eBook - ePub
Business Continuity from Preparedness to Recovery
A Standards-Based Approach
Eugene Tucker
This is a test
Share book
- 324 pages
- English
- ePUB (mobile friendly)
- Available on iOS & Android
eBook - ePub
Business Continuity from Preparedness to Recovery
A Standards-Based Approach
Eugene Tucker
Book details
Book preview
Table of contents
Citations
About This Book
Business Continuity from Preparedness to Recovery: A Standards-Based Approach details the process for building organizational resiliency and managing Emergency and Business Continuity programs. With over 30 years of experience developing plans that have been tested by fire, floods, and earthquakes, Tucker shows readers how to avoid common traps and ensure a successful program, utilizing, detailed Business Impact Analysis (BIA) questions, continuity strategies and planning considerations for specific business functions.
One of the few publications to describe the entire process of business continuity planning from emergency plan to recovery, Business Continuity from Preparedness to Recovery addresses the impact of the new ASIS, NFPA, and ISO standards. Introducing the important elements of business functions and showing how their operations are maintained throughout a crisis situation, it thoroughly describes the process of developing a mitigation, prevention, response, and continuity Management System according to the standards. Business Continuity from Preparedness to Recovery fully integrates Information Technology with other aspects of recovery and explores risk identification and assessment, project management, system analysis, and the functional reliance of most businesses and organizations in a business continuity and emergency management context.
- Offers a holistic approach focusing on the development and management of Emergency and Business Continuity Management Systems according to the new standards
- Helps ensure success by describing pitfalls to avoid and preventive measures to take
- Addresses program development under the standards recently developed by ISO, ASIS and NFPA
- Provides both foundational principles and specific practices derived from the author's long experience in this field
- Explains the requirements of the Business Continuity Standards
Frequently asked questions
How do I cancel my subscription?
Can/how do I download books?
At the moment all of our mobile-responsive ePub books are available to download via the app. Most of our PDFs are also available to download and we're working on making the final remaining ones downloadable now. Learn more here.
What is the difference between the pricing plans?
Both plans give you full access to the library and all of Perlegoās features. The only differences are the price and subscription period: With the annual plan youāll save around 30% compared to 12 months on the monthly plan.
What is Perlego?
We are an online textbook subscription service, where you can get access to an entire online library for less than the price of a single book per month. With over 1 million books across 1000+ topics, weāve got you covered! Learn more here.
Do you support text-to-speech?
Look out for the read-aloud symbol on your next book to see if you can listen to it. The read-aloud tool reads text aloud for you, highlighting the text as it is being read. You can pause it, speed it up and slow it down. Learn more here.
Is Business Continuity from Preparedness to Recovery an online PDF/ePUB?
Yes, you can access Business Continuity from Preparedness to Recovery by Eugene Tucker in PDF and/or ePUB format, as well as other popular books in Business & Business Strategy. We have over one million books available in our catalogue for you to explore.
Information
Chapter 1
Business ContinuityāA Definition and a Brief History
Chapter Summary
Business continuity is the management of a sustainable process that identifies the critical functions of an organization and develops strategies to continue these functions without interruption or to minimize the effects of an outage or loss of service provided by these functions. The history of business continuity management brings with it the perspectives and skills of each of the disciplines that contributed to its present-day form. The two major perspectives, one from the militaristic, emergency management side of the house with strict adherence to the dogmas of disaster management, and the other from the data center, which focused solely on the internal recovery of information technology, combined to bring business continuity planning to its present state. This chapter will help the reader to understand these perspectives and allow the business continuity manager to evaluate new ideas as truly representing progress and more effectively move programs forward when working with those who hold these different outlooks. Today, with the help of the new standards, the profession has matured into a management process that helps ensure the resilience of all essential business functions.
