Principles and Practices of Business Continuity:
Tools and Techniques (with CD ROM Tool Kit)

Jim Burtles, KLJ, MMLJ, FBCI


In addition to those highlighted above, this book includes additional important features:

  • Ideal for senior undergraduate, MBA, certificate, and corporate training programs.
  • Chapter overviews and conclusions; charts, graphs and checklists throughout
  • Glossy of 90 business continuity terms
  • Business Continuity Tool Kit on CD, including templates of a sample business continuity plan, evacuation plan, emergency response plan, crisis management plan; case studies and exercises; student assignments; Web sites; reader self-assessment
  • Instructor Materials, including PowerPoint slides, Syllabus and Instructor’s Manual for 8-weekcourse, with emphasis on student role playing
  • Author is a business continuity management pioneer and legend

This comprehensive how-to guide captures the distilled wisdom and experience of Jim Burtles, a founding fellow of the Business Continuity Institute; an internationally renowned figure in business continuity with over 30 years of experience and teaching across 22 countries; and a veteran of practical experience that includes recovery work with victims of events such as bombings, earthquakes, storms and fires, along with technical assistance/ support in more than 90 disasters, and advice/guidance for clients in over 200 emergency situations.

As such, this book is a gold mine of practical information, based on solid theoretical underpinnings. It is an ideal combination of the practice of business continuity - standards, best practices, global perspectives - and, the process of business continuity - planning, development, implementation, and maintenance. Jim presents a clear picture of not only how to do what needs to be done, but why. By striking a balance between theory and practice, Jim's approach makes the reader's job much easier and more effective.

Illustrated with numerous charts, forms and checklists, the book covers business continuity management from start to finish: understanding risks; assessing impact and developing a Business Impact Analysis; choosing contingency strategies; emergency response processes and procedures; salvage and restoration; disaster recovery; developing business continuity plans, including those for business continuity, emergency response, crisis management, function restoration, and disaster recovery; maintaining long term continuity; reviewing and auditing plans; exercising and testing plans; crisis management; dealing with various personnel issues before, during and after a crisis; and working with a variety of agencies and people, including local authorities, regulators, insurers, fire and rescue personnel, and neighbors.

This comprehensive reference based on years of practical experience will ensure that the reader is in a position to engage in all of the activities associated with the development, delivery, exercise and maintenance of a business continuity program.

There is a glossary of 90 business continuity terms. The accompanying BCP Tool Kit on CD has 24 planning and analysis tools, including sample plans for evacuation, emergency response, and crisis management; scripts and plot development tools for creating exercises to test and audit plans; analysis tools for fire exposure, service impact, resource requirements, etc. It also includes checklists, case studies, and Web references.

See Contents tab for full listing of CD features.

For professional development or college classes the book is accompanied by a set of Instructor Materials.


I. CONTENTS: Book (see below for Contents of CD-ROM with BCP Tool Kit)

FOREWORD by Lyndon Bird, FBCI, The Business Continuity Institute (see Excerpt tab for full text)

INTRODUCTION (see Excerpt tab for full text)

