CHAPTER 1
Business Continuity Basics

AS A RESULT of catastrophic natural and human-caused disasters that have occurred over the past two decades, coupled with increasingly stringent regulatory requirements, the interest in and need for business continuity has never been greater. For a large corporation or a small to medium-size enterprise, a business continuity program produces a level of resilience that enables the continuity or quick resumption of operations following any disaster. It is this capacity that ensures an organization’s ability to safeguard the interests of stakeholders, stay competitive, and comply with regulatory requirements. In some cases, business continuity can mean the difference between life and death for an organization.

Supply chains are the lifeblood of organizations. This is most obvious for retailers, wholesalers, distributors, and manufacturers. However, it is equally true for all other types of companies and businesses, whether they are private sector, public sector, or not-for-profits, as well as for government agencies. And, while the product itself is different from that of companies that produce and deliver a tangible commodity, service providers also have their own supply chains in the delivery of their service to customers.

Linking organizations, industries, and even economies, these arteries of business are extremely complex. Although we think in terms of the generally accepted terminology supply chain, the terms supply network or supply chain system better describe these multifaceted operations. In today’s demand-driven supply chains, products and information are rapidly flowing, at times simultaneously and concurrently, in order to ensure that products and services are delivered in the correct quantities, to the right place at the right time, at the required quality levels, and with the ongoing requirement that everything always be done economically. As customers, we require it. As suppliers and service providers, it is our company’s mission.

To omit the supply chain from business continuity planning is to omit the arteries that deliver the lifeblood to all business operations and make it possible to produce and distribute our commodities and services and thus meet customer needs and requirements. If business continuity plans do not include strategies for continuing or rapidly restoring supply chain operations following a disaster or otherwise significant interruption of operations, it is almost a certainty that restoration of operations will be delayed or halted as an ad hoc approach is taken to reestablishing the supply chain.

What Business Continuity Is . . . and Is Not

There is not yet one meaning of business continuity that is understood, accepted, and applied universally. There are both theoretical and the functional definitions, and the lines between them often become blurred. Chief among these are the definitions of business continuity and disaster recovery, which even today are often used almost interchangeably.

For purposes of the discussions in this book, I use the following definition of business continuity, which is one of the most commonly accepted definitions: A proactive approach to ensure continuity or rapid restoration of delivery of the organization’s service or product following a disaster; the ability of an organization to provide service and support for its customers and to maintain its viability before, during, and after a disaster.

Beyond a dictionary definition, business continuity is:

image   A proactive approach to managing operational risks

image   A program focused on protecting the organization’s brand by ensuring its excellent reputation for reliability

image   A strategic framework for improving an organization’s resilience to disaster-caused interruptions

image   A set of strategies for keeping the most critical business functions running while normal operations are restored

image   The plan and procedure to enable the timely and orderly continuation of or rapid restoration of operations following a disaster

image   A well-developed and maintained program with a goal of minimizing service and delivery delays and helping to ensure that customer and other stakeholder expectations are met

image   Part of a multifaceted approach to protect the organization from risks

image   An enterprise-wide management issue

image   Activity performed by or on behalf of an organization to ensure that critical business functions are available to customers, suppliers, regulators, and other stakeholders that need or require access to those functions

image   Excellent and prudent business management

To further define business continuity, it may also be helpful to acknowledge some misconceptions—things that business continuity is not. For example, business continuity is not:

image   Business as Usual. It is business in survival mode or fight for your continued existence mode. The sole goal is to maintain an acceptable level of operation to fulfill the organization’s primary mission. The bells, whistles, frills, and ribbons we all love and take for granted are not necessarily available when we are in business continuity mode.

image   A One-Size-Fits-All Proposition. The size of the organization, the complexity of its operations, whether you deliver a product or a service, whether you have central or dispersed operations, the number and location of facilities, the hazards and potential disasters faced by the company, the government regulations that must be met . . . these and a multitude of other variables make it essential that the development and implementation of a business continuity program be tailored to meet the needs and requirements of the organization.

