eBook - ePub
The Manager's Guide to Business Continuity Exercises
Testing Your Plan
- 114 pages
- English
- ePUB (mobile friendly)
- Available on iOS & Android
eBook - ePub
The Manager's Guide to Business Continuity Exercises
Testing Your Plan
About this book
You designed your Business Continuity Plan to keep your business in business regardless of the forces of man and nature. But how do you know that the plan really works? Few companies can afford the recommended full-scale exercises several times a year. In The Manager's Guide to Business Continuity Exercises, Jim Burtles, an internationally known expert, details the options for conducting a range of tests and exercises to keep your plan effective and up to date.
Your challenge is to maintain a good and effective plan in the face of changing circumstances and limited budgets. If your situation is like that in most companies, you really cannot depend on the results of last year's test or exercise of the plan. People tend to forget, lose confidence, lose interest, or even be replaced by other people who were not involved in your original planning. Jim Burtles explains:
"You cannot have any real confidence in your plans and procedures until they have been fully tested…Exercises are the only way we can be sure that the people will be able to interpret the plans and procedures correctly within the requisite timeframe under difficult circumstances."
As you do your job in this constantly shifting context, Jim Burtles helps you to:• Differentiate between an "exercise" and a "test" – and see the value of each in your BC program.• Understand the different types of plans and identify the people who need to be involved in exercises and tests for each. • Use the "Five-Stage Growth Path" – from desktop to walkthrough to full-scale exercise -- to conduct gradual testing, educate personnel, foster capability, and build confidence.• Create a variety of unusual scenario plot-lines that will keep up everyone's interest.• Identify the eight main elements in developing and delivering a successful BC exercise.• Select and prepare a "delivery team" and a "response team" for your exercise.• Make sure everyone understands the "rules of engagement." • Use the lessons learned from exercises and tests to audit, update, and maintain the plan.
You are well aware that a host of problems may crop up in any kind of company-wide project. These problems can range from basic logistics like time and place, to non-support from executives and managers, to absenteeism, to the weather, to participants forgetting their lines. Throughout the book, Burtles uses his decades of experience working with companies like yours to give you useful examples, case studies, and down-to-earth advice to help you handle the unexpected and work toward the results you are looking for.
Frequently asked questions
Yes, you can cancel anytime from the Subscription tab in your account settings on the Perlego website. Your subscription will stay active until the end of your current billing period. Learn how to cancel your subscription.
No, books cannot be downloaded as external files, such as PDFs, for use outside of Perlego. However, you can download books within the Perlego app for offline reading on mobile or tablet. Learn more here.
Perlego offers two plans: Essential and Complete
- Essential is ideal for learners and professionals who enjoy exploring a wide range of subjects. Access the Essential Library with 800,000+ trusted titles and best-sellers across business, personal growth, and the humanities. Includes unlimited reading time and Standard Read Aloud voice.
- Complete: Perfect for advanced learners and researchers needing full, unrestricted access. Unlock 1.4M+ books across hundreds of subjects, including academic and specialized titles. The Complete Plan also includes advanced features like Premium Read Aloud and Research Assistant.
We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 1000+ topics, we’ve got you covered! Learn more here.
Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more here.
Yes! You can use the Perlego app on both iOS or Android devices to read anytime, anywhere — even offline. Perfect for commutes or when you’re on the go.
Please note we cannot support devices running on iOS 13 and Android 7 or earlier. Learn more about using the app.
Please note we cannot support devices running on iOS 13 and Android 7 or earlier. Learn more about using the app.
Yes, you can access The Manager's Guide to Business Continuity Exercises by Jim Burtles, Kristen Noakes-Fry in PDF and/or ePUB format, as well as other popular books in Commerce & Assurance. We have over one million books available in our catalogue for you to explore.
Information
Chapter 1
Plans and Their Purposes
Perhaps the major influence on the type and number of plans will be the scale of the enterprise or the operation. For a large organization which is spread across a number of sites or locations, there will probably be some six or seven types of plans. Each of these plans will serve a different purpose and may be used in isolation under certain limited circumstances; whereas a major emergency may necessitate the use of most, or even all, of the plans.