    • The Backlog Trap
    • The Decision Point and Business Tolerance
    • Micro Sufficiency
    • Micro Sufficiency v. Macro Efficiency
    • Organic Resilience
    • The Basic Functional Relationships
    • Protective Strategies
    • The Tiers of Governance
    • Business Continuity project champion
    • A viable game plan
    • Deliverables and other Outcomes
    • Board level Motivators
    • Scaling to Fit
    • Standards and their Interpretation
    • Hidden Benefits
    • The Auditor's Role
    • Risk Assessment Methods
    • Grid Impact Analysis
    • Risk Acceptance
    • The Cost of Loss
    • Loss of Profit
    • Invisible Costs
    • Investment Wisdom
    • Basic Effects
    • QwikRisk
    • Risk Reporting
    • Facilitated Business Impact Analysis
    • Business Impact Analysis
    • Fire Exposure Analysis
    • Some Thoughts on Improved Fire Drills
    • Fire Drills and Exposures
    • The importance of timing
    • Functional Analysis
    • Compliance Issues
    • The Range of Choices
    • Business Continuity Strategies
    • Strategy Selection Process
    • Backup and Restore Procedures
    • Command and Control
    • Emergency Evacuation
    • Communications
    • Emergency Requirements
    • Battle Boxes
    • Contact Lists
    • Site and Structures
    • Equipment and Technology
    • Documents and Records
    • Electronic Equipment
    • Process Equipment
    • Technology And Support Services
    • Systems Recovery
    • Disaster Recovery Sites
    • Work Area Recovery
    • In-House or Third-Party
    • Back Up Regimes
    • Business Continuity Plans
    • Emergency Response Plans
    • Crisis Management Plans
    • Function Restoration Plans
    • Disaster Recovery Plans
    • The Use of Planning Tools
    • Relocation or Expansion
    • Back to Normal; Reverse Recovery or Revacuation
    • Resources and Facilities
    • Review Process
    • Auditing
    • Capability and Confidence
    • Testing Plans and Procedures
    • Exercise Development and Delivery
    • Cabaret Testing
    • Internal Affairs
    • External Affairs and the Media
    • Health, Safety and Welfare
    • Emergency Working
    • Fatigue and Isolation
    • Rotas and Rotation
    • Rewards and Acknowledgment
    • Counseling
    • Relative Response Team
    • Local Authorities
    • Regulators
    • Emergency Services
    • The Community
    • Insurers
    • Competitors
    • Neighbours
    • Fire and Rescue
    • Classes of Fire
    • Fire doors
    • Portable Fire Extinguishers
    • Air (Hints and Tips)
    • Fire Protection Systems
    • Fire fighting in history








    This tool has been in more or less continuous use for about 25 years. During that time it has evolved into a useful general purpose tool for the business continuity practitioner. The majority of the questions are derived from actual incidents which have interrupted business operations, or put them under threat, at some point in time. While there is a strong emphasis on computer- based operations, the investigation process does cover most of the common physical risks which should be considered by the business continuity planner. However, risk investigation is largely a matter of common sense combined with an enquiring mind. Keep asking questions until you are satisfied that you understand what is happening, what might happen and what could cause it.


    This was specifically designed to be used in conjunction with the functional analysis approach as described in Chapter 5. However, it can also be used as a support tool during the investigative phase of a normal business impact analysis. It covers the type of questions you need to ask those managers who are responsible for the core business units, functions or processes.


    This tool was also developed for use in connection with functional analysis. It acts as a prompt when trying to plot the main functions of an organization. As it is a rather generalized tool you may want to add other items to the list before use in any particular industry which has unique characteristics or ways of achieving things.


    This tool is another example of the type of worksheets which are used during the data- gathering phase data.


    This checklist is designed to help the user identify the various types of data which may be classified as critical and require to be included within the backup regime.


    This example is derived from a plan we prepared for a firm of consulting engineers with a number of regional offices. The basic template behind this plan has evolved over the past 20 years and has also served as a teaching aid on various training courses for business continuity personnel.


    This is a tool for use when reviewing or auditing a business continuity plan. It provides an objective view of what are deemed to be the essential ingredients. A subjective view of whether those ingredients are practical and meaningful is also required if the review or audit is to be really effective in highlighting any shortfalls, redundancies or confusions within the text.


    The original for this plan was developed as a direct result of the lessons learned from a series of terrorist attacks, culminating in the 9/11 event. It is based on certain assumptions which are stated within the plan. Clearly, in a disastrous event where there is no prior warning there is no requirement for an evacuation plan. The plan has been based on the assumption that there would be We have made the assumption, therefore, that we can expect twenty minutes warning and the plan is based on this assumption. Parts of the evacuation procedures can also be used to get people to safety under various other circumstances, such as a fire or any other threat to the health and safety of the building's occupants.


    This checklist should be used to investigate and evaluate the various options for getting people to a place of safety in an emergency. The output of the investigation, using this tool, provides the input to an emergency evacuation plan.


    This was derived from the same basic template as the business continuity plan. It would normally form a module within the overall plan but here it is shown as a separate stand-alone item. This also has been used extensively as a teaching aid, especially on emergency management training courses.


    These notes are designed to help the emergency manager keep track of his, or her, activities and responsibilities during the first few minutes, or hours, of an incident. They are intended to supplement rather than replace a full emergency response plan.


    The emergency response checklist provides a cryptic overview of the key activities during an emergency. It can be used by the administration section to keep track of events and perhaps act as a prompt in case anything should be overlooked.