image   Insurance. While insurance may be a viable option to replace tangibles—such as buildings, equipment, supplies, inventories, and even lost income—insurance cannot replace vital intangibles, which are things that are both even more difficult if not impossible to replace and are key to business survival. Customer confidence and trust, value of the name brand, and a positive image and reputation cannot be covered by insurance. Nor can insurance replace customers that may be lost due to an inability to fulfill contracts or meet delivery dates or terms of a service level agreement (SLA) when disaster strikes. (A service level agreement is a legally binding contract or formal agreement between a supplier and a customer that details the nature, quality, and scope of the service or product to be provided.)

image   A Luxury. Once considered a nice-to-have or when-we-get-around-to-it program, business continuity is now a fundamental core business practice, a necessity.

The Value of Business Continuity Planning

There is an often cited statistic regarding the success of businesses that have experienced a major disaster that has become a business continuity/disaster recovery version of an urban legend. The statistic has been used and quoted so widely and so often that few know its origin. The gist of this statistic— which, incidentally, is from 2002 and from the U.S. Bureau of Labor Statistics—is that 43 percent of businesses never reopen and another 29 percent are no longer in business within two years of their experiencing a disaster. While out of context, this statistic is somewhat general and would seem to encompass everything from small mom-and-pop operations to large international corporate behemoths, it is nevertheless often used as a business continuity selling point.

History has proved that there are no companies that are so big and powerful that nothing bad can happen to them. Yet when there is no direct return on investment, it can be challenging to define the value of business continuity planning, which is the process to develop, implement, and maintain strategies and procedures to ensure that key operations and essential business functions can continue or quickly be restored in the event of a disaster, major emergency, or significant threat to the organization and its operations. Though not visible on a P&L statement, here are just a few examples of the value of business continuity that cannot be tied directly to the bottom line:

image   Customers are increasingly adding business continuity capability as a factor in the procurement selection process.

image   Rest assured that it is almost a certainty that some if not all of your competitors are using the fact that they have a comprehensive business continuity program as part of their marketing approach, especially if they believe you don’t have such a program.

image   For some organizations, business continuity may be necessary in order to meet regulatory requirements. This is most notably true for banks and other financial services providers that in any way, shape, or form handle or physically or electronically process other people’s money, as well as for healthcare businesses and pharmaceutical companies.

image   In extreme situations, it just may be that the survival of your business, at least as you know it today, depends on the success of your business continuity program.

image   It is morally and ethically correct to have a business continuity program to protect the interests of employees, owners, stockholders, customers and clients, and all stakeholders, including the general public.

image   Here is an undeniable truth: Customers expect products and services to be available and delivered as agreed upon, and they expect that you will meet your contractual obligations even when disasters occur. Developing and implementing a business continuity program is the vehicle for meeting those expectations.

image   See the preceding paragraph. In other words, developing, implementing, and maintaining a comprehensive business continuity program enables your organization to have continued operations in the face of disaster, thereby avoiding damage to the company and brand name image, thereby avoiding a loss of market share, thereby protecting the bottom line, thereby retaining corporate net worth, thereby helping to ensure the continuation of the business, and thus leading to continued employment. Enough said!

The bottom line is that in addition to being good business management, business continuity simply makes good sense.

A Historical Perspective

It may be helpful for those newly assigned to business continuity planning responsibilities, as well as for those more experienced in this regard, to take a look back at its history. Also interspersed as road markers in the discussion that follows are a few milestones in the evolution of supply chain management. (These “road markers” are presented here in italic type.)

