Index

ABCP (Associate Business Continuity Professional), 197

absenteeism, 220

accreditation, 191–196, see also certification

AEM (Associate Emergency Manager), 197

alternate functional units team model, 228

American National Standards Institute (ANSI), 190, 193

American Society for Industrial Security (ASIS), 189, 193

American Society for Quality (ASQ), 193

ANAB (ANSI-ASQ National Accreditation Board), 193

ANSI (American National Standards Institute), 190, 193

ANSI-ASQ National Accreditation Board (ANAB), 193

ARMA (Association of Records Management Administration), 188

ASIS (American Society for Industrial Security), 189, 193

ASQ (American Society for Quality), 193

assessment

hazard, see hazard assessment of preparedness, 65–67, 213–216

Associate Business Continuity Professional (ABCP), 197

Associate Emergency Manager (AEM), 197

Association of Records Management Administration (ARMA), 188

auditors, 159

audits, 29, 65–66, 125, 166, 194

backup (technology), 139

BCI (Business Continuity Institute), 197, 198

BCP, see business continuity program benchmarks, 66, 126, 188

best practice(s), 37–57, 129

and avoiding business continuity silos, 54–55

for business continuity plans, 166

business impact analysis as, 49–50

and developing business continuity program, 38–40

hazard assessment as, 47–49

plan development as, 50–53

and planning process, 40–47

program testing and implementation as, 53–54

risk management as, 55–57

strategy development as, 50

using consultant as, 41–42

using software as, 42–45

BIA, see business impact analysis

bidding processes, 28

blackout of 2003, 141

boards of directors, 22, 25

brand, 3

British Standards Institution (BSI), 34, 189, 191, 192, 193

business continuity, 2–3, 18–20, 39–40,

see also specific headings

business continuity centers, 233

Business Continuity Institute (BCI), 197, 198

business continuity managers, 108

business continuity plan (document) and assessing preparedness, 65

business continuity programs vs., 34–35

communications in, 164–165

damage assessment in, 162–164

deactivation in, 165

development of, 152–162

purpose of, 38, 149–152

reviews and updates of, 165–171

samples of, 171–172, 234–260

of suppliers, 128

business continuity planning as best practice, 50–53

business impact analysis as foundation of, 85–86

as core business practice, 59

and exercises/tests, 178–184

historical perspective on, 6–15

human factor of, 142–144

incorporating supply chain in, 60–65

lifecycle, 46, 47, 54, 174

as new responsibility, 15–18

process of, 40–47

and training, 176–178

value of, 4–6

Business Continuity Planning, 189

business continuity program (BCP), 21–36, 149–150

business continuity plan vs., 34–35

development of, 38–40

and guidelines, 33–34

and mergers, 170

need for, 26–31

requirements in, 33

and responsibility, 24–26

and risk management, 31–33

business continuity silos, 54–55, 61

business continuity team, 226–233

business impact analysis (BIA), 84–105, 107

as best practice, 49–50

and consultants, 42

and critical elements of supply chain, 92–102

as foundation of business continuity planning, 85–86

purpose of, 23, 84

report on, 103–105

reviews of, 166

software for, 44, 45

as step-by-step process, 86–88

time-critical functions in, 85–92, 101, 102

business liability, 28

business recovery, 14

Canadian Standards Association, 191

CBCP (Certified Business Continuity Professional), 197

CEM (Certified Emergency Manager), 197

certification

professional, 196–198

voluntary, 191–196

Certified Business Continuity Professional (CBCP), 197

Certified Emergency Manager (CEM), 197

