Description
Does one of these describe you when it comes to business continuity management?
- Preparing for a Business Continuity Management career, needing step-by-step guidelines,
- Working in BCM, looking to deepen knowledge and stay current — and create, update, or test a Business Continuity Plan.
- Managing in BCM, finance, facilities, emergency preparedness or other field, seeking to know as much as much as possible to make the decisions to keep the company going in the face of a business interruption.
Andrew Hiles has designed the book for readers on three distinct levels: Initiate, Foundation, and Practitioner. Each chapter ends with an Action Plan, pinpointing the primary message of the chapter and a Business Continuity Road Map, outlining specific actions for the reader at each level of expertise.
New and revised sections in Andrew Hiles 4th edition of Business Continuity Management: Global Best Practices:
- New, extensive chapter on supply chain risk – including valuable advice on contract aspects.
- Horizon scanning of new risks.
- Fresh perspectives.
- Multilateral continuity planning.
- Impact of new technologies, including mobile computing, cloud computing, bring your own device, and the Internet of things.
- Extensive, up-to-the-minute coverage of global/country-specific standards, with detailed appendices on ISO 22301/22313 and NFPA 1600.
- BCP exercising and testing.
- Helpful discussion on issues relating to certification professional certification.
- New revealing case studies and vivid examples of crises and disruptions – and effective response to them.
- Updated action plans and roadmaps.
- Proven techniques to win consensus on BC strategy and planning.
- Hint of the future – what’s next for BCM?
- Demonstrates step-by-step how to build and maintain a world-class Business Continuity management system and plan. Shares field-tested tools and hard-won insights about what works and why.
- Chapter learning objectives, case studies and real-life examples, self-examination and discussion questions, forms, checklists, charts and graphs, glossary, index.
- 492-page book + hundreds of pages of Downloadable Resources, including project plans, risk analysis forms, BIA spreadsheets, BC plan formats, exercise/test material, checklists, and a variety of editable models, templates, and spreadsheets.
- Instructional Materials including valuable and extensive educational tools, such as syllabi, test bank, slides – for use by approved adopters in college courses and professional development training.
Andrew Hiles, Hon FBCI, EIoSCM, is an internationally renowned practitioner, consultant to blue chip companies and government agencies, and trainer of two generations of Business Continuity professionals.
Contact Rothstein Associates, Inc. to request a complimentary copy to evaluate for classroom use.