The roots of business disaster management began with emergency preparedness and response planning required to comply with occupational safety standards enacted after the death of 146 workers in the 1911 Triangle Shirtwaist Factory fire in New York City. These efforts focused on preparations for actions to be taken to respond to what were primarily physical events, such as a fire, hurricane, or earthquake. Emergency response plans to address threats to the safety of people were already in place in many organizations, with a focus on life safety systems, emergency supplies and equipment, and trained employee emergency response teams. The primary goal was to keep people safe and protect the physical assets of the company and to begin stabilizing the company immediately following a disaster.

image

In the first half of the twentieth century, the supply chain was a series of linear paper-based processes that connected suppliers, wholesalers, retailers, and end consumers—literally a chain of people and paper links. For most companies, the supply chain was limited in geographical scope and included a small number of suppliers and service providers. In the post–World War II economic boom, it became evident that there was a need to improve the existing low-or no-tech, nonscientific approach that was currently in place with methods and processes that better met current needs.

image

Beginning in the late 1950s and into the 1960s and 1970s, companies increasingly recognized the need to protect and keep operational new and progressively more important technology, such as electronic data systems, networks, and advanced communications systems. During the second half of the 1970s, the term disaster recovery was first used to describe strategies and plans developed to restore IT, telecommunications, and other related technology. In some industries (for example, financial institutions), rigorous approaches and programs were implemented to meet increasingly strict regulatory requirements for the protection of critical systems and data. In other industries, backing up data on floppy disks and storing those disks in a desk drawer near the computer was considered disaster recovery.

image

Beginning in the 1960s, management of the supply chain also benefited from newly developed approaches that combined information technology and business processes. Chief among the new management tools were software systems to manage inventory and maintain the appropriate level of stock in a warehouse. Identifying inventory requirements, setting targets, providing replenishment options, tracking item usage, reconciling inventory balances, and reporting up-to-date inventory status resulted in greater efficiency and profitability. In the 1970s, supply chain management (SCM) became the commonly used terminology for this more advantageous approach.

The 1960s and 1970s saw tremendous growth in international trade. This trend was motivated and supported by several factors. Geographic accessibility was being expanded while trade barriers were being removed. More international air cargo shipping locations and carriers led to increased air freight cost competitiveness. Standardized modular freight containers streamlined conveying freight among railroads, trucking companies, and cargo ships. Rapidly growing high-tech corporations were looking for new market opportunities and new production sites. Operations were moved to developing countries where manufacturers found lower production costs and a vast pool of low-cost unskilled labor. A result of expanded international trade was a supply chain that was more complex and more demanding than ever before.

image

In the late 1970s, as the escalation of computerization and automated processes continued, a rapidly growing number of companies realized the critical need for the soon-to-be ubiquitous technology. Strategies were formulated to protect computerized data and systems, including redundant systems, off-site storage of data backups, and developing more sophisticated plans that provided guidance for the restoration of the organization’s technology in the event of a disaster. It was just coincidental that some of the technology to be recovered was also needed to support business operations.

Disaster recovery planning continued to expand as the 1970s came to a close, creating a market for the growing number of contracted alternate sites that were being established throughout the United States and beyond. These sites were used for relocating and reconstituting IT operations when a data center was destroyed, severely damaged, nonoperational for whatever reason, or inaccessible. The backup computer centers, termed hot sites, provided alternate pre-equipped locations at which data center operations could be reestablished following a disaster. Hot sites became an increasingly used disaster recovery solution for data-dependent companies, in particular those with large, centralized mainframe computers, and a new industry was born. SunGard Recovery Services, Comdisco, and IBM were among the company names that first became synonymous with this new service industry.

image

It was in the 1980s that the terms supply chain and supply chain management were first used. While there is no documentation as to who originated the term supply chain, credit for coining the term supply chain management is given to consultant Keith Oliver of Booz Allen Hamilton, a strategy consulting firm that used the term when conducting a 1982 study to assess strategic approaches to managing the handling of raw goods and materials and product delivery.

Also in the 1980s, supply chain management began to benefit from computerized systems used for managing many of the links in the supply chain. The new technology and faster delivery times to meet intense global competition were largely responsible for the adoption of inventory management techniques such as just-in-time (JIT), a methodology that creates the movement of material into a specified location at a specified time, usually just before the material is needed in a manufacturing process; Material Requirements Planning (MRP I), a computer-based management tool that provides a manufacturer with a means of determining what products to produce and in what quantities based on the response to what the manufacturer sells to its customers; and the expanded Manufacturing Resource Planning (MRP II), which includes added functions throughout the organization, such as marketing and finance.

