Title:
Building an enterprise-wide business continuity program
Personal Author:
Publication Information:
Boca Raton, FLO : Auerbach Publications, 2010
Physical Description:
xviii, 326 p. : ill. ; 25 cm.
ISBN:
9781420088649
Available:*
Library | Item Barcode | Call Number | Material Type | Item Category 1 | Status |
|---|---|---|---|---|---|
Searching... | 30000010207846 | HD49 O56 2010 | Open Access Book | Book | Searching... |
Searching... | 30000010207847 | HD49 O56 2010 | Open Access Book | Book | Searching... |
On Order
Summary
Summary
If you had to evacuate from your building right now and were told you couldn't get back in for two weeks, would you know what to do to ensure your business continues to operate? Would your staff? Would every person who works for your organization?
Increasing threats to business operations, both natural and man-made, mean a disaster could occur at any time. It is essential that corporations and institutions develop plans to ensure the preservation of business operations and the technology that supports them should risks become reality.
Building an Enterprise-Wide Business Continuity Program goes beyond theory to provide planners with actual tools needed to build a continuity program in any enterprise. Drawing on over two decades of experience creating continuity plans and exercising them in real recoveries, including 9/11 and Hurricane Katrina, Master Business Continuity Planner, Kelley Okolita, provides guidance on each step of the process. She detailsnbsp;how to validatenbsp;the plan and supplies time-tested tips for keeping the plan action-ready over the course of time.
Disasters can happen anywhere, anytime, and for any number of reasons. However, by proactively planning for such events, smart leaders can prepare their organizations to minimize tragic consequences and readily restore order with confidence in the face of such adversity.
Author Notes
Okolita, Kelley
Table of Contents
| Introduction | p. xvii |
| Chapter 1 Where It All Began from Someone Who Was There | |
| Disaster Recovery vs. Business Continuity: What Is the Difference? | p. 3 |
| The Transition from Data-Center-Driven to Business-Driven | p. 5 |
| Chapter 2 Selling the Program | |
| Financial Risks | p. 12 |
| Risk to the Company Reputation | p. 13 |
| Regulatory Risk | p. 15 |
| Hidden Benefits of the Planning Process | p. 15 |
| Why No One Believes in the "Big One" | p. 16 |
| Chapter 3 Project Initiation and Management | |
| Defining the Scope of the Planning Effort | p. 19 |
| Defining a Timeline | p. 21 |
| Company Policy or Standard | p. 22 |
| Resource Requirements | p. 22 |
| Planning Phases and Deliverables | p. 23 |
| Chapter 4 Your Planning Team and Your Vital Records Program | |
| Vital-Records Program | p. 28 |
| Data Stored in Electronic Form | p. 28 |
| Remote Replication/ Offsite Journaling | p. 28 |
| Backup Strategies | p. 29 |
| Hard-Copy Data | p. 30 |
| Chapter 5 Risk Evaluation and Control | |
| Risk Management | p. 33 |
| The Most Common Risks and Ways to Mitigate Them | p. 35 |
| Natural-Hazard Risks | p. 36 |
| Industry Risks | p. 40 |
| Don't Forget the Neighbors! | p. 41 |
| Risk-Management Practices | p. 41 |
| Physical Security | p. 42 |
| Information Security | p. 42 |
| Records Management | p. 44 |
| Privacy | p. 45 |
| Vendor Management | p. 45 |
| Operational Risk Management | p. 46 |
| Internal/External Audit | p. 46 |
| Managing the Risk | p. 47 |
| Chapter 6 Business Impact Analysis | |
| What is a BIA? | p. 49 |
| Why it is About Time Sensitivity, Not Criticality | p. 49 |
| How to do This and Get it Right | p. 50 |
| A Simple BIA Form | p. 52 |
| Chapter 7 Resource Requirements | |
| How Many, What Type, and Where | p. 55 |
| Technology Review: Business People and Technology People Speak Different Languages | p. 55 |
| Desktop Image | p. 57 |
| Routing Calls | p. 57 |
| Printing, Faxing, and Copying | p. 58 |
| Unique Equipment | p. 59 |
