DRJ's Fall 2018

Conference & Exhibit

Attend The #1 BC/DR Event!

Summer Journal

Volume 31, Issue 2

Full Contents Now Available!


Model (30)

When effective managers are building any kind of program or looking to enhance a current program, one of the questions they ask is, “What do successful programs have in common?” Establishing a business continuity or IT disaster recovery capability is no different. There are common elements that successful programs share. I will briefly describe just four of these elements here.

Thursday, 17 April 2008 13:47

Core Principles of BC/DR

Written by

When’s the last time you heard someone talking about the Board of Directors and a Business Continuity Program? If you haven’t, you will. The purpose of this article is to answer three questions:

-What connection could the Board of Directors have with a Business Continuity Program?
-Why would the Board of Directors be interested in supporting your Business Continuity Program?
-What’s the value of having the Board of Directors involved with your Business Continuity Program?

The Board is responsible for safely directing the business and affairs of the organization in the best interest of shareholders, customers, the community, and in accordance with the law. The Board’s three major duties indicate the natural and obvious connection between the Board of Directors and a Business Continuity Program.

The terms 'vulnerable', 'at-risk', or 'under-served' populations are associated with specific groups or segments of a community whose needs are often not met using the traditional services provided by political sub-divisions, especially during periods of local emergencies or disasters. This population may represent those people that are physically or mentally disabled, non-speaking English, culturally inaccessible, medically or chemically dependent, elderly or children, and homeless.

The vulnerable population is usually associated with Community Based Organizations (CBO). CBOs are local organizations (usually non-profit) residing in communities serving the needs of specific populations within the community. CBO clients are traditionally, the community's under-served or at-risk population.

 Mitigation. Preparedness. Response. Recovery.

These four tenants of comprehensive emergency management are now repeated so frequently in the fields of disaster recovery and business continuity that they practically form a sacred mantra.

Unfortunately, simple repetition of this mantra is unlikely to invoke some mystical potential for organizational readiness. Mitigation, preparedness, response, and recovery will fall short of their “comprehensive” goal unless they are interconnected and unified. The most critical tool for this is communication.

According to FEMA’s “Emergency Management Guide for Business and Industry,” communication is essential to any business operation, and is one of the core operational considerations of emergency management. It is the glue that binds the processes and procedures established by an organization to protect their resources and hasten a return to normalcy in the wake of a crisis or disaster.

BIG, it's always BIG! Every contingency planning book you read assumes that your company is BIG. Let's see now'.you should have a team conducting a Risk Analysis (RA), followed by a team conducting a Business Impact Analysis (BIA), followed by a team conducting a Recovery Option Analysis (ROA), followed by a... Well!! You get the picture. The problem is, unlike the assumptions in the textbooks; you don't have anything like unlimited resources of money and personnel that you can dedicate to a non-revenue-producing project.

What you do have is a need (and presumably a desire) to develop a Business Continuity Plan (BCP) for the company! So, how do you make that happen with a limited staff and budget?

First of all, face the facts...and the facts are, if you really want to develop good business continuity plans, you really do have to address all of the planning issues that the big companies do....you are just going to have to do it with fewer people and less money.

And what are those issues? Well, the definition of the major components required in a contingency planning project may vary according to whose book you read.
Monday, 19 November 2007 22:56

Business Continuity Planning for the Rest of Us

Written by

The process of identifying threats and the risks they pose within your organization is a cost-effective way to eliminate the risk, or reduce its impact and frequency. For these reasons, the importance of performing this type of critical analysis cannot be overstated. In fact, the application of this activity should be elevated so that non-traditional threats and the risks they pose within your business operation are also identified and addressed before they adversely affect business as usual.

Implementing a process to ensure risks are periodic and regularly identified and assessed should be a priority. Particularly, as advances in science, technologies and communication are changing the way we conduct business faster than before. Developments in these areas are helping to shape our business and move it in new directions. Changes in our environment and society are resulting in even greater opportunities for disruption if pre-planning is not a priority. To pre-plan, an organization will need to first identify and evaluate risks specific to their unique environment.

To this end, an example of a Site Review Program is included to help you implement such a process within your environment if one does not yet exist. The program outlines three steps to help ensure that the prescribed process of identifying threats and risks will move beyond and also include a resolution and continued monitoring of mitigating controls. Various types of threats and the importance of mitigating resultant risks precede the Site Review Program.

Examples of potential threats, including non-traditional types, worth considering are also chronicled to encourage individuals to think the unthinkable and plan accordingly. Types of threats identified include a different twist to the Year 2000 issue and potential dire consequences of believing the pulsing lifeblood of many organizations — data centers are safe behind their locked doors. Other non-traditional items to explore are those related to reliance on old technology and possible threats.
As business continuity planners, we know the importance of protecting our organization. But will everyone in the firm agree with that assessment? Will they back a business continuity plan? It is hard to achieve proper levels of protection without having full commitment from all involved.
Beginning with Sept. 11, 2001, the premise that a disaster is “a low probability, high consequence event” has become redefined in reality as “a high probability, very high consequence event.”
Developing a corporate business continuity program is a function of wide-ranging and critical operational concerns, including the need to drive higher revenues and profits, control costs, respond to increasing regulatory issues, and plan for unpredictable business disruptions or catastrophic disasters.
Everyone in the business world seems to be having to do more with fewer human resources on a smaller budget. We no longer have the luxury of hiring additional staff or consultants to implement or improve upon our business continuity/disaster recovery programs. The Generally Accepted Business Continuity Practices (GAP) document could be the extra hand you need to get your job done within your time and budget constraints.
Monday, 28 January 2008 12:29

GAP to the Rescue

Written by
Page 1 of 3