Principles and Practice of Business Continuity: Tools and Techniques
This comprehensive yet practical business continuity textbook is taught in colleges and universities worldwide. It’s your best resource to learn business continuity management. Included are extensive downloadable resources and tools, and extensive instructional materials (on approved course adoption).
In this 2nd edition of Principles and Practice of Business Continuity: Tools and Techniques, Jim Burtles explains six main scenarios. He promises: “If you and your organization are prepared to deal with these six generic risks, you will be able to recover from any business disaster.”
Includes Downloadable BUSINESS CONTINUITY TOOLKIT.
Extensive INSTRUCTIONAL MATERIALS available (upon qualification).
Are you are a Business Continuity Manager or training for the job? Are you ready to keep the business up and running in the face of emergencies ranging from earthquakes to accidents to fires to computer crashes?Do you need a comprehesnive yet practical business continuity textbook?
In this second edition of this business continuity textbook Principles and Practice of Business Continuity: Tools and Techniques, Jim Burtles explains six main scenarios. He promises: “If you and your organization are prepared to deal with these six generic risks, you will be able to recover from any business disaster.”
Using his decades of experience, Burtles speaks to you directly and personally, walking you through handling any contingency. He tells you how to bring people together to win executive support, create a Business Continuity Plan, organize response teams, and recover from the disruption. His simple, step-by-step actions and real-world examples give you the confidence to get the job done.
Principles and Practice of Business Continuity: Tools and Techniques is organized with all the features you need:
Each chapter starts with learning objectives and ends with a multiple-choice self-examination covering the main points.
Thought-provoking exercises at the end of each chapter help you to apply the materials from the chapter to your own experience.
A glossary of the key terms currently in use in the industry and a full index allow for more depth of study.
A downloadable the Business Continuity Toolkit offers wealth of extra online material prepared specially for you by Jim Burtles.
Principles and Practice of Business Continuity: Tools and Techniques includes your valuable DOWNLOADABLE* BUSINESS CONTINUITY TOOLKIT!
(* Registration Required)
Principles and Practice of Business Continuity: Tools and Techniques includes extensive INSTRUCTIONAL MATERIAL**
(** Available to qualified instructors and professors on approval and confirmed adoption)
The book is organized around the phases of planning for and achieving resiliency in an organization:
Part I: Preparation and Startup
Learn the essentials of the Business Continuity discipline and profession and the practical basic information that will help you move fast to achieve results.
Part II: Building a Foundation
Gather and analyze the information you need to identify possible threats, deal with the symptoms, and take steps to prevent the consequences.
Part III: Responding and Recovering
Organize resources, teams, and facilities to protect, recover, and restore critical business activities.
Part IV: Planning and Implementing
Create the plans that are at the heart of your Business Continuity program. Manage plans, resources, and people for a BC capability that will stand the test of time.
Part V: Long-term Continuity
Move beyond basic planning to audit and maintain capabilities, enhance governance, and prepare for a rewarding career in Business Continuity.
2016, 460 pages plus extensive, downloadable content available on registration. ISBN 978-1-931332-94-1.
About the Author
Jim Burtles KLJ, MMLJ, Hon FBCI is a well-known and respected leader within the business continuity profession. Now semi-retired and living in West London, he can look back and reflect upon the lessons learned from a wealth of experience gained in some 40 years of practice, spread across 4 continents and 24 countries. He was granted Freedom of the City of London in 1992, received a Lifetime Achievement Award in 2001, and was awarded an Honorary Fellowship by the Business Continuity Institute (BCI) in 2010. In 2005, he was granted the rank of a Knight of Grace i
n the Military and Hospitaller Order of St. Lazarus of Jerusalem, an ancient and charitable order which cares for those afflicted with leprosy and similar debilitating diseases.
Working as an IBM field engineer, in the mid-70s he took on the role of a rescue engineer, helping customers recover their damaged systems in the wake of fires, floods, and bombings. This type of work was the beginning of what later became known as disaster recovery. During the 80s, he became an early pioneer of what was then the emerging business continuity profession. In 1994 he helped to found the Business Continuity Institute (BCI) and now serves on its Global Membership Council, representing the interests of the worldwide membership. His practical experience includes hands-on recovery work with victims of traumatic events such as explosions, earthquakes, storms, and fires. This includes technical assistance and support in 90-odd disasters, as well as advice and guidance for clients in over 200 emergency situations.
Over the past 40 years, Jim Burtles has introduced more than 3,500 people into the business continuity profession through formal training programs and has provided specialist training for another 800 or so through workshops covering specific subjects or skill areas. For several years he was a regular visiting lecturer at Coventry University.
Recent published works include Coping with a Crisis: A Counselor’s Guide to the Restabilization Process, 2011, and Emergency Evacuation Planning for Your Workplace: From Chaos to Life-Saving Solutions, published by Rothstein Publishing in August 2013.
