The Manager's Guide to Simple, Strategic, Service-Oriented Business Continuity
Description
You have the knowledge and skill to create a workable Business Continuity Management (BCM) program - but too often, your projects are stalled while you attempt to get the right information from the right person. Rachelle Loyear experienced these struggles for years before she successfully revamped and reinvented her company's BCM program. In The Manager's Guide to Simple, Strategic, Service-Oriented Business Continuity, she takes you through the practical steps to get your program back on track.
Rachelle Loyear understands your situation well. Her challenge was to manage BCM in a large enterprise that required hundreds of BC plans to be created and updated. The frustrating reality she faced was that subject matter experts in various departments held the critical information she needed, but few were willing to write their parts of the plan. She tried and failed using all the usual methods to educate and motivate - and even threaten - departments to meet her deadlines.
Finally, she decided there had to be a better way. The result was an incredibly successful BCM program that was adopted by BCM managers in other companies. She calls it "The Three S's of BCM Success," which can be summarized as: Simple - Strategic - Service-Oriented.
Loyear's approach is easy and intuitive, considering the BCM discipline from the point of view of the people in your organization who are tasked to work with you on building the plans and program. She found that most people prefer:
- Simple solutions when they are faced with something new and different.
- Strategic use of their time, making their efforts pay off.
- Service to be provided, lightening their part of the load while still meeting all the basic requirements.
These tactics explain why the 3S program works. It helps you, it helps your program, and it helps your program partners.
Loyear says, "If you follow the 'Three S' philosophy, the number of plans you need to document will be fewer, and the plans will be simpler and easier to produce. I've seen this method succeed repeatedly when the traditional method of handing a business leader a form to fill out or a piece of software to use has failed to produce quality plans in a timely manner."
In The Manager's Guide to Simple, Strategic, Sevice-Oriented Business Continuity, Loyear shows you how to:
- Completely change your approach to the problems of "BCM buy-in."
- Find new ways to engage and support your BCM program partners and subject matter experts.
- Develop easier-to-use policies, procedures, and plans.
- Improve your overall relationships with everyone involved in your BCM program.
- Craft a program that works around the roadblocks rather than running headlong into them.
More details
Persons
Rachelle Loyear, MBCP, AFBCI, CISM, PMP, has spent over a decade managing various projects and programs in corporate security organizations, focusing strongly on business continuity and organizational resilience. In her work life, she has directed teams responsible for ensuring resilience in the face of many different types of security risks, both physical and logical. Her responsibilities have included: Security/business continuity management program design and development; crisis management and emergency response planning; functional and location-based recovery and continuity planning; training personnel in crisis management and continuity; operational continuity exercises; logistical programs, such as public/private partnership relationship management; and crisis recovery resource programs.
She began her career in information technology (IT), working in programming and training design at an online training company, before moving into the telecommunications industry. She has worked in various IT roles - including Web design, user experience, business analysis, and project management - before moving into the security/business continuity arena. This diverse background enables her to approach security, risk, business continuity, and disaster recovery with a broad methodology that melds many aspects into a cohesive whole.
Rachelle holds a bachelor's degree in history from the University of North Carolina at Charlotte, and a master's degree in business administration from the University of Phoenix. She is certified as a Master Business Continuity Professional (MBCP) through DRI International, as an Associate Fellow of Business Continuity International (AFBCI), as a Certified Information Security Manager (CISM) through ISACA, and as a Project Management Professional (PMP) through the Project Management Institute (PMI). She is active in multiple business continuity management industry groups, and is vice-chair of the Crisis Management and Business Continuity Council of ASIS International as well as serving on the IT Security Council. With Brian Allen, she co-authored The Manager's Guide to Enterprise Security Risk Management: Essentials of Risk-Based Security(Rothstein Publishing, 2016).