| Interdependencies: Who Else Needs to Know/ Who Else Needs to Help | p. 59 |
| The Business-Function Index | p. 60 |
| Chapter 8 Recovery Strategies | |
| Selecting a Recovery Strategy for Business Operations | p. 61 |
| Selecting a Recovery Strategy for Technology | p. 64 |
| Cost-Benefit Analysis | p. 66 |
| Implementing Recovery Strategies | p. 66 |
| Chapter 9 Documenting the Plan | |
| What Are the Components of the Plan? | p. 68 |
| Quick Reference Guide | p. 69 |
| Initial Response Plans | p. 71 |
| Communications | p. 71 |
| Detailed Execution Procedures | p. 72 |
| The Human Factor | p. 73 |
| Administrative Support | p. 74 |
| Logistics | p. 75 |
| Finance Issues | p. 75 |
| Transition Back to Normal Operations | p. 76 |
| Distribution of the Plan | p. 77 |
| Plan-Maintenance Strategies | p. 77 |
| Using the Sample Plan | p. 78 |
| Chapter 10 Training and Awareness Programs | |
| The Question | p. 81 |
| Different Training for Different People | p. 82 |
| Chapter 11 Testing the Recovery Plan | |
| First Rule of Testing Your Plan | p. 86 |
| Types of Testing | p. 86 |
| Planning the Exercise: Exercise Checklist | p. 91 |
| Logistics Tasks | p. 92 |
| Getting Ready to Test | p. 92 |
| Exercise Begins | p. 93 |
| Post-exercise Tasks | p. 94 |
| Recovery-Team Review | p. 94 |
| Publishing the Results | p. 95 |
| Data-Center Exercise Reporting | p. 95 |
| Change Control | p. 98 |
| Test Schedules | p. 98 |
| Chapter 12 Coordinating with Public Agencies | |
| What You Can Expect From Public Agencies | p. 99 |
| Whom You Should Have Relationships with Before There is a Crisis | p. 99 |
| How to Engage Them in Your Program | p. 100 |
| Chapter 13 Crisis Management/Event Management | |
| Event Management | p. 103 |
| When an Event Becomes a Crisis | p. 110 |
| Leadership in Crisis | p. 110 |
| Problem Management | p. 114 |
| Chapter 14 Crisis Communications | |
| Recovery Communications | p. 115 |
| Employee Notification | p. 116 |
| Communications Among and to Your Recovery Teams | p. 117 |
| Using Conference Bridges | p. 119 |
| Communications to Customer, Clients, and Vendors | p. 119 |
| Handling the Media | p. 120 |
| Work You can do Before an Event | p. 122 |
| Chapter 15 Pandemic Planning | |
| An Influenza Tutorial | p. 125 |
| Pandemics in the Last Century | p. 128 |
| So What Is Bird Flu and Why Are We Worried? | p. 130 |
| HINI Flu | p. 132 |
| Economic Impacts of a Pandemic | p. 135 |
| Public Health Law and Quarantine | p. 136 |
| Pandemic Planning Assumptions from the CDC | p. 136 |
| Why is this Plan Different? | p. 138 |
| Human-Resources Policy Changes | p. 142 |
| Chapter 16 Life Safety | |
| What Is Life Safety? | p. 145 |
| Floor/Fire Wardens | p. 146 |
| Fires and Evacuation Drills | p. 147 |
| Assembly Areas | p. 148 |
| Using Fire Extinguishers-Why I Don't | p. 149 |
| How Often to Conduct Drills | p. 150 |
| Shelter in Place | p. 151 |
| Tornados and Tornado Drills | p. 153 |
| Workplace Violence | p. 156 |
| Chapter 17 Transitioning from Project to Program | |
| The Components of the Contingency-Planning Program | p. 164 |
| Annual Program Business Requirements | p. 165 |
| Annual Technology-Program Requirements | p. 171 |
| Annual Crisis Leadership Program Requirements | p. 171 |
| Emergency Operations Center | p. 172 |
| Program Roles and Responsibilities | p. 172 |
| Corporate Contingency Planning | p. 172 |
| Business-Continuity Planners | p. 173 |
| The Leadership Team | p. 176 |
| Key Leadership-Team Responsibilities | p. 176 |
| Contingency Planning | p. 176 |
| Information Security | p. 176 |
| Human Resources | p. 178 |
| Corporate Communications | p. 178 |
| Security Services | p. 178 |
| Technology Services | p. 179 |
| Corporate Real Estate/Facilities | p. 180 |
| Corporate Risk and Insurance | p. 180 |
| Corporate Legal/Compliance | p. 181 |
| Logistics | p. 181 |
| Business | p. 182 |
| Administrative Support | p. 182 |
