eBook - ePub
Business Continuity Planning
A Step-by-Step Guide With Planning Forms
Kenneth L. Fulmer
This is a test
Condividi libro
- 190 pagine
- English
- ePUB (disponibile sull'app)
- Disponibile su iOS e Android
eBook - ePub
Business Continuity Planning
A Step-by-Step Guide With Planning Forms
Kenneth L. Fulmer
Dettagli del libro
Anteprima del libro
Indice dei contenuti
Citazioni
Informazioni sul libro
This easy workbook format shows managers new to Business Continuity Planning how to quickly develop a basic plan and keep it updated. If you've been tasked with developing a basic business continuity plan and aren't sure where to start, this workbook with sample forms, checklists, templates, and plans will walk you step-by-step through the process. The book is aimed at single/few location companies with up to 250 employees and is more oriented to an office environment, especially where computer operations are critical. It offers a fast, practical approach for small companies with limited staff and time to customize a workable plan and expand it as they grow. Endorsed by The Business Continuity Institute and Disaster Recovery Institute International, it includes these helpful tools:
Straightforward, jargon-free explanations emphasize the non-technical aspects of Information Technology/Disaster Recovery planning.
Glossary with 120 terms and Appendices with sample risk assessment and risk analysis checklists.
Extensive, easy to-use downloadable resources include reproducible worksheets, forms, templates, questionnaires, and checklists for various natural disasters and special hazards such as power outages, boiler failures, bomb threats, hazardous material spills, and civil unrest, along with a checklist for vital records storage.
For professional development or college classes the book is accompanied by a set of Instructor Materials.
Domande frequenti
Come faccio ad annullare l'abbonamento?
È semplicissimo: basta accedere alla sezione Account nelle Impostazioni e cliccare su "Annulla abbonamento". Dopo la cancellazione, l'abbonamento rimarrà attivo per il periodo rimanente già pagato. Per maggiori informazioni, clicca qui
È possibile scaricare libri? Se sì, come?
Al momento è possibile scaricare tramite l'app tutti i nostri libri ePub mobile-friendly. Anche la maggior parte dei nostri PDF è scaricabile e stiamo lavorando per rendere disponibile quanto prima il download di tutti gli altri file. Per maggiori informazioni, clicca qui
Che differenza c'è tra i piani?
Entrambi i piani ti danno accesso illimitato alla libreria e a tutte le funzionalità di Perlego. Le uniche differenze sono il prezzo e il periodo di abbonamento: con il piano annuale risparmierai circa il 30% rispetto a 12 rate con quello mensile.
Cos'è Perlego?
Perlego è un servizio di abbonamento a testi accademici, che ti permette di accedere a un'intera libreria online a un prezzo inferiore rispetto a quello che pagheresti per acquistare un singolo libro al mese. Con oltre 1 milione di testi suddivisi in più di 1.000 categorie, troverai sicuramente ciò che fa per te! Per maggiori informazioni, clicca qui.
Perlego supporta la sintesi vocale?
Cerca l'icona Sintesi vocale nel prossimo libro che leggerai per verificare se è possibile riprodurre l'audio. Questo strumento permette di leggere il testo a voce alta, evidenziandolo man mano che la lettura procede. Puoi aumentare o diminuire la velocità della sintesi vocale, oppure sospendere la riproduzione. Per maggiori informazioni, clicca qui.
Business Continuity Planning è disponibile online in formato PDF/ePub?
Sì, puoi accedere a Business Continuity Planning di Kenneth L. Fulmer in formato PDF e/o ePub, così come ad altri libri molto apprezzati nelle sezioni relative a Business e Business General. Scopri oltre 1 milione di libri disponibili nel nostro catalogo.
Informazioni
1
WHY SHOULD YOUR BUSINESS PREPARE FOR A DISASTER?
This chapter contains a description of the types of disasters your company might experience and the potential financial and legal ramifications that could follow.
By the end of this chapter you will:
•Understand the importance of Business Continuity Planning
•Become aware of the potential interruptions that could effect your company's bottom line
•Understand what's at stake if you do not plan
•Understand the potential legal consequences of not planning
This book subscribes to the well known rule, BE PREPARED! By planning ahead for an emergency you can help defend your business against irreparable damage or even total business failure. The time taken to plan for an emergency could be the best investment your company ever made.
WHAT DISASTER MIGHT HIT YOU?
Disasters may occur at any time for many reasons. A Business Continuity Plan (BCP) must be in place to prevent or reduce the effects of disasters. According to The Disaster Recovery Institute International (www.drii.org), 93% of companies who experience a disaster without a recovery plan close within five years. Fifty percent of companies that lose critical business functions for more than ten days never recover. For Fortune 500 companies, business and system downtime costs an average of $96,000 per minute!
There are many types of disasters that can affect your company's bottom line. Do you have a Business Continuity Plan to manage your way through these?
| Equipment Failure | Fire | Hazardous Material |
| Windstorms | Civil Disturbance | Incident |
| Biological/Radiological | Water Pipe Breakage | Extended Power Outage |
| Incident | Earthquake | Communications Failure |
| Flooding | Loss of Key Employees, | Explosion |
| Cyber Crime | Supplier or Customer | Transportation Accidents |
| Denied Access | Network failure | Terrorist Attack |
If your answer is “yes,” then take your plan out, dust it off and use this guide to assess and update your plan. If your answer is no, you are not alone and it is time to dig into this book and to begin protecting your company's assets.
IT’S TOO MUCH WORK! WHY SHOULDN’T WE JUST TAKE THE RISK?
