| Introduction |
|
xvii | |
| CHAPTER 1 Where it All Began from Someone Who Was There |
|
|
Disaster Recovery vs. Business Continuity: What Is the Difference? |
|
|
3 | |
|
The Transition from Data-Center-Driven to Business-Driven |
|
|
5 | |
| CHAPTER 2 Selling the Program |
|
|
|
|
12 | |
|
Risk to the Company Reputation |
|
|
13 | |
|
|
|
15 | |
|
Hidden Benefits of the Planning Process |
|
|
15 | |
|
Why No One Believes in the "Big One" |
|
|
16 | |
| CHAPTER 3 Project Initiation and Management |
|
|
Defining the Scope of the Planning Effort |
|
|
19 | |
|
|
|
21 | |
|
Company Policy or Standard |
|
|
22 | |
|
|
|
22 | |
|
Planning Phases and Deliverables |
|
|
23 | |
| CHAPTER 4 Your Planning Team and Your Vital Records Program |
|
|
|
|
28 | |
|
Data Stored in Electronic Form |
|
|
28 | |
|
Remote Replication/Offsite Journaling |
|
|
28 | |
|
|
|
29 | |
|
|
|
30 | |
| CHAPTER 5 Risk Evaluation and Control |
|
|
|
|
33 | |
|
The Most Common Risks and Ways to Mitigate Them |
|
|
35 | |
|
|
|
36 | |
|
|
|
40 | |
|
Don't Forget the Neighbors! |
|
|
41 | |
|
Risk-Management Practices |
|
|
41 | |
|
|
|
42 | |
|
|
|
42 | |
|
|
|
44 | |
|
|
|
45 | |
|
|
|
45 | |
|
Operational Risk Management |
|
|
46 | |
|
|
|
46 | |
|
|
|
47 | |
| CHAPTER 6 Business impact Analysis |
|
|
|
|
49 | |
|
Why it is About Time Sensitivity, Not Criticality |
|
|
49 | |
|
How to do This and Get it Right |
|
|
50 | |
|
|
|
52 | |
| CHAPTER 7 Resource Strategies |
|
|
How Many, What Type, and Where |
|
|
55 | |
|
Technology Review: Business People and Technology People Speak Different Languages |
|
|
55 | |
|
|
|
57 | |
|
|
|
57 | |
|
Printing, Faxing, and Copying |
|
|
58 | |
|
|
|
59 | |
|
Interdependencies: Who Else Needs to Know/Who Else Needs to Help |
|
|
59 | |
|
The Business-Function Index |
|
|
60 | |
| CHAPTER 8 Recovery Strategies |
|
|
Selecting a Recovery Strategy for Business Operations |
|
|
61 | |
|
Selecting a Recovery Strategy for Technology |
|
|
64 | |
|
|
|
66 | |
|
Implementing Recovery Strategies |
|
|
66 | |
| CHAPTER 9 Documenting the Plan |
|
|
What Are the Components of the Plan? |
|
|
68 | |
|
|
|
69 | |
|
|
|
71 | |
|
|
|
71 | |
|
Detailed Execution Procedures |
|
|
72 | |
|
|
|
73 | |
|
|
|
74 | |
|
|
|
75 | |
|
|
|
75 | |
|
Transition Back to Normal Operations |
|
|
76 | |
|
|
|
77 | |
|
Plan-Maintenance Strategies |
|
|
77 | |
|
|
|
78 | |
| CHAPTER 10 Training and Awareness Programs |
|
|
|
|
81 | |
|
Different Training for Different People |
|
|
82 | |
| CHAPTER 11 Testing the Recovery Plan |
|
|
First Rule of Testing Your Plan |
|
|
86 | |
|
|
|
86 | |
|
Planning the Exercise: Exercise Checklist |
|
|
91 | |
|
|
|
92 | |
|
|
|
92 | |
|
|
|
93 | |
|
|
|
94 | |
|
|
|
94 | |
|
|
|
95 | |
|
Data-Center Exercise Reporting |
|
|
95 | |
|
|
|
98 | |
|
|
|
98 | |
| CHAPTER 12 Coordinating with Public Agencies |
|
|
What You Can Expect From Public Agencies |
|
|
99 | |
|
Whom You Should Have Relationships with Before There is a Crisis |
|
|
99 | |
|