    This checklist is intended to be used by the technical team who are responsible for carrying out systems recovery testing as a part of the disaster recovery program. The original version was developed about ten years ago but the principles of trying to ensure compatibility and suitability of the recovery resources should still apply. The other important issue is the quality and reliability of the back up and the regime which produces it.


    The sample crisis management plan was originally developed for a newspaper chain and was printed as a double sided, tri-fold document which could be slipped into a director's pocket, or diary; to be carried at all times. Indeed, these were so easy to produce that they kept a small supply at each one of their regional offices.


    This is a data collection tool for use in conjunction with the fire exposure analysis concept as described in Chapter 5 where you will find full instructions on how to proceed with this technique. The resulting fire exposure analysis report should prove useful in establishing the need for some form of contingency planning or, at the very least, some form of document protection policy.


    The original version of this tool was developed by Liz Taylor of Public Risk Management as a means of identifying the critical services delivered by a local authority. However, the principle of scoring key aspects and multiplying them to gain a distinctive score can be applied to any business environment.


    The original version of this tool was also developed by Liz Taylor of Public Risk Management as a means of identifying the critical resource requirements for a local authority. It is a companion to the service impact analysis tool and is intended to be used in conjunction with it.


    This tool is designed to assist the user in the selection of suitable plot lines as the basis of their exercise scenarios. It provides a number of basic ideas together with a rating system to help the scriptwriter select the most appropriate ones for different occasions and circumstances.


    This checklist is designed to support the review and analysis process whenever the operation is moved to a recovery center. While it is designed as a post-event tool, it might be equally useful when reviewing a test, or a training exercise, which entails moving to a recovery site.


    This document represents a typical script for an exercise designed to explore the manner in which a telecommunications company responded to a serious incident. It may provide the reader with some ideas about the layout and contents of a working script.


    This checklist is for an exercise facilitator to make sure everything has been accounted for when preparing to deliver an exercise.


    This log is designed to keep track of what happens during an exercise so nothing gets overlooked during the subsequent debriefing, reporting and reviewing.


    This is a 'sanitized' version of an actual exercise report. It is included here as an example of the style and contents of such a report.


    This is a suggested layout for an initial holding statement, suitable for use in the immediate aftermath of any incident which might be serious enough to attract the attention of others. It should be prepared as soon as possible after an 'incident' occurs, although one should avoid using that word in the description of the event.

  25. * * * PLUS * * * BONUS MATERIALS including:
    • 16+ Helpful Articles
    • Integrity Indexing Methodology Tools and Resources
    • Operational Governance Tools and Resources
    • Student Assignments
    • Case Studies and Exercises
    • Reader Self-Assessment
    • Web URL References

Excerpt from the Foreword by Lyndon Bird, FCBI,
Technical Services Director, The Business Continuity Institute

As Technical Services Director of The Business Continuity Institute I am delighted to provide this foreword for what I believe will be a very important addition to the currently available literature on Business Continuity Management.

In fact, the author Jim Burtles is one of the few practitioners that have both the depth of knowledge and length of experience to write what might arguably be the most comprehensive review of the subject ever produced. I have known Jim Burtles since around 1986 and although we have never directly worked together commercially, our paths have crossed many times over the past two decades. When we both started in Business Continuity it was a little known subject largely restricted to IT recovery specialists. Jim and I shared both a hope and a belief that it could and would become something much greater. I believe it has exceeded our expectations and continues to do so on an almost daily basis.

Part of this success story has been due to an organisation that both Jim and I are very committed to - The Business Continuity Institute. The BCI was formed in 1994 and has gone from strength to strength. Jim and I share the distinction of being founder members of The Institute together with a handful of other UK-based practitioners. From such small beginnings it is now a major name in the world of Business Continuity. With nearly 4000 members in over 80 countries and a growing list of international Chapters and Forums, The BCI is increasingly being seen as the definitive voice in world Business Continuity Management.

Jim's contribution to this has been enormous--his unfailing intellectual rigour about his subject, his passion for persuading others of its importance and his determination to turn BCM into a mainstream management discipline has never wavered. When others might have thought of retiring Jim has just started on another challenge, the latest being this formidable "tour de force" through the complexities of Business Continuity.

