduct Drills | p. 150 |
Shelter in Place | p. 151 |
Tornados and Tornado Drills | p. 153 |
Workplace Violence | p. 156 |
Transitioning from Project to Program | |
The Components of the Contingency-Planning Program | p. 164 |
Annual Program Business Requirements | p. 165 |
Annual Technology-Program Requirements | p. 171 |
Annual Crisis Leadership Program Requirements | p. 171 |
Emergency Operations Center | p. 172 |
Program Roles and Responsibilities | p. 172 |
Corporate Contingency Planning | p. 172 |
Business-Continuity Planners | p. 173 |
The Leadership Team | p. 176 |
Key Leadership-Team Responsibilities | p. 176 |
Contingency Planning | p. 176 |
Information Security | p. 176 |
Human Resources | p. 178 |
Corporate Communications | p. 178 |
Security Services | p. 178 |
Technology Services | p. 179 |
Corporate Real Estate/Facilities | p. 180 |
Corporate Risk and Insurance | p. 180 |
Corporate Legal/Compliance | p. 181 |
Logistics | p. 181 |
Business | p. 182 |
Administrative Support | p. 182 |
Industry Certifications and Professionalization | |
DRII-The Institute for Continuity Management | p. 186 |
BCI-The Business Continuity Institute | p. 188 |
Disaster Planning at Home | |
Be Ready When Disaster Strikes You Personally | p. 191 |
Family Emergency Plan | p. 192 |
The Regulatory Environment | |
Legal and Regulatory Requirements | p. 196 |
Regulations for Financial Institutions | p. 196 |
Sarbanes Oxley-Section 404 Management Assessment of Internal Controls | p. 198 |
Legal Standards | p. 198 |
Tools, Software, Recovery Contracts, Consultants and Other Matters | |
Communication Tools | p. 201 |
Communication Methods | p. 201 |
Planning Tools | p. 204 |
Third-Party Recovery Sites | p. 205 |
Using Consultants | p. 207 |
Summary and Lessons Learned from Real Events | |
Lessons Learned from Real Recoveries | p. 209 |
September 11, 2000 | p. 209 |
September 11, 2001 | p. 212 |
The Recovery from Hurricane Katrina | p. 224 |
It's All About the People | p. 226 |
Conclusion | p. 228 |
One Step at a Time | p. 228 |
The Future of Business Continuity | p. 230 |
Sample Business-Resumption Plan | |
Introduction | p. 233 |
Quick Reference Information in an Emergency | p. 236 |
Gather | p. 236 |
Assess | p. 236 |
Decide | p. 237 |
Mobilize | p. 237 |
Communicate | p. 238 |
Recover | p. 238 |
Executive Overview | p. 239 |
Executive Signoff | p. 240 |
Plan Maintenance History | p. 241 |
Sample Purpose, Objectives, and Assumptions | p. 241 |
Purpose of the Plan | p. 241 |
Objectives of the Plan | p. 241 |
Plan Overview | p. 242 |
Assumptions | p. 243 |
Recovery Strategies | p. 244 |
Recovery Management | p. 245 |
Executive Emergency-Management Team | p. 245 |
Emergency-Management Team for Each Site | p. 246 |
Response Teams for Each Site | p. 246 |
Command Centers | p. 247 |
Human-Resource Management | p. 248 |
Injury to Employee | p. 248 |
Employee Fatalities | p. 248 |
Temporary Help/Contractors | p. 249 |
Employees Under Stress | p. 249 |
Family Issues | p. 249 |
Administrative Support | p. 250 |
Food, Travel, Lodging | p. 250 |
Travel by Team Members/Travel Arrangements | p. 251 |
Finance Issues | p. 251 |
Equipment Purchases | p. 251 |
Expense Reports | p. 252 |
Cash Advances | p. 252 |
Recovery Communications | p. 252 |
Employee Notification | p. 252 |
Internal Business-Unit Communications | p. 252 |
External Communications-Media | p. 253 |
External Communications-Customers/Clients | p. 253 |
Recovery Status Updates | p. 253 |
Problem Management | p. 253 |
Communications with Recovery Team | p. 254 |
Conference Bridges | p. 254 |
Site Recovery | p. 254 |
Plan-Activation Procedures | p. 256 |
Emergency Alert | p. 256 |
Damage Assessment | p. 256 |
Notification Procedures | p. 257 |
Command-Center Activation | p. 257 |
Sample Checklists for Management Team and Response Team | p. 258 |
Executive Emergency-Management Team Procedures | p. 258 |
Emergency-Management Team Procedures/Emergency-Management Team Leader | p. 259 |
Emergency-Management Team Procedures/Site-Management Team Leader | p. 260 |
Emergency-Management Team Procedures/Response-Team Leader | p. 261 |
Emergency-Management Team Procedures/Human-Resources Representative | p. 262 |
Emergency-Management Team Procedures/Finance Representative | p. 263 |
Emergency-Management Team Procedures/Systems-Team Leader | p. 264 |
Emergency-Management Team Procedures/Client-Relationship Representative | p. 264 |
