Welcome to Rothstein Publishing!

The Manager’s Guide to Simple, Strategic, Service-Oriented Business Continuity Management

You have the knowledge and skill to create a workable Business Continuity Management (BCM) program – but too often, your projects are stalled while you attempt to get the right information from the right person. Rachelle Loyear experienced these struggles for years before she successfully revamped and reinvented her company’s BCM program. In The Manager’s Guide to Simple, Strategic, Service-Oriented Business Continuity, she takes you through the practical steps to get your program back on track.

 

BUY NOW FROM GOOGLE BOOKS!

Description

Rachelle Loyear understands your situation well. Her challenge was to manage Business Continuity in a large enterprise that required hundreds of BC plans to be created and updated. The frustrating reality she faced was that subject matter experts in various departments held the critical information she needed, but few were willing to write their parts of the plan. She tried and failed using all the usual methods to educate and motivate – and even threaten – departments to meet her deadlines.

Finally, she decided there had to be a better way. The result was an incredibly successful BCM program that was adopted by BCM managers in other companies. She calls it “The Three S’s of BCM Success,” which can be summarized as: Simple – Strategic – Service-Oriented.

Loyear’s approach is easy and intuitive, considering the BCM discipline from the point of view of the people in your organization who are tasked to work with you on building the plans and program. She found that most people prefer:

  • Simple solutions when they are faced with something new and different.
  • Strategic use of their time, making their efforts pay off.
  • Service to be provided, lightening their part of the load while still meeting all the basic requirements.

These tactics explain why the 3S program works. It helps you, it helps your program, and it helps your program partners.

Loyear says, “If you follow the ‘Three S’ philosophy, the number of plans you need to document will be fewer, and the plans will be simpler and easier to produce. I’ve seen this method succeed repeatedly when the traditional method of handing a business leader a form to fill out or a piece of software to use has failed to produce quality plans in a timely manner.”

Loyear shows you how to:

  • Completely change your approach to the problems of “BCM buy-in.”
  • Find new ways to engage and support your BCM program partners and subject matter experts.
  • Develop easier-to-use policies, procedures, and plans.
  • Improve your overall relationships with everyone involved in your BCM program.
  • Craft a program that works around the roadblocks rather than running headlong into them.

BUY NOW FROM GOOGLE BOOKS!

2017, 145 pages. EPUB ISBN: 978-1-944480-36-3 PDF ISBN: 978-1-944480-37-0

 

Rachelle Loyear, MBCP, AFBCI, CISM, PMP, has spent over a decade managing various projects and programs in corporate security organizations, focusing strongly on business continuity and organizational resilience. In her work life, she has directed teams responsible for ensuring resilience in the face of many different types of security risks, both physical and logical. Her responsibilities have included: Security/business continuity management program design and development; crisis management and emergency response planning; functional and location-based recovery and continuity planning; training in crisis management and continuity ; operational continuity exercises; logistical programs, such as public/private partnership relationship management; and crisis recovery resource programs.

She began her career in information technology (IT), working in programming and training design at an online training company, before moving into the telecommunications industry. She has worked in various IT roles – including Web design, user experience, business analysis, and project management – before moving into the security/business continuity arena. This diverse background enables her to approach security, risk, business continuity, and disaster recovery with a broad methodology that melds many aspects into a cohesive whole.

Rachelle holds a bachelor’s degree in history from the University of North Carolina at Charlotte, and a master’s degree in business administration from the University of Phoenix. She is certified as a Master Business Continuity Professional (MBCP) through DRI International, as an Associate Fellow of Business Continuity International (AFBCI), as a Certified Information Security Manager (CISM) through ISACA, and as a Project Management Professional (PMP) through the Project Management Institute (PMI). She is active in multiple business continuity management industry groups, and is vice-chair of the Crisis Management and Business Continuity Council of ASIS International as well as serving on the IT Security Council. With Brian Allen, she co-authored The Manager’s Guide to Enterprise Security Risk Management: Essentials of Risk-Based Security (Rothstein Publishing, 2016).

