The Manager’s Guide to Simple, Strategic, Service-Oriented Business Continuity
()
About this ebook
You have the knowledge and skill to create a workable Business Continuity Management (BCM) program – but too often, your projects are stalled while you attempt to get the right information from the right person. Rachelle Loyear experienced these struggles for years before she successfully revamped and reinvented her company’s BCM program. In The Manager’s Guide to Simple, Strategic, Service-Oriented Business Continuity, she takes you through the practical steps to get your program back on track.
Rachelle Loyear understands your situation well. Her challenge was to manage BCM in a large enterprise that required hundreds of BC plans to be created and updated. The frustrating reality she faced was that subject matter experts in various departments held the critical information she needed, but few were willing to write their parts of the plan. She tried and failed using all the usual methods to educate and motivate – and even threaten – departments to meet her deadlines.
Finally, she decided there had to be a better way. The result was an incredibly successful BCM program that was adopted by BCM managers in other companies. She calls it “The Three S’s of BCM Success,” which can be summarized as: Simple – Strategic – Service-Oriented.
Loyear’s approach is easy and intuitive, considering the BCM discipline from the point of view of the people in your organization who are tasked to work with you on building the plans and program. She found that most people prefer:
- Simple solutions when they are faced with something new and different.
- Strategic use of their time, making their efforts pay off.
- Service to be provided, lightening their part of the load while still meeting all the basic requirements.
These tactics explain why the 3S program works. It helps you, it helps your program, and it helps your program partners.
Loyear says, “If you follow the ‘Three S’ philosophy, the number of plans you need to document will be fewer, and the plans will be simpler and easier to produce. I’ve seen this method succeed repeatedly when the traditional method of handing a business leader a form to fill out or a piece of software to use has failed to produce quality plans in a timely manner.”
In The Manager’s Guide to Simple, Strategic, Sevice-Oriented Business Continuity, Loyear shows you how to:
- Completely change your approach to the problems of “BCM buy-in.”
- Find new ways to engage and support your BCM program partners and subject matter experts.
- Develop easier-to-use policies, procedures, and plans.
- Improve your overall relationships with everyone involved in your BCM program.
- Craft a program that works around the roadblocks rather than running headlong into them.
Rachelle Loyear, MBCP, AFBCI, CISM, PMP
Rachelle Loyear, MBCP, AFBCI, CISM, PMP, has spent over a decade managing various projects and programs in corporate security organizations, focusing strongly on business continuity and organizational resilience. In her work life, she has directed teams responsible for ensuring resilience in the face of many different types of security risks, both physical and logical. Her responsibilities have included: Security/business continuity management program design and development; crisis management and emergency response planning; functional and location-based recovery and continuity planning; training personnel in crisis management and continuity; operational continuity exercises; logistical programs, such as public/private partnership relationship management; and crisis recovery resource programs. She began her career in information technology (IT), working in programming and training design at an online training company, before moving into the telecommunications industry. She has worked in various IT roles – including Web design, user experience, business analysis, and project management – before moving into the security/business continuity arena. This diverse background enables her to approach security, risk, business continuity, and disaster recovery with a broad methodology that melds many aspects into a cohesive whole. Rachelle holds a bachelor’s degree in history from the University of North Carolina at Charlotte, and a master’s degree in business administration from the University of Phoenix. She is certified as a Master Business Continuity Professional (MBCP) through DRI International, as an Associate Fellow of Business Continuity International (AFBCI), as a Certified Information Security Manager (CISM) through ISACA, and as a Project Management Professional (PMP) through the Project Management Institute (PMI). She is active in multiple business continuity management industry groups, and is vice-chair of the Crisis Management and Business Continuity Council of ASIS International as well as serving on the IT Security Council. With Brian Allen, she co-authored The Manager’s Guide to Enterprise Security Risk Management: Essentials of Risk-Based Security(Rothstein Publishing, 2016).