| Chapter 18 Industry Certifications and Professionalization | |
| DRII-The Institute for Continuity Management | p. 186 |
| BCI-The Business Continuity Institute | p. 188 |
| Chapter 19 Disaster Planning at Home | |
| Be Ready When Disaster Strikes You Personally | p. 191 |
| Family Emergency Plan | p. 192 |
| Chapter 20 The Regulatory Environment | |
| Legal and Regulatory Requirements | p. 196 |
| Regulations for Financial Institutions | p. 196 |
| Sarbanes Oxley-Section 404 Management Assessment of Internal Controls | p. 198 |
| Legal Standards | p. 198 |
| Chapter 21 Tools, Software, Recovery Contracts, Consultants and Other Matters | |
| Communication Tools | p. 201 |
| Communication Methods | p. 201 |
| Planning Tools | p. 204 |
| Third-Party Recovery Sites | p. 205 |
| Using Consultants | p. 207 |
| Chapter 22 Summary and Lessons Learned from Real Events | |
| Lessons Learned from Real Recoveries | p. 209 |
| September 11, 2000 | p. 209 |
| September 11, 2001 | p. 212 |
| The Recovery from Hurricane Katrina | p. 224 |
| It's All About the People | p. 226 |
| Conclusion | p. 228 |
| One Step at a Time | p. 228 |
| The Future of Business Continuity | p. 230 |
| Appendix A Sample Business-Resumption Plan | |
| Introduction | p. 233 |
| Quick Reference Information in an Emergency | p. 236 |
| Gather | p. 236 |
| Assess | p. 236 |
| Decide | p. 237 |
| Mobilize | p. 237 |
| Communicate | p. 238 |
| Recover | p. 238 |
| Executive Overview | p. 239 |
| Executive Signoff | p. 240 |
| Plan Maintenance History | p. 241 |
| Sample Purpose, Objectives, and Assumptions | p. 241 |
| Purpose of the Plan | p. 241 |
| Objectives of the Plan | p. 241 |
| Plan Overview | p. 242 |
| Assumptions | p. 243 |
| Recovery Strategies | p. 244 |
| Recovery Management | p. 245 |
| Executive Emergency-Management Team | p. 245 |
| Emergency-Management Team for Each Site | p. 246 |
| Response Teams for Each Site | p. 246 |
| Command Centers | p. 247 |
| Human-Resource Management | p. 248 |
| Injury to Employee | p. 248 |
| Employee Fatalities | p. 248 |
| Temporary Help/Contractors | p. 249 |
| Employees Under Stress | p. 249 |
| Family Issues | p. 249 |
| Administrative Support | p. 250 |
| Food, Travel, Lodging | p. 250 |
| Travel by Team Members/Travel Arrangements | p. 251 |
| Finance Issues | p. 251 |
| Equipment Purchases | p. 251 |
| Expense Reports | p. 252 |
| Cash Advances | p. 252 |
| Recovery Communications | p. 252 |
| Employee Notification | p. 252 |
| Internal Business-Unit Communications | p. 252 |
| External Communications-Media | p. 253 |
| External Communications-Customers/Clients | p. 253 |
| Recovery Status Updates | p. 253 |
| Problem Management | p. 253 |
| Communications with Recovery Team | p. 254 |
| Conference Bridges | p. 254 |
| Site Recovery | p. 254 |
| Plan-Activation Procedures | p. 256 |
| Emergency Alert | p. 256 |
| Damage Assessment | p. 256 |
| Notification Procedures | p. 257 |
| Command-Center Activation | p. 257 |
| Sample Checklists for Management Team and Response Team | p. 258 |
| Executive Emergency-Management Team Procedures | p. 258 |
| Emergency-Management Team Procedures/Emergency-Management Team Leader | p. 259 |
| Emergency-Management Team Procedures/Site-Management Team Leader | p. 260 |
| Emergency-Management Team Procedures/Response-Team Leader | p. 261 |
| Emergency-Management Team Procedures/Human-Resources Representative | p. 262 |
| Emergency-Management Team Procedures/Finance Representative | p. 263 |
| Emergency-Management Team Procedures/Systems-Team Leader | p. 264 |
| Emergency-Management Team Procedures/Client-Relationship Representative | p. 264 |
| Emergency-Response Team/Response-Team Leader/Site | p. 265 |
| Emergency-Response Team/Critical-Function Team Leader/Site Recovery | p. 266 |
| Emergency-Response Team/LAN-Recovery-Team Leader/Site Recovery | p. 268 |
| Emergency-Response Team/Systems Team/Site | p. 269 |
