BUSINESS CONTINUITY PLANNING METHODOLOGY
BOOK *PLUS* INTERACTIVE TRAINING MODULES
by Akhtar Syed, Ph.D., CISSP and Afsar Syed, BMath., ABCP

- - - - - - - -
-
-
Business Continuity Planning Methodology with Business Continuity Training
consists of two
components:
1. Business Continuity Planning Methodology Book
2. Business Continuity Training on CD-ROM
- - - - - - - -
-
-

“An easy to follow step-by-step guide to help you implement a business continuity program,
and develop,
test, and maintain a business continuity plan.

“Detailed analysis and steps for conducting a business impact analysis, managing risks, and
developing
a continuity strategy.

“Based on industry standards, guidelines, and best practices such as ISO/IEC 17799, NFPA
1600,
CobiT, and DRII.

“An in-depth step-by-step guide to help you develop, test, and maintain your business
continuity plan.

“The business continuity planning process consists of six key stages:
- risk management;
- business impact analysis;
- business continuity strategy development;
- business continuity plan development;
- business continuity plan testing; and,
- business continuity plan maintenance.

“Although there are many publications that explain business continuity planning, very few
provide detailed
methods on how to implement it; even fewer cover implementation of all six stages.

“Business Continuity Planning Methodology is a single, comprehensive, text that explains the
principles
of business continuity planning and presents an easy to follow step-by-step methodology to
implement its
six stages. The methodology considers protection of mission critical business processes,
resources,
and services. It focuses on key resources such as IT systems and infrastructure,
manufacturing and
production equipment and products, facilities, work areas, vital records, and critical data.
The
methodology is consistent with business continuity industry standards, guidelines, and best
practices
such as ISO/IEC 17799, NFPA 1600, COBIT, and DRI International.”

- - - - - -

BOOK CONTENTS

“This book gives readers the skills to manage risks, conduct a business impact analysis,
develop a
business continuity strategy, and develop, test, and maintain a business continuity plan. The
main body
of the book contains chapters structured according to the six business continuity planning
stages:

RISK MANAGEMENT

“This chapter introduces the key concepts of risk management and describes a framework
for managing
risks to business continuity. The framework includes steps for risk assessment, risk control
options
analysis, risk control implementation, risk control decision, and risk reporting. The chapter
explains the
concepts and implementation of these steps through examples of business continuity risk.

BUSINESS IMPACT ANALYSIS

“This chapter describes the steps for conducting a Business Impact Analysis (BIA) and
explains the
implementation of these steps through an example BIA scenario. The BIA steps include
assessment of
financial and operational impacts, identification of mission critical business functions and
processes,
identification of critical IT systems and applications, and determination of recovery
requirements. Topics
in this chapter include comparison of BIA and risk management; BIA benefits and
responsibilities;
methods of conducting a BIA; disaster-to-recovery time line and events; elements of the BIA
such as
Maximum Tolerable Downtime (MTD), Recovery Time Objective (RTO), Recovery Point
Objective
(RPO), Work Backlog, and Data Loss; summarized findings; and BIA report content.

BUSINESS CONTINUITY STRATEGY DEVELOPMENT

“The business continuity strategy development framework presented in this chapter is
designed to help
the reader determine the best strategy that will enable a timely and cost effective recovery
from a
potential business disruption. It describes the steps to identify recovery requirements and
options,
conduct a cost-benefit assessment, and identity and select the most viable recovery options.
This
chapter also discusses general considerations for developing a business continuity strategy,
and
provides recommendations for recovery contracts and service level agreements.

BUSINESS CONTINUITY PLAN DEVELOPMENT

“This chapter is a guide for developing an effective business continuity plan based on the
results of the
preceding stages. It explains the detailed structure and content for an effective plan and
covers the key
plan execution phases: initial response and notification, problem assessment and
escalation, disaster
declaration, plan implementation logistics, recovery and resumption, and restoration.
Numerous
examples of plan activities, procedures, and tasks help to explain the content required in the
plan. This
chapter also addresses the requirements for an emergency response plan and crisis
communication
plan.

BUSINESS CONTINUITY PLAN TESTING

“This chapter introduces the key concepts of business continuity plan testing and provides a
framework
for developing an effective test plan. The topics include test objectives, test benefits, test
methods, test
scenarios, test evaluation criteria, and test budget. The framework then explains the
sequence of test
plan development steps and addresses various issues and concerns that influence the test
plan, such as
test constraints, strategy, logistics, and risks.

BUSINESS CONTINUITY PLAN MAINTENANCE

“The focus of this chapter is on maintaining the business continuity plan in a constant
ready-state. It
describes activities needed to ensure that the business continuity plan always remains
accurate, current,
and complete. Topics covered in this chapter include business continuity plan change
management, plan
testing, training, and audit.