The decision to follow the procedures outlined within one of your contingency plans is generally referred to as an activation. Part of the activation process should be concerned with considering the activation of other plans or the raising of alerts. An alert is the procedure for warning team leaders of circumstances which might lead to an activation. In a smaller organization, some of the plans may serve as modules that are combined to create a smaller number of plans, each with a broader scope.
By using a consistent format, you can regard your plans as modules within a suite of plans. Each module is designed to help one of the teams fulfill a particular purpose in response to an emergency situation. Consistency allows you to move people, or even tasks, from one team to another, if the occasion should warrant. It also makes the maintenance and education process much easier for everybody concerned.
1.1 Areas of Responsibility
By looking at the main roles in the typical organizational structure, you can see how individual actions in these roles are likely to change when the organization, or its activities, is threatened or disturbed.
Directors: At the top of the organization, the directors are normally concerned with policies and strategies to ensure the long-term success of the enterprise.
Executives: Applying those strategies and running the overall business operation is the responsibility of the executives who are in regular dialogue with the directors.
Managers: The managers then run the individual business units or functions, each contributing to satisfying the needs of the clients and the expectations of the executives. Again there is regular dialogue with executives.
Operators and Technicians: The operators perform the tasks required by the business functions and report to the managers. The technical support people ensure that the systems and processes are properly developed and maintained in accordance with the business requirements. They report and provide advice to the managers and they also provide support and guidance to the operators.
This structure and the interfaces are shown in Figure 1-1.
Business Structure and Interfaces
Figure 1-1. Roles in the Typical Organizational Structure
The key tasks these five key classes of personnel are likely to face in an emergency situation are shown in Figure 1-2.
Figure 1-2. Key Tasks to Be Performed in an Emergency
In the case of a physical threat to the premises, the major task at all levels is to ensure everyone can get out safely under all circumstances - the number one priority for any enterprise no matter what the line, or style, of business might be. Therefore, the personal safety of everyone on the premises is a concern of all parties, although it might well be the direct responsibility of the security manager. However, many business disruptions will not require the emergency evacuation of personnel. The need for evacuation is associated only with a physical disruption.
Where relocation of personnel is required by technical or other issues, it is neither an emergency nor does it require an evacuation, and the appropriate response is covered by the other plans.
• The directors will need to protect the brand, image, and reputation of the enterprise. This represents the long-term value of the business. A blemish to the reputation can have disastrous consequences.
• Executives should focus their attention on dealing with the emergency by establishing control and setting out to contain the effects so as to reduce the damage and costs.
• Meanwhile the managers will be concentrating on resuming the business operation so as to sustain the customer interfaces.
• While the technicians recover the systems and services, the operators will be restoring the actual business functions behind the customer interface.
They need to be written in plain language, conveying simple messages, and providing clear directions.
1.1.1 Plan Types and Responsibilities
Each of these tasks will be supported by a particular type of plan, as demonstrated in Figure 1-3.
Figure 1-3. Hierarchy of Plans Related to Tasks and Functions
Later in this chapter, you will have the opportunity to explore the business recovery plan as a sample because it is very typical and has a broad application. Its structure and format can be adopted later as the basis for all of the other types of plans.
1.2 The Plan Development Process
Bear in mind that any BC plan is going to be used in times of stress or uncertainty. While these documents are designed for use in an emergency they are far more likely to be referred to during training exercises; but they must be suited to both. More importantly, they are definitely not intended to represent intellectual capital, to stimulate debate, or offer a persuasive argument. They need to be written in plain language, conveying simple messages, and providing clear directions.
Golden Rules for Writing a Plan
> Avoid jargon or unfamiliar words. Special or obscure meanings cause misunderstandings which can lead to mistakes.
> Avoid the use of acronyms. If you have to use them, include a clear explanation every time they appear.
> Remove the clutter. There is no need to include anything that is not directly related to the purpose of the plan.
> Make it easy to read. Use large clear typefaces; include simple diagrams. Leave wide margins or spaces for the users to make notes or corrections.
> Use color sparingly. It can be difficult to discern in poor light, especially for those who are color blind.
> Number every page and indicate the total number of pages. Doing that provides a useful means of checking for missing pages. There is often a suspicion that there should be another list at the back.