Key terms
ASIS SPC.1-2009; Certification; Emergency management; ISO 22301; NFPA 1600; PS-Prep; Regulations; Risk management; Social science; StandardsKey Points
ā¢ Backgrounds and the point of view from varied professions influenced the development of business continuity management
ā¢ Business continuity planning evolved from a project focus to a sustainable management process
ā¢ Competing standards define programs
ā¢ Emergency management and business continuity planning defined
ā¢ Understand how the term ābusiness continuityā is used today
1.1. Introduction
The concept of formal business continuity planning (BCP) is a relatively recent invention that owes its development to the increased dependency of business and government (actually, virtually everything and everyone) on the explosion of technology. The impact on business is well documented when data systems or production is disrupted, causing losses to stockholders, employees, and the community. The social dependencies of technology are illustrated by the computer outages of three major air carriers in 2012ā2013 that resulted in the cancellation of close to 2250 flights. Apart from the financial losses to the carriers and their dependent partners (hotels, car rentals, etc.), many travelers were at the very least inconvenienced by delayed or cancelled vacations, missed appointments and meetings, or an uncomfortable night sleeping at the airport. The outage of a social network for more than a few hours becomes an international headline. These are just a few examples of why the continuity or recovery of information technology (IT) is a vital part of business continuity management.
Despite its youth, an understanding of the evolution of business continuity management and the influences that have brought it to its present state is important for developing a perspective that moves the profession forward and allows planners to best manage their programs. These influences emerge from the doctrines brought by those entering the profession from information technology, the fire service and emergency management, security and law enforcement, risk and insurance management, and post-September 11 political appointees. Business continuity management has embraced many of their ideas, but some professionals believe their practices, including a number found in the standards, could take the profession backward.
This chapter will not chronicle events and disasters from the past except where results produced relevant effects on business continuity management. For example, it is useful to know that after the San Fernando California earthquake of 1971, seismic safety building codes were greatly improved (as they and other lessons learned are refined after each new disaster). One lesson learned, however, is that the building standards and practices do not always meet the requirements of the codes. Shortcuts, poor construction practices, and the use of substandard materials were responsible for the collapse of many structures in Greece after a moderate earthquakeāa country with strict modern building codes. Even in the United States (US), major damage to a warehouse in the Silicon Valley after the Loma Prieta earthquake was traced to substandard construction.
The formal definition of business continuity has metamorphosed over time with no agreement within the industry on a single meaning, although the contents of the business continuity Glossary published by the Disaster Recovery Journal were accepted by many professionals as the most appropriate definition. Each of the standards (International Organization for Standardization (ISO), American Society for Industrial Security (ASIS), and National Fire Protection Association (NFPA)) describe it in similar but somewhat significantly different ways.
1.2. History
1.2.1. Emergency Management
A history of business continuity management is not complete without a basic understanding of the evolution of emergency management. Emergency managers entering the field of business continuity management have needed to enable businesses to position their functions for resilience and sustainability by heavily influencing planning methodologies in both positive ways such as the focus on mitigation and negative ways such as continuity planning under an incident command system (ICS) structure. ICS is a field tactical response concept that many planners had difficulty adapting to business continuity management in an effective and meaningful manner, apart from the response phase that we will describe in another chapter.
Emergency management is the managerial function charged with creating the framework within which communities reduce vulnerability to hazards and cope with disasters (Dr B. Wayne Blanchard, CEM, FEMA Emergency Management Institute). It is also defined as an interdisciplinary field dealing with the strategic organizational management processes used to protect critical assets of an organization from hazard risks that can cause events such as disasters or catastrophes and to ensure the resiliency of the organization within their planned lifetime (Haddow and Bullock, 2003).
Emergency management, from the governmental perspective of planning and responding to disasters on a macro level (i.e., regional and not focused on an individual business), deals with situations such as earthquakes, hurricanes, and floods that cause business outages. It is a process in which qualified persons plan and prepare for identified hazards and risks to the community, and coordinate the response and recovery once they occur.
Just over 25 years after the signing of the US Constitution, legislation was passed to provide federal funding for disaster relief. Today, separate legislation is no longer necessary thanks to the Robert T. Stafford Disaster Relief and Assistance of 1974 (Stafford Act), which combined similar prior acts (such as the Disaster Relief Act of 1950) that gave the federal government the authority to provide assistance without going to Congress after each disaster. Of the many significant achievements of the Stafford Act, it also addressed the funding for preparedness and civil defense warning systems.
Also in 1950, the Civil Defense Act and its amendments established governmentās role in disaster preparedness but its focus was the preparation and defense from nuclear attack. Later, Civil Defense would be replaced by the Federal Emergency Management Agency (FEMA) eventually becoming the lead agency for disaster relief and preparedness, switching its attention from nuclear attack to the more common incidents encountered throughout the nation.
