The Business Continuity Management Desk Reference by Jamie Watters is available on Amazon.
Purpose – why read this book?
I want you to learn from my mistakes and quickly acquire the necessary knowledge to get the job done. I want you to avoid the trial and error journey that my peers and I had to suffer as we learnt the hard way.
So if you want to avoid the pain and learn all the essential aspects of Business Continuity, then this book is for you.
There are lots of excellent books that tell you what you’ve got to do. This book is for people that want to know how to do it.
The aim of this book is to explain (in simple terms) all the key elements of Business Continuity for people that need to:
• Learn the basics of Business Continuity fast;
• Get something in place today so they’ll have a chance if disaster strikes tomorrow;
• Avoid the principle mistakes and be able to challenge issues that may exist;
• Prepare solid plans that people find easy to use and maintain;
• Identify and fix contingency related gaps in their systems, processes or people;
• Test their continuity plans and the people, suppliers and technology that they depend on;
• Make sure that all their staff know what to expect from your organisation if disaster strikes and what they in turn will need to do;
• Be compliant with the demands of internal auditors, external regulators and business partners that expect them to have solid demonstrable Business Continuity;
• Extend Business Continuity into their suppliers and business partners so that third parties are able to meet their needs;
• Keep all the plans, scripts, solutions, etc. up to date without making it into a full-time job.
If you need to do any of these things read on, this book is for you!
Who should read this book?
This book is relevant to anyone that is in anyway involved in Business Continuity, Crisis Management and DR.
This list includes:
• Business Continuity Managers
• Business Continuity Co-ordinators i.e. people that look after local plans and do the day to day administration and testing for their department.
• Executives that are accountable for the continued smooth running of their business, funding Business Continuity and making sure it meets the underlying business need.
• Technicians that support Business Continuity or DR solutions and are involved in testing or have responsibility for some element of the recovery of their business.
• Staff that have a role to play in preparing plans, testing or who have responsibilities in disaster recovery situation.
• Auditors who are responsible for making sure that the organisations Business Continuity arrangements meet business needs.
• Sales people that may sell Business Continuity or need to include an element of Business Continuity in their offerings. e.g. DR for their services, etc.
• Suppliers that need to meet their customers’ needs in regard to Business Continuity and DR.
• Suppliers that sell Business Continuity or DR services.
Practices to underpin frameworks
There are many excellent BCM frameworks like for example BS25999 and AS / NZS 5050. They all set out what you have to do and to some extent what you should learn, but in general they don’t tell you how. How do you analyse a BIA? How do you plan and deliver a DR test? How do you keep your staff informed? How do you keep your plans updated? In writing this book, I’m trying to plug that gap by sharing my experience and describing what I actually do.
BCM is an emotive subject; many practitioners are precious about what they do. To be frank, I don’t care what we do. I only care about getting results efficiently, effectively and doing it well.
For this reason, if you read anything in this book and think of a better way of doing things don’t think badly about me; think, Jamie should know this and take the time to gather your thoughts and lets me know so I can improve what I do and improve this book too!
Why listen to me?
First, I’ve spent most of the last 25 years working in Business Continuity and IT Disaster Recovery related roles and should have learnt most of what there is to know.
To be frank, it’s not been 25 years experience it’s been more like a year here and there repeated until the penny finally dropped. So, like most people that boast about years and years of experience I have something more like 2 years experience that’s taken me 25 years to get.
So, what I’m offering you is the chance to exploit my mistakes and gain my insight in days, not months or years!
One of the key issues I’ve faced, and an issue that will probably concern you too, is how to deliver Business Continuity through people that have other full time roles that are nothing to do with Business Continuity; people for whom Business Continuity is a pain and a distraction from their main role.
I’ve come to realise that when creating a Business Continuity Programme it’s essential that it’s built with this reality in mind. The programme must address the deeper technical issues but without needing full time experts to make it work.
In short, I’ve had to learn the art of making Business Continuity simple and suitable for people that only look at their Business Continuity Plans once or twice a year. Wherever possible I aim to demystify Business Continuity, so that when people come back to their plans nine months down the line, it’s like a hot knife through butter. If you want to learn to make it simple, then I’m your man. If you want to immerse yourself in lots of bleak and mindless terminology then good luck, you’ll need it.
