You are previewing Validating Your Business Continuity Plan: Ensuring your BCP actually works.
O'Reilly logo
Validating Your Business Continuity Plan: Ensuring your BCP actually works

Book Description

75% of companies without a business continuity plan fail within three years. Disruptive incidents can affect any organization and occur at any moment. ICT outages, cyber attacks, natural disasters, terrorist attacks, pandemics, supply chain failures and other unexpected events can all affect productivity and in many cases place a company’s survival in serious jeopardy. Business continuity planning is essential to overcoming business disruptions, but too many companies prepare business continuity plans and then shelve them, only for those plans to fail when they’re actually needed. 80% of companies that have not recovered from a disaster within one month go out of business. A business continuity plan that isn’t validated isn’t a plan at all – it’s merely a strategy. Indeed, in some cases an untested plan is worse than no plan at all. In spite of this, only 30% of businesses actually validate their business continuity plans. Product overview Business continuity planning is a process of continual improvement, not a matter of writing a plan and then putting your feet up. Attempting to validate every aspect of your plan, however – particularly in a live rehearsal situation – could create a disaster of your own making.Validating Your Business Continuity Plan examines the three essential components of validating a business continuity plan – exercising, maintenance and review – and outlines a controlled and systematic approach to BCP validation while considering each component, covering methods and techniques such as table-top reviews, workshops, and live rehearsals. The book also takes account of industry standards and guidelines to help steer the reader through the validation process, including the international standard ISO 22301 and the Business Continuity Institute’s Good Practice Guidelines. In addition, it provides a number of case studies based on the author’s considerable experience – some of them successful, others less so – to highlight common pitfalls and problems associated with the validation process. Contents Introduction Standards and guidelines Business continuity begins at home Defining your exercise programme Selected scenarios Live rehearsal case studies It could happen to anyone, couldn't it? Maintaining your BCMS Reviewing your BCMS Performance appraisal Using consultants to help you exercise Training and education Additional reference material About the author Robert A Clark is a fellow of the Institute of Business Continuity Management, a fellow of the British Computer Society, a member of the Business Continuity Institute and an Approved BCI Instructor. He was employed by IBM for 15 years and Fujitsu for 11, working with clients on BCM-related assignments. He is now a freelance business continuity consultant at Since 2014, he has been a part-time associate lecturer at Manchester Metropolitan University, where he has delivered BCM courses to both undergraduate and postgraduate students.

Table of Contents

  1. Cover
  2. Title
  3. Copyright
  4. Dedication
  5. Acknowledgements
  6. About the Author
  7. Foreword
  8. Preface
  9. Content
  10. List of Figures
  11. Chapter 1: Introduction
    1. 1.1 Unconscious incompetence to unconscious competence
    2. 1.2 The benefits of effective validation
    3. 1.3 Why do we need to exercise our BCP?
    4. 1.4 Does everyone need to validate their BCP?
    5. 1.5 In the beginning there was a flood
  12. Chapter 2: Standards and guidelines
    1. 2.1 What is in a name ?
    2. 2.2 Regulations, legislations, standards and good practice
    3. 2.3 The ISO22301 BCMS family of standards
    4. 2.4 The Business Continuity Institute’s good practice guidelines
    5. 2.5 Small and medium size enterprise considerations
    6. 2.6 Quality assurance
  13. Chapter 3: Business continuity begins at home
  14. Chapter 4: Defining your exercise programme
    1. 4.1 Securing an exercise programme budget
    2. 4.2 Planning your exercises
    3. 4.3 Executing your exercises
    4. 4.4 Post exercise activity
    5. 4.5 Validating outsourced products and services
    6. 4.6 Running unannounced exercises
    7. 4.7 Assessing the costs and risks
  15. Chapter 5: Selected Scenarios
    1. 5.1 Media communications
    2. 5.2 ICT disaster recovery
    3. 5.3 Terrorism
    4. 5.4 Scenario summary
  16. Chapter 6: Live rehearsal case studies
    1. 6.1 From a full dress rehearsal to the real thing inside four months
    2. 6.2 Guildhall filled with smoke for training exercise
    3. 6.3 Airport simulates runway aircraft collision
    4. 6.4 Rehearsing a 9/11 type scenario 16 years before it happened
    5. 6.5 Sorry, you cannot evacuate the building before lunch is finished!
    6. 6.6 Three active shooter situation exercises
    7. 6.7 Waking Shark II – Desktop cyber exercise
    8. 6.8 Wave I pandemic exercise
    9. 6.9 Twitter used in mock bomb threat exercise
    10. 6.10 Responding to a WMD incident
    11. 6.11 Power failure – testing your generators
    12. 6.12 Bomb scare at General Hospital
    13. 6.13 No, Rakesh is an Indian
  17. Chapter 7: It could happen to anyone, couldn’t it?
    1. 7.1 Did you hear the one about the Irish business continuity exercise?
    2. 7.2 Don’t forget to tell the emergency services
    3. 7.3 Your shortest RTO is two hours and it will take three hours to retrieve your BCP
    4. 7.4 La piece de resistance – and I couldn’t even claim the credit
    5. 7.5 Who has got the disaster recovery site key?
    6. 7.6 I’m sorry, he doesn’t live here anymore
    7. 7.7 Don’t forget your desktop environment
    8. 7.8 We can’t come, it’s our Christmas cruise
    9. 7.9 Who forgot to tell the catering manager?
    10. 7.10 Check the small print in the contract
    11. 7.11 Oh, we did a full live exercise of our BCP last Monday
  18. Chapter 8: Maintaining your BCMS
    1. 8.1 Maintenance activities
    2. 8.2 Keeping abreast of organisational changes
    3. 8.3 Project control
    4. 8.4 Managing your documentation
  19. Chapter 9: Reviewing your BCMS
    1. 9.1 Introduction
  20. Chapter 10: Performance appraisal
  21. Chapter 11: Using consultants to help you exercise
  22. Chapter 12: Training and education
    1. 12.1 Certificate of the Business Continuity Institute
    2. 12.2 Diploma of the Business Continuity Institute
    3. 12.3 Bachelor’s Degree in Business Continuity
    4. 12.4 Master’s Degree in Business Continuity
    5. 12.5 Doctorate in Business Continuity
    6. 12.6 ISO22301 Certified Business Continuity Lead Auditor/Implementer
  23. Chapter 13: Additional reference material
    1. 13.1 Books
    2. 13.2 Videos
    3. 13.3 Games
  24. Chapter 14: Works Cited
  25. Chapter 15: Glossary
  26. Chapter 16: Free template downloads
  27. ITG Resources