Contents
TABLE OF CONTENTS
Foreword by Lyndon Bird
Foreword by Michael Howbrook
Foreword by Dr. Adil S. Mufti
Author’s Introduction to the 4th Edition
Preface: The Risk Horizon
0.1 Natural Risks
0.2 Miscellaneous Risks
0.3 Geopolitical Risks
0.4 Corporate Risk
0.5 Boardroom Attitudes to Risk Management
0.6 Technology Challenges
0.6.1 Proliferation of Internet-connected Devices
0.6.2 Mobile Working
0.6.3 Protocol/Version Changes
0.6.3.1 Internet Protocol – IPv6
0.6.3.2 Voice over Internet Protocol H.323 (VoIP H.323)
0.6.4 Espionage
0.6.5 Utilization of “Big Data”
0.6.6 Hybrid IT and Cloud Computing
0.6.7 In-Memory Computing
0.6.8 Integrated Ecosystems
0.6.9 Data Backup and Recovery
0.6.10 Social Media
0.6.11 Data Leakage Protection
0.6.12 Cyber Attacks
0.6.13 Supply Chain Risk Management
0.6.14 The Outernet Project
0.7 Summary: What These Technical Risks Mean for BC Professionals
Footnotes
Chapter 1: Introduction to Business Continuity
1.1 What Is Business Continuity and Why Should We Have It?
1.2 Impact of Business Disruption
1.2.1 Marketing
1.2.3 Statutory or Compliance Requirement
1.2.4 Quality
1.2.5 Survival from Disruption
1.3 Defining the Need: What Is a Disaster?
1.4 Recovery Timescale
1.5 Business Continuity – Project, Program or Management System?
1.6 The Growing Maturity of BC
1.6.1 Increased Awareness
1.6.2 Regulatory Requirements
1.6.3 Supply Chain Issues
1.6.4 Holistic Approach
1.6.5 Operational and Business Resilience
1.7 Professional Institutes
Summary
Action Plan
Business Continuity Road Map: Chapter 1
Self-Examination Questions
Discussion Questions
Footnotes
Chapter 2: Understanding the World of BC Standards
2.1 Background: Making the Choice
2.2 Focus Standards
2.2.1 US NFPA 1600 Standard on Disaster/Emergency Management and Business
Continuity Programs, 2010 and 2013 Editions
2.2.1.1 US NFPA 1600:2010 Standard on Disaster/Emergency Management and Business
Continuity Programs
2.2.1.2 US NFPA 1600:2013 Standard on Disaster/Emergency Management and
Business Continuity Programs7
2.2.2 British Standards Institution BS 259998
2.2.3 (ANSI)/ASIS SPC.1-2009 Organizational Resilience: Security, Preparedness, and Continuity Management Systems – Requirements with Guidance for Use10…32
