Business Continuity Planning: A Step-by-Step Guide With Planning Forms
()
About this ebook
This easy workbook format shows managers new to Business Continuity Planning how to quickly develop a basic plan and keep it updated. If you've been tasked with developing a basic business continuity plan and aren't sure where to start, this workbook with sample forms, checklists, templates, and plans will walk you step-by-step through the process. The book is aimed at single/few location companies with up to 250 employees and is more oriented to an office environment, especially where computer operations are critical. It offers a fast, practical approach for small companies with limited staff and time to customize a workable plan and expand it as they grow. Endorsed by The Business Continuity Institute and Disaster Recovery Institute International, it includes these helpful tools:
Straightforward, jargon-free explanations emphasize the non-technical aspects of Information Technology/Disaster Recovery planning.
Glossary with 120 terms and Appendices with sample risk assessment and risk analysis checklists.
Extensive, easy to-use downloadable resources include reproducible worksheets, forms, templates, questionnaires, and checklists for various natural disasters and special hazards such as power outages, boiler failures, bomb threats, hazardous material spills, and civil unrest, along with a checklist for vital records storage.
For professional development or college classes the book is accompanied by a set of Instructor Materials.
Kenneth L. Fulmer
KENNETH L. FULMER, CBCP, has been involved in the Business Continuity Planning field for 20 years. He has been a member of the Disaster Recovery Institute International (DRII, www.drii.org) since 1991 and a Certified Business Continuity Planner since 1992. Mr. Fulmer's career has spanned 27 years in the computer-related industry and he has published, trained and spoken on business continuity issues. Ken began his career as a public school teacher in Silver Spring, MD, and has since been a Bank Officer for Imperial Bancorp; now Comerica Bancorp, New York, and a National Account Executive with Digital Equipment Corporation; now Hewlett Packard. Ken's Third Edition of Business Continuity Planning: A Step-by-Step Guide with Planning Forms builds upon the foundation of the two previous, highly successful editions.
Related to Business Continuity Planning
Related ebooks
Business Continuity: Playbook Rating: 0 out of 5 stars0 ratingsBusiness Continuity from Preparedness to Recovery: A Standards-Based Approach Rating: 0 out of 5 stars0 ratingsBusiness Continuity Management: Choosing to Survive Rating: 3 out of 5 stars3/5Everything you want to know about Business Continuity Rating: 0 out of 5 stars0 ratingsSecurity Risk Management: Building an Information Security Risk Management Program from the Ground Up Rating: 4 out of 5 stars4/5Workplace Security Playbook: The New Manager's Guide to Security Risk Rating: 0 out of 5 stars0 ratingsPrinciples and Practice of Business Continuity: Tools and Techniques Second Edition Rating: 0 out of 5 stars0 ratingsHardening by Auditing: A Handbook for Measurably and Immediately Iimrpving the Security Management of Any Organization Rating: 0 out of 5 stars0 ratingsBusiness Continuity Management: Global Best Practices Rating: 0 out of 5 stars0 ratingsThe Business Continuity Management Desk Reference Rating: 0 out of 5 stars0 ratingsBusiness Continuity Management Systems: Implementation and certification to ISO 22301 Rating: 0 out of 5 stars0 ratingsDisaster Recovery and Business Continuity: A quick guide for organisations and business managers Rating: 0 out of 5 stars0 ratingsAdaptive Business Continuity: A New Approach Rating: 0 out of 5 stars0 ratingsBusiness Continuity and Disaster Recovery Planning for IT Professionals Rating: 0 out of 5 stars0 ratingsValidating Your Business Continuity Plan: Ensuring your BCP actually works Rating: 0 out of 5 stars0 ratingsBusiness Continuity and Disaster Recovery for InfoSec Managers Rating: 5 out of 5 stars5/5Business Continuity and Risk Management: Essentials of Organizational Resilience Rating: 0 out of 