| Emergency-Response Team/Offsite-Storage Leader/Site Recovery | p. 270 |
| Emergency-Response Team/Critical-Function-Recovery Team/Site Recovery | p. 271 |
| Emergency-Response Team/Facilities Team/Site Recovery | p. 272 |
| Recovery Plan for Loss of Business Applications | p. 272 |
| Loss of Data Center Plan-Activation Checklist | p. 273 |
| Plan Activation | p. 275 |
| Emergency Alert | p. 275 |
| Impact Assessment | p. 275 |
| Notification Procedures | p. 275 |
| Command-Center Activation | p. 276 |
| Appendix A Disaster Declaration Procedures | p. 277 |
| Appendix B Offsite Procedures | p. 277 |
| Appendix C Call-Notification Script | p. 278 |
| Appendix D Recovery Locations and Travel Directions | p. 279 |
| Appendix E Hotels near the Recovery Facility | p. 279 |
| Appendix F Caterers near the Recovery Facility | p. 279 |
| Appendix G Food Request | p. 280 |
| Appendix H Travel and Accommodations Request Form | p. 280 |
| Appendix I Business Function Recovery Order of Priority | p. 281 |
| Appendix J Internal Business Systems Priority | p. 281 |
| Appendix K Updating the Corporate Contingency Information Line | p. 282 |
| Appendix L Problem Reporting/Change-Management Procedure | p. 282 |
| Appendix M Purchase Requisition | p. 283 |
| Appendix N Cash-Advance Form | p. 283 |
| Appendix O Contractor/Temporary Reassignment Staffing Form | p. 284 |
| Appendix P Injury Report Form | p. 284 |
| Appendix Q Conference Bridges | p. 285 |
| Appendix R Inbound 800 Service | p. 285 |
| Safety and Emergency Procedures | p. 285 |
| There is a Fire | p. 285 |
| There is Severe Weather | p. 285 |
| Evacuation of Your Area is Announced | p. 286 |
| Medical Assistance is Needed | p. 286 |
| You Receive a Bomb Threat | p. 287 |
| An Unauthorized Person is in Your Workspace | p. 287 |
| A Suspicious Package is in Your Workspace | p. 287 |
| There is a Threat of Workplace Violence | p. 288 |
| Appendix B Sample Initial-Response Plan for Small Sites | |
| Business-Continuity Planners | p. 290 |
| ERO-Event-Management Team | p. 290 |
| Floor Wardens | p. 290 |
| Establish Conference-Bridge Procedures | p. 291 |
| Identify Functions | p. 291 |
| Severe Weather and Other Limited Site Events | p. 292 |
| Where to Go if Your Cannot Get Back into Your Building | p. 292 |
| Alternate-Site Locations for Office | p. 293 |
| Seat Assignments at the Alternate Sites | p. 293 |
| Alternate-Site Declaration-Corporate Alternate Sites | p. 294 |
| Disaster Declaration Procedures | p. 296 |
| Safety and Emergency Procedures | p. 296 |
| There is a Fire | p. 296 |
| There is Severe Weather | p. 296 |
| Evacuation of Your Area is Announced | p. 297 |
| Medical Assistance is Needed | p. 297 |
| You Receive a Bomb Threat | p. 298 |
| An Unauthorized Person is in Your Workspace | p. 298 |
| A Suspicious Package is in Your Workspace | p. 298 |
| There is a Threat of Workplace Violence | p. 299 |
| Appendix C Test-Planning Guide and Sample Test Plan for Business-Unit Exercises at an Alternate Site | |
| Exercise Checklist | p. 301 |
| Alternate-Site Test Plan Sample for Business-Unit Testing | p. 303 |
| Contingency Planning Test Plan-Alternate Site | p. 303 |
| Driving Directions to the Alternate Site | p. 304 |
| Timeline | p. 304 |
| Participants | p. 305 |
| Alternate-Site Floor Plan | p. 305 |
| Calls to be Rerouted | p. 305 |
| Communication Conference Bridge | p. 305 |
| Problem Reporting | p. 305 |
| Action Items from Test | p. 306 |
| Problem-Reporting Tickets | p. 306 |
| Test Participant Survey | p. 306 |
| Test Evaluation | p. 308 |
| Appendix D Test Scenarious | p. 311 |
| Appendix E Alternate-Site Development Kit | p. 313 |
| Appendix F Business-Continuity-PlannerJob Description | |
| Purpose | p. 317 |
| Goal | p. 317 |
| Duties and Responsibilities | p. 318 |
| Knowledge and Skills | p. 319 |
| Education/Experience | p. 319 |
| Accountabilities | p. 319 |
| Organizational Relationships | p. 319 |
| Index | p. 321 |