2.2.4 ISO 22301:2012, Societal Security – Business Continuity Management Systems – Requirements
2.3 Other Relevant Guidelines and Standards
2.3.1 The BCI Good Practice Guidelines
2.3.2 American National Standard, Business Continuity Management Systems
ANSI/ASIS/BSI BCM.01-2010
2.3.3 Australia New Zealand Standard AS/NZS 5050: 2010 Business Continuity:
Management of Disruption – Related Risk 12
2.3.4 Financial Services Authorities’ Business Continuity Management
Practice Guidelines
2.3.5 ISO PAS 22399: 2007 Societal Security – Guidelines for Incident Operational
Preparedness and Continuity Management
2.3.6 British Standard BS 25777:2008 Information and Communications
Technology Continuity Management: Code of Practice 17
2.3.7 ISO/IEC 27031:2011 – Information Technology – Security Techniques
– Guidelines for ICT Readiness for Business Continuity
2.3.8 US NIST SP 800-34 Revision 1, May 2010 – Contingency Planning Guide
or Federal Information Systems18
2.3.9 ISO/IEC 24762:2008 Guidelines for information and communications
technology disaster recovery services 19
2.3.10 UAE Business Continuity Standard AE/HSC/NCEMA 7000:2012
2.4 Other Relevant Recent Standards and Guidelines
2.5 Comparison of Standards
2.6 Considerations on Using Standards
Action Plan
Business Continuity Road Map: Chapter 2
Self-Examination Questions
Discussion Questions
Footnotes
Chapter 3: Project Startup and Management
3.1 BC Project Activities
3.2 BCP Scope
3.3 Getting Buy-In: Benefits of BC Planning
3.3.1 Buy-In From Management
3.3.2 Awareness and Training Programs
3.3.3 Establishing Objectives and Components of the Program
3.4 Developing the Training Methodology
3.5 Acquiring or Developing Training Aids
3.6 Establish BC Policy
3.7 Lead Sponsors in Defining Objectives
3.8 Establish a Planning/Steering Committee
3.9 BC Manager/BC Coordinator
3.10 Project Planning
3.11 Assessing Project Resources and Timeframe
3.12 Develop Initial Budgetary Requirements
3.13 Making it Stick – Other Motivators
Action Plan
Business Continuity Road Map: Chapter 3
Self-Examination Questions
Discussion Questions
Chapter 4: Risk Evaluation and Control
4.1 Understanding Risk
4.1.1 The Need for Risk Assessment (RA
4.2 The RA Process
4.3 Options for Risk Management (RM)
4.4 Risk Identification and Measurement
4.4.1 Risk Standard: ISO 31000:2009
4.4.2 Health and Safety – Risk Assessment
4.4.3 Control of Major Accident Hazards (COMAH) Regulations, amended 2005
4.4.4 System Safety Programs and HAZOP
4.5 Risk Management for Finance and the Finance Sector – Compliance Issues
4.5.1 Gramm-Leach-Bliley
4.5.2 Corporate Governance Requirements
4.5.2.1 US – The Sarbanes-Oxley Act, 2002
4.5.2.2 Other Corporate Governance Legislation
4.5.3 UK FSA Guidelines
4.5.4 Basel Accord
4.6 Food and Drug Administration (FDA) Compliance
4.6.1 Risk Assessment in the Food Industry
4.7 Health Care
4.8 Risk Assessment in Other Industries
4.9 Risk Assessment: Statutory Requirement and Duty of Care
4.10 King III: Corporate Governance and Risk, South Africa
4.11 Risk and Compliance in Australia
4.12 Critical Component Failure Analysis
4.13 Operational Risk Management
4.14 An Output Approach to Risk
4.14.1 Site and Security – Risk Areas
4.14.2 Suppliers – Risk Areas
4.15 COSO Enterprise Risk Management
Action Plan
Business Continuity Road Map: Chapter 4
Self-Examination Questions
Discussion Questions
Footnotes
Chapter 5: Managing Supply Chain Risk
5.1 Supply Chain Dependency
5.2 Risk and the Procurement Cycle
5.2.1 Purchasing Policy
5.2.1.1 Purchasing Procedures
5.2.1.2 Using Multiple Suppliers
5.2.1.3 Using Single Suppliers
5.2.1.4 Using Best of Breed Suppliers
5.3 Strategic Purchasing and Supply Management
5.4 Developing Sourcing Strategies: Types of Contract
5.5 The Strategic Procurement Lifecycle
5.5.1 Products Lifecycle
5.5.2 The Strategic Procurement Lifecycle
5.5.3 Implementing the Strategic Procurement Lifecycle
5.6 Supplier Strategies
5.6.1 Stock
5.7 Procurement Documentation
5.8 Tendering Procedures
5.8.1 Common Risks and Pitfalls
5.9 Outsourcing Risk
5.9.1 Getting Outsourcing Right
5.10 Risks: All Contracts
5.10.1 The Runaway Project
5.10.2 The Importance of Service Level Agreements (SLAs)
5.11 How Suppliers Charge
5.11.1 Cost Plus
5.11.2 Time and Materials
5.11.3 Usage
5.11.4 Type of Service
5.11.5 Market Pricing
5.11.6 Fixed Price or Lump Sum
5.11.7 Risk/Reward Contracts
5.11.8 Management Fee
5.11.9 Value-based Costing
5.11.10 Marginal Costing
5.11.11 Cost of Full Capacity
5.12 Vendor Evaluation Criteria
5.12.1 Due Diligence
5.12.2 Relating Contract Type to Service