5 stars0 ratingsBusiness Continuity Planning: Increasing Workplace Resilience to Disasters Rating: 0 out of 5 stars0 ratingsISO 22301: 2019 - An introduction to a business continuity management system (BCMS) Rating: 4 out of 5 stars4/5Nine Steps to Success: An ISO27001:2013 Implementation Overview Rating: 1 out of 5 stars1/5Business Continuity Exercises: Quick Exercises to Validate Your Plan Rating: 0 out of 5 stars0 ratingsRisk Assessment for Asset Owners Rating: 4 out of 5 stars4/5Security Risk Assessment: Managing Physical and Operational Security Rating: 5 out of 5 stars5/5Total Information Risk Management: Maximizing the Value of Data and Information Assets Rating: 0 out of 5 stars0 ratingsInformation Security Risk Assessment Toolkit: Practical Assessments through Data Collection and Data Analysis Rating: 0 out of 5 stars0 ratingsManaging Information Security Rating: 5 out of 5 stars5/5
Management For You
Extreme Ownership: How U.S. Navy SEALs Lead and Win | Summary & Key Takeaways Rating: 4 out of 5 stars4/5Great Ceos Are Lazy: How Exceptional Ceos Do More in Less Time Rating: 4 out of 5 stars4/5The 7 Habits of Highly Effective People: 30th Anniversary Edition Rating: 5 out of 5 stars5/5Emotional Intelligence Habits Rating: 5 out of 5 stars5/5Managing Oneself: The Key to Success Rating: 4 out of 5 stars4/5The New One Minute Manager Rating: 5 out of 5 stars5/5Principles: Life and Work Rating: 4 out of 5 stars4/5Good to Great: Why Some Companies Make the Leap...And Others Don't Rating: 4 out of 5 stars4/5The 5 Languages of Appreciation in the Workplace: Empowering Organizations by Encouraging People Rating: 4 out of 5 stars4/5Summary of The Laws of Human Nature: by Robert Greene - A Comprehensive Summary Rating: 4 out of 5 stars4/5The 12 Week Year: Get More Done in 12 Weeks than Others Do in 12 Months Rating: 4 out of 5 stars4/5Quiet Leadership: Six Steps to Transforming Performance at Work Rating: 4 out of 5 stars4/5Malcolm Gladwell's Blink The Power of Thinking Without Thinking Summary Rating: 4 out of 5 stars4/5Company Rules: Or Everything I Know About Business I Learned from the CIA Rating: 4 out of 5 stars4/5Multipliers, Revised and Updated: How the Best Leaders Make Everyone Smarter Rating: 4 out of 5 stars4/5The Five Dysfunctions of a Team: A Leadership Fable, 20th Anniversary Edition Rating: 4 out of 5 stars4/5Summary of The Five Dysfunctions of a Team: by Patrick Lencioni | Includes Analysis Rating: 4 out of 5 stars4/5The 4 Disciplines of Execution: Revised and Updated: Achieving Your Wildly Important Goals Rating: 4 out of 5 stars4/5HBR Guide to Buying a Small Business (HBR Guide Series) Rating: 5 out of 5 stars5/5The 12 Week Year (Review and Analysis of Moran and Lennington's Book) Rating: 5 out of 5 stars5/5The Coaching Habit: Say Less, Ask More & Change the Way You Lead Forever Rating: 4 out of 5 stars4/5The Hard Thing About Hard Things: Building a Business When There Are No Easy Answers Rating: 4 out of 5 stars4/5The 360 Degree Leader Workbook: Developing Your Influence from Anywhere in the Organization Rating: 4 out of 5 stars4/5Spark: How to Lead Yourself and Others to Greater Success Rating: 5 out of 5 stars5/52600 Phrases for Effective Performance Reviews: Ready-to-Use Words and Phrases That Really Get Results Rating: 3 out of 5 stars3/5The Ideal Team Player: How to Recognize and Cultivate The Three Essential Virtues Rating: 4 out of 5 stars4/5Leadershift: The 11 Essential Changes Every Leader Must Embrace Rating: 5 out of 5 stars5/5Crucial Conversations: Tools for Talking When Stakes are High, Third Edition Rating: 4 out of 5 stars4/5Developing the Leaders Around You: How to Help Others Reach Their Full Potential Rating: 4 out of 5 stars4/5
Reviews for Business Continuity Planning
0 ratings0 reviews
Book preview
Business Continuity Planning - Kenneth L. Fulmer
BUSINESS CONTINUITY PLANNING: A STEP-BY-STEP GUIDE WITH PLANNING FORMS
THIRD EDITION
Kenneth L. Fulmer, CBCP
Certified Business Continuity Planner
Philip Jan Rothstein, FBCI, Editor
This book includes reproducible worksheets and forms, PLUS sample plans, templates, and more! Download instructions are on the last book page.
