eBook - ePub
Business Continuity Planning
A Step-by-Step Guide With Planning Forms
Kenneth L. Fulmer
This is a test
Compartir libro
- 190 páginas
- English
- ePUB (apto para móviles)
- Disponible en iOS y Android
eBook - ePub
Business Continuity Planning
A Step-by-Step Guide With Planning Forms
Kenneth L. Fulmer
Detalles del libro
Vista previa del libro
Índice
Citas
Información del libro
This easy workbook format shows managers new to Business Continuity Planning how to quickly develop a basic plan and keep it updated. If you've been tasked with developing a basic business continuity plan and aren't sure where to start, this workbook with sample forms, checklists, templates, and plans will walk you step-by-step through the process. The book is aimed at single/few location companies with up to 250 employees and is more oriented to an office environment, especially where computer operations are critical. It offers a fast, practical approach for small companies with limited staff and time to customize a workable plan and expand it as they grow. Endorsed by The Business Continuity Institute and Disaster Recovery Institute International, it includes these helpful tools:
Straightforward, jargon-free explanations emphasize the non-technical aspects of Information Technology/Disaster Recovery planning.
Glossary with 120 terms and Appendices with sample risk assessment and risk analysis checklists.
Extensive, easy to-use downloadable resources include reproducible worksheets, forms, templates, questionnaires, and checklists for various natural disasters and special hazards such as power outages, boiler failures, bomb threats, hazardous material spills, and civil unrest, along with a checklist for vital records storage.
For professional development or college classes the book is accompanied by a set of Instructor Materials.
Preguntas frecuentes
¿Cómo cancelo mi suscripción?
¿Cómo descargo los libros?
Por el momento, todos nuestros libros ePub adaptables a dispositivos móviles se pueden descargar a través de la aplicación. La mayor parte de nuestros PDF también se puede descargar y ya estamos trabajando para que el resto también sea descargable. Obtén más información aquí.
¿En qué se diferencian los planes de precios?
Ambos planes te permiten acceder por completo a la biblioteca y a todas las funciones de Perlego. Las únicas diferencias son el precio y el período de suscripción: con el plan anual ahorrarás en torno a un 30 % en comparación con 12 meses de un plan mensual.
¿Qué es Perlego?
Somos un servicio de suscripción de libros de texto en línea que te permite acceder a toda una biblioteca en línea por menos de lo que cuesta un libro al mes. Con más de un millón de libros sobre más de 1000 categorías, ¡tenemos todo lo que necesitas! Obtén más información aquí.
¿Perlego ofrece la función de texto a voz?
Busca el símbolo de lectura en voz alta en tu próximo libro para ver si puedes escucharlo. La herramienta de lectura en voz alta lee el texto en voz alta por ti, resaltando el texto a medida que se lee. Puedes pausarla, acelerarla y ralentizarla. Obtén más información aquí.
¿Es Business Continuity Planning un PDF/ePUB en línea?
Sí, puedes acceder a Business Continuity Planning de Kenneth L. Fulmer en formato PDF o ePUB, así como a otros libros populares de Business y Business General. Tenemos más de un millón de libros disponibles en nuestro catálogo para que explores.
Información
1
WHY SHOULD YOUR BUSINESS PREPARE FOR A DISASTER?
This chapter contains a description of the types of disasters your company might experience and the potential financial and legal ramifications that could follow.
By the end of this chapter you will:
•Understand the importance of Business Continuity Planning
•Become aware of the potential interruptions that could effect your company's bottom line
•Understand what's at stake if you do not plan
•Understand the potential legal consequences of not planning
This book subscribes to the well known rule, BE PREPARED! By planning ahead for an emergency you can help defend your business against irreparable damage or even total business failure. The time taken to plan for an emergency could be the best investment your company ever made.
WHAT DISASTER MIGHT HIT YOU?
Disasters may occur at any time for many reasons. A Business Continuity Plan (BCP) must be in place to prevent or reduce the effects of disasters. According to The Disaster Recovery Institute International (www.drii.org), 93% of companies who experience a disaster without a recovery plan close within five years. Fifty percent of companies that lose critical business functions for more than ten days never recover. For Fortune 500 companies, business and system downtime costs an average of $96,000 per minute!
There are many types of disasters that can affect your company's bottom line. Do you have a Business Continuity Plan to manage your way through these?
| Equipment Failure | Fire | Hazardous Material |
| Windstorms | Civil Disturbance | Incident |
| Biological/Radiological | Water Pipe Breakage | Extended Power Outage |
| Incident | Earthquake | Communications Failure |
| Flooding | Loss of Key Employees, | Explosion |
| Cyber Crime | Supplier or Customer | Transportation Accidents |
| Denied Access | Network failure | Terrorist Attack |
If your answer is “yes,” then take your plan out, dust it off and use this guide to assess and update your plan. If your answer is no, you are not alone and it is time to dig into this book and to begin protecting your company's assets.
IT’S TOO MUCH WORK! WHY SHOULDN’T WE JUST TAKE THE RISK?
Company management too often neglects disaster planning. The most common reasons are: lack of time and resources, lack of top management support, lack of money, too many causes of disasters to plan for effectively, little awareness of potential hazards, and lack of knowledge in developing a plan. We have all heard at least one of these reasons for not having a plan, but are any really good enough to risk the consequences of not being prepared?
Here's a simple test. Can you answer “yes” to all the following questions? If not, how would the repercussions affect your company's ability to remain in business?