“This book also contains the following appendices: a summary of deliverables resulting from
the six
stages of the business continuity planning process; summary of business continuity standard
guidelines
and best practices; business continuity resource information; and a glossary of business
continuity
terminology.”

- - - - - -

WHO SHOULD READ THIS BOOK?

“This comprehensive text is an excellent resource for those who develop business continuity
plans,
manage business continuity projects, or want to learn about the subject of BCP. It is a
valuable reference
for people seeking certifications such as CISSP (Certified Information Systems Security
Professional) or
CBCP (Certified Business Continuity Professional).”

- - - - - - -

EXCERPT FROM THE INTRODUCTION

Disasters can strike quickly and without warning. Webster’s dictionary defines disaster as:

“a calamitous event, especially one occurring suddenly and causing great loss of life,
damage, or
hardship, as a flood, airplane crash, or business failure” [1].

“Floods, earthquakes, tornadoes, and hurricanes are examples of major calamitous events.

“Businesses are vulnerable to the impact of not only major calamities but also minor
business
disruptions. Factors such as increased dependency on technology and “speed to market”
pressures
have made businesses sensitive to even minor disruptions. Some examples of minor
disruptive events
are power outages, information technology (IT) system failures, manufacturing equipment
failures,
hazardous material contamination, voice and data communication failure, and computer
viruses.

“Over the past decade, the risks of natural disasters, technical and accidental failures, and
malicious
activities have increased the possibility of business disruptions. In spite of increased risks,
studies show
that many businesses have remained complacent. According to Gartner, “… many
enterprises that
experience a disaster never recover. Gartner estimates that two out of five enterprises that
experience a
disaster go out of business within five years.” These findings reflect the failure of businesses
to invest in
adequate disaster planning and preparations.

“Serious consequences of business disruptions can be avoided through business continuity
planning
(BCP). BCP is a discipline that prepares an organization to maintain continuity of business
during a
disaster through an implementation of a business continuity plan. A business continuity plan
is a
document that contains procedures and guidelines to help recover and restore disrupted
processes and
resources to normal operational status within an acceptable time frame.

“This book explains the concept of BCP with a specific emphasis on the process and
methodology for
developing, maintaining, and implementing a business continuity plan.

“The methodology considers people, business processes, and resources as essential
elements of a
business continuity plan. A business continuity plan cannot function effectively without the
collective
efforts of the people assigned to various roles and responsibilities defined in the plan.
Continuity of
business cannot be maintained without the continuous support of critical business
processes—tasks and
operations performed by business units or functions—and various resources required by
these
processes.”

- - - - - - -

BOOK TABLE OF CONTENTS

PREFACE

CHAPTER 1 INTRODUCTION
1.1 Chapter Overview
1.2 Reasons for BCP
1.3 BCP and Other Planning Approaches
1.4 Business Continuity Planning Concept
1.5 BCP Process: Best Practices and Industry Guidelines
1.6 Key Deliverables of the BCP Process
1.7 Roadmap to this Book
Appendix 1A: BCP Related Rules and Regulations

CHAPTER 2 RISK MANAGEMENT
2.1 Chapter Overview
2.2 Risk Concepts
2.3 Risk Management Framework
Appendix 2A: Risk Assessment Data Collection Process

CHAPTER 3 BUSINESS IMPACT ANALYSIS
3.1 Chapter Overview
3.2 Risk Management and BIA
3.3 BIA Benefits
3.4 Who should be involved in a BIA?
3.5 Methods for Gathering BIA Information
3.6 Recovery Time Requirements
3.7 BIA’s Functional Overview
3.8 BIA Process
3.9 BIA Report

CHAPTER 4 BUSINESS CONTINUITY STRATEGY DEVELOPMENT
4.1 Chapter Overview
4.2 A Framework for BC Strategy Development
4.3 General Recovery Strategy Considerations
4.4 Recovery Contracts and Service Level Agreements
Appendix 4A: Examples of Availability Time Concerns for Recovery Options

CHAPTER 5 BUSINESS CONTINUITY PLAN DEVELOPMENT
5.1 Chapter Overview
5.2 Business Continuity Plan Outline
5.3 Objective and Scope
5.4 Definition of a Disaster
5.5 Risk Management Summary
5.6 Business Impact Analysis Summary
5.7 Business Continuity Strategy Summary
5.8 Business Continuity Teams
5.9 Contact Information
5.10 Activities for BC Plan Execution Phases
5.11 Mapping Resources to BC Plan Execution Phases, Activities, Procedures, and
Tasks
5.12 Assigning Activities, Procedures, and Tasks
5.13 BC Plan Change Control
5.14 BC Plan Appendices
Appendix 5A: Emergency Response Plan Requirements
Appendix 5B: Crisis Communication Plan Requirements
Appendix 5C: Critical Data and Critical/Vital Record Off-site Storage Requirements