The Rothstein Catalog On Disaster Recovery Rothstein Associates Inc.
Brookfield, Connecticut USA
www.rothstein.com
ISBN # 1-931332-21-5 (Softback)
ISBN # 978-1-931332-80-4 (PDF)
ISBN # 978-1-931332-90-3 (EPUB)
Copyright © 1996-2005, Kenneth L. Fulmer
All rights reserved. No part of this publication may be reproduced or used in any manner without written permission except in the case of reproducing the worksheets for plan development purposes within one organization in accordance with the license statement below.
This publication is designed to provide accurate and authoritative information in regard to the subject matter covered. It is sold with the understanding that the Author and Publisher are not engaged in rendering legal, accounting or other professional service. If legal advice or other expert assistance is required, the services of a competent professional person should be sought. — from a declaration of the principles jointly adopted by a committee of the American Bar Association and a committee of publishers.
Disclaimer
The information, ideas and suggestions contained herein have been developed from research and many other sources, including publications. They are all considered and believed reliable but cannot be guaranteed insofar as they do not apply to any particular business or industry. Therefore this Author and Publisher specifically disclaim any liability for risk or loss, personal or otherwise, incurred as a consequence, directly or indirectly from the use of and application of any of the techniques or contents of this book.
In these guidelines, the inclusion of references to vendor concepts or methods is for information purposes only. The appearance or absence of a vendor or product in this publication should not be construed as an endorsement or non-endorsement of a specific vendor, product, methodology or company by the author or publisher, or any persons involved in the development of these guidelines.
No responsibility is assumed by the Publisher or Author for any injury and/or damage to persons or property as a matter of product liability, negligence or otherwise, or from any use or operation of any methods, products, instructions or ideas contained in the material herein.
License Statement
This book and accompanying CD-ROM are licensed to the purchaser for use in developing a plan within one organization. If using this document for a third party (client or customer of the licenser user), a separate book and CD-ROM must be purchased for each organization, client facility and or customer location.
ISBN # 1-931332-21-5 (Softback)
ISBN # 978-1-931332-80-4 (PDF)
ISBN # 978-1-931332-90-3 (EPUB)
Rothstein Associates Inc., Publisher
The Rothstein Catalog On Disaster Recovery
4 Arapaho Rd.
Brookfield, Connecticut 06804-3104 USA
203.740.7444 or 1-888-Rothstein (888.768.4739)
203.740.7401 fax
www.rothstein.com
info@rothstein.com
CONTENTS
DISASTER RECOVERY INSTITUTE INTERNATIONAL
THE BUSINESS CONTINUITY INSTITUTE
PREFACE by Melvyn Musson, FBCI, CBCP, CISSP
PREFACE by Philip J. Rothstein, FBCI
PREFACE by Andrew Hiles, FBCI
INTRODUCTION
1WHY SHOULD YOUR BUSINESS PREPARE FOR A DISASTER?
What Disaster Might Hit You?
It’s Too Much Work! Why Shouldn’t We Just Take the Risk?
Legal Reasons for Having a Plan
Statutory Example
Determining Liability
2GETTING STARTED
Basic Considerations
An Alternate Business Location
Vital Records
Key People
A Plan
How Many Plans?
Types of Plans
The Planning Steps You Will Take with this Book
Step 1 — Writing the Purpose, Objectives, Scope and Assumptions
Purpose of the Plan — Sample Text
Plan Objectives — Guidelines
Scope of the Plan - Guidelines
Planning Assumptions—Guidelines
Step 2 — The Plan Coordinator and Development Team: Job Descriptions
The Plan Development Team
Step 3 — Assigning Action Items, Coordination of Responsibilities and Timeframes
3ITS TIME TO ROLL UP YOUR SLEEVES AND TO ASSESS YOUR CURRENT RISK
Step 4 — Where Do You Stand Right Now?