1.1 A Brief History of the Business Continuity Profession 1.1.1 The Early Years 1.1.2 Organizations, Standards, and Laws 1.1.3 Business Continuity Today 1.2 The Business Continuity Professional 1.2.1 The Stages of Professional Competence 1.2.2 Understanding the Challenges of the BC Profession 1.2.3 The Business Continuity Professional as Communicator 1.3 Guidelines for Practical Business Continuity 1.3.1 A Practical Application of PAS 56 1.4 Six Disruptive Scenarios (What Can Go Wrong) 1.4.1 The Six Essential Elements 1.4.2 Physical Disruption 1.4.3 Technical Disruption 1.4.4 A Recovery Hypothesis 1.5 The Backlog Trap 1.5.1 How a Backlog Develops 1.5.2 Reducing the Backlog 1.5.3 Backlog Persistence 1.5.4 Efforts to Improve Effciency 1.6 The Decision Point and Business Tolerance 1.6.1 Factors for Determining the Decision Point
Chapter 2: Roles and Responsibilities
2.1 The Key Players 2.1.1 Roles in the BC Management Structure 2.1.2 Selecting the Sponsor 2.2 Key Considerations 2.2.1 The Right Level of Support 2.2.2 The Role of the Sponsor 2.3 The Other Team Players 2.3.1 BC Manager 2.3.2 Senior Managers 2.4 The Teams 2.4.1 Crisis Management 2.4.2 Emergency Response 2.4.3 Facilities Recovery 2.4.4 Systems Recovery 2.4.5 Function Restoration 2.4.6 Non-Participants 2.5 A Collaborative Network 2.6 Your Business Continuity Infrastructure 2.6.1 UK Gold, Silver, and Bronze Management Levels 2.6.2 US National Incident Management Structure and Incident Command System 2.6.3 Applying the Gold, Silver, Bronze Structure to Your Own Game Plan 2.7 As You Embark on This Journey
Chapter 3: Getting Started
3.1 A Viable Game Plan 3.1.1 Kick-Off Meeting 3.1.2 Action Plan 3.1.3 Lead Them Step-by-Step 3.2 Deliverables and Other Outcomes 3.2.1 Initial Project 3.2.2 Permanent Process 3.3 A Launch Argument Formula: Seven Principles 3.3.1 In-House Ownership 3.3.2 Five Examples 3.3.3 Observance 3.3.4 Cognitive Marketing 3.3.5 Reach and Withdraw 3.3.6 Remain Realistic 3.3.7 One Step at a Time 3.4 Board-Level Motivators 3.4.1 External Influences 3.4.2 Internal Factors 3.4.3 Practical Considerations 3.4.4 Suitable Timing 3.5 Scaling to Fit 3.6 Standards and Their Interpretation 3.6.1 Compliance Issues 3.7 Hidden Benefits 3.8 The Auditor’s Role
Part II: Building a Foundation
Chapter 4: Understanding Your Risks
4.1 Risk from a Business Continuity Perspective 4.1.1 Risk and the Six Disruptive Scenarios 4.1.2 The Regular Risk Management Review 4.1.3 Individual Interviews 4.1.4 Group Interviews 4.2 Risk Assessment Methods 4.2.1 Quantitative and Qualitative Methods 4.2.2 A Simple Quantitative Approach 4.3 Six Stages of Grid Impact Analysis 4.4 Risk Acceptance 4.4.1 Three Categories of Non-Transferable Risk 4.5 The Cost of Loss 4.5.1 Loss of Profit 4.5.2 Invisible Costs 4.6 Investment Wisdom 4.7 Defensive Measures 4.7.1 Causes of Business Interruption 4.7.2 Effects, Symptoms, and Consequences 4.8 QwikRisk 4.8.1 The Four Risk Groups 4.8.2 The Four Strategies 4.8.3 Matching the Risk with the Strategy 4.9 SMARTRisk 4.9.1 Key Features of SMARTRisk 4.9.2 Output of the SMARTRisk Process 4.10 Risk Reporting
5.1 From Risk to Impact 5.1.1 Disruption Scenarios 5.1.2 Team Involvement 5.2 Business Impact Analysis Project 5.2.1 Organizing the Project 5.2.2 Collection of Impact Data — Choice of Method 5.2.3 Data Collection via Questionnaires 5.2.4 Data Collection via Interviews 5.2.5 Business Impact Analysis Workshops 5.2.6 Combining Questionnaire, Workshop, and Interview Methods 5.3 Business Impact Analysis Report 5.3.1 Assessing the Effects of Disruption and Business Impact 5.3.2 Determining Loss Exposure 5.4 Facilitated Business Impact Analysis 5.4.1 Interactive Impact Modeling 5.4.2 Results of the Exercise 5.4.3 Applying the Modeling Exercise to the BC Plan 5.5 Dependency Modeling 5.5.1 Creating the Dependency Model 5.5.2 Identifying Criticalities 5.6 Five Step Functional Analysis 5.6.1 Define the Critical Function 5.6.2 Agree on the Functional Drivers 5.6.3 Agree on the Main Business Functions 5.6.4 Identify the Functional Relationships 5.6.5 Criticality
6.1 Selecting Practical Strategies 6.1.1 Disaster Response Considerations 6.2 Disaster Recovery Options 6.2.1 Dual Systems 6.2.2 Harmonic Recovery 6.2.3 Hot Site 6.2.4 Mobile Recovery Services 6.2.5 Cold Site 6.2.6 Portable Cold Site 6.2.7 Reciprocal Agreement 6.2.8 Second Site 6.3 Business Continuity Options 6.3.1 Alternate Sourcing 6.3.2 Emergency or Standby Stock 6.3.3 Buffer Stock 6.3.4 Redeployment or Relocation 184.108.40.206 Working from Home 6.3.5 Reduction of Operations 6.3.6 Termination or Change 6.3.7 Bypass Arrangements 6.3.8 Outsourcing 6.4 Strategy Selection 6.4.1 Initial Research 6.5 Backup and Restore Procedures 6.5.1 Locating and Cataloging Corporate Information 6.5.2 Identifying Critical Information 6.5.3 Information Protection and Replication 6.5.4 Storage Considerations 6.5.5 Types of Records for Backup and Retention 6.6 Information Recovery 6.7 Integrating and Coordinating Disaster Recovery with Business Continuity 6.7.1 Difficulties in Bringing the Fields Together 6.7.2 Finding the Common Ground 6.7.3 Working Together Smoothly
7.1 Factors to Consider in an Emergency Response Team 7.1.1 Performance Concerns 7.2 Assembling the Right Emergency Response Team 7.2.1 Selection 7.2.2 Thorough Training, Education, and Exercising 7.2.3 Appropriate Tools for the Job 7.3 Command and Control 7.3.1 Command and Control Post Logical Structure 220.127.116.11 Emergency Communications 7.3.2 Command and Control Post: Physical Structure 18.104.22.168 Essential Features 22.214.171.124 Desirable Features 126.96.36.199 Ideal Characteristics 7.4 Phased Incident Management 7.5 Communications 7.5.1 Lack of Certainty 7.5.2 Withholding Information 7.5.3 Conflicting Information 7.5.4 Lack of a Firm Decision 7.5.5 Fear of Starting a Panic 7.5.6 No Means of Communication
