ABCP (Associate Business Continuity Professional), 197
absenteeism, 220
accreditation, 191–196, see also certification
AEM (Associate Emergency Manager), 197
alternate functional units team model, 228
American National Standards Institute (ANSI), 190, 193
American Society for Industrial Security (ASIS), 189, 193
American Society for Quality (ASQ), 193
ANAB (ANSI-ASQ National Accreditation Board), 193
ANSI (American National Standards Institute), 190, 193
ANSI-ASQ National Accreditation Board (ANAB), 193
ARMA (Association of Records Management Administration), 188
ASIS (American Society for Industrial Security), 189, 193
ASQ (American Society for Quality), 193
assessment
hazard, see hazard assessment of preparedness, 65–67, 213–216
Associate Business Continuity Professional (ABCP), 197
Associate Emergency Manager (AEM), 197
Association of Records Management Administration (ARMA), 188
auditors, 159
audits, 29, 65–66, 125, 166, 194
backup (technology), 139
BCI (Business Continuity Institute), 197, 198
BCP, see business continuity program benchmarks, 66, 126, 188
and avoiding business continuity silos, 54–55
for business continuity plans, 166
business impact analysis as, 49–50
and developing business continuity program, 38–40
hazard assessment as, 47–49
plan development as, 50–53
and planning process, 40–47
program testing and implementation as, 53–54
risk management as, 55–57
strategy development as, 50
using consultant as, 41–42
using software as, 42–45
BIA, see business impact analysis
bidding processes, 28
blackout of 2003, 141
brand, 3
British Standards Institution (BSI), 34, 189, 191, 192, 193
business continuity, 2–3, 18–20, 39–40,
see also specific headings
business continuity centers, 233
Business Continuity Institute (BCI), 197, 198
business continuity managers, 108
business continuity plan (document) and assessing preparedness, 65
business continuity programs vs., 34–35
communications in, 164–165
damage assessment in, 162–164
deactivation in, 165
development of, 152–162
reviews and updates of, 165–171
of suppliers, 128
business continuity planning as best practice, 50–53
business impact analysis as foundation of, 85–86
as core business practice, 59
and exercises/tests, 178–184
historical perspective on, 6–15
human factor of, 142–144
incorporating supply chain in, 60–65
as new responsibility, 15–18
process of, 40–47
and training, 176–178
value of, 4–6
Business Continuity Planning, 189
business continuity program (BCP), 21–36, 149–150
business continuity plan vs., 34–35
development of, 38–40
and guidelines, 33–34
and mergers, 170
need for, 26–31
requirements in, 33
and responsibility, 24–26
and risk management, 31–33
business continuity silos, 54–55, 61
business continuity team, 226–233
business impact analysis (BIA), 84–105, 107
as best practice, 49–50
and consultants, 42
and critical elements of supply chain, 92–102
as foundation of business continuity planning, 85–86
report on, 103–105
reviews of, 166
as step-by-step process, 86–88
time-critical functions in, 85–92, 101, 102
business liability, 28
business recovery, 14
Canadian Standards Association, 191
CBCP (Certified Business Continuity Professional), 197
CEM (Certified Emergency Manager), 197
certification
professional, 196–198
voluntary, 191–196
Certified Business Continuity Professional (CBCP), 197
Certified Emergency Manager (CEM), 197
checklists, 160–161
chemicals, 63
Comdisco, 9
communications, 144–147, 164–165
confidential information, 128
consultants, 41–42
contracting
with consultants, 41–42
with single sources, 113–114
with suppliers, 129–131
core business, 89
corporate business continuity plans, 51–52
corporate business continuity team model, 230–232
cost-benefit analysis, 43
cost estimates, 107
cost savings, 125–126
crisis, xv–xviii
critical suppliers, 117–119
disaster communications with, 145
expectations of, 106
prospective, 27–28
retaining, 90
damage assessment, 162–164, see also hazard assessment
data gathering
deciding on process for, 87
and follow up interviews, 87, 95–100
instruments for, 94–95
and preparedness, 66
deactivation, 165
Deming, W. Edwards, 70
department business continuity plans, 52, 64
Department of Homeland Security, 172
detailed damage assessments, 163
DHS (U.S. Department of Homeland Security), 34, 192–193
disaster communications, 144–147
disaster recovery
business continuity vs., 2
business recovery as focus of, 14
definition of, 18
founding of, 25
and IT support, 136–142
regulatory requirements for, 30, 33–34
Disaster Recovery Institute International (DRII), 188, 196, 197