It was in the early 1990s that companies began broadening their supply chain view beyond manufacturing facilities to an enterprise-wide approach, called enterprise resource planning (ERP)—an integrated information system that serves all departments within an enterprise to facilitate coordination of manufacturing processes with enterprise-wide back-end processes. This was followed by the realization that to fully succeed in making certain that all available company resources were managed and used effectively required looking outside the company and including the highly interdependent supply chain.

image

The mid-1990s brought the growing realization that disaster recovery, which involved recovering only the organization’s technology, would not necessarily result in the organization being able to deliver its product or service in the wake of a disaster. An “aha” moment occurred. To be successful in recovering from the impacts of a disaster and maintaining an acceptable level of profitability, the critical business processes of each unit of the organization must be considered in the disaster planning process and be involved in the development and implementation of recovery strategies. With this realization, many organizations expanded their disaster planning to include recovery of enterprise-wide critical work processes—the business of the business—rather than just the supporting technology.

With the addition of recovery of business operations to the disaster planning process, seventy-two hours, several days, a week, or even longer were considered acceptable—even admirable—times in which to restore business operations and the necessary data center support. For the majority of organizations that were expanding from a strictly disaster recovery approach to a more inclusive business recovery approach, the assumption was that since IT had done such a great job with disaster recovery, it was only right that IT also own business recovery. Almost overnight, IT professionals found themselves becoming business recovery planners.

Proactive disaster recovery and business recovery planning was still a developing business practice, however. Over the years, the scope had broadened in part as a result of the continuing efforts of first, disaster recovery planners, and later, business recovery planners, to raise awareness of the need to protect not just technology or ensure the safety of the organization’s physical plant, but also to sustain operations. Yet, during an audit, while check-the-box questions may have been asked about the existence of a disaster recovery plan or even a business recovery plan, it was uncommon for an auditor to conduct a full review of the planning process, plan document content, and test and update records.

To think back to the mid-1990s when disaster planning first began addressing operational recovery—not at all that long ago—and consider what transpired before and after that time is pretty amazing. The corporate world’s view of the need to prepare for and respond to disasters had seen significant progress from an “it won’t happen here” or a “we’ll deal with it if it happens” approach to understanding the need to proactively manage risks.

In 1999, Y2K was a serious concern throughout the modern world. Businesses and government agencies became more aware of the significance of business recovery and disaster recovery planning, and they dedicated significant resources to addressing the looming threat of a worldwide failure of computer systems. Planning for Y2K was significant in that it was the first time that external threats were taken into account. Essential suppliers, shippers, and even utility providers and communications companies were identified and questioned about their level of preparedness.

Midnight on December 31, 1999, passed with almost no fallout, and Y2K became a nonevent. Was it never a threat? Did the extensive planning and mitigation that took place prevent a catastrophe? While we can never really know what the outcome would have been had nothing been done, I side with those who say that a major disaster was prevented by the proactive approach taken to identify, mitigate, and manage the threat.

image

The period from 1980 through 1999 saw dramatic changes in the very nature of supply chain operation. Distributed networked environments with multitiered processes increasingly became the norm. Changes came at a continually more rapid pace in ongoing efforts to meet escalating customer demands. Supply chains capable of quickly recognizing and responding to the global economy’s requirements for quality output became the expectation.

