You are previewing Disaster Recovery, Crisis Response, and Business Continuity: A Management Desk Reference.
O'Reilly logo
Disaster Recovery, Crisis Response, and Business Continuity: A Management Desk Reference

Book Description

You're in charge of IT, facilities, or core operations for your organization when a hurricane or a fast-moving wildfire hits. What do you do?

Simple. You follow your business continuity/disaster recovery plan. If you've prepared in advance, your operation or your company can continue to conduct business while competitors stumble and fall. Even if your building goes up in smoke, or the power is out for ten days, or cyber warriors cripple your IT systems, you know you will survive.

But only if you have a plan. You don't have one? Then Disaster Recovery, Crisis Response, and Business Continuity: A Management Desk Reference, which explains the principles of business continuity and disaster recovery in plain English, might be the most important book you'll read in years.

Business continuity is a necessity for all businesses as emerging regulations, best practices, and customer expectations force organizations to develop and put into place business continuity plans, resilience features, incident-management processes, and recovery strategies. In larger organizations, responsibility for business continuity falls to specialist practitioners dedicated to continuity and the related disciplines of crisis management and IT service continuity. In smaller or less mature organizations, it can fall to almost anyone to prepare contingency plans, ensure that the critical infrastructure and systems are protected, and give the organization the greatest chance to survive events that can--and do--bankrupt businesses.

A practical how-to guide, this book explains exactly what you need to do to set up and run a successful business continuity program. Written by an experienced consultant with 25 years industry experience in disaster recovery and business continuity, it contains tools and techniques to make business continuity, crisis management, and IT service continuity much easier. If you need to prepare plans and test and maintain them, then this book is written for you. You will learn:

  • How to complete a business impact assessment.

  • How to write plans that are easy to implement in a disaster.

  • How to test so that you know your plans will work.

  • How to make sure that your suppliers won't fail you in a disaster.

  • How to meet customer, audit, and regulatory expectations.

  • Disaster Recovery, Crisis Response, and Business Continuity: A Management Desk Reference will provide the tools, techniques, and templates that will make your life easier, give you peace of mind, and turn you into a local hero when disaster strikes.

    What you'll learn

  • All the concepts comprising business continuity, IT service continuity, data recovery, and crisis management

  • How to set up and run an end-to-end business continuity program for your organization

  • How to write business continuity policies and governance documents

  • How to test your business continuity plans, system DR, data center DR, and crisis management processes

  • How to avoid almost all the common traps that both beginners and experienced practitioners fall into

  • How to keep your IT system up and running in the face of disaster

  • Who this book is for

    Business continuity managers and analysts, emergency planners, disaster recovery managers, service continuity managers and analysts, IT project and operations managers, IT availability managers, auditors, facilities managers, heads of IT, risk analysts and managers, site managers, office managers, governance professionals, and C-level managers.