Begin by Reviewing Internal Plans and Policies
Meet with Outside Groups
Identify Codes and Regulations
Identify Critical Products, Services and Operations
Identify Your Internal Resources and Capabilities
Identify External Resources
Conduct an Insurance Review
Assess Your Vulnerability
Begin by Listing Potential Threats
Estimate Probability
Assess the Potential Human Impact
Assess the Potential Property Impact
Assess the Potential Business Impact
Assess Internal and External Resources
Add the Columns
Hazard-Specific Information
Hazardous Materials Incidents
Floods and Flash Floods
Hurricanes
Tornadoes
Severe Winter Storms
Earthquakes
Technological Emergencies
Analyzing the Risk Assessment
Step 5 — Doing Your Business Impact Analysis
Identifying Critical Systems, Applications and Vital Records
Using Your Business Impact Analysis
What’s Your Staying Power?
Timing Your Defense
What Immediate Resources Do You Need?
Develop Recovery Priorities
Identify Preventive Controls
Develop Technical Recovery Strategies
Step 6 — Selecting Your Recovery Teams
Roles and Responsibilities
Team Leaders
Team Members
Step 7 — Developing Your Recovery Strategies and Action Plans
Recovery Strategy Overview
Sample Action Plan Task List
4PUTTING IT ALL TOGETHER
Step 8 — Documenting Your Business Continuity Plan
Background Information
Action Plan
Plan Appendices
Step 9 — Testing Your Plan
Preparation of Testing Procedures
Checklist Testing
Non-Business-Interruption Test
Parallel Testing
Business Interruption Testing
Frequency of Test
Evaluating Your Test Results
The Checklist Worksheet
The Test Evaluation Form
Step 10 — Distributing Your Plan
5CONGRATULATIONS! — BUT DON’T LET IT COLLECT DUST
Step 11 — Maintaining Your Plan
APPENDIX ASAMPLE RISK ASSESSMENT
APPENDIX BRISK ANALYSIS CHECKLIST
APPENDIX CGUIDELINES FOR DEVELOPING YOUR DATA SHEETS
APPENDIX DBUSINESS CONTINUITY GLOSSARY
APPENDIX ESELECTED BUSINESS CONTINUITY ARTICLES
Pitching Preparedness
Why Assess? A Case Study
Slow-Motion Disaster
Managing Management: A Case Study
Almost
Disasters
REFERENCES
SELECTED BUSINESS CONTINUITY BOOKS AND RESOURCES AVAILABLE FROM ROTHSTEIN ASSOCIATES INC.
ABOUT THE AUTHOR
DISASTER RECOVERY INSTITUTE INTERNATIONAL
Belinda Wilson CBCP, Vice Chairperson DRII
In today’s business environment, change is the norm. The path to your business goals is seldom marked, and never direct. Success in this world demands agility and resilience, and relies on its ability to easily adapt and be flexible in a world of uncertain times. An adaptive infrastructure that tightens integration and synchronization between IT resources and business processes while delivering a level of interoperability that supports the requirements for a new infrastructure ecosystem. An adaptive infrastructure delivers virtualized resources as services in response to business process requirements. It scales or redeploys resources quickly and efficiently as the business requires, in a single department or across the entire enterprise. To adapt effectively to change in the business environment, the infrastructure itself must deliver services continuously, secure against attack and threat.
But continuous, secure operations are more than a step toward somewhere else: they are a destination of their own. It is time to begin the journey toward an infrastructure that can serve as a dependable foundation for your business today, and the engine of quick, smooth adaptation to business requirements in an unpredictable future.
Businesses build cultures of business continuity by planning, then overcoming everyday threats and obstacles, until continuity is no longer optional but rather is built into the company's corporate culture. Never complete, the process cycles through analysis, building, integration, management and evolution. With every turn, your business becomes more secure, efficient and agile in its response to both challenge and opportunity.
