eBook - ePub
Business Continuity Planning
A Step-by-Step Guide With Planning Forms
Kenneth L. Fulmer
This is a test
Share book
- 190 pages
- English
- ePUB (mobile friendly)
- Available on iOS & Android
eBook - ePub
Business Continuity Planning
A Step-by-Step Guide With Planning Forms
Kenneth L. Fulmer
Book details
Book preview
Table of contents
Citations
About This Book
This easy workbook format shows managers new to Business Continuity Planning how to quickly develop a basic plan and keep it updated. If you've been tasked with developing a basic business continuity plan and aren't sure where to start, this workbook with sample forms, checklists, templates, and plans will walk you step-by-step through the process. The book is aimed at single/few location companies with up to 250 employees and is more oriented to an office environment, especially where computer operations are critical. It offers a fast, practical approach for small companies with limited staff and time to customize a workable plan and expand it as they grow. Endorsed by The Business Continuity Institute and Disaster Recovery Institute International, it includes these helpful tools:
Straightforward, jargon-free explanations emphasize the non-technical aspects of Information Technology/Disaster Recovery planning.
Glossary with 120 terms and Appendices with sample risk assessment and risk analysis checklists.
Extensive, easy to-use downloadable resources include reproducible worksheets, forms, templates, questionnaires, and checklists for various natural disasters and special hazards such as power outages, boiler failures, bomb threats, hazardous material spills, and civil unrest, along with a checklist for vital records storage.
For professional development or college classes the book is accompanied by a set of Instructor Materials.
Frequently asked questions
How do I cancel my subscription?
Can/how do I download books?
At the moment all of our mobile-responsive ePub books are available to download via the app. Most of our PDFs are also available to download and we're working on making the final remaining ones downloadable now. Learn more here.
What is the difference between the pricing plans?
Both plans give you full access to the library and all of Perlegoās features. The only differences are the price and subscription period: With the annual plan youāll save around 30% compared to 12 months on the monthly plan.
What is Perlego?
We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 1000+ topics, weāve got you covered! Learn more here.
Do you support text-to-speech?
Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more here.
Is Business Continuity Planning an online PDF/ePUB?
Yes, you can access Business Continuity Planning by Kenneth L. Fulmer in PDF and/or ePUB format, as well as other popular books in Business & Business General. We have over one million books available in our catalogue for you to explore.
Information
1
WHY SHOULD YOUR BUSINESS PREPARE FOR A DISASTER?
This chapter contains a description of the types of disasters your company might experience and the potential financial and legal ramifications that could follow.
By the end of this chapter you will:
ā¢Understand the importance of Business Continuity Planning
ā¢Become aware of the potential interruptions that could effect your company's bottom line
ā¢Understand what's at stake if you do not plan
ā¢Understand the potential legal consequences of not planning
This book subscribes to the well known rule, BE PREPARED! By planning ahead for an emergency you can help defend your business against irreparable damage or even total business failure. The time taken to plan for an emergency could be the best investment your company ever made.
WHAT DISASTER MIGHT HIT YOU?
Disasters may occur at any time for many reasons. A Business Continuity Plan (BCP) must be in place to prevent or reduce the effects of disasters. According to The Disaster Recovery Institute International (www.drii.org), 93% of companies who experience a disaster without a recovery plan close within five years. Fifty percent of companies that lose critical business functions for more than ten days never recover. For Fortune 500 companies, business and system downtime costs an average of $96,000 per minute!
There are many types of disasters that can affect your company's bottom line. Do you have a Business Continuity Plan to manage your way through these?
| Equipment Failure | Fire | Hazardous Material |
| Windstorms | Civil Disturbance | Incident |
| Biological/Radiological | Water Pipe Breakage | Extended Power Outage |
| Incident | Earthquake | Communications Failure |
| Flooding | Loss of Key Employees, | Explosion |
| Cyber Crime | Supplier or Customer | Transportation Accidents |
| Denied Access | Network failure | Terrorist Attack |
If your answer is āyes,ā then take your plan out, dust it off and use this guide to assess and update your plan. If your answer is no, you are not alone and it is time to dig into this book and to begin protecting your company's assets.
ITāS TOO MUCH WORK! WHY SHOULDNāT WE JUST TAKE THE RISK?
Company management too often neglects disaster planning. The most common reasons are: lack of time and resources, lack of top management support, lack of money, too many causes of disasters to plan for effectively, little awareness of potential hazards, and lack of knowledge in developing a plan. We have all heard at least one of these reasons for not having a plan, but are any really good enough to risk the consequences of not being prepared?
Here's a simple test. Can you answer āyesā to all the following questions? If not, how would the repercussions affect your company's ability to remain in business?
1.Are you confident that you will manage through a disaster better than your competition? If not, how much business are you likely to lose?
2.Are you ensuring the safety of your personnel and customers? If not, could your legal liability put the company under?
3.Are you prepared to deal with the media, your stockholders and your employees when a disaster strikes?
4.Have you taken steps to eliminate or minimize the threat of fire, flooding, employee sabotage, cyber attack, etc.?