8.1 Identifying and Maintaining Emergency Resources 8.1.1 Access Control 8.1.2 Inventory Control 188.8.131.52 Establishing the Inventory 8.1.3 Financial Control 8.1.4 Service and Repair 8.1.5 Updates and Changes 8.1.6 Asset Retention 8.1.7 Feedback 8.2 Disaster Actions and Modes 8.2.1 Tools and Supplies 8.2.2 Skills 8.2.3 Resources 8.2.4 Arriving at a List of Requirements 8.3 Battle Boxes 8.3.1 Strategy 8.3.2 Characteristics 8.3.3 Contents 184.108.40.206 Inspection and Assessment 220.127.116.11 Rescue and Recovery 18.104.22.168 Office Support 22.214.171.124 Security and Isolation 126.96.36.199 Emergency Response 188.8.131.52 Crisis Management and Public Relations 184.108.40.206 Command Post Support 8.3.4 Maintenance and Update 220.127.116.11 Appoint a Responsible Person 18.104.22.168 Shelf Life of Contents 22.214.171.124 Photograph the Contents 126.96.36.199 Schedule Checks 188.8.131.52 Create a Battle Box Checklist 8.4 Recovery Facilities 8.4.1 Functional Resources 8.4.2 Functional Facilities 8.5 Liaising with Other Groups 8.5.1 Regulators 8.5.2 The Community 8.5.3 Insurers 8.5.4 Competitors 8.5.5 Neighbors 8.6 Liaising with Police and Emergency Services 8.6.1 Local Authorities 8.6.2 Emergency Services: Police 8.6.3 Emergency Services: Fire and Rescue 184.108.40.206 Importance of Portable Fire Extinguishers 220.127.116.11 Fire Training 18.104.22.168 Assisting the Fire Service 8.6.4 Emergency Services: Floods 8.7 Disaster Recovery 8.7.1 Salvage and Restoration 8.8 Contact Lists 8.8.1 Emergency Services 8.8.2 Internal Contacts 8.8.3 External Contacts
Chapter 9: Salvage and Restoration
9.1 Scrap or Salvage? 9.1.1 Insurance Issues 9.1.2 Professional Help 9.2 Denial of Access Issues 9.2.1 Causes of Denial of Access 9.2.2 Denial of Access for Public Security 9.2.3 Denial of Access by Health and Safety Officials 22.214.171.124 Death or Serious Injury 126.96.36.199 Structural Damage 188.8.131.52 Contamination 184.108.40.206 High Rise Buildings 220.127.116.11 Main Street and Industrial Locations 9.3 Site and Structures 9.3.1 Deterioration of Materials 9.3.2 Other Problems 9.4 Precautions after an Event 9.4.1 Precautions after Fire 9.4.2 Precautions after Flood (Including Firefighting Water) 9.4.3 Precautions after Contamination 9.4.4 Precautions after Blast 9.4.5 Unsafe Structures 9.5 Equipment and Technology 9.5.1 Problems of Running Applications on Different Equipment 9.5.2 Issues after the Event 9.5.3 Damaged Media 9.6 Documents and Records Retrieval 9.6.1 Four Categories of Documents 9.6.2 Other Types of Documents 9.6.3 Emergency Response and Recovery Issuees for Documents 9.7 Electronic Equipment 9.8 Process Equipment 9.8.1 After Fire 9.8.2 After Flood 9.8.3 After Contamination 9.8.4 After a Blast 9.9 Regulating Access to the Site
10.1 What is Disaster Recovery? 10.1.1 Characteristics of Disaster Recovery Plans 10.1.2 Aspects of Disaster Recovery 10.2 Technology and Support Services 10.2.1 Range of Services 10.2.1.1 Technical Services 10.2.1.2 Facilities 10.2.2 Rules to Maximize Resilience 10.2.3 Alternate Routing 10.3 Systems Recovery 10.3.1 Technical Expertise 10.3.2 Up-to-Date Recovery Strategies 10.3.3 Documented and Tested Procedures 10.4 Disaster Recovery Sites 10.5 Backup and Restore 10.5.1 What is Backup? 10.5.2 Backup and Restore Procedures 10.6 Backup Regimes 10.7 Business Records 10.7.1 Business Value 10.7.2 Source Information 10.8 Critical Records 10.8.1 Guidelines for the Selection of Critical Records 10.8.2 Types of Critical Records 10.8.2.1 Software 10.8.2.2 Central Records 10.8.2.3 Operational Records 10.8.3 Storage of Critical Records 10.8.3.1 Backup Media 10.8.3.2 Data Storage Conditions 10.8.4 Backup Life Cycles 10.8.4.1 Creating a Backup Schedule for Record Types 10.8.4.2 A Typical Backup Schedule 10.9 The Data Recovery Process 10.9.1 Recovering the Data 10.9.2 Assembling the Data 10.9.3 Synchronizing the Data 10.10 Recovery Requirements 10.10.1 Golden Rules of Recovery 10.10.2 Rotation or Re-Use of Media 10.10.3 Management and Control 10.10.4 Backup Hints and Tips
11.1 Hierarchy of Plans 11.1.1 Areas of Responsibility 11.1.2 Plan Types and Responsibilities 11.2 The Plan Development Process 11.2.1 Design and Structure 18.104.22.168 Relation of Plan Type to Area of Responsibility 22.214.171.124 Purposes of the Plan Types 11.3 Content of a Basic Plan: Business Recovery Plan 11.3.1 Document Control Information 11.3.2 Contents 11.3.3 Layout 11.3.4 Organization Charts 11.3.5 Definitions 11.3.6 Scenarios 11.3.7 Roles and Responsibilities 11.3.8 Activation Process 11.3.9 Decision Criteria 11.3.10 Escalation Procedure 11.3.11 Action Lists 11.3.12 Reference Information 11.4 Emergency Response Plans 11.5 Crisis Management Plans 11.6 Function Restoration Plans 11.7 Disaster Recovery (DR) Plans 11.7.1 Disaster Recovery Modules 11.8 The Use of Commercial Planning Tools 11.8.1 Evaluation Considerations 11.9 Scaling to Fit 11.10 Preparation and Delivery of a Draft Plan 11.10.1 Points to Look for in Template or Format 11.10.2 Preparing the Final Draft
12.1 Getting Started with BC Exercises 12.1.1 Capability and Confidence: Educating Personnel 12.2 The Five-Stage Growth Path 12.2.1 Desktop Exercise 12.2.2 Walkthrough 12.2.3 Active Testing 12.2.4 Command Post Exercise 12.2.5 Full-Scale Exercise 12.2.6 Frequency of Testing 12.3 Testing Plans and Procedures 12.3.1 Disaster Recovery Testing 12.3.2 Systems Recovery Checklist 12.4 Elements of Exercise Development 12.5 Background: Objectives and Purpose 12.5.1 Stating the Purpose 12.6 Buildup 12.7 Developing the Script for the Exercise 12.7.1 The Script Process Deliverables 126.96.36.199 Script Content 188.8.131.52 Interrupts 12.8 Quality 12.8.1 Realism 184.108.40.206 Methods for Achieving Realism 12.8.2 Scope
Chapter 13: Crisis Management and Communications