checklists, 160–161

chemicals, 63

collaboration, 106, 108, 133

Comdisco, 9

communications, 144–147, 164–165

confidential information, 128

consultants, 41–42

contracting

with consultants, 41–42

with single sources, 113–114

with suppliers, 129–131

core business, 89

corporate business continuity plans, 51–52

corporate business continuity team model, 230–232

cost, 81, 90, 114

cost-benefit analysis, 43

cost estimates, 107

cost savings, 125–126

crisis, xv–xviii

critical suppliers, 117–119

cross-training, 23, 143

customers, 4, 5

disaster communications with, 145

expectations of, 106

prospective, 27–28

retaining, 90

and suppliers, 13, 128

damage assessment, 162–164, see also hazard assessment

data gathering

deciding on process for, 87

and follow up interviews, 87, 95–100

instruments for, 94–95

and preparedness, 66

deactivation, 165

Deming, W. Edwards, 70

department business continuity plans, 52, 64

Department of Homeland Security, 172

detailed damage assessments, 163

DHS (U.S. Department of Homeland Security), 34, 192–193

disaster communications, 144–147

disaster recovery

business continuity vs., 2

business recovery as focus of, 14

definition of, 18

founding of, 25

history of, 7, 8, 10, 11

and IT support, 136–142

regulatory requirements for, 30, 33–34

Disaster Recovery Institute International (DRII), 188, 196, 197

Disaster Recovery Journal (DRJ), 188

disaster recovery plans (DRPs), 18, 52

disaster(s)

definition of, 18

and production facilities, 112

and purchasing departments, 63

threats from, 71–72

distribution centers, 61–62

distribution sector businesses, 58

division business continuity plans, 52

downstream processes, 76, 93, 121

DRII, see Disaster Recovery Institute International

DRJ (Disaster Recovery Journal), 188

DRPs (disaster recovery plans), 18, 52

due diligence, 129

earthquakes, 73, 78–80

80-20 Rule, 117–118

electronic data, 101

e-mail, 136

emergency agencies, 75

emergency communications, 144–147

emergency management, 18

emergency preparedness, 6–7

employees, 143–144, 146

continuity of, 101

and starting continuity project, 46

training of, 23, 143, 176–178

enterprise resource planning (ERP), 10, 137–138

enterprise risk management (ERM), 19, 32

enterprise-wide disaster readiness, 59–60

equipment, 62, 100

Ericsson, xvii

ERM (enterprise risk management), 19, 32

ERP (enterprise resource planning), 10, 137–138

ethics, 124, 125, 196

executives, 22, 25, 45–46, 56, 88, 107

exercises, 178–184

external audits, 29

external communications, 164–165

external risks, 72–73

external support services, 60

“family of plans,” 154, 155

FDA (Food and Drug Administration), 187

Federal Acquisition Regulations (FAR), 28

Federal Electric Reliability Council (FERC), 187

Federal Emergency Management Agency (FEMA), 172, 228

Federal Financial Institutions Examination Council (FFIEC), 189

federal regulatory agencies, 30

Federal Reserve, 187

FEMA (Federal Emergency Management Agency), 172, 228

FERC (Federal Electric Reliability Council), 187

FFIEC (Federal Financial Institutions Examination Council), 189

field operations business continuity plans, 52, 155

financial information, 103

Financial Services Technology Consortium (FSTC), 188

fire hazards, 74

flooding, 71, 73

follow up interviews, 87, 95–100

Food and Drug Administration (FDA), 187

force majeure clause (contracts), 130

FSTC (Financial Services Technology Consortium), 188

functional units team model, 227–228

GAO (Government Accountability Office), 187

Generally Accepted Practices for Business Continuity Practitioners (GAP), 188–189