5.13 Negotiating
5.14 Summary: Risk Based Acquisition Management (RBAM)
5.14.1 Fundamental Risk Management Requirements
5.14.2 Tender Risks
5.14.3 Contract Risks
5.15 Lessons from Experience
Action Plan
Business Continuity Road Map: Chapter 5
Self-Examination Questions
Discussion Questions
Footnotes
Chapter 6: Business Impact Analysis
6.1 Why Should I Conduct a BIA?
6.2 How Do I Conduct a BIA?
6.3 The BIA Project
6.4 BIA Data Collection Methods
6.5 Critical Success Factors: Definitions
6.6 Key Performance Indicators
6.7 Service Level Agreements
6.8 Desk Review of Documentation
6.9 Questionnaires
6.10 Interviews
6.11 Workshops
6.12 BIA – Justification for BCM
6.12.1 Marketing
6.12.2 Financial
6.12.3 Compliance/Legal Requirements
6.12.4 Quality
6.12.5 Summary: Financial Loss
6.12.6 Designing an Impact Matrix
6.12.7 Recovery Time Objective: The Time Window for Recovery
6.13 A Tiered Approach to BC Planning: Relationship of BC
and Service Level Agreements
6.13.1 RTO
6.13.2 Recovery Point Objective
6.13.3 Risk Appetite
Action Plan
Business Continuity Road Map: Chapter 6
Self-Examination Questions
Discussion Questions
Footnotes
Chapter 7: Developing Continuity Strategies
7.1 Why Do I Need A Continuity Strategy?
7.2 Definitions – Vital Materials
7.3 Focus on Deliverables
7.4 Business Continuity Strategy: Options
7.4.1 Bunker
7.4.2 Backups: RAID, Electronic Vaulting, Remote Journaling, Disk Mirroring,
and Optimization Techniques
7.4.3 Alternate Site, Standby Processing, and Facility Management
7.44 Distance Between Sites
7.4.5 Quick Resupply
7.4.6 Off-Site Storage
7.4.7 Working from Home
7.4.8 Reciprocal Arrangements (Mutual Aid Agreement)
7.4.9 Buying-in or Outsourcing
7.4.10 Buffer Stock
7.4.11 Other Recovery Services
7.5 Option Comparison
7.6 Backups
7.7 ICT Recovery Strategies
7.7.1 Continuous Processing
7.7.2 Virtualization, Cloud Computing, and Clustering
7.7.2.1 Virtualization
7.7.2.2 Cloud Computing
7.7.2.3 Clustering
7.8 Contractual Arrangements for Recovery Services
7.9 Lateral and Creative Thinking
7.10 The Role of Insurance
7.11 Using Consultants
Action Plan
Business Continuity Road Map: Chapter 7
Self Examination Questions
Discussion Questions
Footnotes
Chapter 8: Emergency Response and Operations
8.1 Emergency Response Defined
8.1.1 Incident Management
8.2 Coordination with Emergency Services
8.2.1 Fire
8.2.2 Police
8.2.3 Law and the Judiciary
8.2.4 Ambulance and Paramedic Services
8.3 Coordination with Public Authorities
8.4 US Department of Homeland Security
8.4.1 The US Federal Emergency Management Agency (FEMA)
8.4.2 US National Response Framework
8.4.3 US National Response System
8.4.4 US State Emergency Authorities
8.4.5 US Public Law (PL) 110-53
8.5 Emergency Preparedness Canada
8.6 Emergency Management Australia (EMA)
8.6.1 Australian Emergency Management Institute
8.7 UK National Arrangements for Responding to a Disaster
8.7.1 Roles
8.7.2 Combined Response
8.8 Salvage and Restoration
8.9 Public Relations and Crisis Communication
8.10 Crisis Communication
Action Plan
Business Continuity Road Map: Chapter 8
Self Examination Questions
Discussion Questions
Footnotes
Chapter 9: Developing and Implementing the Business Continuity Plan
9.1 BCP Scope
9.2 Developing the Plan
9.2.1 Plan Development Phase
9.2.1.1 Procedure-driven Planning
9.2.1.2 Decision-driven Planning
9.2.1.3 Areas to Consider in Planning
9.2.2 Plan Introduction
9.2.3 BC Teams
9.2.4 Tasks, Actions, and Functions
9.2.5 Roles and Responsibilities
9.2.6 Alternative Locations (Standby Locations)
9.2.7 Contact Details for Internal and External Contacts
9.2.8 Vital Documents and Materials
9.2.9 Resource Requirements
9.2.10 Reporting Processes and Requirements
9.2.11 Audit Trail
9.3 Format of Plan
9.4 Software Tools for Plan Development
9.4.1 Commercial Software
9.4.1.1 Determining the Value of Commercial Software
9.4.1.2 The Downside of Commercial Packages
9.4.2 Using Standard Office Tools
9.4.3 Selecting a Tool
9.5 The BCP Table of Contents
9.5.1 What Not to Include in the BCP
9.5.2 Immediate Response Card
Action Plan
Business Continuity Road Map: Chapter 9
Self Examination Questions
Discussion Questions
Footnotes
Chapter 10: Auditing, Maintaining, and Exercising the Business Continuity Plan
10.1 Plan Audit
10.2 Testing, Exercising – What’s the Difference?
10.3 The Need to Exercise
10.4 When Should You Test or Exercise?
10.4.1 Exercise Strategy
10.4.2 Exercise Methods
10.4.3 A Structured Approach to Plan Exercising
10.4.4 When to Exercise
10.4.5 Post-exercise Reporting
10.5 Plan Review and Maintenance