How to Engage Them in Your Program |
|
|
100 | |
| CHAPTER 13 Crisis Management/Event Management |
|
|
|
|
103 | |
|
When an Event Becomes a Crisis |
|
|
110 | |
|
|
|
110 | |
|
|
|
114 | |
| CHAPTER 14 Crisis Communications |
|
|
|
|
115 | |
|
|
|
116 | |
|
Communications Among and to Your Recovery Teams |
|
|
117 | |
|
|
|
119 | |
|
Communications to Customer, Clients, and Vendors |
|
|
119 | |
|
|
|
120 | |
|
Work You can do Before an Event |
|
|
122 | |
| CHAPTER 15 Pandemic Planning |
|
|
|
|
125 | |
|
Pandemics in the Last Century |
|
|
128 | |
|
So What Is Bird Flu and Why Are We Worried? |
|
|
130 | |
|
|
|
132 | |
|
Economic Impacts of a Pandemic |
|
|
135 | |
|
Public Health Law and Quarantine |
|
|
136 | |
|
Pandemic Planning Assumptions from the CDC |
|
|
136 | |
|
Why is this Plan Different? |
|
|
138 | |
|
Human-Resources Policy Changes |
|
|
142 | |
| CHAPTER 16 Life Safety |
|
|
|
|
145 | |
|
|
|
146 | |
|
Fires and Evacuation Drills |
|
|
147 | |
|
|
|
148 | |
|
Using Fire Extinguishers—Why I Don't |
|
|
149 | |
|
How Often to Conduct Drills |
|
|
150 | |
|
|
|
151 | |
|
Tornados and Tornado Drills |
|
|
153 | |
|
|
|
156 | |
| CHAPTER 17 Transitioning from Project to Program |
|
|
The Components of the Contingency-Planning Program |
|
|
164 | |
|
Annual Program Business Requirements |
|
|
165 | |
|
Annual Technology-Program Requirements |
|
|
171 | |
|
Annual Crisis Leadership Program Requirements |
|
|
171 | |
|
Emergency Operations Center |
|
|
172 | |
|
Program Roles and Responsibilities |
|
|
172 | |
|
Corporate Contingency Planning |
|
|
172 | |
|
Business-Continuity Planners |
|
|
173 | |
|
|
|
176 | |
|
Key Leadership-Team Responsibilities |
|
|
176 | |
|
|
|
176 | |
|
|
|
176 | |
|
|
|
178 | |
|
|
|
178 | |
|
|
|
178 | |
|
|
|
179 | |
|
Corporate Real Estate/Facilities |
|
|
180 | |
|
Corporate Risk and Insurance |
|
|
180 | |
|
Corporate Legal/Compliance |
|
|
181 | |
|
|
|
181 | |
|
|
|
182 | |
|
|
|
182 | |
| CHAPTER 18 Industry Certifications Proffesionalization |
|
|
DRII—The Institute for Continuity Management |
|
|
186 | |
|
BCI—The Business Continuity Institute |
|
|
188 | |
| CHAPTER 19 Disaster Planning at Home |
|
|
Be Ready When Disaster Strikes You Personally |
|
|
191 | |
|
|
|
192 | |
| CHAPTER 20 The Regulatory Environment |
|
|
Legal and Regulatory Requirements |
|
|
196 | |
|
Regulations for Financial Institutions |
|
|
196 | |
|
Sarbanes Oxley—Section 404 Management Assessment of Internal Controls |
|
|
198 | |
|
|
|
198 | |
| CHAPTER 21 Tools, Software, Recovery Contracts, Consultants and Other Matters |
|
|
|
|
201 | |
|
|
|
201 | |
|
|
|
204 | |
|
Third-Party Recovery Sites |
|
|
205 | |
|
|
|
207 | |
| CHAPTER 22 Summary and Lessons Learned from Real Events |
|
|
Lessons Learned from Real Recoveries |
|
|
209 | |
|
|
|
209 | |
|
|
|
212 | |
|
The Recovery from Hurricane Katrina |
|
|
224 | |
|
It's All About the People |
|
|
226 | |
|
|
|
228 | |
|
|
|
228 | |
|
The Future of Business Continuity |
|
|
230 | |