As business moved into the new millennium, outsourcing became the commonly accepted norm in supply chain operations, from the procurement of materials and parts to services that were previously internal. Warehousing, inventory control, and transportation were frequently subcontracted to outside companies. As a result, supply chain executives became responsible for managing multiple resources well beyond their organization’s four walls.

image

With the dawning of a new millennium, seemingly ever present disasters, old and new, continued to heighten the awareness of the need for business to proactively manage risks. Business requirements became more demanding and even more rapidly paced, resulting in a growing awareness that for many organizations, restoring operations in a week or two or in even a few days was no longer acceptable. The need was to continue operations, not recover them. The new challenge was to plan for business continuity—the immediate or rapid restoration of the delivery of the organization’s service or product following any disaster.

To accomplish this after many years of a very internal-centric approach to business continuity planning, there is a growing awareness that we must plan for disasters that occur within and outside our own organizations. It is now necessary to consider threats to businesses and organizations that play a critical role in our operations, even those well beyond national borders and in locations as distant and diverse as Bulgaria, China, and Taiwan. In today’s business world, developing effective business continuity capability requires full consideration of suppliers, contractors, utility providers, financial institutions, business partners, all other elements of our supply chain, government agencies, and even our customers.

Now more than ever before, the reality is that the supply chain is susceptible to potentially crippling disaster-caused disruptions, and supply chain continuity must be fully integrated in a comprehensive enterprise-wide business continuity program. When we rely on another company to sustain our operations, any disruption in its operations is a potential disruption or even a disaster for us.

With this growing realization comes heightened customer awareness that a supplier’s lack of a mature, tested business continuity plan could disrupt its operations as well. This has led to an increasing trend toward questioning suppliers, service providers, and contractors about their business continuity capabilities. In some cases, proof is requested in the form of an audit report or review of a business continuity plan together with its review, training, and testing history. I urge my clients to take this approach, and at the same time I caution them to expect that their customers will request the same of them.

While already an established business practice, the growth of business continuity planning after the previously unimaginable events of September 11, 2001, was explosive and rapid. In the weeks and months that followed, businesses witnessed and experienced significant differences between those that had developed operational resilience as a result of having mature, tested business continuity programs and those that would suffer tremendous setbacks or in some cases not survive as a result of not having developed business continuity capabilities. The hard-learned lessons were many, and they have resulted in improvements in business continuity planning that fully includes critical business functions well beyond the data center. Business continuity is now even more widely accepted throughout the corporate world and among government agencies as a business management issue.

Another consequence of 9/11 was the seemingly sudden appearance of a multitude of new business continuity–related businesses or divisions of existing businesses. Dubbed “Nine-Twelve Companies” by the late John Laye, a longtime emergency management and business continuity practitioner, these companies provide everything from emergency supplies to relocation services, from evacuation training to software and outsourcing for developing and maintaining disaster recovery and business continuity programs, and from emergency notification systems to building restoration services. Where there is a need, or a perceived need, new companies continue to emerge to fill the void created by a perceived or real need.

A recent example of new terminology—a phrase du jour, if you will—now adopted for frequent usage is resilient organization. Frequently used in a multitude of ways by different people and groups, but not always well, the word resilient is now applied across many business and academic disciplines and in numerous different contexts. It has also become a favorite among those in the supply chain profession. There is little actual universal consensus regarding what resilience is, what it means, and perhaps most importantly, how any organization or business unit within the organization might reach greater resilience and thus earn the designation of resilient organization.

Is a resilient organization one that is capable of functioning at the highest levels in all aspects of its operation and continuing to meet its goals come what may? Is it a company or any type of organization whose operations and employees are flexible and prepared to manage disruptions? Is a resilient organization one that is able to achieve its mission in spite of any type of large or small disaster? If the response to any of these questions is yes, then having a business continuity program would seem to be a prerequisite for any organization seeking the right to identify itself as a resilient organization.

Supply chain business continuity and risk management have and will continue to become increasingly important. This trend has been reinforced as a result of what was experienced following disaster events like Hurricane Katrina in 2005, when it was again shown that companies that had incorporated the supply chain in their business continuity planning were able to recover successfully. Supply chain managers in these organizations were directly involved in the business continuity planning and testing. As a result, they were able to quickly respond and make the right decisions to sustain or restore supply chain operations.