10.5.1 Tools for Maintaining the Plan
10.6 Should You Use a Consultant?
Action Plan
Business Continuity Road Map: Chapter 10
Self Examination Questions
Discussion Questions
Footnotes
Chapter 11: A Glimpse of the Future: The Challenge of BCM Convergence
11.1 The BC Profession
11.1.1 Top Issues for BC Professionals
11.1.2 BCM Convergence
11.1.3 A Holistic Approach to Enterprise Risk
11.1.4 Will BC Converge With Operations
11.1.5 Is a Silo Mentality the Answer?
11.2 Your BC Career: Broad or Deep
11.2.1 Choosing Among Deep Career Development Paths
11.3 Some Predictions
11.4 The Future for Risk Management
11.5 The Future for BC
11.6 It’s All About Expecting the Unexpected
Business Continuity Road Map: Chapter 11
Discussion Questions
Footnotes
Appendix A:
Contract Issues for Supply Chain Risk and Resilience
Appendix B:
ISO 22301:2012 Societal Security – Business Continuity Management Systems – Requirements
Appendix C:
USA NFPA 1600:2013 Standard on Disaster/Emergency Management and Business Continuity Programs
Appendix D:
Group Processes to Develop Consensus for the BCP: Collaborative and Creative Thinking
Appendix E:
Understanding Certification Issues, Requirements, and Processes
Glossary
About the Author
Index
Other
Footnotes
Contact Rothstein Associates, Inc. to request a complimentary copy to evaluate for classroom use.
Author
Andrew Hiles, Hon FBCI, EIoSCM, has traveled to 60+ countries during 35 years, consulting to major private and government organizations and training the next generation of Business Continuity (BC) practitioners.
A graduate of Manchester University, UK, Hiles is a founding director of Kingswell International Limited, a global consulting firm specializing in Risk, Crisis, and BC Management. He has worked with numerous blue chip organizations, including inter-governmental, governmental, defense, aerospace, hi-tech, banking, insurance, oil, gas, energy, manufacturing, pharmaceutical, and retail sectors.
In 1997, Hiles was presented with the Western Press Award for services to business; in 1999 he was nominated for Lifetime Achievement at the first Business Continuity Institute (BCI) Awards ceremony in the UK.
As founding director and first fellow of BCI, Hiles is widely recognized as a pioneer in expanding and advancing BC as a global business discipline:
“Andrew was instrumental in the formation of the Business Continuity Institute and is certainly one of our most celebrated members. In recent years his writings have given great leadership to our profession and even convinced many students to think of BCM as a valuable and credible long- term career option.”
- –Lyndon Bird, FBCI, Technical Director, The Business Continuity Institute
“At many of the pivotal points of our profession’s evolution, somehow Andrew Hiles is right there or very close by. From the beginning he’s been at the leading edge, helping to direct and shape our profession into a growing and globally accepted business discipline.”
- –Phillip Jan Rothstein, FBCI, Publisher and Management Consultant Rothstein Associates Inc.
In 2004, Hiles was inducted into the Business Continuity Hall of Fame by CPM (Contingency Planning and Management) Magazine in Washington, DC, for demonstrating consistent high standards over time and global reach. Among his accomplishments, Andrew:
- Founded Survive, the first international user group for BC professionals.
- Was founding director and first Fellow of the Business Continuity Institute (BCI), as Member #1; and chaired the certification committee, steering the group from ownership by the user group into ownership by its members as an independent, international professional body. He is now an Honary Fellow.
- Was founding chairman of European Information Market (EURIM), the UK all-party working group supporting the UK All-Party Parliamentary Group.
- Served on numerous security- and continuity-related working groups, including the early days of BS 7799, which evolved into ISO 27001 International IT Security Standard.
- Pioneered international training in enterprise risk management, BC, and availability management in over 60 countries, providing courses in: North America, for the 330,000 members of the American Institute of Certified Public Accountants; UK, for the Office of Government Commerce (the UK Cabinet’s provider of advisory services to the public sector) and the Loss Prevention Council; North and South America; Russia; Eastern, Central, and Western Europe; China; the Indian sub-continent; Australasia and the Pacific Rim; the Middle East; and Africa.