Related to The Manager’s Guide to Simple, Strategic, Service-Oriented Business Continuity
Related ebooks
The Business Continuity Management Desk Reference Rating: 0 out of 5 stars0 ratingsAdaptive Business Continuity: A New Approach Rating: 0 out of 5 stars0 ratingsBusiness Continuity Exercises: Quick Exercises to Validate Your Plan Rating: 0 out of 5 stars0 ratingsWhy Business People Speak Like Idiots: A Bullfighter's Guide Rating: 4 out of 5 stars4/5Validating Your Business Continuity Plan: Ensuring your BCP actually works Rating: 0 out of 5 stars0 ratingsThe Manager’s Guide to Business Continuity Exercises: Testing Your Plan Rating: 0 out of 5 stars0 ratingsBusiness Continuity and Disaster Recovery Planning for IT Professionals Rating: 0 out of 5 stars0 ratingsYour Plan is Your Parachute: A Simplified Guide to Business Continuity and Crisis Management Rating: 0 out of 5 stars0 ratingsBusiness Continuity Planning BCP Complete Self-Assessment Guide Rating: 0 out of 5 stars0 ratingsThe Manager’s Guide to Quick Crisis Response: Effective Action in an Emergency Rating: 0 out of 5 stars0 ratingsThe Insider Threat: Combatting the Enemy Within Rating: 0 out of 5 stars0 ratingsBusiness Continuity Planning: A Step-by-Step Guide With Planning Forms Rating: 0 out of 5 stars0 ratingsBusiness Continuity Management A Complete Guide - 2020 Edition Rating: 0 out of 5 stars0 ratingsEverything you want to know about Business Continuity Rating: 0 out of 5 stars0 ratingsRisk Management and Compliance A Complete Guide - 2019 Edition Rating: 0 out of 5 stars0 ratingsBusiness Continuity Management Systems: Implementation and certification to ISO 22301 Rating: 0 out of 5 stars0 ratingsBusiness Continuity and Risk Management: Essentials of Organizational Resilience Rating: 0 out of 5 stars0 ratingsCrisis Management Plan Complete Self-Assessment Guide Rating: 0 out of 5 stars0 ratingsBusiness Continuity from Preparedness to Recovery: A Standards-Based Approach Rating: 0 out of 5 stars0 ratingsThe Manager's Guide to Bullies in the Workplace: Coping with Emotional Terrorists Rating: 0 out of 5 stars0 ratingsInformation Risk Management: A practitioner's guide Rating: 5 out of 5 stars5/5Crisis Management And Response A Complete Guide - 2021 Edition Rating: 0 out of 5 stars0 ratingsBusiness Continuity For Dummies Rating: 0 out of 5 stars0 ratingsDisaster Recovery and Business Continuity: A quick guide for organisations and business managers Rating: 0 out of 5 stars0 ratingsThe Risk Free SME Rating: 3 out of 5 stars3/5Business Continuity Planning: Increasing Workplace Resilience to Disasters Rating: 0 out of 5 stars0 ratingsBusiness Continuity: Playbook Rating: 0 out of 5 stars0 ratingsBusiness Continuity Management: Global Best Practices Rating: 0 out of 5 stars0 ratingsBusiness Continuity Management: Choosing to Survive Rating: 3 out of 5 stars3/5
Business For You
Becoming Bulletproof: Protect Yourself, Read People, Influence Situations, and Live Fearlessly Rating: 4 out of 5 stars4/5The Intelligent Investor, Rev. Ed: The Definitive Book on Value Investing Rating: 4 out of 5 stars4/5Ultralearning: Master Hard Skills, Outsmart the Competition, and Accelerate Your Career Rating: 4 out of 5 stars4/5Your Next Five Moves: Master the Art of Business Strategy Rating: 5 out of 5 stars5/5Emotional Intelligence: Exploring the Most Powerful Intelligence Ever Discovered Rating: 5 out of 5 stars5/5Lying Rating: 4 out of 5 stars4/5The Everything Guide To Being A Paralegal: Winning Secrets to a Successful Career! Rating: 5 out of 5 stars5/5The Richest Man in Babylon: The most inspiring book on wealth ever written Rating: 5 out of 5 stars5/5Summary of J.L. Collins's The Simple Path to Wealth Rating: 5 out of 5 stars5/5Confessions of an Economic Hit Man, 3rd Edition Rating: 5 out of 5 stars5/5Limited Liability Companies For Dummies Rating: 5 out of 5 stars5/5Crucial Conversations: Tools for Talking When Stakes are High, Third Edition Rating: 4 out of 5 stars4/5Good to Great: Why Some Companies Make the Leap...And Others Don't Rating: 4 out of 5 stars4/5Crucial Conversations Tools for Talking When Stakes Are High, Second Edition Rating: 4 out of 5 stars4/5Set for Life: An All-Out Approach to Early Financial Freedom Rating: 4 out of 5 stars4/5Robert's Rules Of Order Rating: 5 out of 5 stars5/5Collaborating with the Enemy: How to Work with People You Don’t Agree with or Like or Trust Rating: 4 out of 5 stars4/5How to Write a Grant: Become a Grant Writing Unicorn Rating: 5 out of 5 stars5/5Suddenly Frugal: How to Live Happier and Healthier for Less Rating: 3 out of 5 stars3/5Law of Connection: Lesson 10 from The 21 Irrefutable Laws of Leadership Rating: 4 out of 5 stars4/5Tools Of Titans: The Tactics, Routines, and Habits of Billionaires, Icons, and World-Class Performers Rating: 4 out of 5 stars4/5The Book of Beautiful Questions: The Powerful Questions That Will Help You Decide, Create, Connect, and Lead Rating: 4 out of 5 stars4/5How to Get Ideas Rating: 5 out of 5 stars5/5The Hard Thing About Hard Things: Building a Business When There Are No Easy Answers Rating: 4 out of 5 stars4/5Thank You for Being Late: An Optimist's Guide to Thriving in the Age of Accelerations Rating: 4 out of 5 stars4/5Company Rules: Or Everything I Know About Business I Learned from the CIA Rating: 4 out of 5 stars4/5Capitalism and Freedom Rating: 4 out of 5 stars4/5