Preface

  • Why I Wrote This Book: The Origins of the Three S’s of BCM Success
  • How the Three S’s Can Change Your Effectiveness on the Job

Part I – Traditional Business Continuity Management: What Does and Doesn’t Work

Chapter 1 – Traditional Business Continuity Management: An Overview

  • 1 Business Continuity Management Defined
  • 2 Business Continuity Management Standards and Organizations
  • 3 Business Continuity Management Common Terms
  • 4 Business Continuity Management Common Approaches
    • 4.1 The BCI
    • 4.2 DRI International
    • 4.3 ISO and ASIS, International (ANSI) Standards
    • 4.4 Comparing the Standards in a Five-Phase Risk Cycle

Chapter 2 – Traditional BCM: The Roadblocks to Success

  • 1 Things That Get in the Way of a Successful Program
    • 1.1 Business Continuity is Not Core Business
    • 1.2 Executive Support is Not Everything
    • 1.3 Complexity Is Not Your Friend
    • 1.4 BCM is Rarely a DIY Effort

Part II – A New Solution: The Three S’s of BCM Success

Chapter 3 – Introduction: The Three S’s of BCM Success

  • 1 3S: A Philosophical Change in Approach
    • 1.1 A Simple Philosophy
    • 1.2 A Strategic Philosophy
    • 1.3 A Service Oriented Philosophy

Chapter 4 – The First S – Simple

  • 1 Initiating a New BCM Program
    • 1.1 Get Executive Buy-in
    • 1.2 Create an Executive Communication
    • 1.3 Meet with Senior Leaders
    • 1.4 Your Next Level of Meetings
  • 2 Analyzing the Business Needs for a BCM Program
    • 2.1 BCM Program Goals
    • 2.2 BCM Program Policy
    • 2.3 BCM Program Procedures
  • 3 Building the Program and Program Components (Plans)
    • 3.1 Who, When, Where, What, and How – The Basics of Planning and Templates
    • 3.2 Allowing for Complexity as Needed

Chapter 5 – The Second S – Strategic

  • 1 Determining Business Tolerances
    • 1.1 Finding the Critical Functions
    • 1.2 Finding the Critical Functions Using a Business Impact Analysis (BIA)
    • 1.3 Performing a Strategic BIA
    • 1.4 Performing a Strategic Risk Assessment
  • 2 Allowing The Business To Decide What It Needs
    • 2.1 When BCM program partners Minimize Criticality
    • 2.2 When BCM program partners Inflate Criticality
    • 2.3 Ensuring the Correct BCM program partners are Making Strategic Decisions

Chapter 6 – The Third S – Service Oriented

6.1 The Do-It-Yourself Vs. Do-It-For-Me Person
6.2 Let Subject Matter Experts Be Subject Matter Experts
6.3 The Planning Process
6.4 Get Better Plans by Sharing Best Practices
6.5 Plan Management Software – Benefit or Barrier?

Part III – Putting It All Together For Results

Chapter 7 – The 3S BCM Program in Practice

  • 1 Testing and Exercising
    • 1.1 Simple Testing and Exercising Programs
    • 1.2 Strategic Testing and Exercising Programs
    • 1.3 Service-Oriented Testing and Exercising Programs
  • 2 Program Maintenance
  • 3 Responding to a Business Disruption or Crisis
    • 3.1 The Service-Oriented BCM Team During a Business Disruption or Crisis

Chapter 8 – Looking Ahead – The Growth of Organizational Resilience

  • 1 The Future of Business Continuity
  • 2 The Evolving Global Risk Situation
  • 3 Organizational Resilience
  • 4 Embracing Organizational Resilience
  • 5 Organizational Resilience and the 3S Model of Business Continuity Management

Chapter 9 – Final Thoughts – Where Do You Go From Here?

Appendix A – Example Procedure Documents

Appendix B – Example Tiered Plan Template Requirements

Appendix C – Example Plan Documents

Appendix D – Example Crisis / Disruptive Event Checklists

Appendix E – BIA and Risk Assessments

Business continuity planning and management (BCM). It’s a topic in most organizations that brings a lot of enthusiastic agreement about the critical need to do it, and often a lot of head ducking and looking the other way when the actual planning needs to be done. It’s no secret among BCM professionals that the most difficult part of managing a continuity program is gaining traction for the work. While executives often claim to support the need for a robust BCM program, the reality of having to run the business and deal with day-to-day work often takes priority when “to do” lists get long.