Business Continuity certainly has its technical elements but it really fits the category of a mainstream business issue. It has its own standards such as BS25999 in the United Kingdom, NFPA1600 in North America and other national standards in Australia, Singapore and beyond. It has its own institutions such as the BCI and the Disaster Recovery Institute International (DRII), and is increasingly influencing government policy and regulatory regimes. It has a global reach and a resonance that is understood from Europe to America, from Asia to Africa. Its principles work for multi-national corporations and small businesses, for public as well as private sector organisations. Most significantly, it has its "gurus" and thought leaders - 0one of the best of these in my view is Jim Burtles.

I believe there is a growing awareness across the world of what business continuity really is and why it is so important to corporate survival. We have seen a real increase in high-profile events that have been broadcast on our televisions and in our newspapers, all of which have highlighted the benefits of good planning and response capabilities. We have an increased perception of threats, some of which we understand well, some that come as a complete surprise and others that, although known, shock us by the severity of their consequences when they occur.

In today's world there is a more global nature to these threats. Businesses have far more economic interdependency between regions than ever before. We invariably rely on longer supply chains for physical production of the goods we consume, and we increasingly rely on offshore outsourced operations for much of our service delivery and back office administration.

Probably the most global industry of all is the Financial Sector, and it is in this field that regulation, legislation and standards have really started to take hold. Compliance with a myriad of different requirement in different countries is making the role of the compliance professional both extremely challenging and increasingly risky. In this sector at least, BCM is now often being seen as a compliance issue rather than a risk, security or emergency planning issue.

There is clear evidence that there is a coming together of BCM thinking amongst the various financial regulators, which is likely to be a strong driver for more consistency. The Basel Committee on Banking Supervision, Joint Forum has issued seven high-level principles for business continuity ( that individual country regulators will look to enforce. The countries represented were: USA, UK, Canada, France, Netherlands, Hong Kong, and Japan, so although not universal it does represents most of the major players in the financial markets.

With so much current debate about the exact nature and boundaries of Business Continuity Management, this book puts it all into perspective and gives us an authoritative view from someone who has really seen and done it all during a long and outstanding BCM career.

  • Lyndon Bird, FCBI Technical Services Director, The Business Continuity Institute

Excerpt from the Introduction

In this book, we will explore the subject of Business Continuity Management; I intend to explain the basic principles and describe what I regard as good practice. On completing this book, the reader should be in a position to engage in all of the activities associated with the development, delivery or maintenance of a business continuity program.

We start by looking at how and why the subject came into existence, which leads naturally into some thoughts about the science behind the basic principles. The practical aspect opens up with ideas about launching a program and getting to grips with the operational risks and threats. Risk management is a well-established discipline and much of our work is often predicated upon the work done by others in this area.

Where business continuity is particularly unique is in the next stage of developing a practical understanding of the impacts and consequences of risk. This enables us to design an appropriate continuity strategy to meet the precise needs of the organization. Business impact analysis is an especially valuable contribution to the development of continuity and resilience in any enterprise.

We then move on to look at the basic continuity strategies and how to select the most appropriate one to meet the needs and the budget. This leads us on to considering the emergency response aspect which is about arranging and preparing to deal with a business interruption. Understanding the management and control of the effects and consequence of such an event leads us naturally towards the need to know something about restoration and recovery of facilities resources and equipment. Here again the business continuity manger needs to have basic understanding of a complex and well-established discipline.

We then move on to look at disaster recovery techniques which are the various ways in which the technical people can prepare to rebuild or recover the support services and functions. This is another area where the business continuity manager will need to rely upon the specialist skills of other people. So the requirement is to have a broad understanding in order to be able to call on their services and interpret what they are saying into meaningful terms.

Armed with a rounded knowledge of the prerequisites we then look at the development and construction of the actual business continuity plans. We examine the various types and levels of plans which are required to cover the various aspects of a disruptive event. In our model we envision five distinct types of plans, but there is no fixed rule about this. The plans and their format have to fit the needs, and structure, of the enterprise concerned.

Having covered the build-up towards, and the actual development and delivery of, the business continuity plans we next consider the longer term which is about raising awareness, applying the skills, looking after the resources and keeping the plans up to date. A review or audit program is then discussed as a means of ensuring the ongoing suitability of the program as well as its strategy, plans and resources.