The continuity and security of your business are not isolated destinations. Even your first steps will bring you toward a broader, more integrated operational vision. And efficiencies will only improve as employees move together toward common objectives. As you go, the path will get easier. Protecting and organizing information systems helps you pick up speed-moving ahead with new sophistication and efficiency. Your systems will become not just safer, but easier to use and manage for employees, partners and customers.
No destination is final, but the journey toward continuous operations brings its own practical, measurable rewards along the way. And with every step, your business grows more resilient, more agile and better prepared to take advantage of the next business change.
This book demonstrates the changing focus of business continuity moving it outside of IT and into the boardroom. Decisions surrounding business continuity are no longer involving only the technical provisioning but are business driven to help ensure companies are always on
and thus competitive. The book supports the processes and guidelines set forth in DRI International’s (DRII) approach to ensure a successful implementation of a business continuity program and is a good starting point for someone new to the industry.
ABOUT DRI INTERNATIONAL
Disaster Recovery Institute International (DRII) was first formed in 1988 as the Disaster Recovery Institute in St. Louis, Missouri. A group of professionals from the industry and from Washington University in St. Louis forecast the need for comprehensive education in business continuity. Alliances with academia helped shape early research and curriculum development.
The group also understood that individual certification and establishing a Common Body of Knowledge (standards) could only enhance industry professionalism. As a result, the new nonprofit organization established its goals:
to promote a base of common knowledge for the business continuity planning/disaster recovery industry through education, assistance, and publication of the standard resource base; certify qualified individuals in the discipline; and promote the credibility and professionalism of certified individuals.
DRII sets standards that provide the minimum acceptable level of measurable knowledge, thus providing a baseline for levels of knowledge and capabilities. Accordingly, in 1997, DRII, together with the Business Continuity Institute (BCI, www.thebci.org), published the Professional Practices for Business Continuity Planners as the industry's international standard. For more information about DRII, please visit www.drii.org.
Belinda Wilson, CBCP
Executive Director, Hewlett-Packard, Business Continuity Services
Vice-Chairperson, DRII
August, 2004
THE BUSINESS CONTINUITY INSTITUTE
Larry Kalmis, FBCI Chairman, BCI
Kenneth Fulmer, CBCP has produced an important and useful guide for the business continuity planning novice. This clear, concise work will also be a valuable reference for the advanced practitioner.
Mr. Fulmer upholds many of the principles you will find promoted and supported by the Business Continuity Institute and encouraged as part of Business Continuity Management good practices.
In more than thirty years as a business continuity practitioner, I have seen many small and medium-size businesses pay the penalty for lack of preparedness. Often, overwhelmed by the jargon employed by many practitioners and the mistaken concepts that business continuity is too costly, that it is only for the big boys,
and that they do not have the resources or knowledge base, they choose to take the risk instead. For many, it is an unfortunate choice because much can be done with reasonable commitment to avoid business disruptions or mitigate the impact for those that are unavoidable.
In this excellent primer, Mr. Fulmer sets out a simple, concise, and, most of all, logical roadmap both for developing the justification for a business continuity / disaster recovery program as well as for developing and maintaining the resultant plan. He starts by leading you through the assessment of potential risks and impacts establishing the business case, which, after all should be the ultimate driver for any commitment of staff and other resources to business continuity. Mr. Fulmer then, using straightforward, jargon-free, checklists, tables, and worksheets, takes you step-by-step through generally accepted good practices,
enabling you to construct an appropriately sized recovery plan.
This book clearly puts forth the rationale, concepts, and mechanics for business continuity planning in an easy-to-use format for the business continuity initiate. The advanced practitioner will also find this book a practical reference and its checklists, tables, and worksheets a useful toolkit.
Larry Kalmis, FBCI
Project Executive, Virtual Corporation
Chairman, the Business Continuity Institute
October, 2004
ABOUT THE BUSINESS CONTINUITY INSTITUTE
The Mission of the Business Continuity Institute is to promote the art and science of business continuity management.
The Business Continuity Institute (BCI) was established in 1994 to provide opportunities to obtain guidance and support from fellow professionals. The Institute provides an internationally recognized status in relation