5.Are your companyās vital records adequately protected?
The obvious reasons for planning, like avoiding financial ruin, maintaining market share and minimizing negative publicity, are important ones. But there is another convincing reason for Business Continuity Planning: avoiding potential legal problems.
LEGAL REASONS FOR HAVING A PLAN
Protecting the confidentiality, integrity and availability of a patientās medical information is no longer just a best practice for healthcare entities, but a legal requirement.
As passed by the United States Congress, the Health Insurance Portability and Accountability Act of 1996 (HIPAA) -PL 104-191 Standards for Privacy of Individually Identifiable Health Information - 45 CFR Parts 160 and 164, institutes administrative reforms that have been phased in over the period from 2000 through 2003. Of major importance in the HIPAA legislation is the issue of data and transaction standardization ā a mandate very few healthcare providers can circumvent if they bill third parties for services provided to patients. The HIPAA regulations apply to ācovered entities,ā groups that include health plans, health care clearinghouses, and health care providers that transmit any health information in electronic form. The law also changes the way the ācovered entitiesā have to protect the privacy of a patientās health information, and contains security procedures that must be followed to protect the integrity of a patientās health information. For more information on the Health Insurance Portability and Accountability Act of 1996 go to www.cms.hhs.gov/hipaa.
Other legal reasons for Business Continuity Planning and disaster recovery capability have been categorized to respond to a law, statute or regulation that specifically requires your business to have a disaster recovery plan. Contingency Planning and Research, Inc. categorized these applicable statutes into 5 areas. Each area is presented here, but is not intended by Contingency Planning and Research, Inc. to be all-inclusive:
ā¢Contingency Planning Statutes ā Apply to the development of plans to ensure the recoverability of critical systems. Example: Federal Financial Institutions Examination Council (FFIEC). The FFIEC guidelines replace previously issued Banking Circulars, BC-177, BC-226, etc.
ā¢Liability Statues ā Establish levels of liability under the āPrudent Man Lawsā for directors and officers of a corporation. Example: Foreign Corrupt Practices Act (FCPA).
ā¢Life and Safety Statutes ā Set out specific ordinances and standards for ensuring the protection of employees in the workplace. Examples: National Fire Protection Association (NFPA), Occupational Safety & Health Administration (OSHA).
ā¢Risk Reduction Statues ā Stipulate areas of risk management required to reduce and/or mitigate the effects of a disaster. Example: Office of the Comptroller (āOCCā); Circular 235 and Thrift Bulletin 30.
ā¢Security Statutes ā Cover areas of computer fraud, abuse and misappropriation of computerized assets. Example: Federal Computer Security Act.
ā¢Vital Records Management Statutes ā Specifications for the retention and disposition of corporate electronic and hard-copy records. Example: IRS Records Retention requirements.
Statutory Example
The Federal Financial Institutions Examination Council (FFIEC), consisting of the Board of Governors of the Federal Reserve System, the Federal Deposit Insurance Corporation, Office of the Comptroller of the Currency, Office of Thrift Supervision, and the National Credit Union Administration, issued on May 20, 2003 revised guidance for examiners and financial institutions on business continuity planning. The FFIEC also issued guidance to bank examiners on the supervision of technology service providers. The guidance is contained in two booklets.
The Business Continuity Planning Booklet provides guidance and examination procedures to assist bank examiners in evaluating financial institution and service provider risk management processes to ensure the availability of critical financial services.
The Supervision of Technology Service Providers Booklet covers the supervision and examination of services performed for financial institutions by technology service providers. It outlines the agenciesā risk-based supervision approach, the supervisory process, and the examination ratings used for technology service providers.
The guidance stresses that an institutionās management and board of directors have the ultimate responsibility for ensuring outsourced activities are conducted in a safe and sound manner and in compliance with applicable laws and regulations.
These booklets represent the latest in a series of updates to the 1996 FFIEC Information Systems Examination Handbook. The FFIEC is updating the Handbook to address significant changes in technology since 1996 and to incorporate a risk-based examination approach. The updates are being issued in separate booklets that will ultimately replace all chapters of the Handbook and comprise the new FFIEC Information Technology Handbook.
The booklets are being distributed electronically and are available at www.ffiec.gov/guides.htm.
Determining Liability
Other legal reasons are that most businesses have contracts with one another, and some may require that their suppliers perform, no matter what happens. Banks, manufacturers, insurance companies and other businesses are aware of the importance of Business Continuity Planning. These businesses obviously do not want to bite the dust if their suppliers fail to deliver after a disaster. So, review your contracts closely. If you provide services to another company, you may be required by contract to have a continuity plan that has been tested and proved reliable. Even if contracts include a āForce Majeureā clause limiting liability in extreme circumstances, you could still lose business partners, suppliers or clients.
Many attorneys know another reason as ācommon law.ā Common law grew out of court decisions and some very old laws. Many of the laws today regarding negligence and fiduciary responsibilities were assembled out of the common law.
In a common law instance, your company may have fiduciary obligations and āduties of careā to its shareholders and customers. Plaintiff...