With an established business continuity program behind us, in theory at least, it we next introduce the need for, and the know-how of, exercising the plans and testing their components. This chapter covered the most important stage of preparing to deal with a major disruption. Without testing we have no means of knowing whether our plans will work. Without exercising we have no way of knowing whether our people can cope.

Adding another layer of sophistication we then look at how to arrange for crisis management which is all about protecting the brand and image. Although crisis management requires the services of senior stakeholders for the actual delivery, it is the duty of the business continuity manager to ensure the arrangements are in place to enable it to happen.

We cover the need to deal sympathetically with personnel in the wake of a disaster before looking at the need to liaise with others. This liaison work can, and should, be started proactively in order to ensure there are no surprises. Obviously it will continue throughout an emergency and possibly for some while afterwards.

Anyone who has read and understood this body of work should, theoretically, be ready to tackle any aspect of business continuity with some degree of confidence. There is some subsidiary material which may bolster this confidence. These extra materials include a bunch of quotes you may use to garnish your own presentations and a glossary to make sure you are expressing yourself correctly. Finally there is a toolkit on CD-ROM which contains samples of all the materials you will need in the role of a business continuity professional, as well as a selection of supplementary reading material.


"An invaluable, comprehensive and practical guide to assist companies of all sizes with their Business Continuity Planning - written by a BC practitioner with years of experience to help others learn and avoid pitfalls."

  • --Survive--The Business Continuity Group

"Jim Burtles is one of the few practitioners who have both the depth of knowledge and length of experience to write what might arguably be the most comprehensive review of the subject ever produced.

"Jim's contribution to Business Continuity has been enormous --- his unfailing intellectual rigour about his subject, his passion for persuading others of its importance and his determination to turn Business Continuity Management into a mainstream management discipline has never wavered. When others might have thought of retiring Jim has just started on another challenge, the latest being this formidable 'tour de force' through the complexities of Business Continuity.

"With so much current debate about the exact nature and boundaries of Business Continuity Management, this book puts it all into perspective and gives us an authoritative view from someone who has really seen and done it all during a long and outstanding BCM career."

  • --Lyndon Bird, Technical Services Director, The Business Continuity Institute

"Business continuity-originally lumped together with other types of disaster recovery - is increasingly important in a world where all types of disasters seem to occur with increasing frequency. A look back at very recent events reveals product recalls, forest fires, earthquakes, storms, bombings, and floods, just to name a few. Each brought with it not only personal tragedies and dislocations, but also threats to the viability of businesses located in the disaster area(s). Businesses generally recognize the need to and importance of good planning in this area to ensure that they respond well to such incidents--especially with regard to mitigating damage and getting back to normal afterward.

"However, such planning is neither straightforward nor easy to do. There are many twists and turns along the path to a comprehensive and well-functioning business continuity plan. Those charged with this function always welcome a good reference to ease the task and ensure that as few loose ends as possible are left. Principles and Practice of Business Continuity: Tools And Techniques is just such a basic reference. Its author, Jim Burtles, has over 30 years of international experience in a wide variety of disasters that has equipped him to write an overview of what goes into business continuity planning and his book does this very well. Of particular value is the CD that accompanies the book - enhancing its value as a text and as a reference. The CD has 24 planning and analysis tools, including sample plans, checklists, and exercise guides, along with case studies, exercises web references, and more.

"Jim Burtles has made an important addition to the written materials available to business continuity planners. It is comprehensive without being tedious and provides an excellent base line for both planning neophytes and a useful reference for more experienced practitioners."

  • --Security Management Magazine.


JIM BURTLES, KLJ, MMLJ, FBCI, is a well known international figure in the business continuity profession with 30 years of experience spread across 22 countries. He is a founding fellow of the Business Continuity Institute where he has served as a director for over ten years. As the original Standards Officer, he was heavily involved in the evolution of its professional standards and ethics.

He received the freedom of the City of London in 1992 and was presented with a Lifetime Achievement Award by his peers in 2001. During 2004 he worked with the Cabinet Office in the United Kingdom, helping to develop their guidance material to support the Civil Contingencies Act (2004). He also represents the business community on the London Regional Resilience Team which is the central coordinating body for London's response to an emergency.