Reviews for The Manager’s Guide to Simple, Strategic, Service-Oriented Business Continuity
0 ratings0 reviews
Book preview
The Manager’s Guide to Simple, Strategic, Service-Oriented Business Continuity - Rachelle Loyear, MBCP, AFBCI, CISM, PMP
The Manager’s Guide to
Simple, Strategic, Service-Oriented
Business Continuity
A Rothstein Publishing Collection eBook
smallfeatherRachelle Loyear
MBCP, AFBCI, CISM, PMP
Kristen Noakes-Fry, ABCI, Editor
EPUB ISBN 978-1-944480-38-7
PDF ISBN 978-1-944480-39-4
smallogo203.740.7400 • 203.740.7401 fax
info@rothstein.com
www.rothsteinpublishing.com
smalltwitter smallfb smallinkedin
COPYRIGHT ©2017, Rothstein Associates Inc.
All Rights Reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form by any means, electronic, mechanical, photocopying, recording or otherwise, without express, prior permission of the Publisher.
No responsibility is assumed by the Publisher or Authors for any injury and/or damage to persons or property as a matter of product liability, negligence or otherwise, or from any use or operation of any methods, products, instructions or ideas contained in the material herein.
Local laws, standards, regulations, and building codes should always be consulted first before considering any advice offered in this book.
EPUB ISBN 978-1-944480-38-7
PDF ISBN 978-1-944480-39-4
smallogo203.740.7400 • 203.740.7401 fax
info@rothstein.com
www.rothsteinpublishing.com
Preface
Business continuity planning and management (BCM). It’s a topic in most organizations that brings a lot of enthusiastic agreement about the critical need to do it, and often a lot of head ducking and looking the other way when the actual planning needs to be done. It’s no secret among BCM professionals that the most difficult part of managing a continuity program is gaining traction for the work. While executives often claim to support the need for a robust BCM program, the reality of having to run the business and deal with day-to-day work often takes priority when to do
lists get long.
At the same time, in a best-case scenario, personnel in the organization understand the need for a plan in case something goes wrong, but may not have the time to devote to plan development or documentation, or sometimes even really know where to start. At worst, they see the entire exercise as a waste of their valuable time. After all, they’ve been doing fine so far without a plan. Why go to the trouble of taking time out of their already busy schedule to develop one now? All these things can lead to the actual work of planning being handed off from person to person until it gets to the one person who has no one left to hand it to. And, sadly, that person often does not actually have the information needed to put together a real, workable plan.
Why I Wrote This Book: The Origins of the Three S’s of BCM Success
If this sounds familiar to you, then you are not alone. In countless conversations with BCM professionals I’ve had over the years, I have heard again and again the lament that they didn’t have enough support, or authority, or resources to get the job of planning done. I was in the same position. I was responsible for several hundred department plans for an enormous enterprise, yet the reality was that I had few subject matter experts willing to write them, no matter how many software training classes I gave or how many your deadline has passed
emails I sent.
Finally, I decided there had to be a better way to engage and build support for my BCM program with non-BCM professionals - my program partners in the organization. I sat down with a colleague and we talked about our experiences. When we did get a plan complete, what was good about it? How did we get it done? Why did it work in one case and not another? We got out a pen and a whiteboard and made notes and scribbled and planned, and that conversation was the beginning of what I’ll talk about in this book. It was the beginning of completely revamping and reinventing the BCM program. It was also the beginning of an incredibly successful BCM program in that company and in others as I and other BCM managers had begun to embrace and espouse what I now call The Three S’s of BCM Success
- or 3S
to shorten that up a little:
1) Simple.
2) Strategic.
3) Service-oriented.