> Include version control information, such as the release level or issue date. Everyone should work with the same version.
> Treat contingency plans as the confidential documents they are. They contain information which could be very useful to anyone with bad intentions.
> Pay particular attention to the presentation and appearance of your plans. They are valuable documents which should be treated with respect. Scruffy collections of ill-assorted papers tend to devalue the contents in the eyes of the beholder.
Because BC is an ongoing reiterative process, i.e., regularly repeating the same steps in a continuous learning and improvement cycle, it is difficult to define an absolute start point. You can’t really design the plans until you know something about what goes into them. (The main content has already been reviewed in previous chapters.) In sum, there are five basic stages to the development of any of the various plan types or modules:
1. Select and agree upon the overall design and structure of the plan.
2. Determine data requirements and gather the data.
3. Determine strategy for the key phases of response and recovery.
4. Allocate the emergency tasks and responsibilities.
5. Prepare the draft plan.
The major benefits stem from the process of inspection, deliberation, and agreement...
1.2.1 Design and Structure
Preparing a plan or module starts with the selection or development of a suitable design and structure. Over the years, many people have designed and worked with thousands of BC plans with varying degrees of success. Therefore, it makes sense to tap into the wealth of knowledge and experience that must exist, rather than attempt to start from scratch with little or no guarantee of a successful outcome. This chapter will take you through the underlying concepts and then move on to looking at a range of templates. You can either adopt or adapt these templates for your own use, or you can continue your search for a suitable model elsewhere. Either way, it will help if you have a clear understanding of how these documents differ from other types of documents and from each other.
These documents are unique in the sense that they are intended to be used only under times of stress and difficulty. Even stranger, you probably cannot expect to ever use them under those particular circumstances. The major benefits stem from the process of inspection, deliberation, and agreement rather than the possession of the plans themselves. Further benefits are to be gained from the exercises and tests based on these plans. The plans should be seen as your emergency vehicles rather than your transport systems; they are useful tools but not complete solutions.
The typical structure or hierarchy of a business enterprise can be compared to a Greek temple. The foundation of this structure is the financial investment or capital which enables the enterprise to acquire supplies and resources. Supplies and resources are fed into the various business functions by their administration and each of these functions is subject to supervision. The management team runs the overall business in support of the corporate mission.
This working structure needs to be replicated in an emergency situation where the primary intention is to restore some degree of normality as quickly and effectively as possible.
Under these conditions the foundation investment, or capital, is in the form of reference information. This translates into the skills and knowledge which support the various business unit recovery plans. The supervision and management of these activities is outlined in the emergency response plan, which supports the immediate needs of the business as a whole.
While this temple model does provide us with a generalized overview of how BC management works in practice, it is rather simplistic and doesn’t give a clear indication of the full range of plans that may be required. In order to get a more accurate and detailed view of the plan types, you need to look at the levels of responsibility and the types of tasks which the plans must support.
1.2.1.1 Relation of Plan Type to Area of Responsibility
In most organizations there are five key classes of personnel, each with particular levels of interest and types of concerns. Earlier in this chapter, Figure 1-3 showed the relationship between plan types and areas of responsibility. Many of these interests and concerns will be shared with others, but in practice the actions and responsibilities of individuals will reflect their position within the hierarchy. Almost separate to the main thrust of the business operation is the general concern for the health and safety of everyone in times of danger. This is usually the concern of the security people who watch over and protect the others without being integrated into the core business functions. Indeed, the very nature of their job precludes them from developing close links or relationships with any particular area or group. They have to retain a degree of independence.
Figure 1-1 illustrates the various levels and how they interface with each other under normal operating conditions. The directors set the corporate policy which the executives interpret as the strategy for their division. The managers decide on the tactics to meet those st...
Table of contents
- Cover
- Title page
- Copyright
- Preface
- Introduction
- Chapter 1: Plans and Their Purposes
- Chapter 2: Getting Started with Testing Your Plans
- Chapter 3: Delivering a Successful Exercise
- Chapter 4: Auditing and Maintaining the Plan
- Appendix A: Estimating Evacuation Time
- Appendix B: Developing Scenario Plot Lines
- About the Author
- Credits