Contact Rothstein Associates, Inc. to request a complimentary copy to evaluate for classroom use.
Instructional Materials
Extensive Instructor Materials for the 4th Edition of Business Continuity Management: Global Best Practices by Andrew Hiles are available for qualified academic or corporate training, upon confirmed adoption:
Instructor's Manual
The Instructor’s Manual for Business Continuity Management: Global Best Practices, 4th edition, by Andrew Hiles includes:
- Key Takeaways for each chapter. These build upon and add detail to the outline given on the first page of each chapter.
- Answers for multiple choice chapter Self-Examination Reading Questions with explanation of the correct answer and page on which the subject is covered.
- Rubrics as guidelines for possible content for responses to the chapter Discussion Questions.
SAMPLES FOR CHAPTER 1
Key Takeaways
- Business continuity (BC) is the uninterrupted availability of all key resources supporting essential business functions. Business continuity management (BCM) assures the uninterrupted achievement of mission-critical objectives in the event of a disaster or disruption.
- A business continuity plan (BCP) reassures shareholders, employees, and customers; promotes compliance with government regulations; and maintains market share, reputation, and profitability subsequent to a disruption.
- Defining the scope of the BCP means identifying mission-critical activities and facilities and calculating the time frame in which their loss would become unacceptable. Important criteria the BCP must meet are recovery time objective (RTO) or maximum tolerable downtime (MTD) and maximum tolerable data loss (MTDL) or recovery point objective (RPO).
Self-Examination Questions (pp. 18–19): Answers and Explanations
1. C
EXPLANATION: Business continuity means ensuring the uninterrupted availability of all key resources supporting essential business functions.
REFERENCE: page 2
2. A, B, D
EXPLANATION: Business continuity management must encompass the business’s key assets and stakeholders involved in maintaining the business and its mission. Product recalls fall within the scope of risk management but are not part of BCM. Converting hard-copy records to electronic data, which can be stored off-site, may play a role in making the business more resilient, but the primary purpose is usually to increase operational efficiency.
REFERENCE: pages 6 and 7
3. B
EXPLANATION: Business continuity planning does not typically include contingency plans for specific situations.
REFERENCE: page 6
Discussion Questions (pp. 19–20): Rubrics
DISCUSSION QUESTION 1: “Why can’t I just have a single plan that covers everything—crisis management, emergency and incident management, and continuity?”
- Incident management, crisis management, and emergency management are separate disciplines from business continuity (BC) management, and crises or even emergencies may not rise to the level of disasters. Therefore, incident, crisis, and emergency management plans may be invoked in situations when BC plans are not.
- Example 1: If someone is spreading malicious rumors about a company, the company’s crisis management plan may be invoked, but the BC plan will not be invoked unless the crisis management plan fails to deal with the situation and the crisis becomes a disaster.
- Example 2: If there is a fire at a warehouse, the warehouse manager’s incident management plan would be implemented at the warehouse for the purpose of limiting the disruption to the company of which the warehouse is a part. If successfully implemented, the incident management plan would prevent the need to invoke the company’s BC plan.
- Especially in North America, emergency management plans are the responsibility of governments and public authorities complying with national laws. Since many aspects of emergency management planning may be controlled by the government, the company cannot control all aspects of its plan. Therefore, the company should keep its emergency management plan separate from its BC plan so it is easier to show that the emergency management plan is in compliance with government regulations.
Test Bank Questions and Answers
The Test Bank for Business Continuity Management: Global Best Practices, 4th edition, by Andrew Hiles includes:
- At least 25 multiple-choice examination questions for each chapter, covering major aspects of the chapter.
- The answer for each question, along with an explanation of the correct answer and reference to the pages in the chapter on which the material is discussed.
SAMPLES FOR CHAPTER 1
Test Bank Chapter 1: Questions
1.Which of the following businesses has the LEAST need for a business continuity plan (BCP)
A. A cellphone service provider that operates cell towers.
B. A private building contractor that bids on public works projects.
C. A publicly traded company in a cutting-edge technology field.
D. None of the above.
7. The US PS-PREP program is a
A. mandatory accreditation and certification program, run by the Department of Homeland Security, that requires private entities to develop business continuation programs.