Emergency-Response Team/Response-Team Leader/Site | p. 265 |
Emergency-Response Team/Critical-Function Team Leader/Site Recovery | p. 266 |
Emergency-Response Team/LAN-Recovery-Team Leader/Site Recovery | p. 268 |
Emergency-Response Team/Systems Team/Site | p. 269 |
Emergency-Response Team/Offsite-Storage Leader/Site Recovery | p. 270 |
Emergency-Response Team/Critical-Function-Recovery Team/Site Recovery | p. 271 |
Emergency-Response Team/Facilities Team/Site Recovery | p. 272 |
Recovery Plan for Loss of Business Applications | p. 272 |
Loss of Data Center Plan-Activation Checklist | p. 273 |
Plan Activation | p. 275 |
Emergency Alert | p. 275 |
Impact Assessment | p. 275 |
Notification Procedures | p. 275 |
Command-Center Activation | p. 276 |
Disaster Declaration Procedures | p. 277 |
Offsite Procedures | p. 277 |
Call-Notification Script | p. 278 |
Recovery Locations and Travel Directions | p. 279 |
Hotels near the Recovery Facility | p. 279 |
Caterers near the Recovery Facility | p. 279 |
Food Request | p. 280 |
Travel and Accommodations Request Form | p. 280 |
Business Function Recovery Order of Priority | p. 281 |
Internal Business Systems Priority | p. 281 |
Updating the Corporate Contingency Information Line | p. 282 |
Problem Reporting/Change-Management Procedure | p. 282 |
Purchase Requisition | p. 283 |
Cash-Advance Form | p. 283 |
Contractor/Temporary Reassignment Staffing Form | p. 284 |
Injury Report Form | p. 284 |
Conference Bridges | p. 285 |
Inbound 800 Service | p. 285 |
Safety and Emergency Procedures | p. 285 |
There is a Fire | p. 285 |
There is Severe Weather | p. 285 |
Evacuation of Your Area is Announced | p. 286 |
Medical Assistance is Needed | p. 286 |
You Receive a Bomb Threat | p. 287 |
An Unauthorized Person is in Your Workspace | p. 287 |
A Suspicious Package is in Your Workspace | p. 287 |
There is a Threat of Workplace Violence | p. 288 |
Sample Initial-Response Plan for Small Sites | |
Business-Continuity Planners | p. 290 |
ERO-Event-Management Team | p. 290 |
Floor Wardens | p. 290 |
Establish Conference-Bridge Procedures | p. 291 |
Identify Functions | p. 291 |
Severe Weather and Other Limited Site Events | p. 292 |
Where to Go if Your Cannot Get Back into Your Building | p. 292 |
Alternate-Site Locations for Office | p. 293 |
Seat Assignments at the Alternate Sites | p. 293 |
Alternate-Site Declaration-Corporate Alternate Sites | p. 294 |
Disaster Declaration Procedures | p. 296 |
Safety and Emergency Procedures | p. 296 |
There is a Fire | p. 296 |
There is Severe Weather | p. 296 |
Evacuation of Your Area is Announced | p. 297 |
Medical Assistance is Needed | p. 297 |
You Receive a Bomb Threat | p. 298 |
An Unauthorized Person is in Your Workspace | p. 298 |
A Suspicious Package is in Your Workspace | p. 298 |
There is a Threat of Workplace Violence | p. 299 |
Test-Planning Guide and Sample Test Plan for Business-Unit Exercises at an Alternate Site | |
Exercise Checklist | p. 301 |
Alternate-Site Test Plan Sample for Business-Unit Testing | p. 303 |
Contingency Planning Test Plan-Alternate Site | p. 303 |
Driving Directions to the Alternate Site | p. 304 |
Timeline | p. 304 |
Participants | p. 305 |
Alternate-Site Floor Plan | p. 305 |
Calls to be Rerouted | p. 305 |
Communication Conference Bridge | p. 305 |
Problem Reporting | p. 305 |
Action Items from Test | p. 306 |
Problem-Reporting Tickets | p. 306 |
Test Participant Survey | p. 306 |
Test Evaluation | p. 308 |
Test Scenarious | p. 311 |
Alternate-Site Development Kit | p. 313 |
Business-Continuity-PlannerJob Description | |
Purpose | p. 317 |
Goal | p. 317 |
Duties and Responsibilities | p. 318 |
Knowledge and Skills | p. 319 |
Education/Experience | p. 319 |
Accountabilities | p. 319 |
Organizational Relationships | p. 319 |
Index | p. 321 |
Table of Contents provided by Ingram. All Rights Reserved. |
What is included with this book?
The New copy of this book will include any supplemental materials advertised. Please check the title of the book to determine if it should include any access cards, study guides, lab manuals, CDs, etc.
The Used, Rental and eBook copies of this book are not guaranteed to include any supplemental materials. Typically, only the book itself is included. This is true even if the title states it includes any access cards, study guides, lab manuals, CDs, etc.