"An in-depth step-by-step guide to help you develop, test, and maintain your business continuity plan."
The business continuity planning process consists of six key stages:
1. Risk management 2. Business impact analysis 3. Business continuity strategy development 4. Business continuity plan development 5. Business continuity plan testing 6. Business continuity plan maintenance
Although there are many publications that explain business continuity planning, very few provide detailed methods on how to implement it; even fewer cover implementation of all six stages.
Business Continuity Planning Methodology is a single, comprehensive, text that explains the principles of business continuity planning and presents an easy to follow step-by-step methodology to implement its six stages. The methodology considers protection of mission critical business processes, resources, and services. It focuses on key resources such as IT systems and infrastructure, manufacturing and production equipment and products, facilities, work areas, vital records, and critical data. The methodology is consistent with business continuity industry standards, guidelines, and best practices such as ISO/IEC 17799, NFPA 1600, COBIT, and DRI International.
This book gives readers the skills to manage risks, conduct a business impact analysis, develop a business continuity strategy, and develop, test, and maintain a business continuity plan. The main body of the book contains chapters structured according to the six business continuity planning stages:
Risk Management This chapter introduces the key concepts of risk management and describes a framework for managing risks to business continuity. The framework includes steps for risk assessment, risk control options analysis, risk control implementation, risk control decision, and risk reporting. The chapter explains the concepts and implementation of these steps through examples of business continuity risk.
Business Impact Analysis This chapter describes the steps for conducting a Business Impact Analysis (BIA) and explains the implementation of these steps through an example BIA scenario. The BIA steps include assessment of financial and operational impacts, identification of mission critical business functions and processes, identification of critical IT systems and applications, and determination of recovery requirements. Topics in this chapter include comparison of BIA and risk management; BIA benefits and responsibilities; methods of conducting a BIA; disaster-to-recovery time line and events; elements of the BIA such as Maximum Tolerable Downtime (MTD), Recovery Time Objective (RTO), Recovery Point Objective (RPO), Work Backlog, and Data Loss; summarized findings; and BIA report content.
Business Continuity Strategy Development The business continuity strategy development framework presented in this chapter is designed to help the reader determine the best strategy that will enable a timely and cost-effective recovery from a potential business disruption. It describes the steps to identify recovery requirements and options, conduct a cost-benefit assessment, and identity and select the most viable recovery options. This chapter also discusses general considerations for developing a business continuity strategy, and provides recommendations for recovery contracts and service level agreements.
Business Continuity Plan Development This chapter is a guide for developing an effective business continuity plan based on the results of the preceding stages. It explains the detailed structure and content for an effective plan and covers the key plan execution phases: initial response and notification, problem assessment and escalation, disaster declaration, plan implementation logistics, recovery and resumption, and restoration. Numerous examples of plan activities, procedures, and tasks help to explain the content required in the plan. This chapter also addresses the requirements for an emergency response plan and crisis communication plan.
Business Continuity Plan Testing This chapter introduces the key concepts of business continuity plan testing and provides a framework for developing an effective test plan. The topics include test objectives, test benefits, test methods, test scenarios, test evaluation criteria, and test budget. The framework then explains the sequence of test plan development steps and addresses various issues and concerns that influence the test plan, such as test constraints, strategy, logistics, and risks.
Business Continuity Plan Maintenance The focus of this chapter is on maintaining the business continuity plan in a constant ready-state. It describes activities needed to ensure that the business continuity plan always remains accurate, current, and complete. Topics covered in this chapter include business continuity plan change management, plan testing, training, and audit.
This book also contains the following appendices: a summary of deliverables resulting from the six stages of the business continuity planning process; summary of business continuity standard guidelines and best practices; business continuity resource information; and a glossary of business continuity terminology.
This comprehensive text is an excellent resource for those who develop business continuity plans, manage business continuity projects, or want to learn about the subject of BCP. It is a valuable reference for people seeking certifications such as CISSP (Certified Information Systems Security Professional) or CBCP (Certified Business Continuity Professional).