CHAPTER 6 BUSINESS CONTINUITY PLAN TESTING
6.0 Chapter Overview
6.1 Objective of BC Plan Testing Stage
6.2 BC Plan Testing Benefits
6.3 Test Methods
6.4 BC Test Plan Document
6.5 A Framework for BC Test Plan Development


CHAPTER 7 BUSINESS CONTINUITY PLAN MAINTENANCE
7.1 Chapter Overview
7.2 BC Plan Change Management Process
7.3 Business Continuity Plan Testing
7.4 Business Continuity Training
7.5 Business Continuity Audits
7.6 Suggestions for BC Plan Maintenance

CHAPTER 8 BCP PROCESS: REPORTS AND DOCUMENTS SUMMARY
8.1 Stage 1: Risk Management
8.2 Stage 2: Business Impact Analysis
8.3 Stage 3: Business Continuity Strategy Development
8.4 Stage 4: Business Continuity Plan Development
8.5 Stage 5: Business Continuity Plan Testing
8.6 Stage 6: Business Continuity Plan Maintenance

APPENDIX A: BCP STANDARDS, GUIDELINES, AND BEST PRACTICES

APPENDIX B: BUSINESS CONTINUITY RESOURCE INFORMATION

GLOSSARY OF BCP TERMS AND ABBREVIATIONS

REFERENCES

ABOUT THE AUTHORS

INDEX

= = = = = = = =
=

BUSINESS CONTINUITY TRAINING COURSES ON CD-ROM

This component consists of two courses on CDROM:
1. BCK101 - Business Continuity Planning 1
2. BCK102 - Business Continuity Planning 2

BCK101 and BCK102 are part of the BCKnowledge Pro suite of business continuity training
courses.

BCK101 - provides an overview of a business continuity program and its planning process.
This course
is designed for students from all levels of the organization who are new to BC planning.
Students will
- Identify BC program objectives.
- Learn the definition of disaster, and sources of disaster.
- Analyze example disasters and disaster statistics.
- Understand the components of a BC program and its historical evolution.
- Examine the reasons for establishing a BC program.
" Become aware of BC related rules and regulations.
- Understand the BC planning process.
- Learn BC program principles and how each principle is applied in the process.

BCK102 - provides a detailed introduction of the business continuity planning process,
business
continuity plan, and business continuity program management. Students will
- Identify BC plan and BC program objectives.
- Gain an in-depth understanding of the BC planning process and its various
stages,
objectives, and interactions.
- Become familiar with a BC plan and its structure, elements, and activities.
- Gain an understanding of how a BC plan is executed during a disaster.
- Identify facilities, services, and resources involved in the development and
execution of a BC
plan.
- Learn about BC related standards and guidelines.
- Understand the role of crisis communication within a BC plan.
- Become familiar with BC management phases and objectives.

Each course is approximately 3 hours in duration and requires activation by the publisher. All
instructions
for activation and installation are included. The platforms required to run these courses are
Windows
2000 or XP.

= = = = = = = =
=

ABOUT THE AUTHORS


DR. AKHTAR SYED, PH.D., CISSP

“Dr. Syed has extensive training and consulting experience in the field of Business Continuity
Planning
(BCP). As a consultant and trainer, he has assisted numerous organizations with BCP
training, business
impact analysis, continuity strategy assessment, and business continuity plan development
and testing.
He has also worked with IBM Global Services as a senior business continuity consultant,
helping
businesses with alternate disaster recovery facility solutions.

“Dr. Syed holds a doctorate degree in systems design engineering, masters degree in the
field of data communication services, and a bachelors degree in computer science. He is
also a Certified Information Systems Security Professional (CISSP).”

AFSAR SYED, BMATH., ABCP

“Afsar is a senior business continuity consultant, and has over 15 years of progressive
business and
technical experience in telecommunications, wireless and wireline data networking, voice
over IP
services, Internet security, database systems, computer programming, and product and
project
management. He possesses a bachelor of mathematics degree in computer science and is
an
Associate Business Continuity Professional (ABCP).”

- - - - - -
Book and Training Modules are available separately. Contact Rothstein
Associates at
info@rothstein.com for details.

2006, Book, 315 pages plus CD-ROM. Order #DR795.
- - - - - -

4 Arapaho Rd.

Brookfield, CT 06804-3104 USA

1-888-ROTHSTEin; (888.768.4783)

Telephone: 203.740.7444; 888.768.4783

Fax: 203.740.7401

"Keep Me Posted" Business Survival Newsletter