| APPENDIX A Sample Business-Resumption Plan |
|
|
|
|
233 | |
|
Quick Reference Information in an Emergency |
|
|
236 | |
|
|
|
236 | |
|
|
|
236 | |
|
|
|
237 | |
|
|
|
237 | |
|
|
|
238 | |
|
|
|
238 | |
|
|
|
239 | |
|
|
|
240 | |
|
|
|
241 | |
|
Sample Purpose, Objectives, and Assumptions |
|
|
241 | |
|
|
|
241 | |
|
|
|
241 | |
|
|
|
242 | |
|
|
|
243 | |
|
|
|
244 | |
|
|
|
245 | |
|
Executive Emergency-Management Team |
|
|
245 | |
|
Emergency-Management Team for Each Site |
|
|
246 | |
|
Response Teams for Each Site |
|
|
246 | |
|
|
|
247 | |
|
Human-Resource Management |
|
|
248 | |
|
|
|
248 | |
|
|
|
248 | |
|
Temporary Help/Contractors |
|
|
249 | |
|
|
|
249 | |
|
|
|
249 | |
|
|
|
250 | |
|
|
|
250 | |
|
Travel by Team Members/Travel Arrangements |
|
|
251 | |
|
|
|
251 | |
|
|
|
251 | |
|
|
|
252 | |
|
|
|
252 | |
|
|
|
252 | |
|
|
|
252 | |
|
Internal Business-Unit Communications |
|
|
252 | |
|
External Communications—Media |
|
|
253 | |
|
External Communications—Customers/Clients |
|
|
253 | |
|
|
|
253 | |
|
|
|
253 | |
|
Communications with Recovery Team |
|
|
254 | |
|
|
|
254 | |
|
|
|
254 | |
|
Plan-Activation Procedures |
|
|
256 | |
|
|
|
256 | |
|
|
|
256 | |
|
|
|
257 | |
|
Command-Center Activation |
|
|
257 | |
|
Sample Checklists for Management Team and Response Team |
|
|
258 | |
|
Executive Emergency-Management Team Procedures |
|
|
258 | |
|
Emergency-Management Team Procedures/Emergency-Management Team Leader |
|
|
259 | |
|
Emergency-Management Team Procedure/Site-Management Team Leader |
|
|
260 | |
|
Emergency-Management Team Procedures/Response-Team Leader |
|
|
261 | |
|
Emergency-Management Team Procedures/Human-Resources Representative |
|
|
262 | |
|
Emergency-Management Team Procedures/Finance Representative |
|
|
263 | |
|
Emergency-Management Team Procedures/Systems-Team Leader |
|
|
264 | |
|
Emergency-Management Team Procedures/Client-Relationship Representative |
|
|
264 | |
|
Emergency-Response Team/Response-Team Leader/Site |
|
|
265 | |
|
Emergency-Response Team/ Critical-Function Team Leader/Site Recovery |
|
|
266 | |
|
Emergency-Response Team/LAN-Recovery-Team Leader/Site Recovery |
|
|
268 | |
|
Emergency-Response Team/Systems Team/Site |
|
|
269 | |
|
Emergency-Response Team/Offsite-Storage Leader/Site Recovery |
|
|
270 | |
|
Emergency-Response Team/Critical-Function-Recovery Team/Site Recovery |
|
|
271 | |
|
Emergency-Response Team/Facilities Team/Site Recovery |
|
|
272 | |
|
Recovery Plan for Loss of Business Applications |
|
|
272 | |
|
Loss of Data Center Plan-Activation Checklist |
|
|
273 | |
|
|
|
275 | |
|
|
|
275 | |
|
|
|
275 | |
|
|
|
275 | |
|
Command-Center Activation |
|
|
276 | |
|
Appendix A: Disaster Declaration Procedures |
|
|
277 | |
|
Appendix B: Offsite Procedures |
|
|
277 | |
|
Appendix C: Call-Notification Script |
|
|
278 | |
|
Appendix D: Recovery Locations and Travel Directions |
|
|
279 | |
|
Appendix E: Hotels near the Recovery Facility |
|
|
279 | |
|