At the same time, in a best-case scenario, personnel in the organization understand the need for a plan in case something goes wrong, but may not have the time to devote to plan development or documentation, or sometimes even really know where to start. At worst, they see the entire exercise as a waste of their valuable time. After all, they’ve been doing fine so far without a plan. Why go to the trouble of taking time out of their already busy schedule to develop one now? All these things can lead to the actual work of planning being handed off from person to person until it gets to the one person who has no one left to hand it to. And, sadly, that person often does not actually have the information needed to put together a real, workable plan.

Why I Wrote This Book: The Origins of the Three S’s of BCM Success

If this sounds familiar to you, then you are not alone. In countless conversations with BCM professionals I’ve had over the years, I have heard again and again the lament that they didn’t have enough support, or authority, or resources to get the job of planning done. I was in the same position. I was responsible for several hundred department plans for an enormous enterprise, yet the reality was that I had few subject matter experts willing to write them, no matter how many software training classes I gave or how many “your deadline has passed” emails I sent.

Finally, I decided there had to be a better way to engage and build support for my BCM program with non-BCM professionals – my program partners in the organization. I sat down with a colleague and we talked about our experiences. When we did get a plan complete, what was good about it? How did we get it done? Why did it work in one case and not another? We got out a pen and a whiteboard and made notes and scribbled and planned, and that conversation was the beginning of what I’ll talk about in this book. It was the beginning of completely revamping and reinventing the BCM program. It was also the beginning of an incredibly successful BCM program in that company and in others as I and other BCM managers had begun to embrace and espouse what I now call “The Three S’s of BCM Success” – or “3S”, to shorten that up a little:

  • Simple
  • Strategic
  • Service-oriented.

How the Three S’s Can Change Your Effectiveness on the Job

This book is all about how those three concepts can completely change the work life of any manager tasked with business continuity responsibilities:

  • How with a change in your mindset and program, you can gain an incredible amount of traction and support from all of your BCM program partners in the business who have the critical information needed for your BCM plans.
  • How you can change from having people in your organization avoiding you in the hall, aware that they have missed yet another planning deadline, to having them actively seeking you out when they have an update to make to their plans.

In Part I of the book – for those readers who might be new to the world of BCM – I give you an introduction to what BCM is and a high-level overview of what it typically encompasses. Then I dive into the topics of why BCM seems so complicated to so many of the BCM program partners that you must engage with to build and manage plans. In Part II, I show how you can change that complexity, and reboot your BCM programs using the 3S model to gain internal traction, participation, and support. Finally, in Part III, I cover how to put it all together to run an ongoing program that will support your organization’s needs now and into the future.

Stories from the Front Lines: BCM in the Real World

Throughout this book, you will see boxes with what I am calling “Stories from the Front Lines.” These are real-life stories that I’ve collected from BCM professionals at conferences, seminars, and training sessions, and also some from my own experience. Names of people and organizations have been changed to protect the innocent.

These stories are told in first person as they were told to me. Some may have happier endings than others, but if you have worked in the BCM field for a while, many of them will sound familiar to you. If you have not, then these real life “war stories” will hopefully provide you some “dos and don’ts” for implementing your own BCM program.

At the end of each story, I include a few “Life Lessons Learned” bullet points to show you how using any one of the 3S aspects either helped or could have fixed the issue in the story.

So if you are ready to:

  • Completely change your approach to the problems of “BCM buy-in.”
  • Find new ways to engage and support your BCM program partners and subject matter experts.
  • Develop easier-to-use policies, procedures, and plans.
  • Improve your overall relationships with everyone involved in your BCM program.
  • See how three little words can change your work life.

…then let’s get started on learning about building better BCM!