In 1978, the National Governorsā Association study of emergency management practices in the US introduced the concept of comprehensive emergency management. With its four componentsāpreparedness, response, recovery, and mitigationāit emphasized an all-hazards approach to planning, further steering away from the nuclear defense mindset (Figure 1.1). It is significant because it provides a framework for a complete planning and management process that avoids the tendency to plan for only one element of an emergency. In 1997, FEMA placed emphasis on mitigation and sustainability with its Project Impact programs, an initiative that worked to create disaster-resistant communities that relied on publicāprivate partnerships and on comprehensive emergency management.
Figure 1.1 Comprehensive emergency management.
After September 11, 2001, FEMA lost its cabinet position within the US government and political appointees, in part, shifted its emphasis away from disaster planning, causing seasoned emergency managers to leave and take positions in the private sector. Many of those who left the agency for private business brought with them their military civil defense focus on emergency management and business continuity.
Closely related to and part of emergency management is the influence of the Fire Service. Tried and true response protocols that worked exceptionally well on the fire ground under trying and dangerous conditions flavored the approach of firefighters once they migrated into the business world. Their often dogmatic, structured response orientation and evangelical support for the use of the ICS in BCP is a prime example.
Many of the acts, agencies, and protocols mentioned above spawned planning structures that were used in governmental response to disaster that have relevance to BCP structures used today. Multi-hazard functional planning is an example.
1.2.2. Community Disaster Services
The American Red Cross, although not a government agency, was chartered by the US Congress in 1900 to provide services to members of the armed forces and relief to disaster victims at home. Providing food, water, and shelter to victims of disasters, their role in disaster preparedness, blood services, and first aid training is a huge resource to organizations in preparing workers to be self-resilient at home. They are a good source of preparedness and prevention information for workers and program managers alike. Today, they are expanding this preparedness training to include technological disasters caused by toxic chemicals and weapons of mass destruction. The Red Cross was one of the first agencies to expand its services to include disaster planning guidelines for businesses.
1.2.3. Social Science
Around the early 1950s, spurred on by the Cold War, social science became more involved in research to understand how society would react during times of crisis. Established at Ohio State University in 1963, the Disaster Research Center was the first social science research institution devoted to the study of human behavior in disasters. Fortunately, this research continues today with the efforts of Thomas E. Drabek, Enrico L Quarantelli, Kathleen Tierney, and many others. In addition to social science, a number of other institutions conduct research on other characteristics of disasters such as the Natural Hazards Center at the University of Colorado at Boulder and the Center for Natural Hazards Research at East Carolina University.
Although their emphasis is directed at the societal level, this research brings valuable information to business continuity management. In the past, planning was often performed in a vacuum, inconsiderate of the social realities that affect those tasked with the recovery of business processes and data systems. āRecently, hazard researchers studying disasters have moved slightly from what might be considered an āagent centeredā approach to a greater focus on vulnerability.ā David Alexander (1993, p. 4) pointed out that natural disasters can be thought of as quick-onset events with significant impacts on the ānatural environment upon the socio-economic system.ā In later writings, he elaborated on this by saying that disasters are not defined by fixed events ābut by social constructs and these are liable to changeā (Alexander, 2005, p. 29). The concern expressed by Alexander is that disasters are not just the events, but also the social consequences (which are ever-changing) of the event. Dennis Mileti (1999, p. 3) also emphasized that disasters flow from overlaps of the physical, built, and social environments, but that they are āsocial in natureā (RodrĆguez et al., 2007). The researchers also pointed out that we create our own disasters by building or rebuilding in areas that are prone to the effects of natural hazards. FEMAās Project Impact program is partially the result of their work.
Effective business continuity managers must become students of social science research because they are expected to be subject matter experts in the understanding of human behavior during an emergency, especially when developing emergency response plans. For example, many if not most emergency plans instruct people to āavoid panicā or ādonāt panic.ā Worst yet, some plans instruct their response personnel to ācontrol panicā without providing procedures or training on how this is accomplished. Simply, research shows that people rarely panic in an emergency, and in fact often do just the opposite by failing to take rapid and effective action. Disaster myths persist despite 50 years of social science research. The myths suggest that disasters produce social breakdown, whereas experience consistently points to the resilience of human societies. For years, researchers have argued that the most effective response to disaster is one that is decentralized, flexible, and based on realistic assumptions of human behavior under stress. Yet, as Dynes (1993) pointed out, many public officials subscribe to a ācommand and controlā ...