Appendix F: Caterers near the Recovery Facility |
|
|
279 | |
|
|
|
280 | |
|
Appendix H: Travel and Accommodations Request Form |
|
|
280 | |
|
Appendix I: Business Function Recovery Order of Priority |
|
|
281 | |
|
Appendix J: Internal Business Systems Priority |
|
|
281 | |
|
Appendix K: Updating the Corporate Contingency Information Line |
|
|
282 | |
|
Appendix L: Problem Reporting/Change-Management Procedure |
|
|
282 | |
|
Appendix M: Purchase Requisition |
|
|
283 | |
|
Appendix N: Cash-Advance Form |
|
|
283 | |
|
Appendix O: Contractor/Temporary Reassignment Staffing Form |
|
|
284 | |
|
Appendix P: Injury Report Form |
|
|
284 | |
|
Appendix Q: Conference Bridges |
|
|
285 | |
|
Appendix R: Inbound 800 Service |
|
|
285 | |
|
Safety and Emergency Procedures |
|
|
285 | |
|
|
|
285 | |
|
|
|
285 | |
|
Evacuation of Your Area is Announced |
|
|
286 | |
|
Medical Assistance is Needed |
|
|
286 | |
|
You Receive a Bomb Threat |
|
|
287 | |
|
An Unauthorized Person is in Your Workspace |
|
|
287 | |
|
A Suspicious Package is in Your Workspace |
|
|
287 | |
|
There is a Threat of Workplace Violence |
|
|
288 | |
| APPENDIX B Sample Initial-Response Plan for small sites |
|
|
Business-Continuity Planners |
|
|
290 | |
|
ERO—Event-Managennent Team |
|
|
290 | |
|
|
|
290 | |
|
Establish Conference-Bridge Procedures |
|
|
291 | |
|
|
|
291 | |
|
Severe Weather and Other Limited Site Events |
|
|
292 | |
|
Where to Go if You Cannot Get Back into Your Building |
|
|
292 | |
|
Alternate-Site Locations for Office |
|
|
293 | |
|
Seat Assignments at the Alternate Sites |
|
|
293 | |
|
Alternate-Site Declaration—Corporate Alternate Sites |
|
|
294 | |
|
Disaster Declaration Procedures |
|
|
296 | |
|
Safety and Emergency Procedures |
|
|
296 | |
|
|
|
296 | |
|
|
|
296 | |
|
Evacuation of Your Area is Announced |
|
|
297 | |
|
Medical Assistance is Needed |
|
|
297 | |
|
You Receive a Bomb Threat |
|
|
298 | |
|
An Unauthorized Person is in Your Workspace |
|
|
298 | |
|
A Suspicious Package is in Your Workspace |
|
|
298 | |
|
There is a Threat of Workplace Violence |
|
|
299 | |
| APPENDIX C Test-Planning Guide Sample Test Plan for Business-Unit Exercises at an Alternate Site |
|
|
|
|
301 | |
|
Alternate-Site Test Plan Sample for Business-Unit Testing |
|
|
303 | |
|
Contingency Planning Test Plan—Alternate Site |
|
|
303 | |
|
Driving Directions to the Alternate Site |
|
|
304 | |
|
|
|
304 | |
|
|
|
305 | |
|
Alternate-Site Floor Plan |
|
|
305 | |
|
|
|
305 | |
|
Communication Conference Bridge |
|
|
305 | |
|
|
|
305 | |
|
|
|
306 | |
|
Problem-Reporting Tickets |
|
|
306 | |
|
|
|
306 | |
|
|
|
308 | |
| APPENDIX D Test Scenarios |
|
311 | |
| APPENDIX E Alternate-Site Development Kit |
|
313 | |
| APPENDIX F Business-Continuity-Planner job Description |
|
|
|
|
317 | |
|
|
|
317 | |
|
Duties and Responsibilities |
|
|
318 | |
|
|
|
319 | |
|
|
|
319 | |
|
|
|
319 | |
|
Organizational Relationships |
|
|
319 | |
| Index |
|
321 | |
Lisainfo e-raamatute kohta