Rachelle Loyear

New York City

March 2017

 

Simplifying your business continuity management (BCM) program for your program partners and subject matter experts does not need to make it more complicated for you. In fact, the simpler your program, policy requirements, forms, templates, questionnaires, and calculations, are, the easier you make it on yourself and your team to ensure enterprise compliance with the BCM program. In a complicated world of ever-changing risk, with multiple moving parts and interlocking dependencies, making your program simpler is possibly the best way to ensure you cover all your bases with high level plans. Planning at the most detailed level is overwhelming at best, and counter-productive at worst, as the pieces and parts change so rapidly it’s almost impossible to keep up.

When setting up a simple and streamlined program, I recommend a phased approach. In this, I agree with most of the available standards and guidelines that also recommend a step-by-step implementation, but the approach outlined below is both phased and narrowed down to the essentials. There’s no point in attempting to phase in an enormous and complicated program when you can phase in a lean and nimble one.

Looking at the concepts in Chapter 1 (Table 1-3) about streamlined phases that align with all the relevant standards, let’s review how each of the following can be implemented in a simple and straightforward way:

  1. Initiating a new BCM program.
  2. Analyzing the business needs for a BCM program.
  3. Building the program and program components (plans).
  4. 4. Testing the program.
  5. Continual program improvement.

4.1 Initiating a New BCM Program

First things first. If you are going to either start up a new BCM program or revamp your existing program to conform to the 3S model, there are some things you will want to do upfront.

4.1.1 Get Executive Buy-In

The first step is to explain to your executives and internal BCM program partners what you are planning to do and get their buy-in on the process and new program philosophy. In my experience, and in discussing this with others who have done it, this is not usually a hard sell.  When your BCM partners hear words like these below, the buy-in comes fairly quickly:

  • Simplified.
  • Strategic.
  • Focused.
  • Easier.
  • Less resource intensive.
  • Shorter.
  • We write it for you.

However, even though it’s a relatively easy sell, the process of having those conversations is critical to getting this new methodology off the ground if the 3S approach is a fundamental shift in the way the enterprise has been doing things in the continuity area. Therefore:

  • Your executives will want to be reassured that the simplified model will meet company continuity preparedness needs.
  • Your BC planning partners will need to understand that they are still responsible for ending up with plans that work for them, even if you are providing the majority of the assistance in creating those plans.
  • You (and your team or helpers) will need to clearly communicate the process that you ill follow to get the program rolled out, tested, and then migrated into the ongoing maintenance and improvement phase.

So what’s the best way to accomplish these goals?

4.1.2 Create an Executive Communication

If you are not a senior executive or leader yourself, the easiest way to get this process started up is to have the most senior leader of your department – or the most senior “owner” of BCM, if it’s a committee-based approach – send a short communication to the other senior  leaders and executives. This message will briefly explain the new philosophy and introduce you as a person who will be needing 15 minutes of their time to kickoff this program. Unlike the “executive sponsorship” requirement discussed as a potential roadblock in Chapter 2, this  executive communication is not seeking anything from these executives and upper managers other than their understanding of the new paradigm, acceptance of what you’ll be doing for their teams and programs, and a few minutes of their time…

Appears In August 2018 Print Issue of Security Management: A Publication of ASIS International

Business continuity plans must be simple, strategic, and service-oriented: that is the key message of this book by Rachelle Loyear. The author advocates a new model—the Three S Philosophy—as an approach to improve engagement and support for business continuity management (BCM) programs.

Traditional BCM programs face various challenges and roadblocks that make them cumbersome for business subject matter experts and even for the experienced risk professional. To counter those obstacles, Loyear urges planners to focus on the essentials, stripping away complexity and putting strategy and business value front and center to help the risk owner in the BCM journey.

This guide will provide great value for anyone engaged in BCM, whether as an experienced risk professional or a functional expert. The Three S Philosophy, which endorses simplicity, strategy, and service, provides a powerful yet uncomplicated framework that a focuses on value. The reader will appreciate various references in the manuscript to enterprise security risk management, as well as practical templates and checklists to facilitate further use. 

Reviewer: Rachid Kerkab has almost two decades of experience in criminology, strategy, risk, and resilience. He is a member of ASIS.

 

You may also like…