Over the years, the focus of disaster recovery—business recovery—and business continuity has matured and grown to meet the needs of a rapidly changing business environment. While professionals originally focused on reconstituting the IT environment after a disaster occurred, we now look for ways to avoid and mitigate risks and to maintain or restore operations throughout the organization. While today’s global markets and supply chains, as well as national and international mergers, bring great opportunities, these opportunities are accompanied by embedded risks. The world is an increasingly risky place in which to conduct business, and the risks can no longer be defined within company or national boundaries. It is more important than ever that a comprehensive approach to business continuity planning embraces all interdependencies both inside and outside the company, including business partners, suppliers, and contractors, regardless of where they are located.

Business Continuity Planning: A New Responsibility

In the 1990s, it was not at all unusual when speaking with company employees to hear that they had just learned that part of their job responsibilities—perhaps buried somewhere in the human resources job description—included business recovery team member, department business recovery representative, or division disaster recovery liaison. For other employees, disaster-related responsibilities simply fell under the “other duties as assigned” category.

If the employees tried to get additional information, they may have been told, “Don’t worry about it unless someone calls you to attend a planning meeting,” or, “There’s actually nothing to do,” or perhaps, “There’s a copy of the plan somewhere in your office that someone wrote a couple of years ago. Take a look at it when you get a chance.”

The employees had just joined the ranks of the overlooked, misunderstood, neglected, and in worst-case situations abused individuals charged with dealing with threats to the well-being of the organization and its employees. As a rule, this new designation of business recovery team member (or whatever it was called) was seldom accompanied by additional resources or a lightened workload in primary responsibilities to compensate for the newly acquired responsibilities. In addition, the accompanying time frame in which the newly assigned projects were to be completed was often unrealistic.

Many employees weren’t even aware that the organization had a business recovery or disaster recovery program, let alone understood its purpose or how it related to them, their department, or the company at large. While executives and senior managers may have known that disaster recovery and business recovery existed within the organization, there may not have been a full understanding of what it entailed or what was required to develop and maintain a viable business recovery program.

Business continuity is still often considered the “new kid on the block” in business and government. Those involved in these disciplines, directly and indirectly, are in a unique position in that they are engaged in a relatively new and growing profession and business practice. Business continuity planning is challenging, interesting, and rewarding. There is something very fulfilling in knowing what a tremendous contribution your role in it is making to your organization. It is also a learning opportunity, a chance to know more about the organization and its operations well beyond the borders of your own department or business unit.

Today, the way in which companies and organizations view the need to manage severe emergencies and disasters has both changed and stayed the same. For some organizations, it is now unacceptable for the most time-critical functions to be non-operational for minutes, if not seconds. Yet even today, it can still be a challenge to sell business continuity to the powers that be within an organization and to gain not just agreement that it is beneficial but true executive commitment to the business continuity program. This is particularly true when the economy takes a downturn and other initiatives and programs are viewed as having greater importance.

Some companies are still not sure where business continuity belongs on the org chart. Is it part of IT? Should it be part of operations, or finance, or security? Do we need a new, separate department or business unit? For now, there is not a single response to these questions, and the answers vary from organization to organization.

Perhaps the greatest challenge is the ongoing need to make business continuity an integral part of the organization and its culture rather than the unwanted outsider.

As business continuity further matures, we continue to search for improvements. In spite of ongoing growing pains, business continuity planning continues its evolution to becoming the central core of integrated risk management. There is growing realization and understanding that managing an organization’s risks is no longer the responsibility of the person who manages the insurance program, the financial manager, the head of security, or the auditors. A best practices approach to managing risk requires an integrated, coordinated, enterprise-wide approach. To be successful, a business continuity program must incorporate each of the company’s units. This requires a planning approach that includes the entire supply chain, and to do that well, all of the organization’s supply chain professionals must be involved.