Over the years, Jim Burtles has been involved with charitable works and was promoted in 2005 to the rank of KLJ, Knight of Grace within the Military and Hospitaller Order of St. Lazarus of Jerusalem, He has also been granted Membership of the Companionate of Merit in recognition of his work on behalf of the Order, MMLJ. The Order of St Lazarus of Jerusalem was founded in 1098, at the Infirmary of St. Lazarus during the First Crusade.

Originally a research engineer involved in the development of early transistor technology in the late 1950s, he joined IBM as a service engineer in 1969. During his eighteen years with IBM, he was at the forefront of the emerging business continuity profession. His first involvement with Disaster Recovery (or DR) was in 1976 as the field engineer responsible for repairing and recovering a critical banking system that had been struck by lightning. Later he became a systems engineer, advising customers on such matters as system performance and reliability. He went on to become IBM's disaster recovery country specialist before joining Safetynet as their principal consultant in 1987. (Safetynet was a leading small systems disaster recovery service which was subsequently acquired by Sungard).

In 1995 he was appointed as a director of Corporate Integrity where he was head of training until they were acquired by Adam Associates in 2000. Two years later he set out on his own as the principal of Total Continuity Management, where he now focuses on executive-level training and support for Business Continuity Management and the development of specialist emergency response skills.

During the early years he played a leading role in the development and expansion of disaster recovery principles and practices. Since then he has been instrumental in maturing those early pioneering methods into the professional skill set of the modern business continuity manager. When he first became involved in the subject there was no body of knowledge to refer to, nothing had been published. Indeed, very few people had even though about business continuity; so he set about inventing and developing ideas and theories to explain what the problems might be and how we could solve them. For example, the backlog trap, now accepted by almost everyone as a fact of life, was an early development of his which paved the way for a more constructive approach to business resilience.

His practical experience includes hands-on recovery work with victims of events such as bombings, earthquakes, storms and fires. This includes technical assistance and support in 90+ disasters, as well as advice and guidance for clients in over 200 emergency situations. Through his activities as a trainer and consultant he has helped to introduce business continuity and its related disciplines into both the public and private sectors.

A regular speaker on the international scene, Jim Burtles has introduced over 2,500 people into the profession through formal training programs, and provided partial or top-up training for another 800+ through workshops covering specific subject or skill areas. He has also helped a number of consultancies and service providers to develop their methodologies, tools and professional services. This includes the design of specialist risk management tools, training courses and bespoke services for niche industries as well as the training of staff and clients.

Jim Burtles has carried out business continuity assignments (a mixture of auditing, training, consulting and research work) in Australia, Belgium, Cayman Islands, Denmark, Eire, France, Germany, Gibraltar, Holland, Isle of Man, Italy, Jersey, Nigeria, Norway, Saudi Arabia, South Africa, Spain, Switzerland, Turkey, United States of America and throughout the United Kingdom.

Instructor materials on CD-ROM include the following for an 8-week course:

  • PowerPoint slides numbered for each the 1-40 days of the eight weeks
  • Syllabus and Instructor's Manual with outlines/notes
  • Case studies; student activities, including role playing
  • Test bank; weekly tests and final test; sample student score sheet
  • Sample log sheet for cumulating test scores for each student


Course Description:

Based on the book Principles and Practice of Business Continuity by Jim Burtles, this eight-week course aims to provide the participants with a practical working knowledge of the subject. The varied content includes reading to expand their knowledge; lectures to support and direct their learning; assignments to cultivate their skills; reviews and discussions to reinforce their understanding; and regular testing to validate their progress. The accent throughout this course will be on the development of practical capabilities rather than the acquisition of an academic background. Note that the course time frame is based on the British system of students attending morning and afternoon sessions each day, but the course can be adapted for a 12-week US course.

Because business continuity is very much a hands-on, interactive discipline, students are encouraged to learn from practical exercises. Obviously, the degree of realism within these exercises will add to their usefulness as a learning vehicle. This point needs to be emphasized when asking the students to develop their own case studies.

The business continuity manager must always apply his or her disciplines to other divisions, departments or functions of the organization. Therefore we have built all of the case study work around the activities of a team of business continuity consultants. This approach provides them with the opportunity to act as external agents rather than integral members of the operation they are working with. It also implies they have to promote themselves and their subject, which again reflects the manner in which business continuity has to be delivered in both the commercial world and the pursuit of public service.