13.1 Understanding the Dimensions of a Crisis 13.1.1 Surprise 13.1.2 Uncertainty 13.1.3 Exposure 13.1.4 Urgency 13.2 Communicating with Internal and External Groups 13.2.1 The Corporate Statement 13.2.2 Internal Groups and Staff 13.2.3 External Groups and the Media 220.127.116.11 Media Policy 18.104.22.168 Ground Rules for Dealing with the Media 13.3 Crisis Communications Team 13.3.1 Creating the Team 13.3.2 Responsibilities 13.4 Managing the Media During a Crisis 13.4.1 Controlled Media Response 22.214.171.124 Holding Statements 13.4.2 Handling Media Telephone Calls 126.96.36.199 Preparation for Media Calls 188.8.131.52 Response Protocol 184.108.40.206 Social Media 13.4.3 Press Releases 220.127.116.11 Preparation and Content 18.104.22.168 Layout and Style 22.214.171.124 Points to Avoid 13.4.4 Interviews 126.96.36.199 Press Conferences 188.8.131.52 Guidelines for Spokespersons 184.108.40.206 Make Use of the Internet 220.127.116.11 Prepare Fast Facts for Background 18.104.22.168 Avoid Door-Stepping Journalists
Chapter 14: Exercise Management and Delivery
14.1 Exercise Delivery 14.1.1 Exercise Coordination and Control 14.1.2 Potential Problems 14.1.3 Preparation and Practice 14.2 Safety: Isolation and Security 14.2.1 Creating Isolation 14.2.2 Setting Up Security 14.3 The Ideal Scene 14.4 Lessons: The Feedback Stage 14.4.1 Exercise Debrief 14.4.2 The Exercise Report 14.4.3 The Exercise Review 14.4.4 Full Sequence of Feedback 14.5 Tracking the History 14.5.1 Records and Reports 22.214.171.124 Records 126.96.36.199 Reports 14.5.2 Recording 14.6 Kick-Off 14.6.1 Announcement and Notice 14.6.2 Cautions 14.6.3 Rules of Engagement 14.6.4 Keeping It Going 14.7 Advanced Techniques 14.7.1 The Command and Control Exercise Scale 14.7.2 Cabaret Exercising 14.7.3 The Bang and Echo Program
Part V: Long-Term Continuity
Chapter 15: Auditing and Maintaining Your Plans
15.1 Terms of Reference for Review 15.2 Steps in Review Process 15.2.1 Facilities 188.8.131.52 Facilities Testing 15.2.2 Resources 184.108.40.206 Resources Testing 220.127.116.11 Reviewing Dynamic and Stable Plan Content 15.2.3 Output Phase 18.104.22.168 Status Reports and Activity Reports 15.2.4 After the Reports 15.3 Auditing 15.3.1 The Audit Process 15.3.2 Rules of Audit 15.3.3 Policy 15.3.4 Compliance 15.3.5 Finance 15.3.6 Investment 15.3.7 Expenditure 15.3.8 Prudence 15.3.9 Purposes 15.3.10 Achievement 15.3.11 Claims 15.3.12 Concerns 15.4 Completing the Audit 15.4.1 Audit Checklists 15.4.2 Checklist Construction 15.4.3 Audit Reports
Chapter 16: Governance in the Resilient Organization
16.1 Horizon Scanning 16.1.1 Future Potential Moments of Vulnerability 16.1.2 Geographic and Economic Horizons 22.214.171.124 Geographic Horizon: Locations and Marketplaces 126.96.36.199 Economic Horizon: Supply Chains and Value Chains 16.2 Disruption from Relocation or Expansion 16.2.1 Reorganization or Restructuring 16.2.2 Survival of BC in Times of Economic Downturn 16.3 Tiers of Governance 16.3.1 Corporate Governance 16.3.2 Strategic Direction 16.3.3 Operational Management 16.3.4 Routine Supervision 16.4 Creating the Integrated Infrastructure 16.5 Relationship Between Governance and Business Continuity Standards 16.5.1 ISO 22301
Chapter 17: Your Future in Business Continuity
17.1 The Long-Term Management of Your BC Plans 17.2 Challenges 17.2.1 Lack of Understanding and Appreciation 17.2.2 Change of Ownership or Leadership 17.2.3 Lack of Priority 17.3 Opportunities 17.4 Professional Certification 17.4.1 The Business Continuity Institute (BCI) 17.4.2 Disaster Recovery Institute International (DRII) 17.4.3 International Consortium for Organizational Resilience (ICOR) 17.4.4 Other Professional Certifications Available 17.5 What’s Next for Business Continuity 17.6 A Parting Word
Appendix A: Making Decisions Under Pressure
A.1 Decision-Making Protocols A.2 Fight or Flee A.3 Black Swan A.4 Routine Mission A.5 The Dark Serpent A.5.1 Attack A.5.2 Retreat A.5.3 Evade A.5.4 Ignore A.5.5 Succumb A.5.6 Taking Advantage of the Dark Serpent A.6 Carousel Solution A.7 Foxy Thinking A.7.1 Foxy Scenario Planning A.8 The DICE Model A.8.1 The Six Key Elements A.8.2 Application A.8.3 Values A.8.4 Information — Gather Information and Intelligence A.8.5 Strategy A.8.6 Authority — Powers and Policy A.8.7 Tactics — Options A.8.8 Actions and Review A.8.8.1 Actions A.8.8.2 Review: Recording What Was Done and Why A.9 Learning from Hindsight
Appendix B: Case Study: Organic Resilience at Rushmore Enterprises
B.1 Organic Resilience Approach B.2 The Basic Processes in Functional Relationships B.2.1 Emergency Supplies B.2.2 Emergency Production or Acquisition B.2.3 Emergency Stores or Inventory B.2.4 Emergency Communications B.2.4.1 Receiving Information B.2.4.2 Sending Information B.2.5 Protective Strategies. B.2.5.1 Defense as a Strategy B.2.5.2 Recovery as a Strategy B.2.5.3 Copycat or Simulation Strategy B.2.5.4 Supplementing as a Strategy
Appendix C: Working with People
C.1 Health, Safety, and Welfare C.2 Emergency Working C.2.1 Fatigue and Isolation C.2.2 Rotating Tasks C.3 Rewards and Acknowledgment C.3.1 Benefits of Debriefing C.4 Emotional Reactions to a Crisis C.4.1 The Five Discoveries of Stress C.4.1.1 Discovery of Fear C.4.1.2 Discovery of Excitement C.4.1.3 Discovery of Capability C.4.1.4 Discovery of Chaos C.4.1.5 Discovery of the Numbness of the Unknown C.4.2 Post-Crisis Exit Effect C.4.2.1 Delayed Exit Phenomena C.5 Specific Forms of Counseling C.5.1 Restabilization C.5.2 Traumatic Incident Reduction (TIR) C.5.3 Debriefing Sessions C.5.4 Self Help C.6 A Family Contact Team
Appendix D: Emergency Evacuation and Back to Normal
