What you do have is a need (and presumably a desire) to develop a Business Continuity Plan (BCP) for the company! So, how do you make that happen with a limited staff and budget?
First of all, face the facts...and the facts are, if you really want to develop good business continuity plans, you really do have to address all of the planning issues that the big companies do....you are just going to have to do it with fewer people and less money.
And what are those issues? Well, the definition of the major components required in a contingency planning project may vary according to whose book you read.
The process of identifying threats and the risks they pose within your organization is a cost-effective way to eliminate the risk, or reduce its impact and frequency. For these reasons, the importance of performing this type of critical analysis cannot be overstated. In fact, the application of this activity should be elevated so that non-traditional threats and the risks they pose within your business operation are also identified and addressed before they adversely affect business as usual.
Implementing a process to ensure risks are periodic and regularly identified and assessed should be a priority. Particularly, as advances in science, technologies and communication are changing the way we conduct business faster than before. Developments in these areas are helping to shape our business and move it in new directions. Changes in our environment and society are resulting in even greater opportunities for disruption if pre-planning is not a priority. To pre-plan, an organization will need to first identify and evaluate risks specific to their unique environment.
To this end, an example of a Site Review Program is included to help you implement such a process within your environment if one does not yet exist. The program outlines three steps to help ensure that the prescribed process of identifying threats and risks will move beyond and also include a resolution and continued monitoring of mitigating controls. Various types of threats and the importance of mitigating resultant risks precede the Site Review Program.
Examples of potential threats, including non-traditional types, worth considering are also chronicled to encourage individuals to think the unthinkable and plan accordingly. Types of threats identified include a different twist to the Year 2000 issue and potential dire consequences of believing the pulsing lifeblood of many organizations — data centers are safe behind their locked doors. Other non-traditional items to explore are those related to reliance on old technology and possible threats.
The DRJ Editorial Advisory Board (EAB) Generally Accepted Business Continuity Practices Committee and partner organizations (ARMA, DRII, FSTC and NFPA) are pleased to announce the Generally Accepted Practices (GAP) document is in its final phase.
This final phase is to "fine-tune" the document for Industry Specific GAP documents. Input is needed from practitioners in all industries. Currently, the committee is seeking participation from practitioners in the healthcare industry. To participate, email: firstname.lastname@example.org
The GAP document was created by 10 individual sub-committees of seasoned business continuity professionals from partner organizations (ARMA, DRII, FSTC and NFPA) and members from the public and private sectors.
The mission of the DRJ-EAB effort is: “To be recognized as a leading source of ‘sound’ Generally Accepted Practices by providing a depository of knowledge and recommendations offered by skilled business continuity practitioners.”
Download the Individual Chapters (PDF Files)
- Project Initiation and Management
- Risk Evaluation and Control
- Business Impact Analysis
- Developing Business Continuity Strategies
- Emergency Response and Operations
- Developing Business Continuity
- Training and Awareness
- Maintaining and Exercising Business Continuity Plans
- Public Relations and Crisis Communications
- Coordination with Public
Please Download the Appendices Here (Word Doc)
Note: A Special Thank you DRJ's Editorial Advisory Board for their incredible efforts to identify and compile this information.
*UPDATED - Spetember, 2013
Rules & Regulations … The Source - Updated and Improved
By Martin Myers, MBCP
Thank you, our readers. This is one of the most popular features on the DRJ website. Our list of Rules & Regulations have grown and improved over the years with the help of our reader. We receive emails with new items to include and thoughts of how to make our list more useful. Therefore our success must include acknowledgement that this has been a community project. You may have noticed, that is, if you are a regular visitor to our page that the Rules & Regulations Committee of the DRJ’s Editorial Advisory Board work to have our list updated every six months. This is to coincide with the each of the semi-annual DRJ conferences.
From humble beginnings we have grown. This data base started as a shared list, compiled from several Business Continuity professionals sharing between one another. The thought was that if we shared with a broader BC community, we could build a list useful for one and all in the BC world. The DRJ has provided us that venue and capability.
To maintain this data base of Rules & Regulations, the committee members meet and divide the list for each member to review in detail prior to updating and republishing. Over the years we have made improvements.
To name a few:
- With each update we change the color scheme to clearly indicate the new edition of spreadsheet.
- Created a list of acronyms in their own worksheet.
- Removed obsolete rules and regulations to a separate worksheet.
- For those who like numbers, we have a worksheet with summary statistics.
- Adjusted the headings to be more viewable on hand held devices such as smart phones.
- Eliminated several redundant columns and incorporated their information into the ‘Notes/Comments’ column.
We recognize that this list will always be growing as contributions are made, and those contributions are a vital part of the usefulness of tool.
The DRJ Rules & Regulations data base is intended to provide each of us a singular resource where we can go to and find the most complete and comprehensive list or BC-related rules and regulations. This can only be accomplished with you help. If you find a new regulation, please send it to us. Should you think of a way to enhance this tool, please let us know.
Download the Spreadsheet (MS Excel)
Acknowledgements 2013 DRJ EAB Rules & Regulations Working Committee: Co-chairs were Martin Myers (Hewlett-Packard Company), and Anna Bathon (Bank of America). Committee members include Roswitha Firth (Independent Consultant), Colleen Huber (Great Lakes Higher Education Corporation), Milen Kutev (British Columbia Automobile Association), Dave Shimberg (Forsythe Solutions Group), Sue Simpson (Independent Consultant), and Lisa Smallwood (Hewlett-Packard Company).
Martin Myers, MS, MBCP, CERT, is an IT Continuity Consultant at Hewlett-Packard Company. He has more than 25 years of experience in developing and evaluating disaster recovery and business continuity plans including emergency preparedness and response, and crisis management for prominent domestic and international companies. Some of the companies he has worked for include Bank of America, CapitalOne, KPMG, and SAIC. His work has taken him throughout the U.S., and to Canada, Bermuda, Panama, Costa Rica, Ireland, the United Kingdom, and South Korea. Mr. Myers is a former President of the DRJ Editorial Advisory Board.