PowerPoint presentations support the delivery, numbered according to the day of use.

Objectives: By the end of this course the attendees should possess:

  • A thorough understanding of all aspects of business continuity planning and business continuity management and related disciplines.
  • Practical experience of delivering and supporting the complete range of business continuity deliverables from the initial introduction right through to building and operating a command and control centre.
  • Competence in the subject developed through playing the roles of both the service provider and the service user.
  • Knowledge of the subject based on exposure to the basic theory behind, and the principles underlying, the subject in all its phases and stages.
  • Capability to take on a leading role as full-fledged business continuity professional.

Graduates from this course should emerge armed with the skills, knowledge and confidence to perform effectively as business continuity practitioners. They will be in a strong position to apply for qualified membership of a relevant professional body such as the BCI (Business Continuity Institute) or the DRII (Disaster Recovery Institute International). Furthermore, they will be fully equipped for engagement in all aspects of business continuity within a commercial environment or the public sector.


Notes from Instructor's Manual Describing Week Seven (days 31-35):

Now that students have learned to prepare the key deliverables, which are the various types of business continuity plans, we move on to look at some of the longer term issues such as maintaining the plans and putting them to practical use.

Day 31 (The Long Term)

The students should have read through chapter 11 of Principles and Practice before we introduce them to the entirely new concept of a Vulnerability Chronogram. The PowerPoint presentation (31 Long Term) asks them to work on the case study to develop a suitable BCM program for the year ahead, based on knowledge of other planned activities. This presentation and the subsequent student activity should occupy the whole morning. In the afternoon the students will be asked to engage in another long-term task which is concerned with utilising BCM skills, concepts and resources to assist in the management of a relocation or expansion project. This is introduced by means of a PowerPoint presentation (31 Applying BCM Principles) and should occupy them for the rest of the day.

Day 32 (Review and Audit)

Apart from reading through chapter 12, the majority of this day is spent on practical exercises. A short PowerPoint presentation (32 Review and Audit) introduces the subject of Review and Audit within a business continuity context. The students are then asked to prepare some checklists suitable for use in a BCM review. This should take them to the end of the first session. During the second session they are to extend this checklist for use as an audit tool. After lunch they go into case study mode and engage in BCM auditing. During the last session of the day they will present their audit findings to their clients and the rest of the class. At the end of the day there is just time to introduce a model of Disaster Actions or how business continuity modes of operation change over time with a short PowerPoint presentation (32 Disaster Actions).

Day 33 (Exercising and Testing)

Exercising and Testing is, perhaps, the most important aspect of any business continuity program because it is where the notional theory is turned into realistic practice. The day starts with a rather brief lecture on testing which is about the proving of the plans and ideas. Because testing is relatively straightforward we do not need to dwell on the subject too long. A PowerPoint presentation (33 E and T 1) defines testing and asks them to develop a checklist which they can share and discuss after lunch. During the last session of the day we move on to the rather more intricate subject of exercising which is where we develop the essential skills and learn how to improve the plans. The second presentation of the day (33 E and T 2) prepares the students for the following day's activities which will be the complete development and delivery of a simple exercise.

Day 34 (Exercising and Testing)

The whole of this day will be devoted to case study activity. During the morning the students will all be fully engaged in their consultant role, developing a script for the exercise which they will be running against their clients in the afternoon. These should be relatively short exercises, allowing plenty of time at the end of the day for the debriefing and feedback session. Although we are asking them to make notes, there is no need for them to prepare a proper exercise report at this stage. There will be an opportunity later, when the subject of feedback and reporting has been covered in class.

Day 35 (Reporting and Feedback)

The day starts with a lecture on exercise reporting and feedback using a PowerPoint presentation (35 E and T 3). The lecture ends with setting the students the task of developing a full scale exercise to be delivered next week. This activity should occupy the rest of the day, except for the end of week review and weekly test. The actual exercises will be run at the start of the next, and final, week of the course.


Contact Philip Jan Rothstein, FBCI (, 203-740-7444) - a 25-year veteran in business continuity/disaster recovery - for a free, personalized consultation about your textbook requirements. Complimentary review copies are available. Visit the Rothstein Associates, Inc. web site and the Rothstein Associates Inc. Business Survival ™ Weblog.