You are previewing Business Continuity Management: Choosing to Survive.
O'Reilly logo
Business Continuity Management: Choosing to Survive

Book Description

Business disruption: how will you survive? Fail to plan and your business may fail!

Would your business survive a major incident? What if your key staff were suddenly unavailable? What if your premises were to become uninhabitable? What if your systems and data failed altogether? Would your business ever recover? At what cost?

Business Continuity Management: Choosing to survive shows you how to systematically prepare your business, not only for the unthinkable, but also for smaller incidents which, if left unattended, could well lead to major disasters. A business continuity management (BCM) program is critical for every business today, and this book will enable you to develop and implement yours to maximum effect.

An effective BCM program will have a positive impact on your business, not only enabling you to carry on 'business as usual' in the event of an incident, but also in its day-to-day running. You will realize:

  • improved organizational performance
  • improved stakeholder confidence (including shareholders, customers, supply chain)
  • competitive advantages
  • financial savings
  • increased profits.

With specific reference to ISO22301, ANSI/ASIS SPC.1-2009, ISO27031 and ISO/IEC 24762, this up-to-date, practical resource will guide you through all the elements of a BCM program, plans and implementations. It covers all the critical elements of your business, from people and premises to technology and facilities management.


Table of Contents

  1. Cover
  2. Title
  3. Copyright
  4. Contents
  5. Preface
  6. About the Author
  7. Acknowledgements
  8. Chapter 1: Introduction
    1. What is business continuity management?
    2. Benefits of effective BCM programs
    3. Emerging risk and threat topologies
    4. BCM and risk management
    5. BCM and compliance
    6. BCM and insurance
  9. Chapter 2: Setting up the BCM Program
    1. Gathering key success factors
    2. Establishing the governance model
    3. Establishing the BCM organizational unit
    4. Organizations with a regional or international presence
  10. Chapter 3: Running the BCM Life Cycle
    1. Running the BCM life cycle for the first time
    2. Business impact analysis
    3. Risk and threat assessment
    4. Strategies and risk treatment plans
    5. Planning and implementation
    6. Awareness and training
    7. Testing
    8. Rerunning the cycle
  11. Chapter 4: BCM Standards
    1. ISO22301 societal security – preparedness and continuity management systems – requirements
    2. ASIS SPC.1-2009 organizational resilience: security, preparedness, and continuity management systems requirements with guidance for use
  12. Chapter 5: Technology Continuity
    1. IT disaster recovery and readiness for business continuity (ITDR and IRBC)
    2. Technology continuity sites
    3. Technology continuity outside IT
  13. Chapter 6: Technology Continuity Standards
    1. ISO/IEC 27031 information technology – security techniques – guidelines for information and communication technology readiness for business continuity (IRBC)
    2. ISO/IEC 24762:2008 information technology – security techniques – guidelines for information and communications technology disaster recovery sites
  14. Chapter 7: Facilities Management and Physical Security
    1. Facilities management
    2. Physical security preparations
    3. Environmental setups and preparations
  15. Chapter 8: Evacuation Plans
    1. Features of an effective evacuation plan
    2. Evacuation plan development
    3. Communicating the plans
    4. Training and testing
  16. Chapter 9: People and BCM
    1. The importance of people
    2. Succession planning
  17. Chapter 10: BCM Software
    1. The need for BCM software
    2. Role of BCM software within the BCM life cycle
    3. Features of effective BCM software
    4. Deploying BCM software
  18. Appendix 1: BCM Policy
    1. Objective
    2. Policy statement
    3. Policy ownership and maintenance
    4. Disaster definition
    5. Policy guidelines
  19. Appendix 2: BIA Questionnaire
    1. Purpose
    2. Questionnaire contacts
    3. Terminology
    4. Understanding your processes – general process information
    5. Understanding your processes – internal and external dependencies
    6. Understanding your processes – impacts and criticality
    7. Identifying RTO, season, and RPO
    8. Understanding your processes – IT and resource requirements
    9. Succession planning – identification of human resources
    10. Assets required during disaster – identification of recovery resources
  20. Appendix 3: BIA Report
    1. Executive summary
    2. Abbreviations and acronyms
    3. Introduction
    4. Scope
    5. Approach
    6. Assumptions
    7. Consolidated results
    8. Observations
    9. Recommendations
  21. Appendix 4: Risk Assessment Questionnaire
  22. Appendix 5: Risk Assessment Report
    1. Introduction
    2. Objectives
    3. Approach
    4. Summary of results
    5. Detailed risk information
    6. Risk treatment plan
  23. Appendix 6: BCM Strategy Report
    1. Executive summary
    2. Introduction
    3. Key inputs for developing the business continuity strategy
    4. Objectives of the business continuity strategy
    5. Methodology
    6. Overview of the preferred/recommended business continuity strategy for the organization
    7. Business continuity strategy – crisis management
    8. Business continuity strategy – processes
    9. Business continuity strategy – technology
    10. Business continuity strategy – data and information
    11. Business continuity strategy – supplies
    12. Business continuity strategy – people
    13. Business continuity strategy – facilities and premises
    14. Business continuity strategy – business continuity management
    15. Implementation and ownership
  24. Appendix 7: BCM Plan
    1. Scope
    2. Objective
    3. Team leader contact details and responsibilities
    4. Team member details
    5. Activities to be performed immediately after a disaster
    6. Activities to be performed during disaster recovery
    7. Relevant locations
    8. Processes to be performed if IT systems are available
    9. Processes to be performed if IT systems are not available
    10. Resource requirements
    11. List of documents/manuals to be stored off site
    12. Contact list
    13. Vendor list
    14. Sample press release
    15. Handling a media interview
  25. Appendix 8: ITDR Plan
    1. Scope
    2. Objective
    3. Team structure
    4. Activities to be performed immediately after a disaster
    5. Activities to be performed during disaster recovery
    6. Relevant locations
    7. Disaster declaration matrix
    8. Recovery procedures
    9. List of documents/manuals to be stored off site
    10. Contact list
    11. Vendor list
  26. Appendix 9: Evacuation Plan.
    1. Description of building
    2. Map containing building and assembly point(s)
    3. Floor layouts
    4. Handling fire emergencies
    5. Roles and responsibilities
    6. Important emergency numbers
    7. Employees’ emergency contact information
  27. Appendix 10: Test Plans and Forms
    1. Scope
    2. Objectives
    3. Test frequency
    4. Test types
    5. The test process and mechanism
    6. Tests calendar
    7. Detailed test plan
    8. Test preparation form
    9. Test assessment form
  28. ITG Resources