D.1 Emergency Evacuation: The Starting Point D.1.1 Site Review D.1.2 Emergency Evacuation Process and Timing D.1.3 Test and Rehearsal Regime D.2 Back to Normal: Reverse Recovery or “Revacuation” D.2.1 The Timing D.2.2 Migration and Commitment Points D.2.3 Stumbling Blocks to the Return to Normal D.2.3.1 Overconfidence D.2.3.2 Apprehension D.2.3.3 Bravado D.2.3.4 Insufficient Recuperation D.2.3.5 Catching Up and Forward Loading D.2.4 Reverse Criticality D.2.5 Troubleshooting D.3 Back to Normal D.3.1 Exit Housekeeping D.3.2 The Debriefing Process D.3.3 Inventory Check D.3.4 Prevent a Recurrence D.3.5 Opportunity D.3.6 Public Relations
Figure 1-1. How Business Continuity Functions as an Umbrella Figure 1-2. The Six Types of Planning to Recover Business Operation Figure 1-3. BCM Process Model with a Choice of Entry Points and Optional Work Patterns Figure 1-4. Six Disruptive Scenarios Can Cause Loss of Essential Business Elements Figure 1-5. How a Backlog Trap Develops and Persists Figure 1-6. How Backlog Relates to Recovery Figure 1-7. Decision Point for Declaring a Disaster Figure 2-1. Relationship of Roles in BC Management Structure Figure 2-2. Five Functional Teams for Organizing Response and Recovery Figure 2-3. The Gold, Silver, Bronze Command and Control Structure Figure 4-1. Risk Matrix Output Example Using QwikRisk Figure 5-1. Determining Dependencies and Connections to Core Business Processes Figure 5-2. Determining Critical Functions Figure 5-3. Functional Map of Core Functions Figure 7-1. Gold, Silver, Bronze Figure 7-2. Command Flows Figure 7-3. Points of Contact for Inbound and Outbound Communications Traffic Figure 7-4. The Three Phases of Incident Management Figure 8-1. Disaster Actions and Modes Figure 9-1. Reporting Structure Figure 9-2. Controlling Access to the Area Figure 10-1. Effective Disaster Recovery Process Figure 10-2. Accuracy of Records Deteriorates Over Time Figure 10-3. The Logic of Data Recovery Figure 11-1. Roles in the Typical Organizational Structure Figure 11-2. Key Tasks to Be Performed in an Emergency Figure 11-3. Hierarchy of Plans Related to Tasks and Functions Figure 11-4. Three Key Modules in Disaster Recovery Plan Figure 12-1. Gradient Learning: The Five-Stage Growth Path Figure 12-2. Exercise Elements Figure 12-3. Purpose in Action Figure 12-4. The Deliverables Figure 12-5. Blast Cones Figure 13-1. Dimensions of Crisis Figure 14-1. Exercise Elements Figure 14-2. Exercise Teams Figure 15-1. Three Areas of Interest in the Review Process Figure 15-2. Major Audit Activities Figure 15-3. Typical Types of Questions Figure 16-1. Tiers of Governance Figure 16-2. Core Characteristics Figure 16-3. An Integrated Robust Business Infrastructure Figure 16-4. Business Continuity and Strategic Alignment Figure A-1. The Dark Serpent Figure A-2. Scenario Planning Figure A-3. The DICE Model Figure B-1. The Basic Organic Structure Figure B-2. Request/Response Relationship Figure B-3. An Organic Enterprise Figure B-4. Basic Functional Relationships Figure B-5. Emergency Supplies Figure B-6. Emergency Production or Acquisition Figure B-7. Outsourcing or Emergency Stock Figure B-8. Emergency Communication Strategies Figure B-9. Defend the Function Figure B-10. Recover the Function Figure B-11. Copycat (or Simulated) Function Figure B-12. Supplement the Function
Table 5-1. Assessing Effect of Disruption Table 5-2. Areas of Concern in Loss Exposure Table 5-3. Sample Worksheet for Impact Modeling Table 8-1. Sample Battle Box Checklist Table 8-2. Sample Contact List for Emergency Services Table 8-3. Sample Contact List for Internal Resources Table 8-4. Sample Contact List for External Contacts Table 11-1. Strengths and Weaknesses of Commercial BC Software Table 12-1. Summary of the Five Stages and Their Characteristics Table 14-1. Five Levels of Command and Control
Author's Introduction to the 2nd Edition
The aim of this second edition of Principles and Practice of Business Continuity: Tools and Techniques is to provide a balanced, student-friendly textbook to help you establish yourself as a competent practitioner of business continuity (BC). While philosophy and the principles remain the same, the book has been restructured and updated in five parts to represent the five main phases of learning and development. Each part consists of three or four chapters devoted to specific areas of knowledge or competence. Techniques are subtly refined to represent current practice with additional information included. To assist you in your learning, you will find discussion questions and useful examples at the ends of chapters, supported by a wealth of downloadable practical material (accessible once you’ve registered your book). Pausing for reflection at regular intervals like this will reinforce the learning process, as well as enable you to evaluate and appreciate your progress.
New material in this edition includes:
Expanded glossary of terms currently in use in the industry.
Suggestions for additional reading at the end of each chapter.
A comprehensive index.
A new section on governance, exploring how resilience can fit into the larger picture of the organization.
Information about professional certification options.
Multiple choice questions at the end of each chapter inviting you to check your understanding.
A “Food for Thought” section in each chapter letting you apply what you have just read to your experiences at work and in the community.
You will follow my lead in exploring the subject of BC management as I explain the basic principles and describe what my experience has shown to be good practice. By the end of this book, you should be prepared to engage in all of the activities associated with the development, delivery, and maintenance of a sound BC program.
Part I: Preparation and Startup
At the start of the book, you will look at how and why BC came into existence. This glimpse at history leads naturally into some thoughts about the science behind the basic principles. The practical aspect opens up with ideas about launching a program and getting to grips with the operational risks and threats – and understanding the concept of resilience.