Company management too often neglects disaster planning. The most common reasons are: lack of time and resources, lack of top management support, lack of money, too many causes of disasters to plan for effectively, little awareness of potential hazards, and lack of knowledge in developing a plan. We have all heard at least one of these reasons for not having a plan, but are any really good enough to risk the consequences of not being prepared?
Here's a simple test. Can you answer “yes” to all the following questions? If not, how would the repercussions affect your company's ability to remain in business?
1.Are you confident that you will manage through a disaster better than your competition? If not, how much business are you likely to lose?
2.Are you ensuring the safety of your personnel and customers? If not, could your legal liability put the company under?
3.Are you prepared to deal with the media, your stockholders and your employees when a disaster strikes?
4.Have you taken steps to eliminate or minimize the threat of fire, flooding, employee sabotage, cyber attack, etc.?
5.Are your company’s vital records adequately protected?
The obvious reasons for planning, like avoiding financial ruin, maintaining market share and minimizing negative publicity, are important ones. But there is another convincing reason for Business Continuity Planning: avoiding potential legal problems.
LEGAL REASONS FOR HAVING A PLAN
Protecting the confidentiality, integrity and availability of a patient’s medical information is no longer just a best practice for healthcare entities, but a legal requirement.
As passed by the United States Congress, the Health Insurance Portability and Accountability Act of 1996 (HIPAA) -PL 104-191 Standards for Privacy of Individually Identifiable Health Information - 45 CFR Parts 160 and 164, institutes administrative reforms that have been phased in over the period from 2000 through 2003. Of major importance in the HIPAA legislation is the issue of data and transaction standardization — a mandate very few healthcare providers can circumvent if they bill third parties for services provided to patients. The HIPAA regulations apply to “covered entities,” groups that include health plans, health care clearinghouses, and health care providers that transmit any health information in electronic form. The law also changes the way the “covered entities” have to protect the privacy of a patient’s health information, and contains security procedures that must be followed to protect the integrity of a patient’s health information. For more information on the Health Insurance Portability and Accountability Act of 1996 go to www.cms.hhs.gov/hipaa.
Other legal reasons for Business Continuity Planning and disaster recovery capability have been categorized to respond to a law, statute or regulation that specifically requires your business to have a disaster recovery plan. Contingency Planning and Research, Inc. categorized these applicable statutes into 5 areas. Each area is presented here, but is not intended by Contingency Planning and Research, Inc. to be all-inclusive:
•Contingency Planning Statutes — Apply to the development of plans to ensure the recoverability of critical systems. Example: Federal Financial Institutions Examination Council (FFIEC). The FFIEC guidelines replace previously issued Banking Circulars, BC-177, BC-226, etc.
•Liability Statues — Establish levels of liability under the “Prudent Man Laws” for directors and officers of a corporation. Example: Foreign Corrupt Practices Act (FCPA).
•Life and Safety Statutes — Set out specific ordinances and standards for ensuring the protection of employees in the workplace. Examples: National Fire Protection Association (NFPA), Occupational Safety & Health Administration (OSHA).
•Risk Reduction Statues — Stipulate areas of risk management required to reduce and/or mitigate the effects of a disaster. Example: Office of the Comptroller (“OCC”); Circular 235 and Thrift Bulletin 30.
•Security Statutes — Cover areas of computer fraud, abuse and misappropriation of computerized assets. Example: Federal Computer Security Act.
•Vital Records Management Statutes — Specifications for the retention and disposition of corporate electronic and hard-copy records. Example: IRS Records Retention requirements.
Statutory Example
The Federal Financial Institutions Examination Council (FFIEC), consisting of the Board of Governors of the Federal Reserve System, the Federal Deposit Insurance Corporation, Office of the Comptroller of the Currency, Office of Thrift Supervision, and the National Credit Union Administration, issued on May 20, 2003 revised guidance for examiners and financial institutions on business continuity planning. The FFIEC also issued guidance to bank examiners on the supervision of technology service providers. The guidance is contained in two booklets.
The Business Continuity Planning Booklet provides guidance and examination procedures to assist bank examiners in evaluating financial institution and service provider risk management processes to ensure the availability of critical financial services.
The Supervision of Technology Service Providers Booklet covers the supervision and examination of services performed for financial institutions by technology service providers. It outlines the agencies’ risk-based supervision approach, the supervisory process, and the examination ratings used for technology service providers.
The guidance stresses that an institution’s management and board of directors have the ultimate responsibility for ensuring outsourced activities are conducted in a safe and sound manner and in compliance with applicable laws and regulations.
These booklets represent the latest in a series of updates to the 1996 FFIEC Information Systems Examination Handbook. The FFIEC is updating the Handbook to address significant changes in technology since 1996 and to incorporate a risk-based examination approach. The updates are being issued in separate booklets that will ultimately replace all chapters of the Handbook and comprise the new FFIEC Information Technology Handbook.
The booklets are being distributed electronically and are available at www.ffiec.gov/guides.htm.
Determining Liability
Other legal reasons are that most businesses have contracts with one another, and some may require that their suppliers perform, no matter what happens. Banks, manufacturers, insurance companies and other businesses are aware of the importance of Business Continuity Planning. These businesses obviously do not want to bite the dust if their suppliers fail to deliver after a disaster. So, review your contracts closely. If you provide services to another company, you may be required by contract to have a continuity plan that has been tested and proved reliable. Even if contracts include a “Force Majeure” clause limiting liability in extreme circumstances, you could still lose business partners, suppliers or clients.
Many attorneys know another reason as “common law.” Common law grew out of court decisions and some very old laws. Many of the laws today regarding negligence and fiduciary responsibilities were assembled out of the common law.
In a common law instance, your company may have fiduciary obligations and “duties of care” to its shareholders and customers. Plaintiff...