    Table of Contents

    1. Title Page
    2. Apress Business: The Unbiased Source of Business Information
    3. Dedication
    4. Contents
    5. About the Author
    6. Acknowledgments
    7. Introduction
    8. PART I: Introduction to Business Continuity and Disaster Recovery
      1. CHAPTER 1: Business Continuity Management
        1. What Is Business Continuity Management?
        2. How Is Business Continuity Implemented?
        3. Criticality
        4. Severity Levels
        5. Scenarios and Risks
        6. The Five Possible Outcome Scenarios
        7. The Importance of Time
        8. Who Does What?
        9. When Do You Do BCM?
        10. Standards
        11. Action Plan
      2. CHAPTER 2: Essentials of Business Continuity Management
        1. BCM vs. Disaster Recovery
        2. Where Do You Stand Today? Take the Continuity Assessment
        3. Start with the Essentials
        4. Senior Management Involvement
        5. Employee Buy-in Plan
        6. Action Plan
    9. PART II: Plan for Business Continuity and Disaster Recovery
      1. CHAPTER 3: Getting Started
        1. Understand What’s Critical
        2. Completing a BIA
        3. Analyzing the BIA
        4. Risk Analysis
        5. Residual Risk
        6. Action Plan
      2. CHAPTER 4: Planning
        1. What a Business Continuity Plan Should Include
        2. Essential Ingredients of a BCP
        3. Structuring Your BCP
        4. Identify What Will Trigger Your BCP
        5. Create Battle Boxes and Grab Bags
        6. Create a One-Page Wallet Plan
        7. Mitigate Risk
        8. Identify Roles
        9. Have Accountable Managers Approve Plans
        10. Action Plan
      3. CHAPTER 5: IT Disaster Recovery
        1. What Is DR?
        2. Risks and Issues Associated with DR
        3. DR Solutions for IT
        4. Basic DR Concepts and Technology
        5. DR Roles and Responsibilities
        6. DR and Projects
        7. Documenting DR Risks
        8. Preparing a DR Business Case
        9. Undertake a DR Project
        10. The Change Process
        11. Get DR Going Live
        12. Action Plan
      4. CHAPTER 6: Business Recovery Strategies
        1. What Does Business Recovery Involve?
        2. Understand Resilient Functions
        3. Understand Recoverable Functions
        4. Employ Manual Workarounds
        5. Size Your Solution
        6. Business Recovery Options
        7. Remediation: Identify Gaps in the Plan
        8. Prepare a Business Continuity Business Case
        9. Action Plan
      5. CHAPTER 7: Supply Chain
        1. Have a Plan in Place
        2. Assessing Third-Party Risk
        3. Business Continuity and Contracts
        4. Action Plan
      6. CHAPTER 8: Continuity Suppliers
        1. Selecting Business Continuity Suppliers
        2. Demand Good Service
        3. Action Plan
      7. CHAPTER 9: Education and Awareness
        1. The Point of Education
        2. Education and Awareness Program
        3. What Are Your Needs?
        4. Measuring Education and Awareness
        5. Action Plan
      8. CHAPTER 10: Governance and Reporting
        1. Create a Policy
        2. Set Standards and Create Processes
        3. Assign Steering and Management Accountability
        4. Assess Maturity Annually
        5. Manage Information
        6. Audit Plans and Actions Regularly
        7. Action Plan
    10. PART III: Test and Maintain Your Continuity and Recovery Plans
      1. CHAPTER 11: Testing Principles
        1. Why Test?
        2. You Must Be a Realist
        3. What Testing Proves
        4. Types of Testing
        5. Testing Scenarios
        6. Conduct Desktop Walkthrough Exercises
        7. Leveraging Scenarios
        8. Action Plan
      2. CHAPTER 12: IT Disaster Recovery Testing
        1. Apply Basic Project Management Tools to Disaster Recovery Tests
        2. Assign Disaster Recovery Testing Roles and Responsibilities
        3. Use Scenario-Based Disaster Recovery Testing
        4. Plan DR Tests Well
        5. Engage Management in the Disaster Recovery Test
        6. Provide the Right Resources
        7. Test Regularly
        8. Manage Test Risk
        9. Report Results Quickly
        10. Action Plan
      3. CHAPTER 13: Business Recovery Testing
        1. Apply Basic Project Management Tools to Work Area Recovery Tests
        2. Assign Work Area Recovery Testing Roles and Responsibilities
        3. Use Scenario-Based Testing for Work Area Recovery
        4. Plan Well for WAR Tests
        5. Engage Management in Work Area Recovery Tests
        6. Engage Users in Work Area Recovery Testing
        7. Provide the Right Resources
        8. Test Regularly
        9. Manage Test Risks
        10. Report Results Quickly
        11. Closing a Work Area Recovery Test
        12. Action Plan
      4. CHAPTER 14: Crisis Management Exercising
        1. Key Elements in Crisis Management Exercises
        2. Choose a Meaningful Crisis Scenario
        3. People Need a Successful Outcome
        4. Developing the Crisis Management Team
        5. Improving the Crisis Management Process
        6. Make Sure Exercise Materials Are Appropriate
        7. Employ Quality Inputs to the Exercise
        8. Use Timeouts
        9. Engage Management
        10. Rotate Participants
        11. Conduct Crisis Exercises Frequently
        12. Report Frequently and Accurately
        13. Exercise Roles and Responsibilities
        14. Closing a Crisis Exercise
        15. Action Plan
      5. CHAPTER 15: Maintenance
        1. Never Forget: Disaster Recovery Is an Essential Function
        2. Review Change Management Processes and Controls
        3. Identify Events that Trigger Business Continuity Management Reviews
        4. Maintain Your Business Continuity Plan
        5. Business Recovery Solution Maintenance
        6. Maintain Your Information Technology Disaster Recovery Solution
        7. Maintain Your Crisis Management Plan
        8. Maintain Your Policies
        9. Action Plan
    11. PART IV: Execute the Plan
      1. CHAPTER 16: Manage a Disaster
        1. Identification and Notification
        2. Triage
        3. Command and Control
        4. Records
        5. Postmortem
        6. Responding to Different Scenarios
        7. Action Plan
      2. CHAPTER 17: Post Event
        1. Understanding the Different Planning Scenarios
        2. Consider the Ongoing Risks
        3. Planning the Return to Normal
        4. Maintaining Command and Control
        5. Action Plan
    12. PART V: Appendices
      1. APPENDIX A: Criticality Levels
      2. APPENDIX B: Roles and Responsibility Matrix
        1. Key to Activity
        2. Key to Roles
      3. APPENDIX C: Suggested Business Continuity Management Timetable
      4. APPENDIX D: Useful Resources and Contacts
        1. Business Continuity Organizations
        2. Business Continuity Standards
        3. National, Regional, Government, and Law
        4. Financial Services and Insurance
        5. Emergency Planning
        6. Fire and Flood
        7. Publications, Websites, White Papers, and Guidance
      5. APPENDIX E: Continuity Assessment Questionnaire
      6. APPENDIX F: Crisis Management Team Roles and Responsibilities
      7. APPENDIX G: Call Cascade
      8. APPENDIX H: Basic Business Continuity Plan Template
        1. Key Contacts
        2. Useful Numbers
        3. Escalation Process
        4. Initial Response Checklist
        5. Day 0 Action Plan
        6. Critical Activities List
        7. Critical Systems List
        8. Work Transfer List
        9. Recovery Profile
        10. Additional Equipment List
        11. Call Cascade
        12. Contingency Site Details
        13. Assembly Point Details
      9. APPENDIX I: Business Impact Analysis Questionnaire
        1. 1. General Information
        2. 2. Critical Activities
        3. 3. Internal Dependencies
        4. 4. External Dependencies
        5. 5. Systems Dependencies
        6. 6. Manual Workarounds
        7. 7. Work Transfer
        8. 8. Desktop Profile
        9. 9. Staff Recovery Profile
        10. 10. Recovery Strategy
        11. 11. Additional Requirements
      10. APPENDIX J: Business Continuity Management Standards
      11. APPENDIX K: Severity Levels
      12. APPENDIX L: Mapping Severity Levels to Criticalities
    13. Index