Part II: Building a Foundation
Risk management is a well-established discipline, and much of our BC work is often predicated upon the work done by others in this area. The BC discipline works towards a practical understanding of the impacts and consequences of risk, which leads to designing an appropriate continuity strategy to meet the precise needs of your organization.
Business impact analysis (BIA) is an especially valuable contribution to the development of continuity and resilience in any enterprise.
You will explore the basic continuity strategies and how to select the most appropriate one to meet your organization’s needs and the budget.
Part III: Responding and Recovering
Important in this context is the emergency response aspect, preparing to deal with a business interruption. Understanding the management and control of the effects and consequence of such an event leads you naturally towards the need for restoration and recovery of facilities, resources, and equipment.
Next, you will look at disaster recovery, the various methods technical people use to rebuild or recover the support services and functions. This is an area in which you, as a BC specialist, may need to rely upon the skills and experience of other professionals.
Part IV: Planning and Implementing
Armed with a rounded knowledge of the prerequisites, you are ready to develop and construct the actual BC plans based on the types and levels of plans that cover the various aspects of a disruptive event. You will work with a model that has five distinct types of plans, which you can adapt to fit the needs and structure of your organization.
Having covered the build-up towards – and the actual development and delivery of – the BC plans, you will move on to consider the longer term aspects of the management program, including the process of developing and applying the requisite support and delivery skills, looking after the resources, and keeping the plans up-to-date.
Part V: Long-Term Continuity
This second edition concludes with a new section on the function of resilience in corporate governance. You will consider the review or audit program as a means of ensuring the ongoing suitability of the system and its components as well as its strategy, plans, and resources. Finally, you will learn what to expect in your future career in BC, your role in the company, and what professional certifications are available to you.
Imagine that you are about to embark on an educational cruise though the world of BC. I am the experienced traveler who has planned your itinerary, this book is your curriculum, and our phase model is an outline map of the lands you will be visiting. If you are working with a tutor or mentor, you should look to that person as your tour guide to ensure that you get to appreciate the landscape and learn about the people, places, and culture you encounter along the way. By the end of the journey, you should be familiar with all aspects of BC, ready to advise and guide others.
Jim Burtles London, United Kingdom February, 2016
Upon confirmed classroom adoption and acceptance of an Instructor License Agreement, the following Instructional Materials are available to accompany Principles and Practice of Business Continuity: Tools and Techniques, 2nd Ed., by Jim Burtles.
Sample chapters of these materials are available for evaluation purposes along with a review copy of the book. Click on the Complimentary Copy form below to request your copies.
Downloadable Business Continuity Toolkit included with purchase of this book!
Principles and Practice of Business Continuity:
Tools and Techniques (2nd Edition)
by Jim Burtles FBCI
Downloadable Business Continuity Toolkit included with purchase of this book!
1 Disruptive Scenarios.pptx
Six Scenarios of Disruption: A Hexagon for Business Survival
1 The Backlog Trap.docx
The Backlog Trap
1 What, Why and How.docx
What, Why and How
2 A Planners Paradigm.pptx
A Planner’s Paradigm
2 Cause n Effect.pptx
Problem Development and Control: Cause, Effect and Consequence
2 Cause to Loss.pptx
From Cause to Loss: Hazardous Highway, Causeway of Concern, or Pathway to Protection?
2 Roles and Responsibilities.docx
Roles and Responsibilities
3 Planning Levels.pptx
“Standard” Planning Levels: The correlation between what seems to be needed and what might be expected.
4 Risk Assessment Tool.docx
A RISK ASSESSMENT TOOL: Risk Check — A questionnaire for use in the assessment of physical risks
4 SMARTRisk Mapping.pptx
BCI SmartRisk: A practical means of auditing, registering, mapping and monitoring business risk
5 Facilitated BIA.docx
Facilitated BIA Checklist
5 Fire Exposure Analysis Tool.docx
Fire Exposure Analysis Worksheet
5 Generic BIA Questionnaire.docx
Generic BIA Questionnaire
5 Key Function Selection List.docx
Key function selection list
6 Our 4 Parts.docx
Principles & Practice of Business Continuity is in 4 parts
7 Emergency Management Models.pptx
Emergency Management Models: Command and Control Infrastructure
7 Emergency Teams.docx
Building a Sound Emergency Management Team
7 Personal Continuity log.docx
Personal Continuity log
7 Personal Continuity Logging.docx
Personal Continuity Logging
7 Simple Resilience.docx
Simple Business Resilience
8 Dummy Emergency Response Plan.docx
Dummy Emergency Response Plan
8 Emergency Manager’s Notes.docx
Emergency Manager’s Notes
8 Emergency Response Checklist.docx
Emergency Response Checklist
9 Strategies for Salvage.docx
Strategies for Salvage: The Survive! Briefing Note on Asset Recovery and Restoration
10 DR Services Assessment.docx
Disaster Recovery Services Assessment
10 DR Services Overview.docx
Disaster Recovery Services Overview
10 Recovery Site Check.docx
Recovery Site Check
10 Systems Recovery Checklist.docx
Systems Recovery Checklist
11 Dummy Business Continuity Plan.docx
Dummy Business Continuity Plan
11 Dummy Crisis Management Plan.docx
Dummy Crisis Management Plan
11 Dummy Emergency Response Plan.docx
Dummy Emergency Response Plan
11 Related Disciplines.docx
Business Continuity Structure: The associated products and processes
11 Sample DR Plan.docx
An outline example of a possible disaster recovery plan
12 Elements of Audit.docx
Elements of Audit
EXEC CHECK: An executive level business continuity checklist — A tool for use when auditing the Management of Business Continuity
Emergency Move Checklist
Operations Check: an auditor’s checklist — A tool for use when Auditing Systems Vulnerabilities
Plan Check: A Business Continuity Plan Checklist — A tool for auditing business continuity plans
SECCHECK: A Security Checklist — A tool for use when Auditing Physical Security
SITE CHECK: Recovery Center Checklist
13 Plot Development Aid.docx
Plot Development Aid: Developing Exercise Plot Lines
A Scenario Based Emergency Response Exercise
14 Exercise Facilitator’s Checklist.docx
Exercise Facilitator’s Checklist: Some Considerations for the Facilitation, Development or Control & Co-Ordination of a Business Continuity Exercise
14 Exercise Log.docx
An Exercise Observer’s Checklist: A tool for use in the assessment of Business Recovery Exercises
14 Sample Exercise Report.docx
Sample Exercise Report
15 Fire Protection and Prevention.docx
Fire Protection and Prevention
15 Fire References.docx
16 Crisis Communications.docx
16 Media Response.docx
Stakeholder engagement during an emergency: The media response
16 Outline Holding Statement.docx
Outline Holding Statement
16 Press Release.docx
Sample Press Release
17 DICE – The Decision Model.docx
DICE – The BCI Decision Model
Decision Making in a Crisis or an Emergency: The DICE Model
17 Owls n Ostriches.pptx
Smart Decision Making or Joined Up Thinking: Learn how to Think like an Owl or Act like an Ostrich
18 The Mental Suit of Armour.docx
The Mental Suit of Armour
18 The PET Process.docx
Paper Exploration Therapy: The PET Process – Symptom Relief Through Scribbling
D Estimating Evacuation Time.docx
Estimating Evacuation Time
Foreword by Owen Gregory
The time that has passed since the first edition of Burtles’ Principles and Practice of Business Continuity: Tools and Techniques was released (2007) has witnessed countless changes in organizational governance, business structure, and corporate goals.
