Business Continuïteitsmanagement

Business Continuity Strategies – Protecting Against Unplanned Disasters – Third Edition

admin

Author: Kenneth N. Myers

In this book, the author discusses strategies for addressing two classes of catastrophic crises that can happen to an organization: the failure of computers, and violence and terror in the workplace.

Many times, the author fights two things concerning the first class:

–    Deciding too easily for a disaster recovery site where all business software is duplicated
–    Making the wrong questions to the business people when determining the BIA.

As far as the latter is concerned, the consultants turn out to be asking the questions mainly structurally wrong, eg do not ask:

–    How long can you do without a PC?

Because then the answer is always something very short-lasting, like “24 hours”

Ask the question differently by confronting them with the actual situation that has occurred:

–    IT and the server network are available for 14 calendar days. What are you going to do and what do you need to continue / save the business?

Because of this other approach to ask the questions, the business people are much more aware of the problems that might arise and they start thinking better.

The author also gives a number of examples of alternative approaches to a number of branches in organizations during times of crisis, which can be applied in a large number of companies. This is to temporarily bridge the PC-less period, the time that the ICT department needs to make everything back up and running.

In this book the author tackles the question in a solid way. The first chapter is therefore about defining the issue. Then the chapters on computer problems and violence come to the workplace. Then he gives some advice on how to approach a contingency plan. He also gives some attention to awareness and training.

Apart from the number of alternative examples of the possible practices in case of a computer outage, for which a disaster recovery website is good and what is not, and how the questions need to be asked to the business for drawing up a BIA and the related contingency plan, the book remains theoretically at a good level. It therefore classifies itself on a level above that of beginners.

Business Continuity Management – Building an effective Incident Management Plan.

admin

Author: Michael Blyth

In this book the author works steadily towards his goal in the first three chapters: demonstrating the importance of Incident Management Plans (IMP), in addition to a BCP.

In addition, in chapter 4 he describes the inevitable: “what if?” Is the key question for some 40 cases, each of which is explained in text form, with chapters 5 and 6 providing the promising basis for the elaboration plans and questionnaires.

Chapter 5 gives the guidelines of the plans, in which there is a principle of a triptych: a first table is filled in to get an idea of ​​which (part of) the organization is involved. An outline of entity, place, time … Then the steps to take are taken: these have been drawn up as a so called “Guideline”, not to follow slavishly, but by interpretation. The third part of the guidelines forms the framework with suitable organizations / key persons that can be contacted.

Chapter 6 provides questionnaires, one per IMP, that can be used to estimate the situation, in addition to the questions of “SAD CHALETS”, the mnemonic used by the English Police to get a view of the situation. In addition, this chapter also contains a template for a risk assessment, which can be used during the crisis, to estimate the evolution of the crisis.

The book also contains a URL with password, where you can find the English text of chapters 5 and 6 in a word document for further development tailored to your own organization.

The book is thus actually a book for doers, with, to a limited extent, an introductory theoretical exposition.

However, in terms of IMP for cybersecurity it has not been worked out enough (which I think could have been a separate piece). Other threats have been worked out. Some threats are becoming more and more relevant for affiliates in the USA and elsewhere with current climate changes. Other are more universal in nature.

A Guide to Business Continuity Planning

admin

Author: James C. Barnes

In this book, the author brings together his wisdoms that he collected during the execution of his work as a consultant in the business continuity branch. They are not high-flowing theories, rather a collection of facts that he illustrates very extensively with fairly complete examples, which, after interpretation of their own business and possible adaptation to their own templates, are ready for use.

Specifically, the author gives examples of:

–     a work plan
–     an offer,
–     a policy statement
–     a BIA
–     crisis procedures
–     Other…

In addition, he goes through the development of BCM as through a project. Each phase of the project is a chapter, seasoned with practical examples that provide inspiration for the ‘own work’ of the reader.

That is why the book is interesting for a practical person, regardless of whether he / she is a consultant or has to set up BCM for his or her own organization.

Business Continuity And The Pandemic Threat

admin

Author: Robert A. Clark

With this book the author, Robert A. Clark, draws attention to an important issue that is on the border between BCM and Risk Management, but what is traditionally attributed to BCM, namely the pandemic threat. This threat is relevant because statistically it has manifested itself every 30 years on average over the last 300 years.

The book is divided into two parts: ‘Part I: Understanding the Threat’ and ‘Part II: Preparing for the Inevitable’

Part I talks extensively about micro-organisms, what a pandemic really is, dangers of germs in the hands of criminals and terrorists, a brief history of the most important known pandemics, and the danger of hospital bacteria (anti microbial resistance of AMR). In two separate chapters, he elaborates on the cases of SARS and the Spanish Flu of 1918-1919, which continue throughout the book as the classic examples. He concludes part I with a comparison between the two cases that are still extremes: the Spanish flu with 50,000,000 deaths and SARS with a good 1000 deaths and ‘only’ 8,000 infections worldwide.

Part II deals with the approach to pandemics. He starts from two positions: preparation and response. He talks about what can be done on a world, national, organizational and individual level. What is important in Part II is, in my opinion, the attention he gives to the important points for a pandemic plan. He does this however, without giving a concrete pandemic plan or template. This, however, he makes good by referring in the appendices to a website where a template can be found: www.bcm-consultancy.com/pandemicthreat. But it does not stay there. He also describes what to do with it if there is no pandemic: practice and validate. He gives an overview of a number of types of exercises, ranging from very simple to very complex and extensive.

A limited part of the attention for the characteristics of a pandemic plan go to supply chain.

Meanwhile it was noted that the template is no longer available on the website. An example of a pandemic plan (in Dutch) can be found on this website: ‘http://www.emannuel.eu/uncategorized/pandemieplan/’

In Hindsight – A compendium of Business Continuity case studies

admin

Edited by Robert A Clark

In Hindsight reflects on a series of disasters from a BCM perspective. Some organizations have scored good, others did not. Five organizations were not prepared and did not make it. A sixth has made it thanks to an extraordinary portion of luck. Some disasters had extraordinary proportions and global consequences. Others stayed local. The causes vary, from brutal bad luck like acts of God and accompanying volcanic eruptions, to things that could be prevented like the Herald of Free Enterprise, in which somebody is clearly to blame.

Other causes of human nature are lack of insight or poor management, profiteering, stupidity, terror, … All these things have in common that they are in the environment of many organizations.

The consequences can be equally diverse: environmental damage, death, safety and health problems, global economic crisis, legal prosecutions …

This diversity of topics makes the book very suitable as an eye-opener for managers and boards of directors.

The penultimate chapter also emphasizes the importance of small sparks: fraud, cyber attacks, employee dissatisfaction, the media, small and large fires, including those of the neighbors, poor planning of major projects, breaches of information security such as data theft, floods, diseases, etc.

But the final message, perhaps the most important, is in a quote from Vince Lombardi, a former American football player, who said: “It is not whether you get knocked down; it’s wheter you get up “. And that requires preparation.