geographical business continuity plans, 52

globalization, 70

Government Accountability Office (GAO), 187

Gramm-Leach-Bliley Act, 33–34

guidelines, 33–34, 188–190

hazard assessment

as best practice, 47–49

and business impact analysis, 85

identification of IT service interruptions in, 24

identification process in, 73–75, 217–219

and mapping supply chain, 75–81, 93

and mitigation programs, 82

as part of business continuity planning, 82–83

as part of business continuity program, 38–39

purpose of, 68

reviews of, 166

and threats from disasters, 71–72

uses of, 69

Health Insurance Portability and Accountability Act (HIPPA), 33–34

H1N1 virus, 142

hot sites, 9, 180

human-caused disasters, 73

human resources department, 167

Hurricane Katrina, 14, 71, 112

IAEM (International Association of Emergency Managers), 197–198

IBM, 9

ICS (Incident Command System) model, 228–230

Implementing Recommendations of the 9/11 Commission Act, 34, 192

Incident Command System (ICS) model, 228–230

information technology (IT) departments, 10, 15

and disaster recovery plans, 25, 52

and managing risk, 24

responsibilities of, 55–56

support of supply chain from, 136–142

infrastructure needs, 141–142

initial general assessments, 163

Institute for Supply Management (ISM), xix

insurance, 4, 109, 172

internal audits, 29

internal risks, 72–73

International Association of Emergency Managers (IAEM), 197–198

International Organization for Standardization (ISO), 29, 189–191

international trade, 8

Internet, 136, 146, 172

interviews, 87, 95–100, 129

inventory, 8, 62, 113

ISM (Institute for Supply Management), xix

ISO (International Organization for Standardization), 29, 189–191

IT departments, see information technology departments

JIT (just-in-time) inventory management, xvi, 70

Joint Commission on Accreditation of Health Organizations (JHACO), 187

Jones, W. Alton, on coordinating people, 226

just-in-time (JIT) inventory management, xvi, 70

Laye, John, 13

lean production method, 69–70, 106

legal departments, 130, 159

liability, 28

live exercise, 180–181

loss prevention, 109, 116

managers, 46, 159

business continuity, 108

project, 40

risk, 31–32, 108

supply chain, 113, 116, 194

manufacturing, 9, 62–63, 70

Manufacturing Resource Planning (MRP II), 9

marketing, 27

market share, 90

Master Business Continuity Professional (MBCP), 197

Material Requirements Planning (MRP I), 9

MBCP (Master Business Continuity Professional), 197

media policies, 146–147, 177

mergers, 167–171

metrics, 66, 126, 130–131

mission, 89

mitigation, 38–39, 69, 82, 114

MRP I (Material Requirements Planning), 9

MRP II (Manufacturing Resource Planning), 9

multisourcing, 112, 114

National Fire Protection Association (NFPA), 188, 191, 193

natural disasters, xv–xvii, 70–71, 73

NERC (North American Electric Reliability Council), 187

NFPA, see National Fire Protection Association

niche suppliers, 118

Nokia, xvii

North American Electric Reliability Council (NERC), 187

Oliver, Keith, 9

Organizational Resilience, 189

organization charts, 95

outsourcing, 12, 119–121

pandemics, 142–143, 220–225

Pareto, Vilfredo, 117

Pareto Principle, 117–118

permits, 30

Phillips, xvii

physical damage, 162–163

pirates, 121

planning

business continuity, see business continuity planning

enterprise resource, 10, 137–138

response, 6–7, 39

succession, 143

unilateral, 59, 64–65

policies, 48, 146–147, 177

power outages, xvii–xviii, 141

preparedness, 39, 65–67, 126

Private Sector–Department of Homeland Security Partnership, 191

procurement departments and business continuity plan, 63–64

certification for, 194

ensuring continuity support in, 132–133

and planning software, 44

role of, 122

and suppliers, 82

prodromes, 74

production facilities, 112

Professional Practices for Business Continuity Planners, 188

profit, 90

project managers, 40

PS-Prep (Voluntary Private Sector Preparedness Accreditation and Certification Program), 34, 192–195

public safety officials, 75, 119

purchase orders, 94

purchasing departments, 63–64, 82, 122

quality, 81

questionnaires, 94–97

quick start guide, 160

recession, 23

reciprocal agreements, 115–116

recovery, 14, 39–40, see also disaster recovery

recovery point objective (RPO), 84, 85, 87–88

recovery time objective (RTO)