Working as a shift leader on Honeywell Level 64 mainframes in the late 1970s, I was involved in a few emergency nightshifts of my own, when the room-filling beast of a computer would power itself down for many unknown reasons. I remember that my first action to get the machine up and running again was to open and slam the doors on the shed-sized processor cupboards and open and close the drawer under the operators’ teletype in a tried and tested sequence!
It is difficult at times to believe the changes in working practice and technology that have taken place since then. Each successive update to the technology within an organization has required the business model to drive, or in some companies to follow, that change. As each change to the operational and processing methods employed has taken place, so the business continuity model has been required to mature alongside. Changes have been both internal, as mergers and acquisitions have occurred or business models and methods have changed, and external, as litigation and regulation have shaped commerce. The globalized world in which companies now operate requires an advanced capability of business continuity.
While occasionally tipping its hat to the idea of significant relationships with the other practitioner schools of organizational resilience, this second edition of Principles and Practice of Business Continuity: Tools and Techniques concentrates on the key capability of continuing to deliver products or services at acceptable redefined levels following disruptive incidents – business continuity in a nutshell. Burtles has created an easy-to-follow five-part structure within the book which permits the reader to follow his widely experienced knowledge of the definition, delivery, and maintenance of a business continuity program within an organization.
Burtles offers a brief look at the history of business continuity, which provides an insight into the necessities of establishing business continuity. In addition, he looks at operational risks, identifying the threats and potential impacts if the risk profile becomes active in any way, and introducing the contemporary concept of organizational resilience. In the first few chapters, he establishes the purpose of business continuity, clarifies the association between risk and appropriate continuity strategies, and explains the application of a business impact analysis cycle. Burtles then deals successively with the concepts of emergency response and the design required for restoration and recovery of services and products required by the organization; examples of the plan types that the business practitioner may wish to create against the structure of the organization; and a final chapter that details the means of governance of the business continuity program, both within the organization and in the support of the levels of resilience that management might expect in a modern business. Whether you regard Burtles, himself, as a guide or as a mentor, the results of this book should familiarize you with the various facets and requirements of business continuity creation to a level of excellence.
Chapter by chapter, the book builds knowledge of business continuity management techniques, much in the sequence of the professional practices established by the Business Continuity Institute’s Good Practice Guidelines. Each chapter of the book is complemented by a set of questions and/or exercises to check your understanding – a task that requires organized business continuity thought processes to complete – and suggestions for further reading in the specific subject matter of the chapter. This level of enforcement will ensure understanding and promote best practices in line with Burtles’ ideas and advice.
As a past designer of business continuity management systems, service continuity methods, and operational control systems, I have now moved into the world of lecturing others to do the same. You can rest assured that, by my estimation, this new edition by Burtles can contribute greatly to the systems capability that the business continuity practitioners, both new to the field and currently operating, are expected to design. The Business Continuity Institute’s Good Practice Guidelines provides the current body of knowledge for the profession in terms of how to practice the discipline. In addition, a book such as Principles and Practice of Business Continuity: Tools and Techniques puts the skin on the bones of business continuity and provides wider knowledge of the activities associated with design, development, delivery, and management of business continuity for all sizes and types of organizations.
A part of business continuity is the scanning of the horizon to ensure that the business that you write the continuity management systems for is covered for almost every eventuality. Back when I loaded disk packs and tabulation paper in the back of a Ford Cortina to ensure overnight processing could take place at a reserve site, little did I think that this process would grow into a professional discipline called “business continuity.” I could not have anticipated that business continuity would encounter so many developing challenges of the modern world, not only to meet the needs of the practitioners’ own organizations, but also to permit their companies to remain competitive within the global marketplace at the times of highest stress.
Owen Gregory MBCI MBCS Senior Lecturer Buckinghamshire New University High Wycombe, Buckinghamshire, UK
Foreword by Deborah Higgins, The Business Continuity Institute
We’ve all heard the saying “It’s not what you know but who you know.” This saying is true in my case, as it specifically applies to knowing Jim Burtles. As I began my career in emergency management, I first became aware of Jim as a respected author and expert in the field. I must admit that I was a little starstruck when I first met him as my instructor years later in a Business Continuity Institute (BCI) Good Practice Guidelines training course. At the time, I was working in a large public sector organization in the UK. As business continuity (BC) practitioners so often do, I felt a little isolated and despondent and was considering a change in direction.
It was Jim’s enthusiastic teaching and passion for the subject that reignited my own passion for the subject. I realized that I could revive and learn to harness my enthusiasm and, combined with increasing my knowledge and skills, I could demonstrate the value of good BC management and make a difference. Thanks to Jim’s expertise, advice, and positive attitude, I went on to become a certified practitioner and joined the BCI as a member. I would like to thank Jim for unintentionally persuading me to stick with BC as a profession and for introducing me to the BCI, where I am one of the many people Jim has brought into the field.
In this second edition of Principles and Practice of Business Continuity: Tools and Techniques, Jim describes himself as the experienced traveler, but I see him as the experienced guide with some great stories to tell with great lessons built in. Jim takes us on a journey, from the origins of BC to how it is practiced today. Because he is a founder of the discipline and continuing contributor to the growing body of knowledge in BC, with Jim we are in steady hands.
Jim’s friendly narrative and ability to read the minds of the readers provides us with answers to many of the questions we often ask ourselves, such as, “So, what does this mean in practice?” He uses examples to illustrate his recommended approach to the subject along with suggestions for where to go for further information.