At one time or another, when we were kids sitting in the backseat of the car on a family trip, each of us likely asked, probably more than once, “Are we there yet?” Today, if you asked me this question about business continuity, I would acknowledge that I’m not sure how much further we have to travel, but I would respond with a resounding, “No, but we’re getting there.”

In attempting to be of assistance to those who are involved in supply chain business continuity or who want or need to know more about business continuity planning for any reason, this book attempts to walk a tightrope. That is, it tries to take a somewhat complex and relatively new component of managing organizational risk—business continuity planning— and keep the content clear-cut and understandable while providing the necessary depth and insights into the concepts. And all the while, the main and most basic goal is to provide guidance for those with new or continuing responsibility for applying those concepts to an increasingly complicated supply chain.

Some Additional Key Terms

As with most disciplines, lines of work, and subject matter, the vocabulary of business continuity and related terminology has been coined, has developed, and has evolved over the years. There are ongoing attempts to establish a universal lexicon that have resulted in less than full acceptance. And, as with every facet of our culture, those practicing business continuity planning love to talk in acronym-ese: BCP, BIA, DR, DRP, EM, ERM, RTO, or—as I like to think of it—“business continuity alphabet soup.” In addition to terms specific to business continuity, here are some of the generally accepted terms and acronyms used in this book:

image   Disaster: A destructive or disruptive event, usually sudden, beyond the response capabilities of the organization where it has occurred. Typically brings great damage, loss, or destruction. For businesses, any event that causes a cessation of vital business functions; an event requiring immediate action to ensure the continuation or resumption of operations.

image   Emergency Management: A process within a comprehensive risk management program that includes all the components of the overall approach to managing major emergencies and disasters by addressing risks to people, facilities, equipment, and operations.

image   Disaster Recovery: The restoration of an organization’s technology to provide the IT, telecommunications, and related technology needed to support business continuity objectives.

image   Disaster Recovery Plan (DRP): Documented strategies and detailed procedures for the recovery of computing and network hardware and software and electronic data.

image   Enterprise Risk Management (ERM): Terminology increasingly used by risk management and business continuity practitioners. The identification and treatment of risks encompassing all aspects of the business or organization with the goal of identifying, measuring, managing, and minimizing risks. Planning, organizing, leading, and controlling the activities of an organization to minimize the effects of all risks.

An expanded list of selected business continuity and supply chain terminology and acronyms used in this book is found in the Glossary. These definitions were written and edited from my perspective and reflect their usage in this book. Note: As there is not yet total agreement on the definitions and usage of these words and terms, it is almost certain that you have heard and read and/or will hear and read definitions that are different from those provided. I respect and appreciate the differences, which I believe are primarily a reflection of a still maturing business practice. The concepts and best practices and their application are the same.

There are differences in terminology among different types of businesses, between government and nongovernment organizations, from one geographic area to another, and even among business units within organizations. Of great importance is the need to standardize usage of the agreed-upon terms throughout an enterprise, to develop a business continuity glossary, and to take the steps necessary to ensure that the terminology is used and understood throughout the organization and by key stakeholders.

Going Forward

In spite of ongoing efforts to adopt universally accepted business continuity terminology, there are many inconsistencies in their usage. For example, business continuity and disaster recovery, two terms with very different meanings, are often used interchangeably, leading to misconceptions. The use of business continuity acronyms known only to those directly involved in the business continuity planning process can also get in the way of shared understanding.

The importance of consistently using fully understood terms throughout an organization cannot be overstated. Having a common language with standard terminology provides a basis for understanding, developing, and implementing a successful enterprise-wide business continuity program.

image   Check to see if there is an accepted lexicon of business continuity terms used consistently throughout your organization.

image   Review currently used terminology to determine if it accurately reflects business continuity best practices.

image   Take steps to develop or have developed a common lexicon or to make necessary revisions in existing terminology.

image   Spell out and define all business continuity acronyms.

image   Have business continuity terminology officially adopted for use across the organization.

image   Include the lexicon as a glossary in all business continuity plans and related documents.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
18.227.79.253