The book is structured so that you can either dip in as you need to or read it section by section. The sections are organised as you should ideally approach Business Continuity.
If sections don’t apply, for example, you might not have any third parties, skip them!
I’ve tried to highlight the relevance of each chapter at the beginning so you can decide in a few moments if it’s worth reading on.
Each chapter contains:
Key Points – sets out the main points of the chapter to help you gauge its relevance.
Audience – try to make it clear if you should read it.
Main body – explores the key points of the chapter in detail
Action plan – re-iterates the steps that will help to get you started
There are appendices that include useful things like checklists, templates and processes that you can use to get your own Business Continuity up and running.
The following gives a brief description of each chapter:
2. Business Continuity Management (BCM)
Explains a Business Continuity life cycle, introduces the various Business Continuity roles and outlines some key concepts that underpin Business Continuity.
3. Kick start your Business Continuity
This chapter is for people that currently have little or no Business Continuity in place. Its purpose is to help these people to get the basics in place very quickly, so that they’ll have a much better chance of surviving if disaster strikes tomorrow.
4. Getting started – First things first
In Business Continuity, like every discipline we start by establishing the requirements. In particular, we normally start by establishing what is critical in your business, so that you can be sure to recover the business if disaster strikes. This process is called Business Impact Analysis (BIA) and is the focus of “Getting Started.”
5. Preparing the plan
The Business Continuity Plan describes what you’ll need to do in a disaster to keep your business running or if it’s stopped what you’ll need to do to get it back up and running. It sets out the structure of a Business Continuity Plan and gives you the help you’ll need to get yours correctly populated.
6. IT Disaster Recovery
IT Disaster Recovery or DR for short; is how you protect and recover your critical IT services. This chapter explains the basic concepts of DR and tells you what you’ll need to do to get it up and running in your organisation and how to know if the DR you currently have is any good?
7. Business Recovery
Business Recovery explains how to keep your critical business processes running during and after a disaster. This chapter explains the key aspects of business recovery and how you can get them in place as quickly as possible.
Once you have your plans and solutions, you have to make sure that they work. Testing is the principle way of providing assurance about your Business Continuity and DR. This chapter explains testing and describes how to go about it.
Maintaining your plans, solutions and skills is essential if your Business Continuity and DR is going to work on the day you need it. This chapter covers exactly what things you’ll need to maintain and the best way to go about maintaining them.
10. Education and Awareness
Having people that understand their responsibilities and are ready to perform in stressful situations is key to an organisations survival if disaster strikes. This chapter set out how you go about understanding your organisations educational needs. It also explains how to deliver a programme that informs every one of their responsibilities and prepares all key staff to act appropriately in potential disaster scenarios.
11. Managing a Disaster
The other decisive factors in business survival are: 1. how you respond to the incidents; 2. how you make decisions; 3. how you communicate information; 4. how you monitor that your actions are working.
This chapter explains command and control in a disaster situation and helps you to set up a Crisis Management team that will get you out of the tightest squeeze
12. Return to Normal Operations
Getting your business back to normal operations can be a challenge. This chapter sets out what you need to do so that you can revert from a “disaster mode” of operation to “normal operations.” In particular, how to revert your business while minimising the risks of something going wrong with it.
13. Governance and Reporting
Making sure that everything is under control is an essential business practice and something that every manager is keen to demonstrate. This chapter sets out policy, process and the key reports you’ll need for appropriate governance of Business Continuity. It also sets out how you can have all these elements of governance without creating a cottage industry.
14. Selecting and Managing Continuity Suppliers
If you work with suppliers who help you to deliver Business Continuity and DR, this chapter explains how to select the right partner and make sure that they deliver what’s been agreed.
15. Managing Supply Chain Continuity
With many businesses depending on third parties to provide critical services, products or resources it’s essential to make sure that suppliers have adequate contingency arrangements. You need to insure that they can continue to deliver your critical services if they experienced an interruption.
If they can’t provide this assurance, you need to ensure that alternative suppliers are available in time to prevent a supplier interruption becoming a disaster for you. This chapter explores this issue and sets out some simple actions that will expose the risks and make sure that you get them covered.