A common issue for practitioners is how to get the attention of the top management. For that, Jim’s advice about being a good communicator and the importance of being patient and persistent is invaluable. Another frequent challenge for practitioners is to be able to demonstrate the value of BC and illustrate some return on investment. Jim suggests methods to calculate potential loss, which can be applied in your workplace to help answer those difficult questions.
This new edition builds on and expands on the original by posing questions at the end of each chapter inviting us to check what we have just read, making this book ideal for self-study for practitioners. Jim has written many exam questions as part of the BCI exam development group and knows how to test the reader’s knowledge. I really like the thought-provoking “Food for Thought” sections that encourage readers to think about how they might apply this knowledge. Among other excellent resources, the downloadable Business Continuity Toolkit contains good examples of what can be used in the workplace to help practitioners develop their own documents.
Jim is a founding member of the BCI and key player in the BC profession, and I am lucky enough to now hold a senior position in the BCI myself and to work alongside Jim in many capacities. We have collaborated on developing teaching materials and models, co-presented our work to a global audience, and worked together to develop examination questions for the globally recognized certificate of the BCI (CBCI) credential. I am thrilled to be writing this foreword and happy to be able to give something back to Jim for all the many years he has contributed to the discipline and to my own career.
I would encourage anyone working in the field of BC and resilience to read this newly revised book. It tackles the emerging subject of organizational resilience as a governance issue and states the importance of collaboration between disciplines with which I wholeheartedly agree. Building a network of people and collaborating with others is a consistent message throughout this book and one to which I have listened and continue to follow.
As Head of Learning and Development at the Business Continuity Institute, I have been involved in a number of key industry developments – the Good Practice Guidelines 2013, the British Standard on Crisis Management (BS 11200), and Organizational Resilience (BS 65000) – and most recently as a member of the working group developing the International Standard for organizational resilience. I am proud to represent and to meet many BC professionals all over the world, and I know that this second edition of Principles and Practice of Business Continuity: Tools and Techniques will make an excellent addition to our resources, and should form an essential part of every practitioner’s learning and development.
Deborah Higgins MBCI Head of Learning and Development The Business Continuity Institute
Excerpt from Chapter 5: Impacts and Consequences
5.6 Five Step Functional Analysis
A functional analysis exercise is a relatively straightforward way of getting common agreement among the executive staff of what is critical and why it is critical. The process is run as a workshop activity among the executives, with representatives from all of the main business functions.
There are five steps to the process:
Agree upon the definition of a critical function.
Agree upon the functional drivers.
Develop and agree upon the main functions.
Develop and agree upon relationships for each of the functional drivers.
Agree upon their criticality according to the definition from step 1.
Your aim is to reach agreement at the end of each step before moving on to the next part of the process. This approach ensures progress without the need for continuous reiteration and argument.
The definition of a critical function can be agreed upon by proposing a self-evident definition and ensuring that everyone understands and accepts the definition. During these discussions, the wording may need to be revised to suit the circumstances, preconceived notions, and the culture of the organization. You might consider including your initial draft definition in, or with, the invitation to participate in the analysis.
5.6.1 Define the Critical Function
Your initial definition could be something like: A critical function is one which performs an essential service in satisfying the core needs of the business, i.e., its output or service is required on a frequent or permanent basis, and delays are not acceptable.
You can expand on this definition to provide a more refined model to allow for varying degrees of criticality. You might, for example, identify two or three levels of criticality, each with its own set of priorities and considerations based on its relationship with other functions.
All of the critical functions would meet the basic definition as above, but further analysis might reveal them to be highly critical or even super critical in some cases. The distinction between these different categories would be the way in which they serve or interrelate with some (or all) of the other critical functions.
A super critical function would be one whose services are essential to the long-term success of the business. We are talking here about the absolute showstopper. For example, the absence of such a super critical function might incur a loss of the license to operate, impose a serious health risk, or cause an infringement of the law. Another way of defining a super critical function would be because it serves several critical functions.
Any function upon which a super critical function depends has to be regarded as highly critical because of its relationship with the super critical function.
Highly critical functions would in turn have their own dependencies. Functions providing essential services to a highly critical function must at least be critical. If they serve a number of highly critical functions then they should also be regarded as highly critical.
Here we are only concerned with the essential service contributions to the dependent function. We are not concerned with subsidiary or minor contributions.
By the end of this first step you should have reached a consensus about the definition(s) of critical functions in the context of your organization.
5.6.2 Agree on the Functional Drivers
The functional drivers are those forces which contribute to the fulfillment of the core purpose or mission of the business. They are unique to each organization, and so it is essential that they be defined and agreed upon as part of this process. However, you can suggest a typical set of such drivers as the basis of your discussion. A few suggestions will give the participants a better idea of what you are looking for. Then they can modify and improve on somebody else’s ideas rather than have to develop their own from scratch. Modification and adaptation are so much easier than original invention.
These basic drivers can be summarized as:
Cash-flow – contributing to the income or profitability of the company.
Service – the ability to meet the expectations of customers.
Operations – the capability to sustain normal operations.
Image – the public perception or image of the function, the company, and its products or services within the marketplace.
Compliance – complying with the rules and regulations which are imposed by regulators, legislation, or corporate policy.
Naturally these typical functional drivers may need to be modified or refined to suit the nature of your particular business and style of operation. Almost certainly, there will be concerns about cash-flow and prudent controls in any emergency situation.
After some discussion, you should reach agreement about these functional drivers – the invisible forces driving the business towards its destination…
Those practicing in the disaster recovery and business continuity fields have benefited for more than 40 years from the experience and expertise of Jim Burtles via top-drawer training and guidebooks. Now semi-retired, he continues to contribute to the field by authoring the second edition of Principles and Practice of Business Continuity: Tools and Techniques.
Burtles clearly demonstrates how business continuity planning fits within a larger emergency planning context, including risk management, crisis management, emergency response, business recovery, and other disciplines that together form a comprehensive whole. Concentrating on the business recovery area, Burtles takes readers from preparation through planning, response, and recovery – emphasizing the need for resilience and how that applies to corporate governance.
Full review appears in theFebruary 2017Print Issue of Security Management Magazine.
Reviewer: Mayer Nudell, CSC (Certified Security and Safety Consultant), is an independent consultant on crisis management, contingency planning, and related issues. He is an adjunct professor at Webster University and a member of ASIS.