How the Three S’s Can Change Your Effectiveness on the Job
This book is all about how those three concepts can completely change the work life of any manager tasked with business continuity responsibilities:
How with a change in your mindset and program, you can gain an incredible amount of traction and support from all of your BCM program partners in the business who have the critical information needed for your BCM plans
How you can change from having people in your organization avoiding you in the hall, aware that they have missed yet another planning deadline, to having them actively seeking you out when they have an update to make to their plans.
In Part I of the book - for those readers who might be new to the world of BCM - I give you an introduction to what BCM is and a high-level overview of what it typically encompasses. Then I dive into the topics of why BCM seems so complicated to so many of the BCM program partners that you must engage with to build and manage plans. In Part II, I show how you can change that complexity, and reboot your BCM programs using the 3S model to gain internal traction, participation, and support. Finally, in Part III, I cover how to put it all together to run an ongoing program that will support your organization’s needs now and into the future.
Stories from the Front Lines: BCM in the Real World
Throughout this book, you will see boxes with what I am calling Stories from the Front Lines.
These are real-life stories that I’ve collected from BCM professionals at conferences, seminars, and training sessions, and also some from my own experience. Names of people and organizations have been changed to protect the innocent.
These stories are told in first person as they were told to me. Some may have happier endings than others, but if you have worked in the BCM field for a while, many of them will sound familiar to you. If you have not, then these real life war stories
will hopefully provide you some dos and don’ts
for implementing your own BCM program.
At the end of each story, I include a few Life Lessons Learned
bullet points to show you how using any one of the 3S aspects either helped or could have fixed the issue in the story.
So if you are ready to:
Completely change your approach to the problems of BCM buy-in.
Find new ways to engage and support your BCM program partners and subject matter experts.
Develop easier-to-use policies, procedures, and plans.
Improve your overall relationships with everyone involved in your BCM program.
See how three little words can change your work life.
...then let’s get started on learning about building better BCM!