and business impact analysis, 84–85, 87, 100, 102

gap between current capability and, 110

and IT department, 138

strategies for meeting, 107, 124

and strategy feasibility, 118, 119

regulations, 1, 187–188

for business continuity capability, 29–31, 33–34

for manufacturing facilities, 63

meeting business continuity requirements of, 4

reliability, 120

relocating manufacturing operations, 62

reorganizations, 167–171

requests for proposals (RFPs), 129

resilient organizations, 14

resource requirements, 100–101

response planning, 6–7, 39

responsibilities, 24–26, 55–56, 232–233

return on investment (ROI), 22–23

reviews, of business continuity plans, 165–171

RFPs (requests for proposals), 129

risk analysis, see hazard assessment

risk management, xix, 31–33, 55–57, 58, 107–109, see also enterprise risk management

risk managers, 31–32, 108

risk(s)

analyzing identified, 78–81

avoiding inherited, 81–82

and hazard assessment, 48

identification of, 72–75

impact of, 68

and mitigation, 38–39, 82

with outsourcing, 120

types of, 69–72

ROI (return on investment), 22–23

roles, in business continuity teams, 232–233

RPO, see recovery point objective

RTO, see recovery time objective

safety programs, 32

sales, 94

Sarbanes-Oxley Act, 34, 194

scenarios (planning tools), 80–81, 110, 181–182

SCM, see supply chain management

scorecards, 130–131

Securities and Exchange Commission (SEC), 187

security specialists, 109, 116

September 11, 2001 attacks, 13, 142, 187

service level agreements (SLAs), 4

service providers, 94

shipping and receiving business continuity plans, 156

shipping delays, 73

silo approach, 54–55, 61, 116–117

simulation exercise, 179–180

Singapore Business Federation, 191

single-source suppliers, 70, 114

site business continuity plans, 52

Six Sigma business management strategy, 34

SLAs (service level agreements), 4

software, 8, 42–45

sole source, 113

stakeholders, 60, 145–146

standards, 29, 34, 48, 190–191

strategy development (best practice), 50

succession planning, 143

Sumitomo’s Metal Industries Ltd., xvi

Sungard Recovery Services, 9

suppliers

and business impact analysis, 94–95

contracting with, 129–131

and customers, 13

and ensuring availability, 113–114

identifying critical, 117–119

monitoring of, 131–132

partnering with, 133–136

selection of, 122–129

single-source, 70

supply chain, 1–2, 9

as critical part of organization, 55

evolution of, 58

mapping of, 75–81, 93

streamlining of, 60

supply chain disruptions, xv–xvi

supply chain management (SCM), 8, 9, 61

supply chain managers, 113, 116, 194

supply chain system, 2

supply network, 2

surveys, 94–97

survival suppliers, 117–119

tabletop exercise, 158, 179

teamwork, 175

technical teams model, 230, 231

technological disasters, xvii, 73, 139

technology, 8–9, see also information technology departments

telecommunications, 164, 165

testing, of business continuity plans, 53–54, 66

tests, 178–183

third-party services, 81, 92, 118, 119, 194

time-critical functions, 85–92, 101, 102, 110

Toyota, xvi

trade groups, 188

training, 23, 41, 43, 143, 176–178

transportation interruptions, 121–122

Triangle Shirtwaist Factory fire, 6

unilateral planning, 59, 64–65

uninterruptible power supply (UPS), 141

upstream processes, 76, 93, 121, 125

U.S. Department of Homeland Security (DHS), 34, 192–193

user-react procedures, 140

vertical integration, 70

Voltaire, on what is perfect, 54

Voluntary Private Sector Preparedness Accreditation and Certification Program (PS-Prep), 34, 192–195

warehouses, 61–62

Web portals, 161–162

Wilcox, Frederick B., on risk, 68

work-around procedures, 139–141

World Health Organization, 142, 220

Y2K problem, 11

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.133.142.6