Disaster Recovery Journal (DRJ), 188
disaster recovery plans (DRPs), 18, 52
disaster(s)
definition of, 18
and production facilities, 112
and purchasing departments, 63
threats from, 71–72
distribution centers, 61–62
distribution sector businesses, 58
division business continuity plans, 52
downstream processes, 76, 93, 121
DRII, see Disaster Recovery Institute International
DRJ (Disaster Recovery Journal), 188
DRPs (disaster recovery plans), 18, 52
due diligence, 129
80-20 Rule, 117–118
electronic data, 101
e-mail, 136
emergency agencies, 75
emergency communications, 144–147
emergency management, 18
emergency preparedness, 6–7
continuity of, 101
and starting continuity project, 46
enterprise resource planning (ERP), 10, 137–138
enterprise risk management (ERM), 19, 32
enterprise-wide disaster readiness, 59–60
Ericsson, xvii
ERM (enterprise risk management), 19, 32
ERP (enterprise resource planning), 10, 137–138
executives, 22, 25, 45–46, 56, 88, 107
exercises, 178–184
external audits, 29
external communications, 164–165
external risks, 72–73
external support services, 60
FDA (Food and Drug Administration), 187
Federal Acquisition Regulations (FAR), 28
Federal Electric Reliability Council (FERC), 187
Federal Emergency Management Agency (FEMA), 172, 228
Federal Financial Institutions Examination Council (FFIEC), 189
federal regulatory agencies, 30
Federal Reserve, 187
FEMA (Federal Emergency Management Agency), 172, 228
FERC (Federal Electric Reliability Council), 187
FFIEC (Federal Financial Institutions Examination Council), 189
field operations business continuity plans, 52, 155
financial information, 103
Financial Services Technology Consortium (FSTC), 188
fire hazards, 74
follow up interviews, 87, 95–100
Food and Drug Administration (FDA), 187
force majeure clause (contracts), 130
FSTC (Financial Services Technology Consortium), 188
functional units team model, 227–228
GAO (Government Accountability Office), 187
Generally Accepted Practices for Business Continuity Practitioners (GAP), 188–189
geographical business continuity plans, 52
globalization, 70
Government Accountability Office (GAO), 187
Gramm-Leach-Bliley Act, 33–34
hazard assessment
as best practice, 47–49
and business impact analysis, 85
identification of IT service interruptions in, 24
identification process in, 73–75, 217–219
and mapping supply chain, 75–81, 93
and mitigation programs, 82
as part of business continuity planning, 82–83
as part of business continuity program, 38–39
purpose of, 68
reviews of, 166
and threats from disasters, 71–72
uses of, 69
Health Insurance Portability and Accountability Act (HIPPA), 33–34
H1N1 virus, 142
human-caused disasters, 73
human resources department, 167
Hurricane Katrina, 14, 71, 112
IAEM (International Association of Emergency Managers), 197–198
IBM, 9
ICS (Incident Command System) model, 228–230
Implementing Recommendations of the 9/11 Commission Act, 34, 192
Incident Command System (ICS) model, 228–230
information technology (IT) departments, 10, 15
and disaster recovery plans, 25, 52
and managing risk, 24
responsibilities of, 55–56
support of supply chain from, 136–142
infrastructure needs, 141–142
initial general assessments, 163
Institute for Supply Management (ISM), xix
internal audits, 29
internal risks, 72–73
International Association of Emergency Managers (IAEM), 197–198
International Organization for Standardization (ISO), 29, 189–191
international trade, 8
ISM (Institute for Supply Management), xix
ISO (International Organization for Standardization), 29, 189–191
IT departments, see information technology departments
JIT (just-in-time) inventory management, xvi, 70
Joint Commission on Accreditation of Health Organizations (JHACO), 187
Jones, W. Alton, on coordinating people, 226
just-in-time (JIT) inventory management, xvi, 70
Laye, John, 13
lean production method, 69–70, 106
liability, 28
live exercise, 180–181
business continuity, 108
project, 40
Manufacturing Resource Planning (MRP II), 9
marketing, 27
market share, 90
Master Business Continuity Professional (MBCP), 197
Material Requirements Planning (MRP I), 9
MBCP (Master Business Continuity Professional), 197
mergers, 167–171
mission, 89
mitigation, 38–39, 69, 82, 114
MRP I (Material Requirements Planning), 9
MRP II (Manufacturing Resource Planning), 9
National Fire Protection Association (NFPA), 188, 191, 193
natural disasters, xv–xvii, 70–71, 73
NERC (North American Electric Reliability Council), 187
NFPA, see National Fire Protection Association
niche suppliers, 118