1.Are you confident that you will manage through a disaster better than your competition? If not, how much business are you likely to lose?
2.Are you ensuring the safety of your personnel and customers? If not, could your legal liability put the company under?
3.Are you prepared to deal with the media, your stockholders and your employees when a disaster strikes?
4.Have you taken steps to eliminate or minimize the threat of fire, flooding, employee sabotage, cyber attack, etc.?
5.Are your company’s vital records adequately protected?
The obvious reasons for planning, like avoiding financial ruin, maintaining market share and minimizing negative publicity, are important ones. But there is another convincing reason for Business Continuity Planning: avoiding potential legal problems.
LEGAL REASONS FOR HAVING A PLAN
Protecting the confidentiality, integrity and availability of a patient’s medical information is no longer just a best practice for healthcare entities, but a legal requirement.
As passed by the United States Congress, the Health Insurance Portability and Accountability Act of 1996 (HIPAA) -PL 104-191 Standards for Privacy of Individually Identifiable Health Information - 45 CFR Parts 160 and 164, institutes administrative reforms that have been phased in over the period from 2000 through 2003. Of major importance in the HIPAA legislation is the issue of data and transaction standardization — a mandate very few healthcare providers can circumvent if they bill third parties for services provided to patients. The HIPAA regulations apply to “covered entities,” groups that include health plans, health care clearinghouses, and health care providers that transmit any health information in electronic form. The law also changes the way the “covered entities” have to protect the privacy of a patient’s health information, and contains security procedures that must be followed to protect the integrity of a patient’s health information. For more information on the Health Insurance Portability and Accountability Act of 1996 go to www.cms.hhs.gov/hipaa.
Other legal reasons for Business Continuity Planning and disaster recovery capability have been categorized to respond to a law, statute or regulation that specifically requires your business to have a disaster recovery plan. Contingency Planning and Research, Inc. categorized these applicable statutes into 5 areas. Each area is presented here, but is not intended by Contingency Planning and Research, Inc. to be all-inclusive:
•Contingency Planning Statutes — Apply to the development of plans to ensure the recoverability of critical systems. Example: Federal Financial Institutions Examination Council (FFIEC). The FFIEC guidelines replace previously issued Banking Circulars, BC-177, BC-226, etc.
•Liability Statues — Establish levels of liability under the “Prudent Man Laws” for directors and officers of a corporation. Example: Foreign Corrupt Practices Act (FCPA).
•Life and Safety Statutes — Set out specific ordinances and standards for ensuring the protection of employees in the workplace. Examples: National Fire Protection Association (NFPA), Occupational Safety & Health Administration (OSHA).
•Risk Reduction Statues — Stipulate areas of risk management required to reduce and/or mitigate the effects of a disaster. Example: Office of the Comptroller (“OCC”); Circular 235 and Thrift Bulletin 30.
•Security Statutes — Cover areas of computer fraud, abuse and misappropriation of computerized assets. Example: Federal Computer Security Act.
•Vital Records Management Statutes — Specifications for the retention and disposition of corporate electronic and hard-copy records. Example: IRS Records Retention requirements.
Statutory Example
The Federal Financial Institutions Examination Council (FFIEC), consisting of the Board of Governors of the Federal Reserve System, the Federal Deposit Insurance Corporation, Office of the Comptroller of the Currency, Office of Thrift Supervision, and the National Credit Union Administration, issued on May 20, 2003 revised guidance for examiners and financial institutions on business continuity planning. The FFIEC also issued guidance to bank examiners on the supervision of technology service providers. The guidance is contained in two booklets.
The Business Continuity Planning Booklet provides guidance and examination procedures to assist bank examiners in evaluating financial institution and service provider risk management processes to ensure the availability of critical financial services.
The Supervision of Technology Service Providers Booklet covers the supervision and examination of services performed for financial institutions by technology service providers. It outlines the agencies’ risk-based supervision approach, the supervisory process, and the examination ratings used for technology service providers.
The guidance stresses that an institution’s management and board of directors have the ultimate responsibility for ensuring outsourced activities are conducted in a safe and sound manner and in compliance with applicable laws and regulations.
These booklets represent the latest in a series of updates to the 1996 FFIEC Information Systems Examination Handbook. The FFIEC is updating the Handbook to address significant changes in technology since 1996 and to incorporate a risk-based examination approach. The updates are being issued in separate booklets that will ultimately replace all chapters of the Handbook and comprise the new FFIEC Information Technology Handbook.
The booklets are being distributed electronically and are available at www.ffiec.gov/guides.htm.
Determining Liability
Other legal reasons are that most businesses have contracts with one another, and some may require that their suppliers perform, no matter what happens. Banks, manufacturers, insurance companies and other businesses are aware of the importance of Business Continuity Planning. These businesses obviously do not want to bite the dust if their suppliers fail to deliver after a disaster. So, review your contracts closely. If you provide services to another company, you may be required by contract to have a continuity plan that has been tested and proved reliable. Even if contracts include a “Force Majeure” clause limiting liability in extreme circumstances, you could still lose business partners, suppliers or clients.
Many attorneys know another reason as “common law.” Common law grew out of court decisions and some very old laws. Many of the laws today regarding negligence and fiduciary responsibilities were assembled out of the common law.
In a common law instance, your company may have fiduciary obligations and “duties of care” to its shareholders and customers. Plaintiff...