Rachelle Loyear
New York City
March 2017
Table of Contents
Cover
Title page
Copyright
Preface
Part I: Traditional Business Continuity Management:What Does and Doesn’t Work
Chapter 1: Traditional Business Continuity Management:An Overview
1.1 Business Continuity Management Defined
1.1.1 What’s in a Name? Talking the BCM Talk
1.2 Business Continuity Management Standards and Organizations
1.3 Business Continuity Management Common Terms
1.4 Business Continuity Management Common Approaches
1.4.1 The BCI Good Practice Guidelines Model
1.4.2 DRI International Model
1.4.3 ISO and ASIS International/BSI Standards Model
1.4.4 Comparing the Standards in a Five-Phase Risk Cycle
References
Chapter 2: Traditional BCM: The Roadblocks to Success
2.1 Things That Get in the Way of a Successful Program
2.1.1 Business Continuity Is Not Core Business
2.1.2 Executive Support Is Not Everything
2.1.3 Complexity Is Not Your Friend
2.1.4 BCM Is Rarely a DIY Effort
References
Part II: A New Solution: The Three S’s of BCM Success
Chapter 3: Introduction: The Three S’s of BCM Success
3.1 Three S: A Philosophical Change in Approach
3.1.1 A Simple Philosophy
3.1.2 A Strategic Philosophy
3.1.3 A Service-Oriented Philosophy
Chapter 4: The First S - Simple
4.1 Initiating a New BCM Program
4.1.1 Get Executive Buy-In
4.1.2 Create an Executive Communication
4.1.3 Meet with Senior Leaders
4.1.4 Your Next Level of Meetings
4.2 Analyzing the Business Needs for a BCM Program
4.2.1 BCM Program Goals
4.2.2 BCM Program Policy
4.2.3 BCM Program Procedures
4.3 Building the Program and Program Components (Plans)
4.3.1 Who, When, Where, What, and How - The Basics of Planning and Templates
4.3.1.1 Who: Team Roles
4.3.1.2 When: Response Times
4.3.1.3 Where: Response Locations
4.3.1.4 What: Team Resources
4.3.1.5 How: Plan Tasks and Checklists
4.3.2 Allowing for Complexity as Needed
Chapter 5: The Second S - Strategic
5.1 Determining Business Tolerances
5.1.1 Finding the Critical Functions
5.1.2 Finding the Critical Functions Using a Business Impact Analysis
5.1.2.1 The Complex Approach to BIA and Why It Is Bad
5.1.2.2 Identifying Critical Functions Without a BIA
5.1.3 Performing a Strategic BIA
5.1.3.1 Identifying Assets and Asset Owners for a Strategic BIA
5.1.3.2 Valuing and Prioritizing Assets with Your Asset Owners
5.1.3.3 Identifying Hard-to-Find Critical Functions and Dependencies for a Strategic BIA
5.1.3.4 The Purpose of Asset and Critical Function Prioritization
5.1.3.5 Completing the BIA Questionnaire
5.1.4 Performing a Strategic Risk Assessment
5.2 Allowing the Business to Decide What It Needs
5.2.1 When BCM Program Partners Minimize Criticality
5.2.2 When BCM Program Partners Inflate Criticality
5.2.3 Ensuring the Correct BCM Program Partners Are Making Strategic Decisions
References
Chapter 6: The Third S - Service-Oriented
6.1 The Do-It-Yourself vs. Do-It-for-Me Person
6.2 Let Subject Matter Experts Be Subject Matter Experts
6.3 The Planning Process
6.4 Get Better Plans by Sharing Best Practices
6.5 Plan Management Software - Benefit or Barrier?
Part III: Putting It All Together For Results
Chapter 7: The 3S BCM Program in Practice
7.1 Testing and Exercising
7.1.1 Simple Testing and Exercising Programs
7.1.2 Strategic Testing and Exercising Programs
7.1.3 Service-Oriented Testing and Exercising Programs
7.2 Program Maintenance
7.3 Responding to a Business Disruption or Crisis
7.3.1 The Service-Oriented BCM Team During a Business Disruption or Crisis
Chapter 8: Looking Ahead - The Growth of Organizational Resilience
8.1 The Future of Business Continuity
8.2 The Evolving Global Risk Situation
8.3 Organizational Resilience
8.4 Embracing Organizational Resilience
8.5 Organizational Resilience and the 3S Model of Business Continuity Management
References
Chapter 9: Final Thoughts - Where Do You Go From Here
Appendix A: Example Procedure Documents
A.1 Example Emergency Response Procedure Document
A.2 Example Crisis Management Procedure Document
A.3 Example Crisis Communications Procedure Document
A.4 Example Business Continuity Planning/Requirements/Templates Procedure Document
Appendix B: Example Tiered Plan Template Requirements
B.1 Critical Function/Department Template
B.2 Medium Impact Function/Department Template
Appendix C: Example Plan Documents
C.1 Example Crisis Management Plan
C.2 Example Functional Area Business Continuity Plan
C.3 Example Facility Business Continuity Plan
Appendix D: Example Crisis/Disruptive Event Checklists
D.1 Example All-Hazards Universal Checklist
D.2 Example Severe Weather (Hurricane/Winter Storm/Other) Checklist
D.3 Example Flood Universal Checklist
Appendix E: Business Impact Analysis and Risk Assessments
E.1 What is a Business Impact Analysis (BIA)?
E.2 What is a Risk Assessment?
E.3 BIA Asset Valuation Methods
References
Credits
About the Author
More from Rothstein Publishing
Part I
Traditional Business Continuity Management:
What Does and Doesn’t Work
This part of the book will take a look at the world of business continuity and a few closely related topics such as crisis management, emergency response, and organizational resilience. I explore some of the standards and guidelines that drive the traditional approach to business continuity management (BCM) programs, and then consider some alternative ways to think about those standards to allow you to get your BCM program up and running quickly and simply without getting bogged down in all the details of traditional BCM.
Are details always bad? No. But in my opinion, there’s a time and a place for them. Thus, in this book, the time is later and the place will be where you find yourself wanting to dig a little deeper into a particular topic or needing a more granular plan for a very complicated function. Starting out, there’s no need to make things any more difficult than an undertaking as large as a BCM program can already be.
In Part I of the book, I cover:
Chapter 1 - Traditional Business Continuity Management: An Overview
Chapter 2 - Traditional BCM: The Roadblocks to Success
Chapter 1
Traditional Business Continuity Management:
An Overview
I begin Chapter 1 by diving into the basic topics of what business continuity management (BCM) really is, what standards and guidelines have been the base of most traditional BCM programs, and how those traditional base standards can be simplified and made more accessible to people who are new to participating in a BCM program - whether they are running the program or being asked to contribute to the planning process as subject matter experts from departments that need continuity plans.
A Note on Chapter 1 for the Beginner:
If you are approaching BCM for the first time, a few basics in this chapter will ensure that through the rest of the book we are all beginning from the same basic understanding and terminology. Whether you:
Have been tasked with implementing a BCM program in your organization.
Think your organization might need BCM and would like to know more about how to build a program.
Are a business subject matter expert who has been named as a contributor to a BCM planning program.
...this