B. voluntary accreditation and certification program, run by the Department of Homeland Security, that helps private entities develop business continuation programs.
C. mandatory accreditation and certification program, run by the Department of Defense, that helps private entities develop disaster management programs in the event of terrorist attack.
D. voluntary accreditation and certification program, run by the Department of Labor, that helps private entities develop disaster management programs in the event of terrorist attack.
10. If a business’s primary continuity objective after a disaster is the full recovery of what it has defined as a “mission-critical” activity, then the time-frame for that recovery is called the
A. maximum tolerable period of disruption (MTPD).
B. recovery point objective (RPO).
C. recovery time objective (RTO).
D. maximum tolerable data loss (MTDL).
Test Bank Chapter 1: Answers and Explanations
1. D
EXPLANATION: Businesses that rely on key installations, government contracts, or the appreciation of publicly traded stock all need a BCP to ensure retention of customers, protect employees from loss of income, and attract capital. Note that it is even more important to protect brand value and reputation.
REFERENCE: page 2
7. B
EXPLANATION: US PS-PREP is a voluntary program of accreditation and certification of private entities that use Department of Homeland Security standards in the development of disaster management, emergency management, and BC programs.
REFERENCE: page 5
10. C
EXPLANATION: For organizations where full recovery of a mission-critical activity is the first objective, the timeframe for this is called recovery time objective (RTO), also called maximum tolerable downtime (MTD). Note that RTO is not necessarily full recovery – it depends on scope – and, it could be partial recovery for prioritized customers. There is considerable disagreement about maximum tolerable period of disruption (MTPD), which may be interpreted as back to “business as usual,” or, if RTO is seen as a preferred or target recovery time, MTPD may be viewed as the ultimate deadline.
REFERENCE: page 8
Teaching Aids
The book itself includes useful teaching aids as illustrated by these excerpts:
- Chapter overviews/learning objectives.
- Revealing case studies and vivid real-life examples.
- Action Plan and Business Continuity Road Map at the end of each chapter to help relate content to student’s level of knowledge and expertise.
- Self-examination questions.
- Discussion questions.
- Forms, checklists, charts and graphs.
- Glossary.
- Index.
- Downloadable Resources, including project plans, risk analysis forms, BIA spreadsheets, BC plan formats, exercise/test material, checklists, and a variety of editable models, templates, and spreadsheets.
Author’s Slides
Additionally, the author has made available complimentary copies of PowerPoint slides from his intensive 2-day professional development workshops conducted for organizations worldwide. These slides, which may be adapted easily for classroom use, include most of the major topics covered in the book. Please request them from [email protected].
Contact Rothstein Associates, Inc. to request a complimentary copy to evaluate for classroom use.
Reviews
From the Foreword by Lyndon Bird, FBCI, Technical Director, The Business Continuity Institute (BCI):
I’ve known Andrew Hiles for many years and have always been impressed by his vision and passion for the ever changing landscape of Business Continuity. No one writing about the subject today, and few writing about any management topic, can equal Andrew’s breadth of experience and practical “know-how.” Andrew was the main driver in the formation of The Business Continuity Institute in 1994 and bears the membership number 001. He has a formidable understanding of Information Technology, Information Security and Service Management, as well as his almost encyclopedic knowledge of Business Continuity globally. This is what he shares with the readers in this incredibly comprehensive, but very readable, book.
He has again provided an up-to-the-minute review of the topic and world-wide standards, as well as valuable insights about the impacts of legislation and regulation on BCM practitioners. He’s also broad in his scope, opening the debate to the wider areas of resiliency, including risk, emergency planning, security and crisis. Andrew always demonstrates that BCM has wide strategic implications for any business and his real life examples are brilliant learning opportunities. He always likes to show what can go wrong, what could have prevented it and how to move forward positively. It’s an honest, balanced view of the challenges facing BCM professionals.
Wherever I go in the world, BC people know Andrew Hiles through his books, other publications, and global course delivery. Andrew’s teachings have provided great leadership to our profession, influencing many people to think of BCM as an important, enjoyable, and credible long-term career option. If you only read one BCM business book this year, then make sure this is it. The Business Continuity Institute welcomes this updated version and is delighted to endorse it.