Content
- Intro
- Title page
- Copyright
- Preface
- Part I: Traditional Business Continuity Management:What Does and Doesn't Work
- Chapter 1: Traditional Business Continuity Management:An Overview
- 1.1 Business Continuity Management Defined
- 1.1.1 What's in a Name? Talking the BCM Talk
- 1.2 Business Continuity Management Standards and Organizations
- 1.3 Business Continuity Management Common Terms
- 1.4 Business Continuity Management Common Approaches
- 1.4.1 The BCI Good Practice Guidelines Model
- 1.4.2 DRI International Model
- 1.4.3 ISO and ASIS International/BSI Standards Model
- 1.4.4 Comparing the Standards in a Five-Phase Risk Cycle
- References
- Chapter 2: Traditional BCM: The Roadblocks to Success
- 2.1 Things That Get in the Way of a Successful Program
- 2.1.1 Business Continuity Is Not Core Business
- 2.1.2 Executive Support Is Not Everything
- 2.1.3 Complexity Is Not Your Friend
- 2.1.4 BCM Is Rarely a DIY Effort
- References
- Part II: A New Solution: The Three S's of BCM Success
- Chapter 3: Introduction: The Three S's of BCM Success
- 3.1 Three S: A Philosophical Change in Approach
- 3.1.1 A Simple Philosophy
- 3.1.2 A Strategic Philosophy
- 3.1.3 A Service-Oriented Philosophy
- Chapter 4: The First S - Simple
- 4.1 Initiating a New BCM Program
- 4.1.1 Get Executive Buy-In
- 4.1.2 Create an Executive Communication
- 4.1.3 Meet with Senior Leaders
- 4.1.4 Your Next Level of Meetings
- 4.2 Analyzing the Business Needs for a BCM Program
- 4.2.1 BCM Program Goals
- 4.2.2 BCM Program Policy
- 4.2.3 BCM Program Procedures
- 4.3 Building the Program and Program Components (Plans)
- 4.3.1 Who, When, Where, What, and How - The Basics of Planning and Templates
- 4.3.1.1 Who: Team Roles
- 4.3.1.2 When: Response Times
- 4.3.1.3 Where: Response Locations
- 4.3.1.4 What: Team Resources
- 4.3.1.5 How: Plan Tasks and Checklists
- 4.3.2 Allowing for Complexity as Needed
- Chapter 5: The Second S - Strategic
- 5.1 Determining Business Tolerances
- 5.1.1 Finding the Critical Functions
- 5.1.2 Finding the Critical Functions Using a Business Impact Analysis
- 5.1.2.1 The Complex Approach to BIA and Why It Is Bad
- 5.1.2.2 Identifying Critical Functions Without a BIA
- 5.1.3 Performing a Strategic BIA
- 5.1.3.1 Identifying Assets and Asset Owners for a Strategic BIA
- 5.1.3.2 Valuing and Prioritizing Assets with Your Asset Owners
- 5.1.3.3 Identifying Hard-to-Find Critical Functions and Dependencies for a Strategic BIA
- 5.1.3.4 The Purpose of Asset and Critical Function Prioritization
- 5.1.3.5 Completing the BIA Questionnaire
- 5.1.4 Performing a Strategic Risk Assessment
- 5.2 Allowing the Business to Decide What It Needs
- 5.2.1 When BCM Program Partners Minimize Criticality
- 5.2.2 When BCM Program Partners Inflate Criticality
- 5.2.3 Ensuring the Correct BCM Program Partners Are Making Strategic Decisions
- References
- Chapter 6: The Third S - Service-Oriented
- 6.1 The Do-It-Yourself vs. Do-It-for-Me Person
- 6.2 Let Subject Matter Experts Be Subject Matter Experts
- 6.3 The Planning Process
- 6.4 Get Better Plans by Sharing Best Practices
- 6.5 Plan Management Software - Benefit or Barrier?
- Part III: Putting It All Together For Results
- Chapter 7: The 3S BCM Program in Practice
- 7.1 Testing and Exercising
- 7.1.1 Simple Testing and Exercising Programs
- 7.1.2 Strategic Testing and Exercising Programs
- 7.1.3 Service-Oriented Testing and Exercising Programs
- 7.2 Program Maintenance
- 7.3 Responding to a Business Disruption or Crisis
- 7.3.1 The Service-Oriented BCM Team During a Business Disruption or Crisis
- Chapter 8: Looking Ahead - The Growth of Organizational Resilience
- 8.1 The Future of Business Continuity
- 8.2 The Evolving Global Risk Situation
- 8.3 Organizational Resilience
- 8.4 Embracing Organizational Resilience
- 8.5 Organizational Resilience and the 3S Model of Business Continuity Management
- References
- Chapter 9: Final Thoughts - Where Do You Go From Here
- Appendix A: Example Procedure Documents
- A.1 Example Emergency Response Procedure Document
- A.2 Example Crisis Management Procedure Document
- A.3 Example Crisis Communications Procedure Document
- A.4 Example Business Continuity Planning/Requirements/Templates Procedure Document
- Appendix B: Example Tiered Plan Template Requirements
- B.1 Critical Function/Department Template
- B.2 Medium Impact Function/Department Template
- Appendix C: Example Plan Documents
- C.1 Example Crisis Management Plan
- C.2 Example Functional Area Business Continuity Plan
- C.3 Example Facility Business Continuity Plan
- Appendix D: Example Crisis/Disruptive Event Checklists
- D.1 Example All-Hazards Universal Checklist
- D.2 Example Severe Weather (Hurricane/Winter Storm/Other) Checklist
- D.3 Example Flood Universal Checklist
- Appendix E: Business Impact Analysis and Risk Assessments
- E.1 What is a Business Impact Analysis (BIA)?
- E.2 What is a Risk Assessment?
- E.3 BIA Asset Valuation Methods
- References
- Credits
- About the Author
- More from Rothstein Publishing