Nokia, xvii
North American Electric Reliability Council (NERC), 187
Oliver, Keith, 9
Organizational Resilience, 189
organization charts, 95
Pareto, Vilfredo, 117
Pareto Principle, 117–118
permits, 30
Phillips, xvii
physical damage, 162–163
pirates, 121
planning
business continuity, see business continuity planning
enterprise resource, 10, 137–138
succession, 143
power outages, xvii–xviii, 141
Private Sector–Department of Homeland Security Partnership, 191
procurement departments and business continuity plan, 63–64
certification for, 194
ensuring continuity support in, 132–133
and planning software, 44
role of, 122
and suppliers, 82
prodromes, 74
production facilities, 112
Professional Practices for Business Continuity Planners, 188
profit, 90
project managers, 40
PS-Prep (Voluntary Private Sector Preparedness Accreditation and Certification Program), 34, 192–195
public safety officials, 75, 119
purchase orders, 94
purchasing departments, 63–64, 82, 122
quality, 81
questionnaires, 94–97
quick start guide, 160
recession, 23
reciprocal agreements, 115–116
recovery, 14, 39–40, see also disaster recovery
recovery point objective (RPO), 84, 85, 87–88
recovery time objective (RTO)
and business impact analysis, 84–85, 87, 100, 102
gap between current capability and, 110
and IT department, 138
strategies for meeting, 107, 124
and strategy feasibility, 118, 119
for business continuity capability, 29–31, 33–34
for manufacturing facilities, 63
meeting business continuity requirements of, 4
reliability, 120
relocating manufacturing operations, 62
reorganizations, 167–171
requests for proposals (RFPs), 129
resilient organizations, 14
resource requirements, 100–101
responsibilities, 24–26, 55–56, 232–233
return on investment (ROI), 22–23
reviews, of business continuity plans, 165–171
RFPs (requests for proposals), 129
risk analysis, see hazard assessment
risk management, xix, 31–33, 55–57, 58, 107–109, see also enterprise risk management
risk(s)
analyzing identified, 78–81
avoiding inherited, 81–82
and hazard assessment, 48
identification of, 72–75
impact of, 68
with outsourcing, 120
types of, 69–72
ROI (return on investment), 22–23
roles, in business continuity teams, 232–233
RPO, see recovery point objective
RTO, see recovery time objective
safety programs, 32
sales, 94
scenarios (planning tools), 80–81, 110, 181–182
SCM, see supply chain management
scorecards, 130–131
Securities and Exchange Commission (SEC), 187
security specialists, 109, 116
September 11, 2001 attacks, 13, 142, 187
service level agreements (SLAs), 4
service providers, 94
shipping and receiving business continuity plans, 156
shipping delays, 73
silo approach, 54–55, 61, 116–117
simulation exercise, 179–180
Singapore Business Federation, 191
single-source suppliers, 70, 114
site business continuity plans, 52
Six Sigma business management strategy, 34
SLAs (service level agreements), 4
sole source, 113
standards, 29, 34, 48, 190–191
strategy development (best practice), 50
succession planning, 143
Sumitomo’s Metal Industries Ltd., xvi
Sungard Recovery Services, 9
suppliers
and business impact analysis, 94–95
contracting with, 129–131
and customers, 13
and ensuring availability, 113–114
identifying critical, 117–119
monitoring of, 131–132
partnering with, 133–136
selection of, 122–129
single-source, 70
as critical part of organization, 55
evolution of, 58
streamlining of, 60
supply chain disruptions, xv–xvi
supply chain management (SCM), 8, 9, 61
supply chain managers, 113, 116, 194
supply chain system, 2
supply network, 2
surveys, 94–97
survival suppliers, 117–119
teamwork, 175
technical teams model, 230, 231
technological disasters, xvii, 73, 139
technology, 8–9, see also information technology departments
testing, of business continuity plans, 53–54, 66
tests, 178–183
third-party services, 81, 92, 118, 119, 194
time-critical functions, 85–92, 101, 102, 110
Toyota, xvi
trade groups, 188
training, 23, 41, 43, 143, 176–178
transportation interruptions, 121–122
Triangle Shirtwaist Factory fire, 6
unilateral planning, 59, 64–65
uninterruptible power supply (UPS), 141
upstream processes, 76, 93, 121, 125
U.S. Department of Homeland Security (DHS), 34, 192–193
user-react procedures, 140
vertical integration, 70
Voltaire, on what is perfect, 54
Voluntary Private Sector Preparedness Accreditation and Certification Program (PS-Prep), 34, 192–195
warehouses, 61–62
Web portals, 161–162
Wilcox, Frederick B., on risk, 68
work-around procedures, 139–141
World Health Organization, 142, 220
Y2K problem, 11
3.133.142.6