From the Foreword by Dr. Adil S. Mufti, Vice Chairman, ICIL-Pakistan:
I find this new 4th edition of Business Continuity Management: Global Best Practices to be the most comprehensive book available, covering almost all aspects of BCM. It will be applied by students, will guide business continuity management (BCM) practitioners, and will be read by corporate and political leaders and policy-makers worldwide.
Despite my exposure to global and national business, my first real understanding of BCM came when I first met Andrew Hiles and read course materials for a series of very popular training courses he conducted in Pakistan. A relative working for IBM told me about Andrew’s high standing among BCM practitioners and that many of them in many parts of the world look up to Andrew as their guru. During my own travel to different countries, I find that, invariably, whenever I talk about BCM, people within corporate sectors in general and in the BCM practicing community in particular have either heard of Andrew or have read his publications. In both English-speaking as well as non- English-speaking countries, Andrew Hiles’ training courses and publications are, and will always remain, in great demand.
In the end, I would like to say that Andrew Hiles has made great contribution to the BCM profession and through this 4th edition of Business Continuity Management: Global Best Practices he has made the jobs of all BCM practitioners easier and has given to the students studying BCM at university level very comprehensive reading material. This book will help corporate and political leadership to understand the need to prepare against unexpected man-made or natural hazards.
From the Foreword by Michael Howbrook, Director of Education, Telfort Business Institute, Shanghai, China
The book gives the most comprehensive coverage not only of all of the aspects of developing, implementing, and maintaining a BC management system, but it also provides an understanding of supply chain and contracts, which are critical for supply continuity; advice for achieving consensus; and helpful details on international BC-related standards.
Chapter 5 draws attention to Negotiation and Contractual Risk, an important subject, which if handled incorrectly, can have huge repercussions that invite disruptions and /or disasters. Marketing in Chapter 6 covers how a disaster can affect many aspects within a business and how difficult matters would be if BCM was not regularly reviewed and practiced. Similarly, misunderstanding the laws pertaining to particular countries as detailed in Appendix A can have very serious repercussions. Common Law, Civil Law and Sharia Law may have overlaps but are not the same and can spell disaster if ignored or misunderstood.
I believe that it’s essential in today’s business environment that BCM be a part of any structured approach to forming business programs. This is a very informative book indeed, very well written by a very experienced practitioner who gives a full global perspective on BCM today.
REVIEWS OF HILES 3RD EDITION
Andrew has done his usual, great job in updating his book to cover the new, revisionary thinking and new ideas taking place in the field. He includes checklists, action plans, road maps, self assessment and discussion questions, and details real-life examples to help readers better understand the problems and issues that can occur in developing, testing and maintaining a plan.”
~ Melvyn Musson, FBCI, CBCP, Retired Senior Business Continuity Manager, Edward Jones
Andrew Hiles’ updated version of his superlative earlier book puts BCP in an international context that allows readers to benefit from experiences and expertise from around the world. This is the whole package — soup to nuts — and even the most experienced practitioner will find it an indispensable addition to the references used in the BCP effort. In fact, it will reduce the number of such books needed.”
~ Mayer Nudell, CSC, Adjunct Professor of Security, Management, Webster University
The profession of Business Continuity Management would be very different — and very much at a loss — for lack of Andrew Hiles’ profound contributions. As a founder of organizations which have formed the bedrock of the profession; as a thought leader who has created the elements which have grown to become fundamental to our practice — there is only one Andrew Hiles. What I will emphasize is that, as a committed practitioner of business continuity for three decades, I continue to learn from Andrew.”
~ Phillip Jan Rothstein, FBCI, Publisher and Management Consultant Rothstein Associates Inc.
Contact Rothstein Associates, Inc. to request a complimentary copy to evaluate for classroom use.
Andrew Hiles, Hon FBCI, EIoSCM, has traveled to 60+ countries during 35 years, consulting to major private and government organizations and training the next generation of Business Continuity (BC) practitioners.
