Menu Expand
Business Continuity Management

Business Continuity Management

Stuart Hotchkiss

(2010)

Abstract

Successful business continuity requires the creation of and adherence to a logistical plan that ensures an organisation's critical functions are maintained or restored in the event of disruption, eg fires, natural disasters, industrial action. The subject can be made overly complicated, but this book provides a clear and simple template-based approach. The audience for the book is wide and includes CEOs, IT directors, facilities management, operations managers and business unit managers.
Stuart Hotchkiss CISSP, CISA,CISM, ABCP, PMP, is a Business Consultant at Hewlett Packard, based in Geneva. He has 30+ years' experience in IT in various areas from development to marketing and has worked for the last 16 years in security and business continuity.
This is a sound book, which would be a good basic first guide for someone dipping their toe into Business Continuity Management. It is the flat-ended screwdriver in the toolbox of the manager. It may not be the favourite tool, but you would be well advised to make sure it is close at hand when you are tackling any tricky business planning situation.
Wendy Goucher
Successful business continuity requires the creation of and adherence to a logistical plan that ensures an organisation's critical functions are maintained or restored in the event of disruption, eg fires, natural disasters, industrial action. The subject can be made overly complicated, but this book provides a clear and simple template-based approach. Stakeholder involvement is key in BCM so the audience for the book is wide and includes CEOs, IT directors, facilities management, operations managers and business unit managers. It covers all stages and issues from business impact analysis to organisational issues, escalation management and the practical aspects of running a BCM project.
This is an excellent guide to the business continuity process. It is well organised, easy to read and jargon-free. An ideal reference for anyone involved in business continuity - from the office manager to the boardroom.
Susan Rudlin

Table of Contents

Section Title Page Action Price
Cover Cover
Copyright iv
Contents v
List of Figures and Tables ix
About the author xi
Abbreviations xiii
Glossary xv
Preface xxi
Preamble xxiii
INTRODUCTION AND PURPOSE 1
Why have business continuity? 1
What exactly is a ‘continuity plan’? 1
Business continuity - planning or management? 2
Why does continuity management fail? 3
A real-life continuity plan 3
Outages in practice 5
The BCM lifecycle 6
1 GENERAL ISSUES IN CONTINUITY MANAGEMENT 1
Some terminology 10
Standards 13
Regulatory issues 15
Availability, uptime and reliable components 16
The downtime myth 16
Application and asset approach 17
It won’t happen to us 18
Disasters 19
The cost of failure 19
The cost of success 20
Customer satisfaction 21
Some industries are different 21
2 IN PRACTICE – THE FOUNDATIONS 23
Company strategy 23
Continuity strategy 24
Business continuity policy 25
Planning 26
3 BUSINESS IMPACT ANALYSIS 28
Introduction 28
The objectives of the BIA 29
Level of detail and scope 30
Critical success factors 31
Assessing impact 32
Revenue at risk 33
Questionnaires 34
Tools 35
The process in detail 36
4 THE BUSINESS IMPACT ANALYSIS REPORT 38
5 THREATS, RISKS AND RISK ANALYSIS 42
Introduction 42
In practice 43
Risk lifecycle 44
6 SUPPORTING FUNCTIONS AND DEPARTMENTS 52
The special cases of IT and Facilities 52
General issues with IT recovery architectures 54
IT considerations 56
Procurement considerations 57
Human Resources considerations 57
Facilities considerations 59
Finance considerations 60
7 SCENARIOS 61
Scenarios and capability 62
8 PROCEDURES – THE LAST THING TO DO IS THINK 64
IT procedures 68
9 TESTING AND STAYING FRIENDS 69
In-depth analysis 69
Desk testing 70
Live testing 71
10 AUDIT 73
Test logs 74
Stakeholder management 74
Auditing yourself 75
11 IMPLEMENTATION AND GOVERNANCE 79
A governance framework 79
Job descriptions 80
Incident and escalation management 81
Escalation structure 83
12 COMMUNICATIONS 86
13 TRAINING 88
14 ORGANISATIONAL ISSUES 90
Where does BCM fit in an organisation? 90
Keeping the plan up-to-date 91
15 BUSINESS CONTINUITY AND THE CLOUD 93
16 LESSONS TO LEARN 95
17 CONCLUSION 97
APPENDIX 1: REFERENCE DATA 98
APPENDIX 2: TEMPLATES 102
BIA questionnaire template 102
Threat/risk questionnaire template 104
INDEX 107
Back Cover 110